August 24, 2003

Computer Viruses Can be Stopped

Article I sent to my Newspaper List

Computer Viruses can be stopped and it isn't be very hard to do it. Most all computer viruses are spread as executable email attachments that the victim is tricked into opening and running. Often users of Microsoft Outlook don't even have to run the attachment if they have their setting wrong. But - there are three things that Wibdows users can do to protect themselves from viruses.

First - go to Microsoft Windows Update service (http://windowsupdate.microsoft.com) and install all the latest security patches.

Second - avoid opening email attachments unless you are very sure you know what it is.

And Third - ask your Internet Service Provider (ISP) to block all messages containing Windows attachments that are executable. By blocking all executable attachment your anti-virus software doesn't have to figure out if the attachment is or is not a virus.And - anti-virus software rarely catches the very latest viruses that are going around.

If you do these three thing you should be virus free. And it's a lot easier to prevent a virus than it is to remove one after your computer is already infected.

About the Author:
Marc Perkel is a small internet service provider and contract systems administrator with 23 years of experience in computers and 31 years of experience in electronic systems repair.

Check out the extended section for a letter I sent to a prominent Microsoft official.


This is a letter I emailed to an important executive at Microsoft

This latest virus does not seem to be just going away. It has created a launch platform for the next attack. With a launch platform of millions of computers and attacker would be able to take down the internet. And - any 15 year old super geek could set it off. Or - it can be miltiple viruses from multiple authors all taking advantage of this network of infected computers at the same time.

I want to also point put that all anti-virus software will be useless against this new virus because anti-virus is always at least 2 days behind current viruses and in two days it's to late.

What I'm saying is - in 3 weeks email as we know it may cease to exist. And - we (by "we" I mean "you") should take action to prevent this immediately. You have till 9-11, interesting enough, to act.

The attack can be prevented or at least contained if steps are taken immediately. There are two means that viruses and works spread - by infected email attackments - or directy port to port communication through a vulnerability or - in this case - a back door in already infected computers.

Step 1
---------

As to executable email attachments - Microsoft should issue a worldwide warning encouraging ISPs to block all email with executable attachments. This will stop the spread of all viruses that spread through email - so even if the virus mutates as expected on Sept 10th - there's no way for it to spread. This alert should go out immediately. No later than tomorrow. Step 1 is likely all you will need to do if you can really rally ISPs to join in.

Step 2
---------

Issue a world wide alert encouragimg people to download and install the latest patches for Windows. This should include a television campaign with 30 second commercials showing people how to run Windows Update. If you need to use Windows Update to deploy a fix for this upcoming threat - you want the public to be ready to cooperate. If the public had been educated - the msblaster virus would have had no effect.

Step 3
----------

The risk of direct port to port spreading is less likely but still real. If it's real it would spread like the "msblaster" worm did and that is a far more serious problem. Microsoft need to immediately decompile this virus and determine what it is capable of. Also keep in mind that if the virus can update itself that you have to assume that the update might have this capability. You need to meet with your sharpest people and assess risk and determine countermeasures and put an infastructure in place to deploy the countermeasures should they become necessary.

The problem here is that we are dealing with an unknown threat. So - it's time to look at what can be done with windows update in case of different kinds of threats. I would also encourage you to develop a plan that a work could be cured by attempting to infect a cured computer - the anti-virus virus idea - in case extreme measures are necessary.


Go with what works
------------------------

In the last two weeks millions of computers were compromized by this virus. But - of the computers under my control - not one was infected - and there's a reason for this. Here's what I did:

1) Updates - I went to every windows computer and personally made sure they were updated a few weeks back when the security hole was announced because I anticipated a virus would quickly be developed to exploit this flaw.

2) Firewall - We use a simple NAT firewall. Had there been computers in the office that had been missed - the NAT protected them from the Blaster worm.

3) Executable Attachments - All email messages containing executable attachments are blocked. Besides educating the users not to open executables - showing extentions of well know file types - prohibiting the use of Microsoft Outlook as an email client - my users never had the opportunity to get the virus onto their computer in the first place. Although tens of thousands of virus infected messages were recieved - the users never got a single one of them.

I also had anti virus software on all windows computers - but that had not effect at all on these latest two worms. Point being - anti-virus software can not be relied upon for protection.


The Bottom Line
---------------------

How likely will this happen? My guess is that I will be surprized if it doesn't happen. The opportunity if there - millions of currently infected computers waiting to be exploited by anyone who figures out how to do it first. The temtation is irresistable.

There's only one issue to decised. Does Microsoft want to get the blame for it happening or the credit for preventing it. You have 17 more days. Tick, Tick, Tick ......

Choose wisely.

Marc Perkel

Posted by marc at 06:11 PM | Comments (0) | TrackBack

Bush strikes deal to let Bin Laden get away

Letter to the Editor

Pakistan President Pervez Musharraf struck a deal in December of 2001 with the US not to capture Osama Bin Laden, fearing this could lead to unrest in Pakistan. So - it turns out that the hunt for Bin Laden was all a sham and Bush has again sold out America by deciding to let the terrorists who destroyed the World Trade Center to go free. We went to war with Iraq supposedly because of terrorism and it turns out that Bush had given the terrorists a pass. Now we can't seem to find Saddam Hussein. Makes you wonder what kind of deal they made with him? For all we know Saddam and Osama might be living on Bush's ranch!

Reference: Times of India


Bush made Osama deal with Musharraf

IANS[ SATURDAY, AUGUST 23, 2003 06:49:05 PM ]

LONDON: Pakistan President Pervez Musharraf has struck a deal with the US not to capture Osama Bin Laden, fearing this could lead to unrest in Pakistan, according to a special investigation by The Guardian.

The paper reported Saturday that Bin Laden was being protected by three elaborate security rings manned by tribesmen stretching 192 kms in diameter in northern Pakistan.

The paper's information is based on comments made by Mansoor Ijaz, an American of Pakistan origin who, the paper said, knows al-Qaeda better than most people and had close contacts in Pakistan's intelligence agencies.

Ijaz believed an agreement was reached between Musharraf and US authorities shortly after Bin Laden's flight from his stronghold Tora Bora in Afghanistan in December 2001.

The Pakistanis feared that to capture or kill Bin Laden so soon after a deeply unpopular war in Afghanistan would incite civil unrest in Pakistan and trigger a spate of revenge al-Qaida attacks on Western targets across the world.

"There was a judgment made that it would be more destabilising in the longer term. There would still be the ability to get him at a later date when it was more appropriate", Ijaz told The Guardian.

The Americans, according to Ijaz, accepted the argument, not least because of the shift in focus to the impending war in Iraq.

So the months that followed were centred on taking down not Bin Laden but the "retaliation infrastructure" of al-Qaeda.

It meant that Musharraf frequently put out conflicting accounts of the status of Bin Laden, while the US administration barely mentioned his name.

In January last year Musharraf said he believed Bin Laden was probably dead. A year later he said he was alive and moving either in Afghanistan or perhaps in the Pakistani tribal areas.

"Yet Western diplomats say they believe the Pakistani authorities are committed to the hunt for Bin Laden, although they admit that frequently the official accounts of the timing and location of successful arrests do not square with reality," the report stated.

"Pakistan must now end the charade and get Bin Laden... With so much of the retaliation infrastructure gone or unsustainable, Bin Laden's martyrdom does not pose nearly the threat it did a year ago," Ijaz told the paper.

According to Ijaz, Bin Laden is hiding in the "northern tribal areas", part of the long belt of seven deeply conservative tribal agencies which stretch down the length of the mountain ranges that mark Pakistan's winding border with Afghanistan.

The paper said that Ijaz, who recently visited Pakistan, believed that Bin Laden was protected by an elaborate security cordon of three concentric circles, in which he is guarded first by a ring of tribesmen, whose duty is to report any approach by Pakistani troops or US Special Forces.

Inside them is a tighter ring, around 19 km in diameter, made up of tribal elders who would warn if the outer ring were breached.

At the centre of the circles is Bin Laden himself, protected by one or two of his closest relatives and advisers.

Bin Laden has reportedly agreed with the elders' argument that he will use no electronic communications but handwritten notes, and will move only at night and between specified places within a limited radius.

Pakistani Interior Minister Faisal Saleh Hayat told the daily: "We have been getting reports of his presence across the border inside Afghanistan and along the border area also.

"Not all reports have been credible at times. If others were credible, we would certainly have been able to get near to him but certainly that has not been the position so far."

Talat Masood, a retired Pakistani general and security analyst said: "I think the Americans find their reliance on the Pakistanis is now increasing."

Posted by marc at 05:08 PM | Comments (1) | TrackBack