Virus Attacks & Intrusions:

Virus attacks and intrusion attempts by crackers have been causing lots of troubles and serious damages to almost all the computer users. Ever the day, one starts using a computer, virus infection becomes an issue of concern. In this era of Internet, a virus attack can be well categorized as a terrorist or burglar attack. One is always left in a frightened situation, worried about the security of crucial data, completion of mission critical tasks and achievement of important goals.

Unfortunately, it's becoming a presumption of a non-technical user that viruses are integrated parts of computers & Information Technology, which from their perspective is not that false! But the following paragraphs unveil the other side of the picture, which is unseen obviously.

Windows is not only the most favourite choice of computer users but Virus Programmers and Intruders as well!

An insight:

Let us review some hard, bitter and astonishing facts about Windows as well as computers

Why anybody would look forward to computerization: Since the introduction of Information Technology & Internet, the approach and methodology of most common activities has quite changed. Computer has become an essential instrument for an entrepreneur, a professional, an industrialist, a student and even for a housewife. The most obvious motive behind "addition of a computer to the life of a human being is to add to the working power and capabilities, to finish tasks sooner and to reduce the burden".

Cursing the moment when you decided for 'Computerization'? An application or hardware crash or an Internet connection failure seems to be minor problem, which may interrupt crucial tasks but temporarily only. You find yourself stressful, worried, annoyed and irritated when a virus attacks your computer or network. But the most disastrous situation is when it brings down the entire network, just in a matter of few hours. All crucial tasks are interrupted. Leakage of most confidential information and vital data leaves a business executive screwed and pulling hairs. One regrets having taken a wrong decision to have computers.

Alternatively..

On the other hand, in an effort to evade this moment, one has to indulge in an additional burden of saving and backing up all the crucial data, thereby leaving all other important and mission critical tasks in fray. Ensuring Data-Security becomes mission critical and most prioritized task.

Conclusion

So we ask ourselves, are these technologies really doing any benefits to an existing smoothly operative business and a peaceful life? Are these tools not like A Dual Edged Sword, one edge of which always faces who holds it?

The other explanation may be that though we have got highly efficient tools but we need to get a better control over those tools to prevent these tools doing harm to ourselves! What we need to do at the moment is to evolve methods of utilizing them properly to make the most out of these technologies. Perhaps, you would like to go by the second statement more than the first one.

So what is the solution? Where do we go wrong? Why do you have to go down to your knees, every time a virus attacks?

The Real Life Security Vs Computer Network Security

Before we jump over to the technical know how, let us review a real life example in brief. How we implement security in real life. Did we secure our computers and network the same way?

Consider you own a building. For its security, you hire the services of a security company. The security guards would keep a watch and challenge the entrance of any person. One, who produces a valid Identity Card, is allowed to enter the premises or else one must make an entry in the register or the person to be met is informed first.

Who is issued an identity card? Obviously, all members, known and trusted persons are issued an identity card. (Read this issue carefully for reference later in this article)

Designated permissions for roaming, visiting and privilege use: Even after successful entrance, there are sets of rules and regulations i.e. restrictions on roaming around inside the premises, permission to visit only the areas where everybody is allowed etc.

Discipline and Code of Conduct: Each organization or complex constitutes its own discipline and code of conduct for its members and visitors. No member or visitor is allowed to violate the conduct or execute any action which is not allowed to them.

This illustrates briefly the security model we practice in our computers and networks.

So in our computer system also, the Operating System (especially Windows), the AntiVirus Software and the Windows Applications we use, should necessarily be made to meet the norms and standards of this real life example.

Let us now review the method of securing our computers:

Antivirus Definitions Vs Identity Card: Antivirus Definitions are nothing but a database of "Known Viruses" on the basis of which, the AntiVirus Software would execute remedial actions. That means, an Identity Card issued in favor of the known criminals rather than to the members or to trusted and known persons. Anybody not having a valid Identity Card are considered to be Gentlemen and accorded a red carpet welcome while those who have are identified as criminals and thrown out. Convinced?

In this information age, is The Man, in its most genius state, doing anything genius by "Updating Virus Definitions" instead of "Updating Application Definitions"?

------------------------------------------------------------------------------------------------

How viruses advanced with the development in technology

From switching on a computer to connecting to internet, stages when a virus may infect a computer

During Bootup:

When the bootable media i.e. A Floppy Diskette, CD-Rom or hard drive or any other media, is infected by a boot sector virus, the computer will be infected.

When there is a floppy disk in the drive or a cd-rom is present in the drive, whether or not it is bootable, but infected by a boot sector virus it may infect the computer

When the system files (i.e. io.sys, msdos.sys command.com) are infected.

Any other files which are loaded or accessed during or after the boot process

During device drivers loading:

When any device drivers are infected

When a virus program pretends to be a device driver or replaces the actual device driver

When a virus program runs itself as a service

Startup Event

When a virus program configures itself to run at windows startup (This is when the windows desktop and start menu appear)

Attaching with any other program

A virus may attach itself with another program, so whenever that program is run, the virus also executes and carries out its process

Invalid File Type

A virus may appear as a particular file type which in fact it is not. For example, a virus may appear as ".ZIP", ".SCR" or ".PIF" file but it may not be truly a ".ZIP", ".SCR" or ".PIF" file. So double clicking or opening such a file, will execute the program, which opens that file and thus infecting the computer. It is very common that an email carries such infected attachments, when opened; they can easily infect a computer or entire network. In a few moments.

Macro Viruses

Macro programs are actually VBScript codes, usually inserted in Microsoft Office documents i.e. MS Word documents, Microsoft Excel Worksheets or Microsoft Powerpoint presentations. Macro programs are actually written to automate some specific tasks. So a malicious macro code may gain access to objects and may infect a machine

Through infection in other files which are loaded with the operating systems

An HTML file configured as desktop wallpaper

An HTML file configured as email stationery

Hyper Text Templates (files which make the folder view i.e. folders.htt)

Through Email

A worm may send itself as an attachment

A worm may pretend to be a particular file type which in fact it is not i.e. .pif , .zip etc

A worm may insert a script in an email in HTML format

An infected message can be sent using a fake email address in the "FROM" field of the message or someone else' address or even no address at all. This is due anonymous nature of SMTP

Through website

Worm may insert script in web pages of a website infecting all the machines of visitors viewing those web pages

Above are most common methods used by viruses.

Simply an Internet Connection

Nowadays, viruses simply search for computers with unpatched operating system. When such a computer is found connected to Internet, just a TCP connection is needed to infect that machine. Even if the user is just inactive, not browing the web, not accessing emails or chatting, a connection may be established with any open TCP Port and the machine is infected.

Virus developers have advanced their techniques by exploiting vulnerabilities and establishing connection on open TCP Ports. Nowadays, a computer only needs to be connected to internet to become a target. Recent attacks of Blaster, Welchia, Mydoom, Netsky etc. use such techniques.

That means, a computer is not secure against viruses and intrusion attacks with just an AntiVirus Software. In addition, a firewall, properly configured domain policy, local security policy as well as file level security is also needed.

Still, security is not 100% perfect, rather full security is never guaranteed at least in the operating systems we have.

Hundreds of flaws and vulnerabilities:

There are so many vulnerabilities and so many methods a virus may exploit and infect a machine or network. Briefly, we must review the concept of registering applications instead of maintaining virus definitions.

Currently, a programmer may develop his/her own program and execute it. Well, he must have the liberty to run programs developed by him. But once those programs are distributed to end-users, those are likely to be executed by them, without being aware of any harm to their computer. This is obviously the root vulnerability of all operating systems. An application must pass some standards and obtain a certification before it is entitled to be distributable to end-users and to be executable on their machine.

Anonymous nature of Internet Network

That's why virus programs and spam messages may freely travel on Internet.

Ever thought, to access Internet, one just needs to authenticate against ISP network? While this means, one may access the resources permitted by the ISP, one may access any internet resource i.e access websites, send or receive emails, chat with anyone, share data etc. But the internet itself is a network (the largest network) and no authentication is required to access it. All anonymous resources are accessed only by authenticating against their respective ISPs. To the exception, though, there are secure websites, mail servers and various other resources, which need explicit authentication through SSL or by some other means, yet most of Internet Resources are anonymous in nature.

This is explained in a more clear example: Once I had been to a café and met a guy who was viewing a video clip sent to him by some of his friend. That video clip was live shot of "Execution of Napelese by Iraqui terrorists" which was published on Internet. I asked that guy to forward it to my email address, not having a slightest idea of how horrifying watching that execution would be. I had to repent, why the hell did I ask him to send that to me.

Upon watching that clip on my computer in the evening, I was so frustrated and angry too, that I lost my urge to have dinner. I had planned to work till late in the night but I had to turn off my PC and go to bed. As if this was not enough, I couldn't even sleep till very late. The next morning, when I was back to work, once again I was frustrated while switching on my PC. Again that damn email would appear in Microsoft Outlook. However, I had to start working, so I managed to start. The first thing I did was, I deleted that video clip, the email, and even the email address of that guy. Then I had been trying hard to forget all this. It took me more than a week to be normal.

If a mature man like could be so frustrated, angry or may become violent after having watched such things, just imagine, how it would have affected our innocent kids?

This inspired me to think over it, why the hell this Internet Architecture permits criminals and terrorists access internet and publish such barbaric violent contents on websites. Why do we permit the terrorist network to communicate over Internet and give shape to their plots?

Shouldn't we expect that Internet must be for noble ladies and gentlemen and only for nice human beings? Some may argue this may not be possible but this ain't either. At least , we can better control it by denying anonymous access to Internet.

Spams and Un-solicited emails

Have you ever come across a person who owns an email ID and has never received any spam messages? Almost everyone is looking for a perfect solution to fight against spam messages.

Some of the characteristics of spam messages

From address:

Spam messages are sent from a fake address, using anonymous or private SMTP servers. From addresses are chosen randomly, so each message may be sent from a new fake email address

Messages may be sent from a list and even if the recipient un-subscribes a list, subsequent messages are sent from another mailing list. So the recipient has to un-subscribe every time he receives a spam message from a particular list

To / CC / BCC address: Spam messages may or may not contain the recipient's address in any of the 3 fields

Subject : The subject line may be chosen randomly

The subject as well as the body may have spelling errors (Spelling errors are committed intentionally so as to confuse the spam assassin software)

In the years to come, antivirus software, firewalls etc. would be insufficient and too much resource consuming.

-----------------------------------------------------------------------------------------------

The Perfect IT Security Model

In the previous paragraphs, we discussed a lot on viruses and intrusions, flaws and vulnerabilities, which raises many questions on the security model we have in practice.

So are we going to get a perfect solution?

Is there any end to it?

Shall we have to keep our fingers crossed and to chase for the remedies every time there is a virus attack or any intrusion?

The difference between a computer and a human:

Well, in my opinion, when the computers were designed, it was never imagined that such viruses (malicious programs) shall be undoing our hard work. So a mistake had taken place and the time of building the foundation i.e. the basic technique on which a computer start working.

Actually, computers are dumb machines which can neither speak nor listen, neither can they see nor feel like we human beings. So how would these machines do the calculations for us and even faster than us? The main problem was the communication and interpretation between a human and a computer as the computer can not understand any spoken or written language. All it can do is "Determine whether a particle is magnetized or not". That means it can distinguish between two conditions, either on or off; either 0 or 1; either on or off; either yes or no. That means the computer has only 2 digits for computation (counting). This is called binary language.

Then it was compared with how the man learnt counting in the ancient days. We have decimal system for counting i.e we have 10 digits for counting. So a relationship was established between the counting system (Binary Language) which a computer can understand and the counting system (Decimal System) which man uses. Thus a formula is developed to convert the counting in decimal system to binary system. So the problem of interpretation is solved. This was the basis which led the way to develop Computer System.

So this is clear by the above that "A computer would do the calculations or any other task the way we human beings do, except that it has a different counting system".

The difference between Security in IT and Security in Real Life:

In real life, protection from external threats

The Army protects the nations at the border

Guards protect an apartment or complex at the gate and the boundary walls

The shell protects the egg

Any thing which is sensitive is protected at the external level not where the heart is.

Protection from internal threats:

Police force for the protection from thefts, burglaries and maintaining law and order

Designated executives, managers and directors within an organization

Disaster Management System

Many more examples can be given on this

How we secure computers, networks and data?

Antivirus software which runs only within the Operating System

Firewall (software based) which runs within the operating system. (A Hardware based firewall can be an exception)

Intrusion Detection System

To some extent, these technologies give protection but never proved to be perfect and reliable.

Proposed IT Security System

Think of an international organization, which is responsible for maintaining Global IDs for:

Each and every human in the world

Each and every server which is part of Internet

Email IDs

Software Applications

These IDs contain the basic information for what they have been issued and activities of the ID holder. This can function the same way, our DNS server operate. The database can be maintained in the same manner, as is the case of maintaining TLD's (Top level domains i.e. .com, .net, .edu etc.)

Installation of a computer:

As soon as a computer is switched on, rather than searching for a bootable device, it should look for a media which contains a record of IDs of applications which can be installed and executed on it. Once it finds any, it may allow the operating system installation process. Further, any application installed on it, would simply not execute if the computer doesn't find a matching ID in its own database.

Network Communication:

Any server may not join Internet if it doesn't pass the credentials by authenticating against the IDs issued for it. In addition, a service may not be allowed to run unless it passes the similar credentials

Use of Internet Services:

Any person, shouldn't be allowed to:

Send and receive emails

Browse any websites

Chat

Or any kind of service which runs on Internet

Without authenticating with their respective IDs

I think, if such techniques are developed and implemented

No virus would execute on any computer other than the developer's own machine

No person would be able to send spam messages except to his own address

No criminal would be able communicate with his accomplices

And it may open lots of possibilities not only to secure our computer networks and data but it would also become easier to track any criminal from any location in the world

-------------------------------------------------------------------------------------------------

Alternate Solutions (Windows)

Firewall System in Place

System Security Policy

Domain Security Policy

Group Policy

Software Security Policy

Participate the debate on Open Media

Windows How safe?

• More than 95% viruses target Windows
• Most viruses target a well known location in the Windows Registry "HKLM\Software\Microsoft\Windows\Current Version\Run"
• Most Viruses today, just need an open TCP port
• Most virus attacks are followed by a new patch fix-up
• Since 95, the world has seen 7 major releases of Windows, all unsafe.
• TCP Ports not protected. Any virus could easily create its own SMTP server or use any available port
• Unprotected Address Book & Mail folders

Terrifying figures on virus attacks

• 66,114 viruses have been detected till March 13th, 2004 & 68,470 as on Dec. 3rd 2004
• Most of these viruses were created during the last 20 years, that means 9 new viruses attack every day
• Most of these viruses were created after Internet became popular
• Most viruses have things in common: send infected messages, modify particular sensitive sections of Windows Registry, exploit SMTP and Address Book
• The world sees at least 6 major virus attacks every year.
• The entire world suffers loss of millions of dollars, loss of time, loss of delay in projects & achievements and various other unpredictable losses
• The world spends millions of dollars on securing computers, network and data, on anti virus softwares, firewalls etc.
• Most users are aware today about email attachments and to not to open them, still viruses infect their computers
• Most users have an Antivirus installed when they get a computer and update virus definitions regularly
• Most users are not sure whether their computer is reliably safe
• 20% time of working hours is spent on getting information on viruses, virus definitions and on removal of viruses
• The frequency of virus attacks is increasing year by year
• Most users have to suffer unwanted mental stress due to such attacks and interruption in businesses, exams, projects and in crucial tasks

So far viruses seem to have been winning the battle over operating system and antivirus giants

Inappropriate protection technique

• Why virus definitions rather than application definitions?
• Antivirus within Operating System or Operating System within Antivirus?
• What first security or execution? Defence or attack?
• Windows registry how much protected?
• TCP Ports how much protected?
• SMTP Server most exploited. The most favourable to viruses and spam
• Fix up to SMTP and other TCP/IP Ports or another stupid, paid solution to spam and viruses?
• No privileged access to applications and executables, in contrast to user privileges?
• Movement of file among folders another threat? i.e. a virus copies itself from "temp" to system folder

continued...

Participate the debate on Open Media

I feel very sad everytime I read very nice articles from talented bloggers. You would ask why do I feel sad?

Well... thousand of blogs... millions of talented bloggers and infinite number of so nice articles and their ex-pressions ultimately going down the drain...

A nice article, in a few days is burried somewhere down among blog posts and perhaps nobody will be able to find it. If someone finds it, nobody will have time reading it... Right?

I wish to bring all BLOGGERS IN CO-ORDINATION. i.e. Writing in debates on FORUMS instead of BLOGS. So the blogging is A GROUP WRITING, GROUP EDITING AND GROUP READING instead of INDIVIDUAL WRITING.

I am not here to promote my website but to bring all great writers together on ONE CO-ORDINATED PLATFORM DEDICATED TO THE NATION

Participate the debate on Open Media

The natural cycle is a wonderful process. The Nature would recycle each and every element or object and set everything at its place whatever is disturbed by US HUMAN BEINGS.

Since ages, exploitation of the environmental resources has been highly in excess. By excavation, mining, movement of dense matter i.e. cement, rocks, concrete, minerals, metals from the lower mantle to the uppermost mantle of earth etc. we have upset the sphere of the earth.

Breifly, when the pace of development is faster than THE PACE OF TIME and THE PACE OF NATURE'S RECYCLING PROCESS... The Nature is supposed to take it's own course TO SLOW DOWN OUR PACE OF DEVELOPMENT by means of calamities.

Earthquakes, Floods, Droughts, Global Warming, Climate Changes are all such processes to slow down the excessively fast development.

If HUMAN BEINGS COULD EVER OBEY THE LAW OF NATURE

Participate the debate on Open Media

Any comments please?

Dear Sir,

When I lodged my complaint with The Banking Ombudsman, I was advised to endeavour for a resolution through a correspondence with the bank marking CC to The Banking Ombudsman. In case the matter is not resolved over a period of 30 days, the complaint may be registered. I followed the procedure as advised by The Banking Ombudsman for around 40 days.

It was only after the expiry of 30 days that my complaint (Ref. 2801) was registered with The Banking Ombudsman. The detail which you have requested, had already been provided by us and by The Banking Ombudsman. I am astonished to learn, how and why could you ask for the detail again. I am not supposed to be involved at such stupidities all my life.

For the kind attention of entire ICICI Group:
There are 3 types of smart people -

1. Those who are smart
2. Those who believe they are smart
3. Those who believe others are stupids

I AM IN NO DOUBT THAT ICICI BANK, ITS MANAGEMENT AND ENTIRE WORKFORCE ARE SMART OF 3RD TYPES.

My attempts for an amicable resolution are over. Now the matter goes public. I am publishing the matter with all correspondence on various websites, search engines and blogs. The matter is being sent to Deputy Governor - Reserve Bank of India & Supreme Court of India.

I must not be held responsible for any damages to ICICI Bank which may arise of my such action.

Best Wishes

To be continued...

Dear Sir,

With reference to our meeting, I am thankful for you taking time in visiting us and for your sincere efforts in resolving the matter amicably. Though, it could not arrive an agreeable settlement, I hope you might have discussed the matter with the seniors.

I look forward to your positive response in this direction. I would appreciate a similar response from the senior officers at ICICI Bank so the valuable time of us, The ICICI Bank as well as of Judicial Authorities may be saved.

Eagerly waiting for your reply

Reply from The Branch Manager ICICI Bank

Dear Ashok ji,

I have discussed the matter with my seniors........ Without specific details it would be very difficult to workout a proper solution. We once again request you to provide the details of delay in credit of cheques so that we can investigate further.

Looking forward for your help and co-opeation in resolving long outstanding issue.

Assuring you our best services and attention at all times.

regards
Girish

I wish to share this immense pleasure with my blogger friends and all readers which "Satyamev Jayate" has granted me.

MTNL finally sent us revised bills with a correction worth Rs.9500/- though we have more issues to be resolved but it continues to progress in the right direction.

Please keep watch over my blog as much more hot issues are on their way out:

• ICICI Bank
• Times Group (Indiatimes and Times of India)
• Election Commission of India
• Office of Prime Minister