ELM Bulletin - November 30, 2005
Spyware, Rootkits and Computer Security
In light of the recent news items relating to Sony's use of Digital Rights Management software to prevent unauthorized duplication of music CDs it seems a good time to discuss again the ways in which you can maintain the security of your computer system(s).
Sony's use of a rootkit to hide its Digital Rights Management software from the users of computers upon which Sony music CDs are played places these computers at risk of infection by malicious software. Since rootkits are installed at a very low level in a computer they can successfully hide themselves from almost all current detection schemes. Virus and spyware writers take advantage of this by hiding themselves under the rootkit so that their software can also avoid detection.
At the current state of the technology there is little that can be done to protect a computer from infection by a rootkit, particularly if the rootkit is delivered by a source believed to be trustworthy, such as a major CD or software distributor. This is changing and many security software suppliers have stated that they will offer protection from rootkits in the future and, more immediately, have committed to removing the Sony rootkit from infected systems. (The Sony rootkit is estimated to have infected 500,000 computers worldwide. Sony's own removal tools have fallen far short of the task and in many cases have caused further problems. Incidentally, the Sony rootkit was included on 52 recently distributed music CDs with combined sales of at least 2,000,000 copies worldwide.)
Now that Sony has been "found out" it is more unlikely that other mainline music and/or software vendors will resort to using rootkits in the future. It is a reasonable assumption that future rootkits will be delivered and installed in much the same way as viruses and spyware are now: by enticing the victim to visit an infected website or to install a program.
Here are some precautions that you can take to minimize the risk from rootkits and other malicious software.
A/ Turn Off The Inbox Preview Pane - Many viruses and spyware programs are distributed via email and are activated when the message is viewed. Most email programs automatically preview incoming messages, allowing any malicious software to be installed without your knowledge. To prevent this you should turn off the preview pane for your inbox so that you can determine whether or not to keep a message without its being automatically opened.
- To toggle the inbox preview pane in Microsoft Outlook highlight the inbox then select Preview Pane from the View menu (or Auto Preview in older versions of Outlook).
- To disable the preview pane in Microsoft Outlook Express select Layout from the View menu and un-check the "Show preview pane" box.
- To toggle the preview pane in Novell GroupWise click on the Quick Viewer icon on the toolbar (may not be applicable to all versions of GroupWise).
B/ Be Suspicious - Email and websites are the preferred delivery methods for malicious software these days but the use of instant messaging (or chat programs) is on the rise. Even when the source appears to be a trusted source you have no knowledge of whether or not that system is infected. In almost all cases malicious software writers take advantage of our inclination to trust each other.
C/ Don't Install Everything You Find (or are Offered)- Many websites exist that distribute screen savers, media files, utilities and other interesting items. Before you download and/or install anything from any website read everything on the download page to see if any mention is made of what will be installed in addition to your desired download. Many programs that promise increased functionality are little more than decoys that install malicious software. If it seems to be too good to be true it probably is and should be investigated further before you accept whatever terms are offered.
D/ Keep Your Email Address To Yourself - Many download sites, magazine sites, movie sites, etc. will request your email address before they will provide a service to you. Unless you know that the site in question will not abuse the privilege do not supply your email address. In all cases look for and use the "opt out" boxes that define how the website will use your email address.
E/ Install Security Software And Use It - Many excellent programs exist that protect your system from malicious software. Regardless of how good these packages are they will only protect you if they are installed and kept up-to-date.
As always, please do not hesitate to contact me if you have any questions about this or any other issue.
Past issues of the ELM Bulletin are available from our website, feel free to forward them to anyone you wish.
You have received this ELM Bulletin either by request or because you have given your contact information to an ELM employee. If you no longer wish to receive the ELM Bulletin, send us an email with "Remove Me" in the subject line and we will remove your email address from our distribution list.
Peter Rhebergen Telephone |
Websites & Publications Product Websites |
.jpg)
