Cute Klez Trick

I’ve received hundreds of copies of the Klez virus, but a few minutes ago received the cleverest one I’d seen yet — it was an e-mail purporting to contain an attached file from McAfee that would remove any Klez infection from my computer.

Of course the file is in fact the Klez virus itself. Very clever — I know some people who would probably fall for that.

I’m just amazed at how successful the Klez virus has been. I never open attachments from people unless I know them and I’m expecting the attachment. Even then I take a lot of extra steps to make sure I’m not accidentally going to laucn some executable (why do people open JPEG and GIF attachments directly from their e-mail client, for example — just save the damn thing and open it up in a graphics program).

Broadband Providers Need to Educate, Allow Subscribers to Better Protect Their Systems

Wired has a story about broadband providers simply cutting off access to users whose systems become infected with Code Red or Nmida. Wired mentions that Speakeasy and DSL Inc. simply yank access to users whose systems are infected with such viruses/worms.

This is a big problem, but an even bigger problem is that most broadband providers a) do almost nothing to educate their users about the security problems associated with broadband service, and b) actually forbid users from using the best security methods to ward off infestations and attacks.

I’ve been through the process both with DSL and cable and neither provider even so much as hinted that I might want to think about any sort of software or hardware solution to prevent attacks on the computer(s) hooked up to my broadband connection. Both providers had information on firewall software buried deep in their web sites, but I assume they were afraid providing any security information might turn off potential customers.

Since I am very concerned about security, I run a small NAT router. The problem is that this is in direct violation of my agreement with the cable company which strictly forbids using any sort of router.

That restriction is added because they don’t want people using the cable access to run web, ftp, and game servers. The problem with servers is a legitimate concern — the first week the students cam back to the university here, my cable connection was almost nonexistent because the bandwidth was being used by students setting up bandwidth-munching servers.

But it’s stupid to simply ban routers because of this. Routers, after all, don’t make it difficult to find the people abusing the system. Talking with a tech support guy about the problem, he said they could identify neighborhood-sized areas where the traffic was thought he roof and then run port scans to determine who was violating the terms of service.

The ban on routers, then, simply makes the average home users system less secure, while really doing very little to fight the bandwidth hogs. Rather than fighting routers, broadband providers should be encouraging people to buy them as an important part of general network security.

Problems with Firewall Software

Internet News has a story about popular firewall software — including the package I use, Norton Personal Firewall — failing to stop outbound traffic that would be generated from something like a trojan or a virus.

The key for the Norton package is automatic rule-based outbound permission schemes. Basically if you foolishly choose the wrong option, Norton just assumes that if a program identifies itself as Internet Explorer, that it really is Internet Explorer and simply lets the outbound connection go through. Not a good idea.

As Steve Gibson, who wrote a utility called LeakTest to test the ability of various firewall programs to stop these sorts of trojans, says, “This idea of allowing all these apps pre-approval is ludicrous. It’s trivial to get permission out of the firewall without notifying the user.”

Norton replies that if you’re running a virus checker and the firewall the risk is minimal — but they’re going to update their software anyway. Gibson endorses ZoneAlarm which uses cryptographic signatures of pre-approved applications to make sure it’s really IE rather than a trojan or virus trying to make an outbound communication.

And yes, I’ve found these sort of things on my system, though how they got there I haven’t a clue, so the risk is real.

DSL and Hackers

Wired’s Farhad Manjoo has an article about the potential problems created by always-on broadband connections, Broadband Could be Hackland.

I was surprised after all of the literature they sent me along with the numerous times I called technical support, that no one at Ameritech even raised the possibility that extra security precautions might be in order when using a DSL connection. I was already aware of such problems, but you’d think even a small “buy a firewall program for extra security” note might be in order.

On the other hand, maybe they have the same contempt for their consumers as [email protected]’s Richard Holden does. Holden says the security problems with broadband have been blown out of proportion (which may be somewhat true) and, as Wired paraphrases, “Holden added that only if people are using their computers to store sensitive information will extra security software be necessary.”

What world is this guy living? Everybody I know who owns a computer has sensitive data on it, even the folks who aren’t power users. Several people I know use their computer to prepare their tax returns; others use Quicken and other financial packages to keep track of their money.

As far as I’m concerned my e-mail is very sensitive data in that I wouldn’t want some cracker gaining access to it. I know even casual computer users who use email to communicate relatively sensitive information. Of course firewalls don’t guarantee nobody will get access to your data, but you always want to put as many impediments as feasibly possible in the way of those with malicious intent.

The blaise attitude among broadband providers toward security is very puzzling.

DSL Almost Derailed

The other day I signed up for DSL service through Ameritech. Today they left a message on my voice mail saying they don’t support Windows Millenium Edition, the OS of the computer I told them I was going to use for DSL access. Had to call them back quick to make sure they didn’t delay the installation — told them I had a Windows 98 machine. Which, of course I do, but they didn’t ask so I didn’t tell them I actually plan on hooking the DSL up to a LinkSys DSL router.

Not very honest perhaps, but what sort of vendor actually thinks that given the number of 2+ computer households that they can get away with stipulating that you can’t run both DSL and an Ethernet network (that is one of Ameritech’s stipulations for service — that you not network the computer the DSL is on.) They really hate things like the LinkSys DSL router, but I really want a firewall between my computer and an always-on DSL modem without having to dedicate a separate computer running something like BlackIce (it’s interesting that so far, neither the literature I’ve received from Ameritech nor in my conversations with the DSL sales representatives did anybody alert me to any of the security problems that might come from having DSL without some sort of firewall or similar software).