Aug 13, 2008

MAGID ON TECH: Keep your security software updated

By Larry Magid / Daily News Columnist

Georgian government Web sites have been under attack, making it difficult or impossible for users to access several sites, including that of the country's president. The attacks, according to the New York Times, started "weeks before physical bombs started falling on Georgia," and the Web site of the president of Georgia (president.gov.ge) was difficult or impossible to access on Tuesday afternoon even though the site moved from the country of Georgia to an Internet service provider in the state of Georgia in the United States.

From what he can determine "this is a classic denial of service attack (DOS), said Steve Gibson, president of Gibson Research and a leading security expert.

In an interview, Gibson said it has all the markings of a "zombie" or "botnet" type of attack. "Botnet" is hacker language for a network of robots - machines that are surreptitiously recruited to attack other machines. "Essentially what happens," Gibson said, "is a large number of computers that are under the control of some entities - presumably someone with a grudge - can be recast for various purposes." Gibson says that "sometimes they're used to generate spam, sometimes to generate fake clicks on advertisement and sometimes they are simply told to simply flood a site with traffic."

These zombie machines can bombard a server with enough requests in a short period of time to simply overwhelm it. It would be like putting thousands of cars on the freeway, making it impossible for normal traffic or emergency vehicles to get through.

Such attacks are sometimes referred to as distributed denial-of-service attacks because the computers used in the attacks are distributed all over the Internet. It's often difficult for the attacked machine to distinguish between legitimate requests for service and the bogus request from the zombie machines. DOS attacks can also be carried out by disrupting configuration data such as routing information so that traffic to a server is re-routed or simply sent nowhere instead of the server that users are trying to reach.

The machines that carry out the attack, Gibson said "are typically owned by regular computer users who have no idea that their machine is now serving two masters. It's serving them and some remotely located criminal that is able to take the resources of their machine and their Internet connection for some malicious purpose."

Malicious software to carry out these attacks can come from Web sites, via e-mail or as part of spyware people download to their computers. Most Internet security programs can protect PCs against being infected by such software, though security is - and has always been - a cat and mouse game between the good guys and the bad guys, so there is always the possibility of botnet software slipping past the defenses of even up-to-date security software. Still, if you do keep your software up-to-date, the chances of your machine being infected go way down. Also security software such as Symantec's Norton 360, TrendMicro's Internet Security Pro, Zone Labs ZoneAlarm Security Suite and Kaspersky Lab's Kaspersky Internet Security all do a good job at repairing infected computers along with preventing infections in the first place.

It's also important to be sure that your operating system is up to date. For example on Tuesday, Microsoft issued updates to various versions of Windows that fixed 26 flaws including six that were considered critical. These flaws could put your computer at risk of being taken over by a hijacker who can use it for virtually any purpose including attacking other computers or Web servers. Once Microsoft identifies and issues a patch for a security flaw, machines that have not be updated are particularly vulnerable. If you have Vista or Windows XP Service Pack 2 your software should automatically check for updates but you can help it along by running the Windows Update program or using Microsoft Internet Explorer (doesn't work with Firefox) to visit windowsupdate.microsoft.com. Even though Mac users hear less about security problems than Windows users, Macs are not exempt so it's important for Mac users to also stay up to date. Mac users can learn more at http://support.apple.com/kb/HT1222.



Larry Magid's technology column appears Tuesdays in the Daily News. E-mail can be sent to larry@larrymagid.com.