Many of the other former truisms about virus infections are also no longer true, such as you have to click on an attachment to catch the virus. Virus authors have become more sophisticated and improved their programming and infection techniques. Although Microsoft released a series of patches over two years ago to close an Outlook and Outlook Express vulnerability, there are still millions of computers that remain unpatched and vulnerable. Several of the very common Netsky variants, some released as recently as last week, take advantage of this opportunity, and can infect a computer by simply having the email message appear in the preview pane of any unpatched version of Outlook. As is now common with many of the current crop of viruses and worms, once infected, any antivirus and firewall software installed on the computer is effectively killed, and ports are opened on the computer allowing continued access to the infected computer from persons unknown. Just because an icon for your antivirus and firewall software appears next to your clock, and it may also appear to update periodically, does not mean that your antivirus software and firewall are functioning. It is good security practice to periodically check all computers for virus infection and open ports by running one of the many free and reliable online virus scans and firewall checks. Personally I use Housecall (housecall.antivirus.com) for a free online virus scan to verify that my computer is indeed clean, and Shields Up (www.grc.com) to verify that my firewall is fully functional.

Our personal computers are being infected at a massive rate, estimated to be in the hundreds of thousands to millions, by innocuous files loaded onto our computers without our knowledge. Many of these new crop of viruses are designed to slip through our antivirus and firewall defenses. One method that unfortunately has been successful has been to rapidly create and disseminate many variants of the same virus payload, and quickly flood the net, primarily by email, with the variants. By spacing each variant by a few minutes or hours over a day, it becomes extremely likely that we will encounter several virus bearing emails before our antivirus software is updated. The belief that updating antivirus software daily is an adequate defense is no longer sufficient to provide protection, considering the lag time between the discovery of a new virus, and the release of updated data files by the antivirus companies. The former holy grail of antivirus software publisher, continuous updates which many publishers commendably have now reached, is no longer adequate, as a new virus found right now may massively spread unchecked for several hours before updates are available. This lulls us into a false sense of security, believing that our frequent updates will protect us, while in reality dozens of new viruses will spread and infect countless computers before the next update can be released. It only takes one virus to slip through our protection, and we may be left defenseless from further attacks.

The other method of infection that has been around for years, but now becoming even more common is an attack by a virus or worm through our network or internet connections. All computers have ports or pathways into the computer. A good firewall should close all open internet or network ports except those being actively and intentionally used, and protect the open ports from unauthorized access. Many of the current worms and viruses try to impersonate legitimate data to penetrate firewalls, or will probe almost any connected computer looking for vulnerabilities. It is not at all uncommon for a home computer to be probed for open ports over 100 times per hour, which is the explicit justification for a firewall to be installed on all personal computers. Home computers, especially those using dial-up internet access, which had been in the past somewhat ignored by hackers, have now become prime targets for hackers and worm generated probes looking for vulnerabilities.

This has already created a very real security threat at all levels from our own computers to the national infrastructure. Many of these new viruses flooding our email boxes, or attacking us through our internet or other network connections, contain a zombie, a small program either scheduled to launch a cyberattack at a predetermined time, or to silently wait for some external signal which will launch a cyberattack. It is not just possible, but now considered a near certainty that sometime in the near future we will be subjected to massive attacks on our critical infrastructures by millions of zombie infected computers, almost all of which will have antivirus and firewall software installed, but possibly neutralized. This is not just science fiction or some possibility, but a very real threat, as demonstrated in the past by the infamous CodeRed and Blaster attacks, among others.

It is absolutely imperative that we all have antivirus software and a firewall that is updated as frequently as possible, and verified to offer us protection.

For more information on the Tulsa Computer Society click here