Just the Other Day

Intrusion Protection?
April, 2002

Lee Besing is the owner of Computer Solution Experts, a consulting firm that provides on-site service and support for PC computers and networks.

Just the other day, I received an Alert from the SANS Institute: Hackers are currently scanning the entire Internet looking for Windows systems with unprotected shares. They have found thousands or perhaps tens of thousands of vulnerable systems and installed remote-control bots on those systems. If you have not checked your systems and your family's systems for open shares, now would be a very good time to find them and protect them.

Iíve been recommending the use of Zone Alarm Firewall software from Zone Labs, as has many other columnists in this magazine. You can download the free personal version or purchase the upgraded PRO version for $30 or $40 bucks, depending on when it is on sale. Package offers from Zone Labs includes a program to block and manage cookies and ads on Websites, thus improving your download speed in some cases, and always allowing you to easily identify and remove cookies from your computer to prevent spying on your Internet cruising. Another source for information and helpful programs is Steve Gibson's Website.

Not a day goes by, that my company's Web servers aren’t fending off attacks from other computers. Nimda Virus, Code Red and other viruses are frequently found and eliminated. At home, I’m finding e-mail attachments daily with the SirCam, Nimda, Magistr, and Hybris viruses embedded. The SirCam is most prevalent and easily identified by the nature of the message which has three lines of text saying they are sending you this file for your opinion, they will be in touch soon, and the subject line is the same as the attachment. The Magistr virus is typically in a message that contains text with no rhyme or reason, plus one or two attachments usually from MS Word, Excel or other office documents. And most of the computers sending these to me were using Outlook Express for their mail client software. (Now you know why I use and recommend Eudora mail software.)

During the last weekend of February, I flew to D.C. for a board meeting of an international not-for-profit organization on which I have served since 1997. I happened to check the status of their anti-virus programs and found one to be four months old and the other four years old. Both had copies of SirCam on their hard drives, the first PC had detected and isolated it, but not before it had spread across the network to the second PC with the 4 year old anti-virus software. Updating the software became a priority and both systems were soon cleaned and protected from infection.

While I’m a fan of Symantec’s Norton Anti-Virus software, primarily because it has proven effective and the automatic Live Update function seems to work better in keeping the virus definition files updated in a timely manner, I encourage you to buy and install one of the name brand virus protection programs and keep them updated at least once each week. In past columns, I have provided sources for free or trial copies of anti-virus software, so feel free to contact me if you still need that information repeated and I'll send you an e-mail with the links. I check for anti-virus updates on a daily basis, both at home and on our company Web/mail servers.

Speaking of servers, recently one of my company's servers took a dive immediately after upgrading the hardware to newer, faster equipment. In late February, we had upgraded the motherboard, CPU and memory with newer, faster, heavier duty hardware, and shortly thereafter the system began to crash. After a couple of weeks of lost sleep, changing out everything except the case, floppy drive and CD-Rom drive, replacing one item at a time, reformatting the boot drive multiple times, we finally replaced the hard drive cable, and the system has been running error free for days! 

The error messages from Microsoft Windows 2000 Advanced Server were a bit vague, sending us searching through Microsoft’s Knowledge base on their Website, chasing wild geese. It first appeared that the problem was a hardware driver, but all the drivers being used were signed or approved for this operating system. We consulted with several MCSE certified folks, all who scratched their heads in vain and made similar suggestions. It was only after we had replaced the motherboard, CPU, memory, power supply and hard drive at least once each, and reformatted the boot disk to reload the operating system each time, that one of the techs over at our equipment wholesaler made the comment "Well, it sounds like you have replaced everything except the cable leading to the hard drive or the case itself." Having nothing to lose, I immediately replaced that item as well, and surprise, surprise, the server has not crashed or had an error since then. The moral to this story is that sometimes it is the simple little thing causing the problems, not the major or most expensive items.

Copyright© 1996-2010
Alamo PC Organization, Inc.
San Antonio, TX USA