Adventures in Computer Security
Dave Helmer, CUGG
My first foray involved a home with 3 desktop systems
scattered about the house and two laptops that came and went at random,
all connected via a combination of Cat-5 cables and a wireless router.
Systems were running slow, some taking over 10 minutes to fully boot
up. Some would no longer run certain software that was needed, and some
were always leading their users to websites of a questionable nature.
This latter due in part to half the family being made up of underage
males, I have no doubt. A quick test of the network first determined
that the wireless router was un-secured, a major no-no. A not-so-quick
sweep of the affected systems then resulted in the removal of more than
2000 separate pieces of mal-ware from 2 of the desktops and both
laptops, and the complete hard-drive wipe and OS re-install of one
desktop system. The malware that was found included the usual suspects:
dialers, highjackers, Trojan loaders, spyware, adware and the
inevitable tracking cookies. This multi-system cleanup took the better
part of a weekend, and with the wipe and re-install of the one computer
actually extended out into the following week. This project was
atypical for me, in that I usually just get called upon to deal with
one system at a time, and in that I then spent the following weekend
subjecting the family in question to a 4 hour seminar on the subject of
computer security, and how to use the tools I had left behind,
installed on each and every system.
The most shocking part of that discussion for them though, was what they discovered about their un-secured wireless network. I had deliberately left the router unsecured that first weekend, and put in place a logger program to track the connections being made through it. This was done with the full knowledge and consent of one of the adults in the home. Unsurprisingly to me, when I checked that log the following weekend, the family in question had not been the only ones making use of their wireless connection. Unsurprisingly again, the family had no clue who any of the other connections were. After resetting the wireless router to a secure mode, we then talked about the possible ramifications of an unsecured wireless connection. Unsecured wireless connections can be a godsend to those who use the Internet for nefarious purposes, purposes that can range from simply browsing adult websites anonymously, to international terrorists communicating through a connection that can never be traced back to them. Okay, I admit, that latter scenario seems unlikely in any of the small towns surrounding Greeley, but it is a very real possibility, and one more good reason to secure your wireless network if you have one. Stretch your imagination a bit though, and I am sure you can think up any number of reasons why someone might want to be able to connect to the Internet in total anonymity, and your open wireless router can provide that to them. Any connections that get traced back get traced to your router, and that's where the trace ends. Leaving you the suspect in whatever it is that caused that trace to happen. I have no clue what your liabilities are with regards to someone making unauthorized use of a wireless connection that you provided, but I'd far rather secure my connection and not have to find out, wouldn't you?
The system that I wound up formatting and reinstalling the OS on, was simply so polluted with malware that none of my efforts to remove them all were successful. Hence the wipe and re-install. This is what can happen when you do not take care of your computer. The culprits in this computer's demise were the children and the multitude of game sites that they had been visiting online, and then downloading game software from, in order to play those online games. Totally innocent, nothing nefarious on this system at all, beyond the multitude of malware that they installed along with those games.
My second foray into the muck involved a single lady who only used the Internet for e-mail and to browse quilting websites. Pretty innocuous use of a computer, and at first glance, not someone that you would suspect of getting into too much trouble online. And her use of the Internet was not what led to her computer having some 400-odd bits of malware on it. The culprits in this case turned out to be all of the cutesy, funny little e-mails that people kept sending her. You know the ones, "Click here to see something funny", and the like. Her computer responded very well to a routine cleanup, and she has promised to avoid opening every single piece of e-mail she gets. I did leave my usual compliment of freeware utilities installed, and she has promised to keep them updated and in use periodically as well. Time will tell.
My final foray was just this past weekend, and involved the computer belonging to a couple and their teenage son. My contact was through the mother, who works for my father here, and who was appalled at what was coming up on her screen when she accessed the Internet. I was slightly appalled myself when I first brought up the system and started checking it out, and it takes quite a bit to disturb me. I get a lot of grief from certain quarters with regards to my sexual orientation, but at least I stay within the bounds of my own species. I was pleasantly surprised to find that this lady actually had AVG FREE Anti-virus installed and the database was current on it. I was very pleased to find that she also had AVG FREE AntiSpyware installed, since I was unaware that AVG was even offering a freeware version of their AntiSpyware program (it is now part of my regular freeware arsenal). Of course the database for it was out of date, as the freeware version requires manual updates and manual activation of the scan. Four hours of cleanup work later, I return what I thought was a relatively cleaned up system to it's owner, having removed over 600 bits of malware, and 26 pornographic videos in the process. A phone call just this morning however, finds the system re-infected with over 30 malware items according to the AVG FREE Spyware scan she ran, after noticing the highjacker BHO in operation again. One of my suggestions to her after the initial cleanup work, has now become my one and only suggestion, and that is a total wipe and re-install of the operating system. Some things just don't respond well
to anything else.
My mother asked me the other day while I was in the middle of this
last cleanup, why this kind of thing never happens to my computer, or
to hers. The answer, I told her, is pretty simple. She runs a
Macintosh, and I don't allow this stuff on my computer. Very little
malware is written for the Macintosh operating system, because it
comprises such a small percentage of the active computers on the net. A
hacker that writes malware for the Mac is not going to get much
notoriety from it, because so few people would ever catch it. I keep my
computer locked up with various utilities, and am very circumspect
about what I do while online. Years of self-acquired knowledge and
practice in this area makes my systems much more secure than the
average home, and even some business, users computers. There is an old
saying goes that "A little knowledge can be a dangerous thing", but I
would counter that a complete lack of knowledge is even more dangerous,
especially with regards to computer security. Don't get me wrong, I am
no Security Expert, I just happen to know a bit more than many about
Now, to put things back in perspective, I do have to say that one of the single most infected systems I have ever run across was in my own home. My 19-year-old foster son's computer had over 1200 pieces of malware on it recently. He too, likes to download and install games from the Internet to play. He also prefers to cheat at those games as often as possible, and therefore spends an inordinate amount of time trolling for hacks, cracks, and cheat programs to enable him to play the games in his preferred manner. Along with all those hacks, he installed numerous dialers, Trojans, highjackers, spyware, adware, and even virii (he even disabled the AVG program at the suggestion of one site!).
For those of you that had the patience to read all the way through this month's drivel, the software that I use when getting muddy includes: AVG FREE Antivirus, AVG FREE AntiSpyware (newly added), Spybot Search and Destroy (also freeware), SpyWare Blaster (freeware), A2FREE and System Mechanic, a commercial program that does a variety of useful things. I also like and use JKDefrag, a freeware HD defragging utility that can be
configured in a number of ways.
That's it for now, have a great month! As usual, comments can be directed to firstname.lastname@example.org, criticism to the nearest rubbish bin.