(In the editing phase yet)
Virus Attacks & Intrusions:
Virus attacks and intrusion attempts by crackers have been causing lots of troubles and serious damages to almost all the computer users. Ever the day, one starts using a computer, virus infection becomes an issue of concern. In this era of Internet, a virus attack can be well categorized as a terrorist or burglar attack. One is always left in a frightened situation, worried about the security of crucial data, completion of mission critical tasks and achievement of important goals.
Unfortunately, it’s becoming a presumption of a non-technical user that viruses are integrated parts of computers & Information Technology, which from their perspective is not that false! But the following paragraphs unveil the other side of the picture, which is unseen obviously.
Windows is not only the most favourite choice of computer users but Virus Programmers and Intruders as well!
An insight:
Let us review some hard, bitter and astonishing facts about Windows as well as computers
Why anybody would look forward to computerization: Since the introduction of Information Technology & Internet, the approach and methodology of most common activities has quite changed. Computer has become an essential instrument for an entrepreneur, a professional, an industrialist, a student and even for a housewife. The most obvious motive behind “addition of a computer to the life of a human being is – to add to the working power and capabilities, to finish tasks sooner and to reduce the burden”.
Cursing the moment when you decided for ‘Computerization’? An application or hardware crash or an Internet connection failure seems to be minor problem, which may interrupt crucial tasks but temporarily only. You find yourself stressful, worried, annoyed and irritated when a virus attacks your computer or network. But the most disastrous situation is when it brings down the entire network, just in a matter of few hours. All crucial tasks are interrupted. Leakage of most confidential information and vital data leaves a business executive screwed and pulling hairs. One regrets having taken a wrong decision to have computers.
Alternatively..
On the other hand, in an effort to evade this moment, one has to indulge in an additional burden of saving and backing up all the crucial data, thereby leaving all other important and mission critical tasks in fray. Ensuring Data-Security becomes mission critical and most prioritized task.
Conclusion
So we ask ourselves, are these technologies really doing any benefits to an existing smoothly operative business and a peaceful life? Are these tools not like A Dual Edged Sword, one edge of which always faces who holds it?
The other explanation may be that though we have got highly efficient tools but we need to get a better control over those tools to prevent these tools doing harm to ourselves! What we need to do at the moment is to evolve methods of utilizing them properly to make the most out of these technologies. Perhaps, you would like to go by the second statement more than the first one.
So what is the solution? Where do we go wrong? Why do you have to go down to your knees, every time a virus attacks?
The Real Life Security Vs Computer Network Security
Before we jump over to the technical know how, let us review a real life example in brief. How we implement security in real life. Did we secure our computers and network the same way?
Consider you own a building. For its security, you hire the services of a security company. The security guards would keep a watch and challenge the entrance of any person. One, who produces a valid Identity Card, is allowed to enter the premises or else one must make an entry in the register or the person to be met is informed first.
Who is issued an identity card? Obviously, all members, known and trusted persons are issued an identity card… (Read this issue carefully for reference later in this article)
Designated permissions for roaming, visiting and privilege use: Even after successful entrance, there are sets of rules and regulations i.e. restrictions on roaming around inside the premises, permission to visit only the areas where everybody is allowed etc.
Discipline and Code of Conduct: Each organization or complex constitutes its own discipline and code of conduct for its members and visitors. No member or visitor is allowed to violate the conduct or execute any action which is not allowed to them.
This illustrates briefly the security model we practice in our computers and networks.
So in our computer system also, the Operating System (especially Windows), the AntiVirus Software and the Windows Applications we use, should necessarily be made to meet the norms and standards of this real life example.
Let us now review the method of securing our computers:
Antivirus Definitions Vs Identity Card: Antivirus Definitions are nothing but a database of “Known Viruses” on the basis of which, the AntiVirus Software would execute remedial actions. That means, an Identity Card issued in favor of the known criminals rather than to the members or to trusted and known persons. Anybody not having a valid Identity Card are considered to be Gentlemen and accorded a red carpet welcome while those who have are identified as criminals and thrown out. Convinced?
In this information age, is The Man, in its most genius state, doing anything genius by “Updating Virus Definitions” instead of “Updating Application Definitions”?
------------------------------------------------------------------------------------------------
How viruses advanced with the development in technology
From switching on a computer to connecting to internet, stages when a virus may infect a computer
During Bootup:
When the bootable media i.e. A Floppy Diskette, CD-Rom or hard drive or any other media, is infected by a boot sector virus, the computer will be infected.
When there is a floppy disk in the drive or a cd-rom is present in the drive, whether or not it is bootable, but infected by a boot sector virus it may infect the computer
When the system files (i.e. io.sys, msdos.sys command.com) are infected.
Any other files which are loaded or accessed during or after the boot process
During device drivers loading:
When any device drivers are infected
When a virus program pretends to be a device driver or replaces the actual device driver
When a virus program runs itself as a service
Startup Event
When a virus program configures itself to run at windows startup (This is when the windows desktop and start menu appear)
Attaching with any other program
A virus may attach itself with another program, so whenever that program is run, the virus also executes and carries out its process
Invalid File Type
A virus may appear as a particular file type which in fact it is not. For example, a virus may appear as “.ZIP”, “.SCR” or “.PIF” file but it may not be truly a “.ZIP”, “.SCR” or “.PIF” file. So double clicking or opening such a file, will execute the program, which opens that file and thus infecting the computer. It is very common that an email carries such infected attachments, when opened; they can easily infect a computer or entire network. In a few moments.
Macro Viruses
Macro programs are actually vb-script codes, usually inserted in Microsoft Office documents i.e. MS Word documents, Microsoft Excel Worksheets or Microsoft Powerpoint presentations. Macro programs are actually written to automate some specific tasks. So a malicious macro code may gain access to objects and may infect a machine
Through infection in other files which are loaded with the operating systems
An HTML file configured as desktop wallpaper
An HTML file configured as email stationery
Hyper Text Templates (files which make the folder view i.e. folders.htt)
Through Email
A worm may send itself as an attachment
A worm may pretend to be a particular file type which in fact it is not i.e. .pif , .zip etc
A worm may insert a script in an email in HTML format
An infected message can be sent using a fake email address in the “FROM” field of the message or someone else’ address or even no address at all. This is due anonymous nature of SMTP
Through website
Worm may insert script in web pages of a website infecting all the machines of visitors viewing those web pages
Above are most common methods used by viruses.
Simply an Internet Connection
Nowadays, viruses simply search for computers with unpatched operating system. When such a computer is found connected to Internet, just a TCP connection is needed to infect that machine. Even if the user is just inactive, not browing the web, not accessing emails or chatting, a connection may be established with any open TCP Port and the machine is infected.
Virus developers have advanced their techniques by exploiting vulnerabilities and establishing connection on open TCP Ports. Nowadays, a computer only needs to be connected to internet to become a target. Recent attacks of Blaster, Welchia, Mydoom, Netsky etc. use such techniques.
That means, a computer is not secure against viruses and intrusion attacks with just an AntiVirus Software. In addition, a firewall, properly configured domain policy, local security policy as well as file level security is also needed.
Still, security is not 100% perfect, rather full security is never guaranteed at least in the operating systems we have.
Hundreds of flaws and vulnerabilities:
There are so many vulnerabilities and so many methods a virus may exploit and infect a machine or network. Briefly, we must review the concept of registering applications instead of maintaining virus definitions.
Currently, a programmer may develop his/her own program and execute it. Well, he must have the liberty to run programs developed by him. But once those programs are distributed to end-users, those are likely to be executed by them, without being aware of any harm to their computer. This is obviously the root vulnerability of all operating systems. An application must pass some standards and obtain a certification before it is entitled to be distributable to end-users and to be executable on their machine.
Anonymous nature of Internet Network
That’s why virus programs and spam messages may freely travel on Internet.
Ever thought, to access Internet, one just needs to authenticate against ISP network? While this means, one may access the resources permitted by the ISP, one may access any internet resource i.e access websites, send or receive emails, chat with anyone, share data etc. But the internet itself is a network (the largest network) and no authentication is required to access it. All anonymous resources are accessed only by authenticating against their respective ISPs. To the exception, though, there are secure websites, mail servers and various other resources, which need explicit authentication through SSL or by some other means, yet most of Internet Resources are anonymous in nature.
This is explained in a more clear example: Once I had been to a café and met a guy who was viewing a video clip sent to him by some of his friend. That video clip was live shot of “Execution of Napelese by Iraqui terrorists” which was published on Internet. I asked that guy to forward it to my email address, not having a slightest idea of how horrifying watching that execution would be. I had to repent, why the hell did I ask him to send that to me.
Upon watching that clip on my computer in the evening, I was so frustrated and angry too, that I lost my urge to have dinner. I had planned to work till late in the night but I had to turn off my PC and go to bed. As if this was not enough, I couldn’t even sleep till very late. The next morning, when I was back to work, once again I was frustrated while switching on my PC. Again that damn email would appear in Microsoft Outlook. However, I had to start working, so I managed to start. The first thing I did was, I deleted that video clip, the email, and even the email address of that guy. Then I had been trying hard to forget all this. It took me more than a week to be normal.
If a mature man like could be so frustrated, angry or may become violent after having watched such things, just imagine, how it would have affected our innocent kids?
This inspired me to think over it, why the hell this Internet Architecture permits criminals and terrorists access internet and publish such barbaric violent contents on websites. Why do we permit the terrorist network to communicate over Internet and give shape to their plots?
Shouldn’t we expect that Internet must be for noble ladies and gentlemen and only for nice human beings? Some may argue this may not be possible but this ain’t either. At least , we can better control it by denying anonymous access to Internet.
Spams and Un-solicited emails
Have you ever come across a person who owns an email ID and has never received any spam messages? Almost everyone is looking for a perfect solution to fight against spam messages.
Some of the characteristics of spam messages
From address:
Spam messages are sent from a fake address, using anonymous or private SMTP servers. From addresses are chosen randomly, so each message may be sent from a new fake email address
Messages may be sent from a list and even if the recipient un-subscribes a list, subsequent messages are sent from another mailing list. So the recipient has to un-subscribe every time he receives a spam message from a particular list
To / CC / BCC address: Spam messages may or may not contain the recipient’s address in any of the 3 fields
Subject : The subject line may be chosen randomly
The subject as well as the body may have spelling errors (Spelling errors are committed intentionally so as to confuse the spam assassin software)
In the years to come, antivirus software, firewalls etc. would be insufficient and too much resource consuming.
-----------------------------------------------------------------------------------------------
The Perfect IT Security Model
In the previous paragraphs, we discussed a lot on viruses and intrusions, flaws and vulnerabilities, which raises many questions on the security model we have in practice.
So are we going to get a perfect solution?
Is there any end to it?
Shall we have to keep our fingers crossed and to chase for the remedies every time there is a virus attack or any intrusion?
The difference between a computer and a human:
Well, in my opinion, when the computers were designed, it was never imagined that such viruses (malicious programs) shall be undoing our hard work. So a mistake had taken place and the time of building the foundation i.e. the basic technique on which a computer start working.
Actually, computers are dumb machines which can neither speak nor listen, neither can they see nor feel like we human beings. So how would these machines do the calculations for us and even faster than us? The main problem was the communication and interpretation between a human and a computer as the computer can not understand any spoken or written language. All it can do is “Determine whether a particle is magnetized or not”. That means it can distinguish between two conditions, either on or off; either 0 or 1; either on or off; either yes or no. That means the computer has only 2 digits for computation (counting). This is called binary language.
Then it was compared with how the man learnt counting in the ancient days. We have decimal system for counting i.e we have 10 digits for counting. So a relationship was established between the counting system (Binary Language) which a computer can understand and the counting system (Decimal System) which man uses. Thus a formula is developed to convert the counting in decimal system to binary system. So the problem of interpretation is solved. This was the basis which led the way to develop Computer System.
So this is clear by the above that “A computer would do the calculations or any other task the way we human beings do, except that it has a different counting system”.
The difference between Security in IT and Security in Real Life:
In real life, protection from external threats
The Army protects the nations at the border
Guards protect an apartment or complex at the gate and the boundary walls
The shell protects the egg
Any thing which is sensitive is protected at the external level not where the heart is.
Protection from internal threats:
Police force for the protection from thefts, burglaries and maintaining law and order
Designated executives, managers and directors within an organization
Disaster Management System
Many more examples can be given on this
How we secure computers, networks and data?
Antivirus software which runs only within the Operating System
Firewall (software based) which runs within the operating system. (A Hardware based firewall can be an exception)
Intrusion Detection System
To some extent, these technologies give protection but never proved to be perfect and reliable.
Proposed IT Security System
Think of an international organization, which is responsible for maintaining Global IDs for:
Each and every human in the world
Each and every server which is part of Internet
Email IDs
Software Applications
These IDs contain the basic information for what they have been issued and activities of the ID holder. This can function the same way, our DNS server operate. The database can be maintained in the same manner, as is the case of maintaining TLD’s (Top level domains i.e. .com, .net, .edu etc.)
Installation of a computer:
As soon as a computer is switched on, rather than searching for a bootable device, it should look for a media which contains a record of IDs of applications which can be installed and executed on it. Once it finds any, it may allow the operating system installation process. Further, any application installed on it, would simply not execute if the computer doesn’t find a matching ID in its own database.
Network Communication:
Any server may not join Internet if it doesn’t pass the credentials by authenticating against the IDs issued for it. In addition, a service may not be allowed to run unless it passes the similar credentials
Use of Internet Services:
Any person, shouldn’t be allowed to:
Send and receive emails
Browse any websites
Chat
Or any kind of service which runs on Internet
Without authenticating with their respective IDs
I think, if such techniques are developed and implemented
No virus would execute on any computer other than the developer’s own machine
No person would be able to send spam messages except to his own address
No criminal would be able communicate with his accomplices
And it may open lots of possibilities not only to secure our computer networks and data but it would also become easier to track any criminal from any location in the world
-------------------------------------------------------------------------------------------------
Alternate Solutions (Windows)
Firewall System in Place
System Security Policy
Domain Security Policy
Group Policy
Software Security Policy
Participate the debate on Open Media
How to represent The Nation - II
Don't miss - How to represent The Nation