Is the Internet Becoming More Unsafe
Every time you connect your PC to the internet you are taking a chance on having your PC, with all your data, become infected with viruses, trojan programs, and spyware. Now, you think you may be safe since you install all security updates, have the latest antivirus program installed with all the current definitions and even run a few antispyware applications regularly. Your sense of security may be coming to an abrupt end. Let’s review the current dangers first.
A computer virus, by definition, is a piece of code that has gained entry to your personal PC, runs on your PC without your consent and replicates itself to other unprotected PC’s. A virus can be destructive or may just be a nuisance. Either way, this is something you do not want on your computer. Almost all antivirus programs today use virus definitions or signatures and special code called heuristics to protect your PC. The definitions allow the program to compare information entering your PC with known viruses and can stop them before an infection occurs. Heuristic detection allows the antivirus application to detect unknown viruses by analyzing a program’s behavior and taking appropriate action.
The all encompassing term “spyware” can be loosely defined as an unwanted and unauthorized program that is usually installed without your consent. It collects data on your web habits which are used for advertising purposes. Certain spyware programs can also hijack your home page, steal your username and passwords for your online bank or brokerage account, bombard you with endless pop up ads and slow your PC to a crawl. If you have ever had the misfortune of having your PC become infected with some nasty piece of spyware, you know how difficult and frustrating it can be to remove it completely. Many companies, and even some “good guy” netizens, have helped to control the spyware issue by offering programs, some of which are free, that remove these destructive programs. The programs themselves work in a very similar manner as the antivirus utilities, they rely on up to date definitions to compare known bad files to files on your PC. Although no one program can remove every known spyware program, they have made a huge difference to computer users everywhere.
As was mentioned, all spyware, and almost all viruses, are detected by comparing the files on a PC with a list of known destructive files. What would happen if there was no way of actually doing a compare of files on your system? Impossible you might say, but that is exactly what is happening with a technology called rootkits. The most difficult to detect rootkits hide themselves at the most basic level of an operating system, the kernel. They actually appear to be part of the operating system itself.
Imagine this nightmare. A new security vulnerability is found by a programmer that also writes some nasty spyware applications. This person decides to combine rootkit technology with the spyware application and exploit the security hole, or maybe releases it on Peer-to-Peer network like Kazaa. When a PC becomes infected, the rootkit hides itself, and the spyware application, completely. When you run your antivirus or antispyware application, the program basically asks the operating system for a list of all files on the hard drive. The application will also ask the operating system for a list of all running programs and access to the registry. The rootkit is written in such a way that it will give the antivirus or antispyware application everything it asks for except; 1) the list of files for the rootkit and spyware application 2) the rootkit and spyware running executables and 3) the registry entries for both. Your antivirus and antispyware applications will scan everything it has been given and will report a clean system. However, the system is now completely compromised and you have a false sense of security.
Since rootkits are operating at such a low level, the only true way to access all files on the hard drive is to actually boot another operating system from CD and scan for viruses and spyware. If your compromised operating system can’t load and hide the bad files and registry entries, then at least you have a fighting chance. Currently there is no pre-made bootable CD with the tools necessary to automatically clean your system, but it can be done with the right skill set.
This is not some kind of science fiction story, it is happening now. How do you protect yourself from this? Well, the general consensus is that new security tools will need to be developed and some companies are now starting to develop them. Kaspersky Labs, Sysinternals, Microsoft and F-Secure are just some of the companies that have released or are planning to release anti-rootkit tools. However, to protect yourself from becoming infected in the first place, you should always; 1) install all security updates for your operating system 2) install a good antivirus application and update it regularly 3) install, update and run multiple antispyware applications 4) avoid downloading and installing software from an untrusted source. Following the above recommendations should help you avoid this new serious security threat.