Newsletter of the Society for Technical Communication, San Francisco Chapter
August/September 2005
| Newsletter of the Society for Technical Communication, San Francisco Chapter August/September 2005 |
Computer security is a major problem and it is growing worse.
Attacks and infections aimed at your computer or network can clog up your system, erase or steal your data, invade your privacy, steal your identity, spy on your shopping and surfing habits, and make you an unwitting participant in fraud and attacks on others. In May, Mark Kadrich treated the attendees at the monthly meeting of the San Francisco STC to a whirlwind tour of the security issues that all computer users -- not just technical communicators -- need to be aware of.
Kadrich is a senior scientist with Sygate Technologies, a firm that provides endpoint security solutions for business. Mark has been in computer security more than 20 years. Before joining Sygate he built firewall systems for Oracle, Cisco Systems, and Netscape and was director of security for a large ISP.
His message was clear: if you use a computer, use email, or connect to the Internet, you are under attack and you need to take steps to protect yourself.
The extent of the problem is staggering. In 2004 computers suffered an estimated 37 million infections, up about 8 percent from the year before. Kadrich said a scan of more than 3 million PCs done by AOL found 83 million pieces of spyware, for an average of 25 pieces of spyware per PC. The same scan found nearly 500 thousand system monitors and more that 500 thousand Trojans. It is estimated that 90 percent of Internet computers are infected by at least one type.
Security people often classify infections by their behavior. The major types are adware, spyware, viruses, worms, bots and Trojans. For those new to the terminology, adware displays ads on your computer while certain programs are running. Spyware sends information about you (user ID, passwords, keystrokes typed, internet sites visited) back to the "mother ship." Viruses and worms and are malicious code designed to annoy and destroy in various ways; they might do anything from displaying an insulting pop-up message to reformatting your hard drive. The main difference is that a virus requires a user action (such as clicking on an infected program) to start working, while a worm can start on its own. Bots (short for robots) are pieces of purpose-filled code that can interact with a system as if they are a person. A Trojan (from Trojan horse) is a program that appears benign, while doing something harmful in the background. Trojans are used to allow someone unknown to you to take complete control of your computer, which can then be used to relay SPAM, clean out your bank account, and so on.
The problem is also expensive. Kadrich said viruses and worms cost business $55 billion in 2003 and are estimated to have cost more than twice that -- well over $100 billion -- in 2004. About half the cost is actual damage; half is the cost of security to ward off attacks, he said.
Kadrich stressed that while the dark side of computing has long been with us, it has become much more sophisticated and dangerous in recent years.
Early on, the threat came largely from teen-age hackers -- Kadrich calls them 'script kiddies' -- who broke into systems for the sake of malicious mischief and the challenge and adventure of going where they weren't supposed to be. They wrote and released destructive code in a spirit of rebellion and to earn bragging rights among their peers. Most of the code they produced was pretty sloppy, Kadrich said.
While the script kiddies are still with us, so are seasoned professionals. As Kadrich tells it, yesterday's kids have grown up, have families to support, and now sell their skills to people whose purposes are far more evil and focused-people bent on various forms of theft and on corporate and civil disruption.
The new professionals have the skills and patience to disassemble entire operating systems byte by byte looking for vulnerabilities to exploit, Kadrich said. When they find one, they write an exploit and use it, but keep the knowledge of the vulnerability to themselves. The exploits they write are often blended threats that share the characteristics of both viruses and worms.
By the time a good guy finds and reports the vulnerability, Kadrich said, the bad guys have already had months to use it. Once discovered, the bad guys release it to the world as a zero day threat -- one that the world knows nothing about and is totally unprepared for.
Such zero day threats can be tremendously disruptive. It will usually take the world 30 to 90 days to get and apply patches to close the vulnerability. In the meantime, the threats are free to run through the network, often spreading with blistering speed. Within 25 minutes, Sasser infected 75 percent of the vulnerable systems in the world, Kadrich said. At such speeds, he calculates, whole networks can be brought down in less than 20 seconds, and kept down for days.
Whether you use a computer at home, or are on a business network, there are steps you should take to protect yourself. Kadrich stressed that it is important to use a layered approach; and that there is no silver bullet that can protect you from everything.
While technology got us into this mess, and must be used to help get us out of it, Kadrich stressed that security solutions do not work in a vacuum. You also need good policy covering access to systems and data, mandating the updating and use of security measures, setting the steps to be taken in case of attack, and so on. "Policy is the underlying foundation for the application of all security products," Kadrich said, because without policy you can't apply, test, or enforce any of the other measures you may be taking. Without enforced policy, people will subvert whatever protection you thought you had.
Patrick Lufkin is Secretary of the San Francisco chapter, and co-chair of the Gordon Technical Communication Scholarship.
Copyright © 2005 by the Society for Technical Communication, San Francisco Chapter (www.stc-sf.org). This article may be reprinted in another STC publication under the provisions of the chapter's copyright policy.