 |
 |
 |
 |
||
 |
||
Viruses - Inside And OutViruses - Inside And Out
By Tom Ronayne
A clear understanding of how your computers can be affected by viruses and hackers will allow you to make good business decisions about how to protect your company's equipment and data.
Computer processors are devices which process strings of instructions. For any particular type of processor, there exists a finite number (usually less than 100) of possible instructions (also called "machine code"). That processor will always process whatever instructions it is given - with complete, blind obedience. Whoever can get their instructions to your processor can effectively take control of your computer, and your equipment and data are then at their mercy.
Don't lose too much sleep over competitors trying to get into your system. In most cases, it's a kind of electronic vandalism: The same things that drive people to write on walls and break windows drive people to try to ruin your computers. These vandals aren't even targeting your computers in particular, but rather, any computer they can get to, anywhere.
There are several different kinds of malicious programs, but these days anything that takes any control of your processor is generally called a "virus." Viruses are usually contained in programs that are picked up from the Internet - either through e-mail or from web sites and downloaded files. They can also be introduced from diskettes or other removable media, although this is much less common today.
Your best defense against viruses is simply good anti-virus software - and it's very important that it be kept up-to-date. As soon as a new virus is discovered, the anti-virus industry dissects the malicious code and finds strings of instructions contained within that are unique to that particular program. This unique string (signature) is then added to the virus definitions and becomes part of the update that the anti-virus vendor makes available to you. Your anti-virus software should be running all the time, on all of your computers. Whenever your computer tries to open a file, your anti-virus software will look throughout that file for any of the signatures contained in its database and warn you if it finds an infected file. This also explains why anti-virus software can slow your system down as it loads large files.
Anti-virus programs, as long as they are active, will perform this real-time scan, but they also have the ability to scan files stored on your system as often as you choose. You can also set up automatic scanning at pre-determined times. Viruses only affect your computer when they are run. If your anti-virus finds an infected file, but that file hasn't been run, its instructions haven't gotten to the processor, and it will not have done any damage - yet.
It is also possible under certain conditions for someone to break into your computers. Understand that this may be a program designed to break into computers, not necessarily a person sitting at a keyboard trying to get into your particular system. People write programs that can scan the Internet for vulnerable computers, even when the creators of those programs aren't at their computers. It gets uglier. Some write programs that can cause your computers to attack other computers elsewhere in the world, while you are innocently pecking away in Excel. Worse yet, some people furnish software kits for others to use in creating malicious attack programs. Many aren't even old enough to drive a car.
Computers, however, aren't like houses that can be broken into through a window or door lock. Similar to a telephone, a computer must be turned on, physically connected through a network, and "listening" for other computers to connect to it. No one can connect to a computer (and break in) if the target computer does not listen and allow the connection. Modern computers usually have several programs running at all times which are listening; at least some can usually be turned off. So the first defense is to minimize what programs are listening.
Every computer connected to the Internet has a unique number or IP address that identifies it and allows other computers to connect to it. When any computer tries to connect to yours, it first must find that IP address, then request that your computer allow that connection on a particular port. A port, used in this sense, is simply an arbitrary number that both connected computers agree to use to identify this particular transmission. If one computer requests a connection on port 25, for example, and the listening computer does not have a program listening on port 25, the requesting computer gets rejected.
Most computers in offices that are connected to the Internet use internal or private IP addresses. These are addresses that have been set aside by the people who maintain the Internet standards. These addresses are only usable on internal networks, such as the ones in most businesses. To communicate with the outside world, all of the connection requests are translated through a router, which passes requests to and from your internal network. Using internal IP addresses and some additional functions provides some insulation from outside (i.e., outside your own network) requests because it is then impossible to connect directly using the inside computer's internal IP address. Firewalls are programs or devices that filter the requests coming into your network (there may be thousands), allowing only the ones you have pre-determined should be allowed. In many cases there is no reason to allow any requests from the outside to be honored, and such an arrangement will eliminate anyone's ability to reach your computers from outside your network.
If there's any question in your mind, talk to the people who are responsible for your system and make sure you're covered - inside and out.
Tom Ronayne is with Airotech and may be reached at 443-535-8801 or visit their web site www.airotech.com.