[jaws-uk] Re: Fw: [Think-Aboutit] Worms and Trojans - What's The Difference?

• From: "Tristram Llewellyn" <tristram.llewellyn@xxxxxxxxxxxxxxxxxxx>
• To: <jaws-uk@xxxxxxxxxxxxx>
• Date: Tue, 4 Mar 2008 11:57:27 -0000

Just some thoughts.
 
This is a slightly misleading info-mercial for an anti-virus, and the
information it purports to impart is incomplete and leads one to the
conclusion that AVAST anti-virus and firewall, anti-spyware are the only
solutions to protect yourself.  This is very far from the truth.
 
Firstly, a worm can only get into a system if it can find an open port
to come through.  With the default turning on of the Windows firewall (I
think service pack 2 in XP) blocks one route and use of one of the
modern NAT routers blocks another by giving you a private IP behind a
firewall.  When a nasty worm comes knocking on your door it doesn't even
get a response from your IP address so it doesn't even know you are
there to infect.  
 
Secondly a worm or a Trojan must exploit a vulnerability in your system,
these are usually to do with programs or services running on your
machine.  Typically these are some kind of remote code execution that
inject code into your system because of a security weakness in your
Windows or other software.  Therefore the answer to this is to pick up
your updates for Windows and other software.  If there is software you
do not use on your computer uninstall it, a security vulnerability may
be exploited in it that you do not know about and allow someone to gain
access into your PC, if the software is not there that vulnerability
will not exist, that is cheaper and more secure than any anti-virus or
firewall.  There was a recent case of HPs PCs pre installed software
(sometimes known as crapware) being exploited in this way causing their
customers potential risk.  One example of a frequently attacked
application apart from MS Office is Adobe Reader.  Almost everyone has
got one and there have been a spate of dodgy PDF files that used an
exploit to inject program code into a your system.  You can stop this
by:
a) Updating your Adobe Reader software or similar or if not using it
uninstalling
b) Being suspicious of attachments from unknown unsolicited sources they
are nearly always bad, however if the software into which the file goes
is patched there is less chance of it doing damage.
 
Thirdly, anti-virus and anti-malware are always a step behind the hacker
or online criminal.  By the time malware has got onto your system all
bets are off as to whether you may be able to get the system clean.
Malware is now polymorphic and there is even polymorphic JavaScript code
potentially in circulation.  This polymorphism means you cannot rely on
your anti-virus alone to keep yourself safe, you must take some part in
this.
 
Fourthly, since patching, firewalls and modern routers have made us all
much safer from wondering worms the vector for attacks has now changed.
Many attacks are based on social engineering, the sort of thing where
you get a message saying somebody has sent you an e-card, or a link to
some great picture.  If this is unsolicited you can always bet that this
is forming part of a social engineering attack that will take you to
some online web forum or webpage that is carefully crafted to install
malware onto your PC making you the unwilling accomplice.  This is all
similar to the phishing escapades of a year or two back where people
were hit with emails purporting to be from their bank or eBay saying
they had to re-register or something, users would cheerfully go to the
carefully (or not so carefully) crafted site and give the hacker/online
criminal their details.  If you need to go to your online bank or other
security enabled website type in the URL you know not from some link
someone gives you.  Another type of social engineering attack occurs on
serial number and software crack sites.  Everyone wants no cost software
or a crack to make some software work which they haven't paid for.  Such
sites as serial number/crack sites and porn sites are now sold as kits
in the online underworld in order to specifically install malware onto
your PC, please don't go there it is bad for your PC.
 
Lastly, please realise that file sharing and torrents are not just used
by nice people but also used by the underside of the online community.
As such both fire sharing and torrents are a back door into your PC for
software or files you really don't know or can realistically trust.
Whilst all may not be malicious you put yourself and your trust in
others you do not know and your anti-virus and security software.  File
sharing or torrents are usually things people want to free that they
wouldn't get otherwise remember that puts you in the space as anyone
else that may be vulnerable to social engineering attacks, to think
otherwise I am afraid is naive.
 
If you can use IE7.0 it is definitely more secure but remember security
is not a done deal 100 percent.  It is a moving target and no anti-virus
is 100 percent.
 
 
 

Regards.

Tristram Llewellyn
tristram.llewellyn@xxxxxxxxxxxxxxxxxxx
Technical Support
Sight and Sound Technology
  

 

• References:
  • [jaws-uk] Fw: [Think-Aboutit] Worms and Trojans - What's The Difference?
    • From: amie.slavin

Other related posts:

• » [jaws-uk] Fw: [Think-Aboutit] Worms and Trojans - What's The Difference?
• » [jaws-uk] Re: Fw: [Think-Aboutit] Worms and Trojans - What's The Difference?

1. Home
2. jaws-uk
3. Archive
4. 03-2008

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---