Devangshu Datta: Net security 101

TECHNO BEAT

That's why simply installing the latest firewalls and anti-virus packages does not protect a network from intrusion. The onus is with users, to recognise and deal with new threats as they arise.

It's been a long time since I had an anti-virus (AV) package on any of my systems. One reason is parsimony. AV costs significant sums in foreign exchange and no single AV covers the vast range of threats out in cyberspace. Plus, some AVs conflict with each other and they can cause odd system changes.

Virus infections are spread through downloads. Every free music/video/e-book site and peer-to-peer (P2P) network is choc-a-bloc with infections. And every time an acquaintance is infected, your e-mail id is harvested.

You then receive virus-laden e-mails with forged return IDs. If you download screensavers of Kylie Minogue playing topless tennis or watch Paris Hilton doing her kiss-and-show act, once again you run a high risk of infection.

Most web-mail servers have industrial-strength versions of online AV and these usually identify virus-infected mail. If you never use Outlook Express with the "preview" option and preferably, access only web-mail on a home system, your chances of picking up a virus are much reduced.

Yahoo! and Google, for instance, have much better AV than most Fortune 500 corporates and Internet service providers (ISPs). Using web-mail rather than a paid e-mail service also frees you from the hassle of migrating IDs if you change ISPs.

If you download topless Kylie, isolate the file and scan it immediately with a free online AV scanner or preferably several. I'm not going into the legalities of P2P downloads here, just suggesting that files acquired this way be thoroughly screened.

Online scanning will pick up viruses: that is, programs designed to infect files and damage hard drives. But it will not necessarily pick up spyware or trojans.

Spyware and trojans often come pre-packaged inside file-sharing freeware like Kazaa and in various shareware packages. Sometimes it installs as cookies and browser helper objects (BHO) that are automatically received if you access certain sites. (The Internet Explorer browser links to spyware site Alexa).

Spyware doesn't damage the infected system. It broadcasts out. Some spyware initiate browser hijacks, redirecting traffic to porn sites. Other spyware pick up info ranging from surfing habits to passwords and credit-card numbers.

A trojan or RAT (Remote Access Trojan) is much worse. Trojans allow a remote user to take over systems through the backdoor. Most trojans incorporate keystroke-loggers, which totally compromise security. Trojans can be used to create armies of remote "bots" to attack networks "" this is how hackers initiate denial of service (dos) attacks.

There are many anti-spyware and anti-trojan packages available "" including some good ones for free. But no combination of packages can guarantee to pick up everyone of these programs "" new "malware" is written everyday.

The one thing that tells you about the existence of trojans or spyware is open ports on your machine. A networked PC communicates through ports "" numbered interfaces where specific services run. Trojans and spyware must open ports to communicate.

There are several Net sites that probe a machine on request checking for open ports. Once you know a port is open where it shouldn't be, you know there's a trojan or spyware in operation. After that, it's relatively simple to find the offender. Or, to instruct a firewall to block that port.

Why, you may wonder, am I writing about Net security in such basic, general terms? I picked up a trojan on Budget day "" in one of these sessions when I made a massive number of downloads and surfed many sites.

So it's impossible for me to finger the source of infection. But I was just thinking how diabolically entertaining it would be if everybody who downloaded Budget documents was infected!