Watching The Watchers
Viruses, Spyware and Adware Demonstrate That Security Must Be a Top Priority
Posted Oct 29, 2005 5:09 AM CST
By Jason Krause
One way computer security professionals like to get an audience’s attention is to scare them. So they give a demonstration of how vulnerable a PC is to hackers. At the ABA TechShow a couple years ago, for example, John Simek demonstrated how he could disable a firewall--software that is used to protect computers from hackers--with a small piece of software code.
At the time, Simek, a computer security expert and vice president of Sensei Enterprises in Fairfax, Va., said he had not seen such code used to disable a computer in his work. But he got a surprise six months later when he found that a client’s firewall had been disabled by a hacker in a similar manner. “I just hope I didn’t give anyone the idea,” he says.
Law firms have become increasingly aware that they need digital security. According to the 2005 ABA Legal Technology Survey, 71 percent of firms reported using a computer--called a hardware firewall--that monitors and blocks suspicious Web traffic. That figure was up from 49 percent in 2002. A full 92 percent of firms reported having anti-virus software in use, and the use of firewall software--less expensive but also less effective than a hardware firewall--rose from 43 percent to 66 percent since the last annual survey.
Lawyers who use firewalls usually assume that their software is quietly chugging away in the background, and that they are safe. However, some hackers have found ways to turn off firewalls and other security software. And then there’s adware--software that is automatically downloaded onto a computer and may display pop-up ads or send messages back about the computer’s use (also known as spyware). Some adware companies are petitioning and threatening legal action to get their products removed from the databases of spyware and adware detection software packages. That could mean your anti-virus software might not be as robust as advertised.
The biggest danger is that if a firewall is compromised, someone could get into a computer system and get a copy of everything stored there. It is even possible to surreptitiously steal information as it is being typed. Earlier this year, Israeli police arrested the leaders of an industrial spy ring that allegedly used such software, known as a Trojan horse, to snoop into some of the country’s leading companies.
“If it’s done really well, it’s hard to find,” says David Ries, a partner with Thorp Reed & Armstrong in Pittsburgh and chairman of the firm’s technology committee. “I hate to say it, but there’s almost no defense once it’s on your system.”
The threat is very real, even though many firms seem not to recognize it. According to the Legal Technology Survey, 11 percent of law firms were aware that they had been attacked by hackers, but another 33 percent weren’t able to tell whether they had been hacked. And it should always be kept in mind that a well-planned security system is very difficult for hackers to break into. “A firewall tends to be rock-solid once it’s configured properly,” Simek says.
To properly configure firewalls and Internet security equipment, it is important to change the default settings. Using a product as it comes from the manufacturer makes it easier for hackers to gain entry. If a firm doesn’t have an in-house information technology staff, it is worthwhile to bring in a consultant who can change things like default password settings or which server ports are used to get online.
A firewall for a large office, installed and maintained by an outside vendor, can cost as much as $100,000. One can also be built with free software available on the Internet. Companies like Cisco make hardware firewalls that start under $1,000. Software packages from companies like Symantec or McAfee cost less than $70 for firewall and anti-virus protection, and can be used to detect infections, remove them and protect against new infections for one or more PCs.
Anti-virus software that guards against e-mail computer viruses is available for around $70, or less if a large office buys the software in bulk for the computers it owns. Internet service providers such as AOL, MSN and SBC Yahoo offer free anti virus protection, but while better than nothing, it offers only very basic protection.
More and more law firms are using remote access methods like virtual private networks to let workers log in from home. However, VPNs open gateways through a company’s firewall to let employees in and can be exploited by outsiders. If a firm uses a VPN, it should again make sure to change the default settings.
Small firms that want remote access but can’t afford expensive firewalls can use their Windows server’s native encrypted channel, which scrambles the message so only the intended recipient can read it. Simek says it also helps to get a fixed Internet address. Most PCs use a different Internet address every time they go online. By using a fixed address, a VPN will be more secure because it can screen all Internet addresses except ones known to belong to the firm.
Experts say it is important to have at least one piece of anti-spyware software like PestPatrol, or even free software like Ad-Aware, but it is better to use at least two, since not all programs catch everything. And even while using anti-spyware software regularly, it is useful to look for clues that a malicious program has infected a computer. Look for things like an unusually slow-working machine or unidentifiable icons in the system tray. (For Windows, that’s in the bottom right corner of the screen).
However, security experts also warn that hackers and computer viruses can get around security software and hardware, especially if it’s not kept up to date. If a law firm doesn’t check for updates from a manufacturer, a system is as good as useless.
“[Recently,] Cisco put up a notice of a vulnerability in the software in all of its routers,” Simek says. “If you were not a subscriber, or you neglect that notice, your whole network is wide open to attack.”
Anytime a computer is connected to the Internet, it is subjected to roving attempts by automated software programs to get inside of it. These programs are often called spyware, adware or malware.
Bad Guys and Beasties
Web page hijackers change your Internet home page.
Spyware, adware and malware spy on your computer, usually to show advertising, though some can steal personal information or take control of your PC.
Spam is unwanted e-mail, and phishing is its malevolent use of trying to get computer users to reveal personal information for identity theft. Hackers get into your hard drive to steal, change or delete data. Industrial espionage is done to access private information.
Shields and Swords
HijackThis, a free program, will find and remove hijacking software.
For a personal computer, products like a basic firewall can be downloaded free for personal use. However,more robust versions are available from McAfee, Zone Labs, Symantec and Grisoft. Costs are anywhere from about $50 to $80 for a single user. Most Internet service providers supply free anti-spam services, but phishing takes vigilance to combat. Free products like LeakTest let you test your firewall for weaknesses before hackers find them.
Cisco and other companies make hardware firewalls that protect against all of the above by protecting all computers on a network. Costs start around $1,000 and can reach millions of dollars, depending on the size of a network.