Securing Your Stand Alone Or Network Node Machine
Protection against worms (Trojan horses) in emails
Protection against Worms/Trojan horse programs is the other area of concern when a computer is connected to the Internet for browsing and receiving email. These are programs, usually attached to emails, that appear to be something they're not. Strictly speaking we have covered some of these aspects above - the problem is they are inter-related in that worms/trojans are an excellent method of introducing viruses or remote Admin programs like BackOrifice or NetBus.
An example is the SirCam virus which was an attachment to an email. It looked like this:-
In the nature of these types of viruses it may appear to come from someone you know. It is not a question of a friend sending you a virus. They wouldn't even know about it unless you tell them.
The file was in fact a program that replicated itself by sending itself to people in the address book of it's victim or copying itself to other machines on a local area network.
It is advisable to always save any attachments you receive which you want to examine, whether from a known source or not, to your hard drive rather than opening them up from within the email client. Once saved, you can run an up-to-date virus checker on that specific file - if no virus exists, then its probably safe to open.
A major form of protection from all types of viruses (including Worms/Trojans) is up to date virus scanning software. However, by the nature of these types of virus it is possible that the virus scanner software may be one step behind. Whilst you should have a virus scanner I also suggest the following methods.
Use a digital ID. These are digital 'signatures' which you can automatically attach to your emails. People who create viruses of any sort are unlikely to attach digital ID's of any sort to their emails. Also emails are prone to interception and falsification by unscrupulous people who are determined to try and gain data which may valuable to them. A digital ID can also be used in conjunction with data encryption so that your email can be better protected (see below). A certificate for personal email can be obtained for free from www.thawte.com Select the 'Free Personal Email Certificate' option and fill out the requested information. Read carefully, as there is quite a lot of detail to take in. Once the details are entered, you will be sent an email, (to the email address you registered), for you to complete the process. In the Thawte procedure they send you a 'ping' and 'probe' value for you to enter in boxes on their web-site. You will then be sent another email containing a link to the new certificate that you have been issued. You can have a number of certificates, each relating to different browser software and email accounts - but please be aware of Thawtes warning about remembering passwords - If someone else finds yours they can create certificates in your name and pretend to be you. Once your certificate has been installed in your email application you can use the certificate that you have been issued with by selecting 'Tools - Accounts' and highlight the account you wish to attach the certificate to. Click the 'Properties' button and select 'Security - Use a digital ID' and click the 'Digital ID' button. If you have done everything correctly you should have your ID available in the selection box. Select it and click OK and then the 'Apply' button at the bottom. When you then send email you can choose to have a certificate attached to it or you can encrypt the message with the certificate.
2. Adopt an email sending/receiving protocol between yourself and other people who you commonly exchange emails with. Below is an example email body, (of course, you can use the 'subject' line as well),with comments in italics:-
Sender:- joe@badsecurity.com - Senders email address
Receiver:- john@badsecurity.com - Receivers email address
Send time:- 13/8/'02 13:26 - Send time
File reference:- Smith & Brown.Widget sales analysis spreadsheet - Self explanatory
File size - 12,284 Kbytes - To confirm size
Text:- Some more text, blah, blah - Self explanatory
The point about the above is that it is unlikely that virus creators will use exactly the same format. The other important thing is that when you receive an email that doesn't look like this your attention will be drawn to it.
Of course, these methods can be used in collaboration with each other.
Protection whilst downloading webpages/reading email < Previous - Next > Protection against eavesdropping with encryption
© Copyright Andrew Bennett 2006