As if I didn't have enough to worry about:
Security Experts Warn Intruders
Are Growing Threat to Home PCs
By ROBERT LEMOS
ZD Network News
It's 3 a.m. Do you know who's on your computer?
Security experts warn that network intruders -- once only a bogeyman for
large corporations and government agencies -- are becoming an increasing
threat to home users, especially those connected to the Internet via new
broadband connections such as cable modems and DSL.
"Home users don't have the right security tools nor the understanding about
why they need them," said Eugene Spafford, a computer-science professor
and security expert at Purdue University. "They are much more likely to be
prone to attack, or their machines used in distributed, coordinated
attacks."
Last week, denial-of-service attacks disrupted access to a number of
major Web sites. Yet that shouldn't have been the major story, said Mr.
Spafford. "What should have been the news is that there was hundreds and
thousands of computers taken over by the attackers, and that the owners
not only didn't know that they got broken into and taken over, but were
not monitoring their systems."
'Hopeless Victims'
With the advent of always-on, high-speed Internet connections, home
computers with little or no security are quickly becoming the No. 1 target
for online vandals to use as a staging ground to shoot for more lucrative
marks.
Most broadband users "are hopeless victims," the German "white-hat"
hacker known as Mixter said during an interview this week over Internet
relay chat. "Especially, when they're running Windows and have no good
technical knowledge."
Mixter created a denial-of-service program, known as the Tribe Flood
Network, which many believe was the tool of choice for the Web
attackers last week. The attackers first had to compromise computers and
seed each one with the program weeks or months before the attack.
This week, a computer believed to have
been used in last week's attacks on
Yahoo! Inc. and other major Web sites
was reportedly seized by federal agents in
Hillsboro, Ore. The PC's owner allegedly
had no knowledge that the computer was
being used as a "zombie" to stage attacks.
For most users, installing a personal firewall can stop most such illicit use.
Just ask Christian Crumlish of the importance of a good firewall.
Spooked by last week's attacks, the Waterside Productions literary agent
downloaded Zone Labs Inc.'s free firewall software, ZoneAlarm 2.0, and
installed the electronic gate onto his DSL-connected PC. Other personal
firewall products include BlackICE Defender and Norton Internet Security
2000.
"My system had slowed at seemingly random times in the past," said Mr.
Crumlish. "But I never really thought I would find anything."
He was wrong. Mr. Crumlish found three programs that, together, opened
up his PC for use by cyber vandals. The programs -- run.exe, msr.exe.exe
and kerne1.exe -- were the pieces to a back-door program known as
SubSeven.
Whoever installed the programs has come back knocking at the trap door
he left behind, Mr. Crumlish said. "I have detected three or four attempts
to get into my system since I installed ZoneAlarm," he said, adding that
without the urging of a friend, he would never had thought to put the
firewall on his system.
"Broadband providers are not telling their customers about the threats that
they have to worry about," he said. In fact, more than 400,000 users have
taken matters into their own hands and downloaded copies of ZoneAlarm
since the attacks last week. Such incidences are quickly convincing
broadband companies to change their tune.
Firewall Flare-Ups
One subscriber to broadband Internet-service provider Flashcom
Communications Inc. complained to ZDNet News that the company
wouldn't let him install a firewall. "They said they would not support a
firewall, and if I installed one, they would disconnect me from the system,"
said Jann Linder, a Silicon Valley Web programmer.
Flashcom denied that it would prohibit any subscriber from setting up a
firewall. "Setting up a firewall is not a trivial thing to do," said Richard
Rasmus, president and chief operating officer for the Huntington Beach,
Calif., company. "We don't do anything to defeat or frustrate a firewall that
a customer sets up for themselves. But there is a distinction between that
and supporting a product."
The company is now in the process of evaluating firewall products to select
one that it will support in the future.
Excite At Home Corp. has also seen the light. The broadband-over-cable
provider signed a deal with McAfee.com Corp. to sponsor a security zone
for subscribers by March and offer its personal firewall product to Excite
At Home's cable-modem customers.
Attention to such security details can't come quickly enough, said Gregor
Freund, president of firewall maker Zone Labs. According to the
company, attackers can directly access the hard drives of approximately
10% of home computers without having to circumvent security.
Those users' computers, Mr. Freund said, "are completely wide open."
Such attacks are routine, he added, pointing out that during a 10-minute
interview, six attacks were launched against his own company's system.
"We are a target, of course, but the bottom line is that people have to take
responsibility for their own machines," he said. |
