UNDERSTANDING

INFORMATION SECURITY

VIRUSES, WORMS, HOAXES,

And TROJAN HORSES
IT’S A JUNGLE OUT THERE

Computer Viruses Network Worms

Trojan Horses Logic Bombs

Address Book theft Hijacked Home Pages

DNS Poisoning Denial of Service Attacks

Zombies, IP Spoofing Buffer Overruns

Password Grabbers Password Crackers

AND THE EVER POPULAR:

Hoaxes

Ploys

Pop-Ups

Scams

Spam
 DID YOU KNOW?
In 1980 a computer cracked a 3-character
password within one minute.

In 1999 a team of computers cracked a 56-

character password within one day.

In 2004 a computer virus infected 1

million computers within one hour.
 DEFINITIONS

A computer program

Tells a computer what to do and how to do it.

Computer viruses, network worms,

Trojan Horse
These are computer programs.
 SALIENT DIFFERENCES
1) Computer Virus: • Needs a host file
• Copies itself
• Executable

2) Network Worm: • No host (self-contained)

• Copies itself
• Executable

3) Trojan Horse: • No host (self-contained)

• Does not copy itself
• Imposter Program
 TYPICAL SYMPTOMS
• File deletion

• File corruption

• Visual effects

• Pop-Ups

• Erratic (and unwanted) behavior

• Computer crashes
 BIOLOGICAL METAPHORS
1. Bacterial Infection Model:
• Single bacterium
• Replication
• Dispersal

2. Virus Infected Model:

• Viral DNA Fragment • Infected Cells
• Replication • Dispersal

A computer virus spreads similarly, hence the name

WHY DO WE HAVE THIS
PROBLEM?
Software companies rush
products to the consumer
market (“No program should go
online before its time…”)

 Recycling old code reduces

development time, but
perpetuates old flaws.
 AND A FEW MORE
REASONS
Market share is more important than security

Interface design is more important than security

New feature designs are more important than

security
Ease of use is more
important than security
 HACKER MOTIVATIONS

Attack the Evil Empire

(Microsoft)

Display of dominance

Showing off, revenge

Misdirected creativity

Embezzlement, greed

“Who knows what evil lurks in the hearts of men?”

NETWORKED SYSTEMS VS
SECURED SYSTEMS
Some platforms are more secure than others

NETWORKS SECURITY

Open Closed
Communication Communication

Full Access Full Lockdown

Managers must strike a balance

 POPULAR FALLACIES
If I never log off then my computer can
never get a virus
If I lock my office door then my computer
can never get a virus
Companies create viruses so they can sell
anti-virus software
Microsoft will protect me

w ill
I SP
My ct me?
e
prot
 AND A FEW MORE….
Igot this disc from my (mother, boss, friend) so it
must be okay
You cannot get a virus by opening an attachment
from someone you know

But I only downloaded one file

I am too smart to fall for a scam
You can catch a cold from a computer virus
My friend who knows a lot about computers
showed me this really cool site…
THINGS THE LIBRARY CAN DO
ACTION PLAN:

• Designate security support staff (and fund them)

• Make security awareness a corporate

priority (and educate your staff)
• Enable real-time protection
• Update all vendor security patches

• Subscribe to several security alert bulletins

• Periodically reboot or re-load all computers

• Control, limit or block all downloads and installs

• Install anti-virus software on computers

(keep it current)

“It takes a carpenter to build a house but

one jackass can knock it down”
(Variously attributed to Mark Twain, Harry Truman, Senator Sam Rayburn)
WHAT CAN THE LIBRARIAN DO?
Set bookmarks to authoritative:
• anti-virus Web pages • virus hoax Web pages
• public free anti-virus removal tools

Provide patrons with: up-to-date information about

viruses, etc.

Confirm:
that desktops have the latest anti-virus updates
 BACK IT UP
 Offline copies: Grandfather/father/son
(monthly/weekly/daily)

Online copies: Shared network drive

Changes only: Incremental/differential
Do not back up a file on the same disc as the
original!
Assume every disc, CD, etc is suspect, no matter
who gave it to you

“Doveryay, No Proveryay” (Trust but Verify)

 MACHINE INFECTED?
ACTION PLAN:

1) Write down the error or alert message

verbatim
• inform your tech support team
• quarantine the machine

2) Look up the message in an

authoritative anti-virus site (demo)
• diagnose the problem
• take recommended remedial action
If appropriate:
• Download, install, run the anti-virus
removal tool (demo)
• Apply all missing critical security patches
(demo)

3) Reboot the machine

• Run a full system scan before
placing the machine back in
service
 THE HOAX STOPS HERE

IF THE MESSAGE:

• tells you to do something

• tells you to take immediate action

• cites a recognizable source to give itself

credibility (“Microsoft has warned that…”)

• does not originate from a valid computer vendor

 AND:
• lacks specific verifiable contact information

IF IN DOUBT, CHECK IT OUT

Confirm the hoax by checking it against
authoritative hoax sites

Inform other staff so the hoax does not propagate

POPULAR HOAXES INCLUDE:
 JDBGMGR (teddy-bear Tricks users into
icon) deleting a file

NIGERIA
Money
scam

Pyramid
$800 FROM MICROSOFT scheme
STOPPING THE TROJAN HORSE
The Horse must be “invited in” ….

How does it get in? By:

Downloading a file
Installing a program
Opening an attachment

Opening bogus Web pages

Copying a file from someone else
MORE ON THE HORSE…….
A Trojan Horse exploits computer ports
letting its “friends” enter, and

“once a thief gets into your house he

opens a rear window for his partners”

Security patches often close computer ports and

vulnerabilities
 NOTE #1
 Search engines are NOT reliable sources of
virus information
 Information may be inaccurate, incomplete or
out of date
 Search engines generate huge numbers of
indiscriminate hits
 Some anti-virus Web sites are scams
(or contain trojan Horses)
 Go directly to authoritative anti-virus sites
 NOTE #2
 Computer companies are NOT reliable
sources of virus information

Computer companies:
Usually refer you to an anti-virus vendor
are not in the anti-virus business

themselves are victims!

 ONLINE RESOURCES
Authoritative Hoax Information

 securityresponse.symantec.com/avcenter/hoax.html
 vil.mcafeesecurity.com/vil/hoaxes.asp

Authoritative Anti-Virus Vendor Information

 securityresponse.symantec.com/avcenter/vinf odb.html
 www.mcafeesecurity.com/us/security/vil.htm
 REFERENCES
Authoritative Security Alert Information

 securityresponse.symantec.com/
(Symantec)

 www.microsoft.com/security
(Microsoft)

 www.apple.com/support/security/
(Apple)
 Authoritative Anti-Virus Organizations

 www.cert.org
(Computer Emergency Response Team-CMU)

 www.ciac.org/ciac
(CIAC-Department of Energy)

 www.sans.org/aboutsans.php
(Server and Network Security)

 www.first.org
(Forum of Incident Response and Security Teams)

 www.cirt.rutgers.edu
(Computing Incident Response Team-Rutgers)
 Authoritative Free Public Anti-Virus Removal
Tool Information

 securityresponse.symantec.com/avcenter/tools.
list.html

 vil.nai.com/vil/averttools.asp

 mssg.rutgers.edu/documentation/viruses
(Rutgers)

 some professional library sites have pointers to

reliable anti-virus information
 PRINT RESOURCES
 Allen, Julia, (2001) The CERT Guide to
System and Network Security Practices,
Addison-Wesley, New York

Crume, Jeff, (2000) Inside Internet Security,

Addison-Wesley, New York

 Ratzan, Lee, (January 2005) A new role for

libraries, SC Magazine (Secure Computing
Magazine), page 26
 Ratzan, Lee, (2004) Understanding
Information Systems, American Library
Association, Chicago
A NEW ROLE FOR LIBRARIES?
THE AUTHOR ACKNOWLEDGES
 The cooperation of InfoLink (
www.infolink.org) for promoting library
professional development programs
 The Monroe Public Library for the use

of its facilities
 SC Magazine for publishing an essay on

libraries being at the forefront of

information security
 Lisa DeBilio for her production of the

PowerPoint slides.
THANK YOU ALL