“The FBI confirmed the active development of Magic Lantern, a keylogger intended to obtain passwords to encrypted e-mail and other documents during criminal investigations. Magic Lantern was first reported in the media by Bob Sullivan of MSNBC on 20 November 2001 and by Ted Bridis of the Associated Press. The FBI intends to deploy Magic Lantern in the form of an e-mail attachment. When the attachment is opened, it installs a trojan horse on the suspect’s computer, which is activated when the suspect uses PGP encryption, often used to increase the security of sent e-mail messages. When activated, the trojan will log the PGP password, which allows the FBI to decrypt user communications. Symantec and other major antivirus vendors have whitelisted the Magic Lantern trojan, rendering their antivirus products, including Norton AntiVirus, incapable of detecting it. Concerns around this whitelisting include uncertainties about Magic Lantern’s full surveillance potential and whether hackers could subvert it and redeploy it for purposes outside of law enforcement.“
Its old news, but I like to keep references like this handy for when people ask me what kind of anti-virus or system protection tools they should run. It kills me that major vendors like Dell and HP are shipping computers to home consumers with all that horrible crap pre-installed on top of the operating system. The very first thing I do when taking care of one of these systems is to do a full re-install of XP / Vista / 7 and start from scratch.
Another way to cleanse a new PC is to use this tool, which helps but inevitably leaves traces of crapware behind: The PC Decrapifier
So how do I keep my own system safe, clean and virus-free? Easy for me, a bit trickier for the non-technical home user. I’ll outline my basic techniques and philosophies, email me if you want some more info.
There are three attack vectors you need to worry about, and what you need to do:
1 – Direct access to your PC over the internet by a hacker: Use a standalone physical router or firewall. Do not rely on software firewalls, including the one build into XP / Vista!
This is the easiest to combat: Use a router. By function, all residential routers are also firewalls. What they do is act as a gateway between your internal home network and the public internet network. Unless you stupidly (ie purposely, since none of them do this by default) set up the router to allow external access with an easy to guess password, your internal devices are safe from direct attacks by hackers. While the build-in firewall in XP / Vista / 7 is great, if your PC is directly connected to your DSL or Cable modem you are still allowing hackers direct physical access to your PC (see #3 below).
2 – Indirect access to your PC over the internet: Avoid bad websites and disallow automatically running stuff that comes through any bad websites.
You may think that the biggest source of viruses is files that you purposely download, but that’s far from reality these days. The number once source of PC infections is through hacked web pages that trick your web browser into launching nasty code. This is very easy to avoid! First, do not run as Administrator for day to day computer use. Set up a new user for yourself with basic, regular user rights. This way you can’t install software and can’t be tricked into blindly installing software. If you have something you need to install, log out, log back in with the administrator account, then log back out and in as a regular user. Second, use OpenDNS. Their website has tons of info, and a really easy to follow guide to get you running, click here. What this does is help to prevent your computer from reaching those nasty infected websites to begin with.
3 – Direct, physical access to your PC: Well this one is easy, don’t let strangers use your computers.
Pretty unlikely to happen, especially at home, but worth mentioning. At work this is harder to prevent, since “strangers” can include your own staff. Physical access doesn’t just mean somebody comes along and sits down at your computer, take a glance at this list and you’ll see some ways data was stolen in ways that could have been easily preventable. At work, make sure you lock your PC when you walk away.
Notice how none of those three steps involve running anti-virus software? In my 25 years of computing, whether it be my home or business, the policies and techniques I employ at the border (router/firewall/gateway) and policies I force on the end users and their workstations, nothing has ever caused a problem. I know this for a fact, I occasionally will run anti-virus for kicks. I’ll occasionally thoroughly scan the outbound network traffic logs to see if any infected PC is “calling home”. I’ll occasionally run other forensics tools on the systems to double check. Nada. Zip. Ziltch.
I actually find it much, much easier to protect a corporate network than to protect users at home. A corporate network will usually come with a modest budget that lets me really tweak the protection for the three vectors I wrote of above. For starters, I’d run internal DNS servers, force all traffic through a standalone web filter device, and use server-forced policies that force users into running safely. Home users need to employ a bit more self discipline, which is hard.
If anything isn’t clear, or sounds wrong, or needs more details, just add some comments and I’ll be happy to fill in the blanks.