Pessah Cleansing, PC Style
By David Shamah, The
So how are the Pessah
preparations going? By now, the house ought to be clean and neat all ready
for the kids to start messing up again. Bread crumbs re one thing, but matzo is
even messier, so you'll want to keep that vacuum and broom oiled and ready to
go. It's important, though, not to forget the true meaning of the holiday the
"inside" part, as opposed to the external cleaning that takes place.
The idea that you want to clear out the leaven outside, in your home, as well as
on the inside, in your inner being, is a common one among Jewish philosophers
and kabblists.
As the human world goes, so does the computer world. Your
PC, too, goes through the same internal and external preparation process. You
flip over your keyboard to shake out the crumbs and maybe dust off the fan. But
that's just the external cleaning process. Inside, your computer needs to make
a fresh start, as well.
All winter, you've been collecting "leaven"
viruses and suspicious e-mails with all sorts of attachments you make sure
never to open, of course (this is a good place to note that a plain text
e-mail, as annoying as it may be, cannot harm your computer; in order to do
that, the e-mail must have an attachment). You've got an anti-virus program,
and a firewall. But even with all that protection, your computer is still
vulnerable to trojans, the preferred method used by
Internet no-goodniks these days to wreak their
particular brand of havoc.
A virus, as we all know by now, is a program that, if
left to run unfettered, will attempt to execute itself and cause whatever type
of destruction its makers intend. Usually, viruses are designed to take
advantage of known security holes in Windows, such as areas of the Registry
that have been publicized as being "weak," i.e. vulnerable to some
sort of DLL replacement or the like, to allow a remote user to take control of
your system for their own nefarious purposes.
If a virus operates like a regular program, how does Windows differentiate between "regular" programs
and viruses? On its own, it cannot; the only way your
system can know which programs are safe and which arent is by using an
anti-virus program. These programs are always updating their profiles, which
are basically lists of programs that are known to be problematic. As long as
you keep your profile up to date and keep your anti-virus program active, you
should be able to successfully avoid viruses that come in e-mails or Internet
downloads. Recently, I've been using Avast
anti-virus, a free program that efficiently checks every download and incoming pieve of e-mail for garbage. It downloads updates to its
profiles every day, and even announces vocally when it has found a virus (get
it from http://www.avast.com/eng/products.html; free for home/non-commercial
users).
So far, so good. By now, everyone is aware of the efficacy of
anti-virus programs, and no sane person would try to work with the Internet or
e-mail without one. But remember, your anti-virus program is only as good as
its profile.
What happens if a hazardous program is not in an
anti-virus program's database? What if it does not have the characteristics of
a "bad" program at least at first? There is a whole class of
programs out there, called trojans, that start out by
doing nothing, and later, on a signal from its master, will attempt to do all
sorts of nefarious things, like steal passwords, use your computer to send
spam, or destroy your Windows installation just for the fun of it.
These trojan programs, named
after the infamous Trojan Horse of Greek mythology, comes disguised as a
legitimate program, or a subroutine of a program you download. Sometimes, a
trojan "hatches" into a virus while it's on your hard drive, but then
it is likely to be caught by an antivirus program, ruining the "fun"
for the anti-social jerk who sent it to you in the first place.
To avoid detection, many trojans
consist of very simple components when they arrive on your computer
basically, they act as clients to connect you to a server, which gives it instructions
of what to do on your system (if this sounds to you like what a cookie does,
you're right; the significance of this will become clear below). In fact, you
can get trojans just by surfing to a Web page, if it disguises itself as a cookie and you have your
default Web surfing options to accept cookies!
Some trojans have been
known to confiscate portions of your system and enslave it to its own purpose;
using your e-mail account to send someone else's spam is a common application
for trojan clients of remote servers. Viruses can do
this as well, but again, chances are you will catch a virus that does this,
because it is listed as a "bad" program and it functions as a program
from within your computer. But if a remote server is operating something inside
your system from outside the computer, with the only evidence being a simple
set of connection instructions and a process in your process list, you may not
realize something is wrong until it actually goes wrong.
Unless you get a copy of Ewido,
that is. Ewido does for trojans
what anti-virus programs do for viruses it gets them at the root, before they
have a chance to hatch.
Ewido works the same way as anti-virus programs,
scanning your system and automatically downloading an updated database of new
threats daily. But Ewido has a considerably harder
task than "regular" anti-virus programs. Viruses more or less thrive
on the naievete of e-mail recipients, who, when told
to "look at this amazing picture!", say "OK", click on the
attachment, and open the floodgates of hell on their systems. But trojans are much sneakier by nature. So, the
"signatures" Ewido searches for in files
are much more subtle.
Among the tricks employed by trojan
makers is packing their payload in super-compression programs, unreachable by
anti-virus programs. Two of the most popular trojan
transport tools are UPX and Aspack, which not only
compress executables they encrypt them as well. It also checks for
"bound" trojans programs that attach
themselves (or are attached by someone) to a "legitimate" download,
hiding in the background until you decompress or install the software you've
downloaded, thereby installing itself too. When you run the legit program, the trojan program runs as well.
Dialers, which will force your dial-up modem to call
expensive toll numbers, worms, which specialize in distributing themselves to
people in your e-mail address book, and keyloggers,
which try to record your keystrokes in the hope that you will type out your
credit card number, are among the tasks trojans may
try to carry out.
But Ewido knows what to
watch out for. It's signature files encompass no fewer
than 105,000 things to watch out for! Running it on my system, it discovered a
suspicious file in a compressed (zipped) folder; I haven't had the nerve to
open up the file and see if it really is suspicious. That file, along with
any other suspects Ewido rounds up, can be deleted
immediately or put into quarantine for later analysis.
I mentioned before that a cookie even a legitimate
one - has some properties in common with trojans, in
that they allow an entity off your computer to have access to data inside your
hard drive. And hiding nefarious trojans inside a
cookie-type file is a known method of distributing trojans,
as we mentioned. So it was no surprise to me that the vast majority of
suspicious files Ewido picked up were cookie files,
which I also quarantined for later examination. If they check out, I can tell Ewido that they're kosher; otherwise, I can blast them to
oblivion. And when you kill off a baddie, the program will get rid of all the
debris leftover files, folders, etc.
Ewido updates itself regularly, comes in a bunch
of languages, and even provides e-mail support in its free version! There is
also a premium version that allows real-time scanning of files as they come in
and automatic updates (the free version does not have a scheduler), as well as
protection from trojans that try to disable Ewido (you get the full power of Ewido
for 14 days; afterwards the premium version costs $29.95). Anti-virus is nice,
but Ewido is what you need for a total pre or post
Pessah cleaning
Download Ewido from http://www.ewido.net/en.
For Windows 2000/XP.
ds@newzgeek.com