A
Dangerous Duo: Hacking and Spyware
Version
2005-05-30. Copyright
2005 by Terry Bollinger
Does Avoiding Viruses Keep Out Spyware?
Someone at work
asked me an interesting question: "Can I
keep spyware off of my system by avoiding dangerous sites and not
opening attachments?"
The answer,
unfortunately, is no. The reason why is rather worrisome.
Because viruses seldom return anything of value to their creators,
users who do not fall for their ploys are typically safe. After all,
why should a virus writer spend time and effort simply to infect one
additional user, when their main goal was simply to show how many users
they could infect globally?
With spyware the
situation is different. Because spyware is all about
making money, as opposed to the primary virus writer incentive of
showing off coding skills, your system often
is worth real money to
spyware controllers. To get or keep your laptop or PC, spyware
controllers will go to lengths seldom seen with viruses. More
specifically, they will hack directly into your system to plant their
spyware. This means that by doing nothing beyond connecting to the
Internet, you can up with a Windows system so riddled with hardcore
spyware that it is unusable -- and unsafe to use even if you could.
The
Striking Fragility of Unprotected Windows Systems
While there has
been some increase in the general public
awareness of the dangers of linking an unprotected Windows systems into
an Internet DSL connection, most people grossly underestimate the level
of risk. A quick look at SANS
Internet Storm Center statistics on the top ten "port attacks" can
help reset that impression, even if you are not familiar with ports and
how they are used. Suffice it to say this: An average Windows system
encounters an automated hacker attack to a Windows software destiantion
known as Port 445 within seconds
of being connected to the Internet over a DSL line. The effects of
automation on attack levels cannot be understated. Whereas in the past
hacking generally meant a real person focusing on getting into your
system, the first phase of a modern attack is usually fully automated
and provided by other computers that have already been successfully
hacked. Once a break-in occurs, your system may be folded into the same
network that launched the attack. If your system is found to contain
sufficiently interesting data on it, a real human hacker may be alerted
to take over.
Microsoft has of
course been addressing this problem by bundling
features such as a built-in firewall into their recent Service
Pack 2 for Windows XP, (It must be
noted that the problem is
largely one of Microsoft's own creation, since they somewhat
inexpicably
designed the high-risk Port 445 as a replacement for earlier and
similarly risky Windows software ports.) While such security-oriented
upgrades are always helpful, they are unlikely to provide the best
available security solutions, and they do not directly address security
in older 95-based Windows systems including 95, 98, 98SE, and ME. Upgrading
to Windows XP
can definitely help, but such an upgrade will not get
rid of spyware already on your system (yet).
The
Global
Consequences of Windows
Fragility
While the fate
of other systems, especially older Windows systems,
might not seem to be that important to you if you are using only the
latest technology and have the support of a good technical group,
consider this: How much total processing power is available to a global
network of older Windows systems, and how damaging could that power
become if focused on breaking into and taking over more security-aware
systems?
The question is
not an abstract one. It is quite common nowadays to
talk to people with DSL connections and computers that are furiously
exchanging data, but no longer respond to their owner's commands or
requests. A spyware network that gains enough members will have
substantial processing power, and may well be able to focus that power
on bringing in new systems that would not normally be easy to take
over. On an oddly positive note, the ability of spyware networks to
gain more nodes is almost certainly limited in part by competition
between spyware groups that are all vying for the same resources.
Gaining
Maximum Security in Windows
Systems
The best
way to provide maximum security in both older and
current
Windows systems is first to perform a very
thorough eradication of spyware, including in
particular
elimination of deeply hidden Shiva
spyware
that ordinary scans cannot detect. This must be followed up by the installation
of a suite of continually active applications to monitor both your
Internet connection (firewalls) and your internal Windows settings
(active spyware guards) for any indication of attempted or successful
hacking into your system. If properly done, such a procedure can result
in Windows systems that greatly reduce the risk of break-ins from
hackers.
Reversing
the Consequences
Hacking
is unlikely to go away anytime soon, but it
is worth
noting that if sufficiently large numbers of Windows systems get rid of
spyware and start fighting off new infections, hackers will be deprived
of more than just a few victims. Their opportunity to form powerful
spyware networks will be drastically curtailed, forcing them to switch
from powerful and highly automated distributed tactics back to a more
one-on-one style of attack. The direct effect of such spreading
security would be a major drop in those SANS statistics, as remote
systems stop attacking your systems and instead go back to doing their
real jobs. This is a reason for optimism in fighting spyware, and for
shutting it out not just from new systems, but from older ones around
the globe.