|
Kassandra was Trojan, which only shows that the feared "trojan" is misnamed :) Harmful code is everything that does things to your machine you wouldn't have done to it yourself. This can be a virus, a worm, a trojan, a spy, or a backdoor. Types Basically there are two types of harmful code. One is self-propagating (virus and worm), the other isn't (trojan). A backdoor might be called a sub-type of trojans. The term "backdoor" is used in two ways. The first is something the original author of a program left in. There are multiple reasons for these backdoors. I myself usually have such backdoors to make debugging easier. Other programs have them to allow easier service. Especially in large programs, such a backdoor is easily forgotten when a program is delivered, since stress then is highest. All programmers do their best to fix the latest bug found and don't think of the code they worked on ages ago :) For this kind of backdoor the term "Exploit" has been used, too, and I will use the word "backdoor" solely to describe the second kind of backdoor. An exploit means something the original author of the program overlooked, so it might be rightfully used for the first kind of backdoor, too. Yet it also describes an exception the programmer didn't take care of, such as the infamous "con-con" or the "buffer overflow". The second meaning of "backdoor" describes program that is installed on the machine to - allegedly - do service from a remote machine. This, of course, is not the main reason to use such programs, it's just what the authors tell to avoid being held responsible. A typical program like that is BackOrifice or SubSeven. The name of the program alone speaks. The Can and Can'ts All of these, except the exploit, are executables, programs that can stand for themselves, except for propagation. What they do, you'll find further down. Keep in mind, that not every filetype can carry harmful code and not every file you download is necessarily infected. For all the time I've been on the net and for all the files I downloaded, my virus-scanner never rang the bell. Nonetheless I wouldn't even think of disabling the scanner :) If you ever heard of infected pictures, forget about it. There was (maybe still is, I don't know) an exploit in ICQ which could be used for sending harmful programs, but you won't have to fear it in other situations without such an exploit. While other files than executables can't carry programs, you must be aware that they can still carry code. This might not be anything to worry about. Java-script, which is code you get from web-pages, won't hurt you a bit, as it relies on a virtual machine within your real machine to be executed. Still Java-script can hurt you, as it might access the "con-con-exploit" under Windows for example. If that happens, you can only get the latest security-patch. Other "black code" might be placed on your machine and executed later. I could think of things to do with a cookie... Well, just be careful and keep a tight grip on your filesystem.
Exploits in some ways don't belong here, in others they do. They are harmful code, but they come with the program you use. They are fixed as soon as the programmer knows about them, but some people are lazy upgrading their machines and thus quite a lot of people at least try them out. Here's an example: Some years back IBM-machines had some accounts built in, that were meant to make service easier. They were password-protected, but the passwords were widely known. Not every operator changed the passwords, thus hackers could access the machines. Well, those times are gone, believe me ;) Other exploits don't allow access, but rather crash the machine. An URL allows not only to find pages in the WWW, but also files on your computer. If such an URL contained certain keywords (I won't name them, no), your Windows-machine would crash. This was a bug in Windows and if you keep your service-packs up to date you will possibly be safe from it. Under Unix there was the possibility to overflow the machine's buffer when fingering a person on the network. This led to a spectacular worm-infection some years ago. Another famous exploit was for rlogin - it enabled a person with physical access to become superuser without a password. These are only examples, there are so many exploits, that it would be tedious to name them all. You're not safe from exploits, no matter, which operating system you use and which software you install. All you can do is keep up-to-date with your security-patches. By
the way, a certain urban myth claims, that Microsoft _never_ makes
security-patches. This is not true. They do, but sometimes they're
a little slow in recognizing the need. for a patch. Virii are not harmful by definition, the term rather refers to the way of propagation. Some even are considered funny (leet-speak: phun) by their creators, since they display a message and don't do anything else. Worse enough. At least a true virus is not written easily, as the programmer must have a thorough knowledge of the system (s)he wants to infect. It's entirely possible to write a virus in a so-called high-level language, but this is seldom done, since the sheer size of the virus would make it suspect. A virus adds it's own code to a program, like a "bio-virus" adds it's RNA to the cell of the host. Whenever the infected program is executed, the virus might infect other programs. The only way not to catch a cold is never leaving the house and never contact other people. Oh, and never open a window, or a door. Impossible. It's the same with computer-virii. You can't avoid them completely, so get yourself a vaccination: a virus-scanner. That will keep you as safe as possible. You
can try Inoculate,
it's free for personal use. Remember to keep your signatures up to
date and to scan each and every file you receive... A worm is a program that spreads like a virus, one very famous worm was spread through an exploit. Worms jam the system they infect. A virus-scanner will protect you from known worms as well as from known virii, so don't worry too much. If your system hangs a lot and doesn't respond, it's not necessarily a worm that's wiggling about. Most times it's sloppy programming. Before you cry "Worm!", check whether a program you ran eats up the resources and doesn't free them. Such things happen, even to the best of programmers. But, unlike the worm, those programs don't multiply themselves. You can't be safe from worms, just like you can't be safe from virii. Some good virus-scanners detect worms, but sometimes they don't. If you notice multiple instances of the same program, their number always growing, first try to kill them. If it's a true worm, the *beep* things will spread faster than you can kill and you're in trouble. Yet, sometimes they're set off by another program, so try to reboot your machine with as few programs and services as possible. Then start one after the other and find out what happens. Another
- quite safe - method of getting rid of worms is setting up the
system afresh, then reinstall all programs and patches one after
the other. I'd try this method if the first fails. A trojan is a program that can be spread like a virus, but needn't be. Sometimes trojans are installed by other programs or other users. Every program that snatches data from your machine (keys you press, files you save...) can be called a trojan. The trojan keeps the data (most of the times in a place you wouldn't suspect) and/or sends it on to other places. This depends on the intentions of the author. When a trojan becomes known, most good virus-scanners check for them. Unfortunately programming a trojan is very easy, if it's not spread like a virus, so they keep coming in. There's nothing you can do against them, except in those cases, when the trojan tries to "phone home". A good firewall will keep them from contacting any outsider. If the trojan doesn't call on it's master, the firewall keeps the owner from getting at the stolen information, too. Therefore the best defense against trojans - aside from not having one - is a firewall. Quite
another thing are those trojans, that send out the stolen
information via email. They are easily stopped, just keep a
watchful eye on your out-box. A backdoor is something that fits neither description perfectly. It may be spread like a virus or like a trojan. Once it's installed it acts like a server for a possible intruder. This loosely resembles a tunnel dug under the house with a trapdoor you don't see. One backdoor that you may have heard about is "BackOrifice" or "SubSeven". According to the author it has been designed as a remote administration-tool. Well, one may wonder. Most of the times those backdoors are sent by mail, attached to another program. If you receive an executable by mail, just don't run it unless you're very sure it won't harm you. Remember, even a person you trust can be victim and thus not know he's infecting you. Lately some mails circulated where an attached executable installed SubSeven. Because such programs tend to be spread widely, more and more ScriptKids have taken to scanning whole networks for the existance of such a backdoor. You have nothing to worry if your machine is clean, but it's nonetheless annoying to be scanned. Trace them back and complain to their ISP. A good walloping from their parents usually teaches those children manners. For some unsuspecting kids, Back Orifice comes as a surprise, as the program not only installs the client, but also the server. Most good virus-scanners check for a program like BackOrifice or its brethren and shoot them on sight. A
firewall
will keep the things at bay, as it will block the server from
serving :) |
