Number 271 - December 2005
SYMANTEC:Avoiding Security Risks
by Kraig Lane, Group Product Manger, Symantec Corp.


Foreword

   Many articles submitted by manufacturers are little more than a commercial pitch for a product, seeking publication to obtain free advertising. This article from Symantec provides good insights into the personal considerations of computer security and earns its place in User Friendly. (LACS Newsletter) *Los Angeles Computer Society

   For millions of consumers in households worldwide, home computers are being used for a wide range of activities. From managing booking travel reservations to managing financial accounts, communicating with friends and colleagues, conducting research, and more, the PC has become a critical component of everyday life.

   However, as computer-related security incidents continue to increase, consumers have become increasingly concerned about online safety--and with good reason. To protect themselves from becoming victims of a growing wave of Internet threats, computer users need to know how to avoid them.

   To achieve this, consumers must first understand the types of threats on today's digital horizon and then identify and follow simple best practices for protecting their confidential information and safeguarding their home computers.

Financial Objective
   In recent years, hackers launched malicious code in order to get attention, particularly from the technical community. But today's hackers are driven by financial motives. According to the most recent Internet Security Threat Report from Symantec Corp., a comprehensive, biannual review of global Internet threat activity, the financial sector received the highest ratio of severe Internet attacks of any other industry, including high tech, manufacturing, healthcare, power and energy, and more. The reason for the focus on the financial sector is clear: that's where the money is.

   Evidence of this shift in motivation is as easy as looking at consumers' email inboxes. Most likely, in addition to the mounds of spam messages are phishing attempts. Phishing is an effort by a third party to solicit confidential information from an individual, often for illicit financial gain. Phishers often use spoofed email, malicious Web sites, or Trojan horses downloaded through the user's Web browser to trick users into disclosing sensitive information such as credit card numbers or online banking information.

   Phishing is a big problem that's getting bigger. During the last six months of 2004, the number of phishing attacks increased steadily from week to week--from 193 new attacks during the first week to an average of 400 phishing attacks by the end of the period. Because spoofed email and Internet sites are becoming more and more sophisticated, phishing attacks are harder than ever to identify and defend against.

   To protect against becoming victims of phishers, security experts recommend that in addition to following general best practices for computing, consumers should visit sites such as http://www.antiphishing.org in order to learn about the latest phishing scams. Security experts also suggest that users should never disclose any confidential personal or financial information if they have doubts about the authenticity of an email or Web site.

Nowhere to Go...
   Information exposure threats can be present in almost any type of malicious code, including Trojan horses, worms, viruses, and back door server programs. Several worms and Trojan horses contain keystroke logging and back door functionality in addition to their other components. Such threats have continued to increase since June 2003, according to the Internet Security Threat Report. Over the last half of 2004, malicious code that exposed confidential information represented 64 percent of the top 50 malicious code samples received by Symantec--up from 44 percent in the first half of 2004 and 36 percent in the second half of 2003.

   This increase is partially due to the increasing proliferation of bots, which expose all information on a compromised computer due to their remote access capabilities. Bots--short for "robots"--are programs that are covertly installed on a user's computer in order to allow an unauthorized user to control that computer remotely. Bots are designed to let an attacker create an entire network of compromised hosts, which can then be remotely controlled to conduct malicious activities collectively. Bots are a significant part of the trend of using malicious code for profit as spammers use the IP addresses of compromised home computers for relaying their messages.

   Bots often employ multiple propagation mechanisms to compromise computers. Therefore, consumers are advised to avoid using questionable peer-to-peer services, use strong password protection on shared network drives, and patch vulnerabilities in their operating systems and applications.

   It is not surprising that client-side vulnerabilities are often implicated in information exposure breaches. Client-side vulnerabilities target the computer systems of individual users rather than servers of an organization. They target applications such as Web browsers, email clients, peer-to-peer networks, instant messaging clients, and media players. They are often, but not always, the result of logic errors or flaws in access control systems and they are often easily exploitable, particularly in browsers.


   In fact, Web browser vulnerabilities are also taking on a new twist as hackers are now not only looking to exploit vulnerabilities in Microsoft Internet Explorer but also in newer, alternative browsers such as Mozilla, Firefox, and Opera. After all, a compromised browser could mean a compromise in the security of all Web-based transactions. In the last half of 2004, Symantec documented 21 vulnerabilities affecting Mozilla and Firefox, 13 vulnerabilities impacting Microsoft Internet Explorer, and six reported in Opera.

   To avoid browser-based threats, consumers should carefully research browser alternatives and evaluate their level of security before deploying them on the desktop.

Spyware's Ugly Face
   Spyware is one of the most worrisome Internet threats that consumers face today. The term. applies to standalone programs that can secretly monitor system activity and relay the information back to another computer. Some spyware is legitimate. Some corporations use it to monitor employees' Internet usage, and parents use spyware programs to monitor their children's online activity. But it is the less-than-legitimate spyware that represents a security risk to consumers, particularly since it can be used for identity theft and fraud.

   There are a number of ways by which spyware can be installed on a user's system. Some spyware programs are made available as freeware--that is, as software that can be downloaded at no charge. These programs usually require the user to agree to an end user license agreement (EULA). Other spyware programs do not include a EULA. Consequently, consumers are advised to use security solutions that detect spyware regardless of the presence of an EULA.

   Spyware programs can also be bundled with a legitimate program. This bundling is not done by the legitimate program producer or distributor but rather by someone who wants access to confidential data that users may divest as they use the legitimate program. The software package is then placed on a public download site or is sent to a newsgroup for maximum exposure. It is executed when the user runs the legitimate program.

   Spyware can also be installed through a Web browser using ActiveX controls or browser helper objects (BHOs). BHOs are add-on programs that can add features to a user's browser. To reduce this risk, it is recommended that users disable ActiveX wherever possible or configure their browser to require a prompt for ActiveX controls to execute. Then, should the browser present a dialogue box that is not expected, the user should not click anywhere on the dialogue box but, instead, immediately close the browser window.

   Consumers are advised to be extremely cautious when removing spyware. Programs should be removed as non-intrusively as possible in order to minimize any problems that might result from the removal of the program. To avoid these types of problems, it may be necessary to ignore some non-critical aspects of these programs such as benign registry keys left behind during the uninstall process.

Best Practices for Consumers
   By following a number of general best practices, consumers can significantly reduce their exposure to today's Internet threats. For example, consumers should use an Internet security solution that combines antivirus, firewall, intrusion detection, and vulnerability management for maximum protection against complex, blended threats. They should also ensure that security patches are up-to-date and that passwords are a mix of letters and numbers. Additionally, passwords should not include dictionary words, and they should be changed often.

   Email attachments continue to pose a major security risk to consumers. Users should avoid viewing, opening, or executing any email attachment unless the purpose of the attachment is known. Virus definitions should be updated regularly. By deploying the latest virus definitions, consumers are protected against the latest viruses known to be spreading "in the wild." Consumers are also counseled to routinely check to see if their PCs or Macintosh systems are vulnerable to threats by using an online vulnerability scanning service from a reputable information security provider.

   Education, in harmony with reliable security solutions, is vital to thwarting security breaches. Consumers should learn to recognize computer hoaxes and phishing scams. Hoaxes typically include a bogus email warning to "send this to everyone you know" and improper technical jargon to frighten or mislead users. Phishing scams are much more sophisticated. Consumers must remember that most legitimate businesses will never ask users to disclose confidential information over the Internet. The best course of action is to simply delete these types of emails.

About the Author
   As group product manager at Symantec - http://www.symantec.com Kraig Lane is responsible for the overall management of Symantec's consumer Internet security solutions. He works to define product objectives and strategies for Norton Personal Firewall, Norton AntiSpam, and Norton Internet Security, cornerstones of Symantec's thriving consumer business. Lane also utilizes his vast knowledge of the Internet security space to drive the development and introduction of new solutions to tackle emerging online threats.
  Number 271 - December 2005