Viruses Lurk In Home Computer Systems

Aug. 16, 2004 -- Computers are state-of-the-art tools that can help people manage finances in increasingly sophisticated ways. Particularly with software applications like Excel, Quicken and Microsoft Money, consumers can really get a grip on their finances.

But these tools can also contain hidden security problems, particularly as increasing numbers of people link their computers to the Internet using high-speed broadband and wireless connections. Such "always-on" connections can provide a dangerous back door to hackers and cyber-criminals, who can steal or destroy your personal financial data.

"Home PC users are depending more and more on their computers for personal business and remote access to corporate resources," said Andy Groome, a security strategist for SAS Institute Inc., a software company specializing in business intelligence, based in Cary, N.C. "This makes the home PC a desirable target for a hacker, both in terms of the information stored on the PC and as a jumping-off point with privileged access to your place of business."

New Viruses Released

In 2004 alone there will be an estimated 46,000 new viruses released on the Internet, experts said. People who leave their computers connected to a broadband device can expect to have between 150 and 200 scans done each day on their systems in an attempt to find security holes, and two to three serious hacking attempts a day on their computer resources, said Michael Higgins, managing director for TekSecure Labs, a division of Tekmark Global Solutions, a New Jersey-based technology solutions and engineering company.

Further, some 86 percent of computer users said they kept sensitive information on their hard drives while nearly 80 percent said they used their computers to conduct sensitive transactions online, according to a study conducted in May 2003 by the National Cyber Security Alliance, a partnership between the federal government and private companies. What's more, the study showed that 62 percent of computer users have not bothered to update their anti-virus software, and a whopping 91 percent had viruses called "spyware" lurking on their systems.

In order to secure your computer, it's helpful to know what the threats are. Following are some of the major security concerns:

Virus: a piece of malicious software code that enters your system by piggybacking on another program, such as an e-mail attachment or spreadsheet. When you open the attachment or the spreadsheet, the virus is activated and replicates. In the case of an e-mail virus, it reproduces and sends itself to the people in your address book. Viruses can corrupt files on your hard drive or destroy them.

Trojan Horse: Similar to a virus, it is also a piece of code that sneaks into your system disguised as something else, like a game or a link on a Web site, hence its name. Trojan horses can also corrupt or destroy files.

Worm: These are also pieces of malicious code that exploit security holes in your operating system. They are less severe than viruses, but lurk in your hard drive and replicate, sending out more worms to other computer users with the same security holes. Experts caution that worms can be combined with Trojan horses to get a more severe attack.

Spyware: Actually a form of virus, this is one of the most insidious kinds of security attack, and it comes in many forms. Starting with the benign, online marketers frequently use a form of Spyware, called Adware, in the form of cookies to keep track of the sites you visit. An even worse type, called a Keylogger, can log every keystroke you make on your keyboard, and send this information back to the author of the code.

This can include your login for your bank account, says Darren Popham, director of product engineering for McAfee Inc., based in Santa Clara, Calif., as well as your password and account information. Updating data in Quicken? That could all go back to the cyber criminals as well. Yet another form of Spyware is called the RAT, or remote access terminal, which embeds itself deep inside your hard drive, making it hard to find. A RAT allows remote users to hijack your computer entirely. If they wanted to, they could pop out your CD tray from the other side of the globe, said Popham, or shut down your computer.

Fortunately, there are many ways to prevent these kinds of attacks. Here are some recommended essentials to protect your system and your financial data:

Anti-virus software: This should be the starting point for every computer user who connects to the Internet. Available from vendors such as McAfee, Norton, Symantec and others, the software runs in the background while your computer is on, scanning your hard drive and incoming e-mail for threats. If it finds Trojan horses, viruses or worms, it automatically quarantines them and dispenses with them. The software automatically updates itself with new viruses definitions as new viruses are discovered.

Firewall: These come in two forms, both software and hardware. Examples of the first can be downloaded for free from the Web from companies like Zonelabs.com. The second, considered by some experts to be a more effective method, is a hardware device frequently packaged with a router, which hooks up to your system through your broadband connection. Both literally act as a shield against hackers who want access to your computer data.

"It's like hanging a 'Do Not Disturb' sign on the door of a hotel with thousands of rooms," said Popham, of McAfee. He added the operating system of your computer contains thousands of such rooms. "Anyone who tries to talk to one of these rooms can't," he added, unless you give them permission.

Monitor for updates, or patches, to your operating system: If you are using Windows, as the majority of computer users do, Microsoft continuously plugs holes in its operating system. You can use your computer's control panel to configure your system to automatically get updates from the Web. Or go to the company's Web site.

Set your Internet browser security level on high: Use the "tools" tab on your browser to do this. This will monitor for suspicious cookies, among other things.

Intrusion Detection System: This software will add an extra level of security, telling your computer ports are being scanned, and when intrusions are being attempted to your system, giving you an opportunity to prevent them.

Information Encryption: This software will let you encode your personal information in a form that is unreadable to the outside world, while keeping it readable for you. In case of a break-in, hackers will be unable to decipher the information.

Backup Data: Make backup copies of all key data, in the event files get corrupted or destroyed. You can back up on either floppy disks or CDs.

In addition to these suggestions, computer users would do well to check in from time to time at any of a number of public information Web sites that will tell about recent security threats or general security measures. One of the most comprehensive is Carnegie Mellon Software Engineering Institute's CERT Coordination Center at www.cert.org. Another is National Cyber Security Alliance's www.staysafeonline.info/index.adp. Commercial sites www.mcafee.com and www.symantec.com also provide security updates.

While it's unlikely that any one of us can entirely eliminate threats to computer security, making the necessary investment in security technology and being alert to new threats and being proactive can minimize the dangers. "It is like learning to protect your credit card information," Higgins of TekSecure said. "You should learn to protect the assets on your computer as well."