MICRO CENTER: COMPUTERS AND ELECTRONICS
Random Access   chris, kp & rob
Tech Take-Apart
Blaster Virus Reverberations
by chris

You have the new computer with the latest version of Windows and the manufacturer even included a utility for virus scanning. Everything is safe and secure, right? Think again. If you missed out on receiving a copy of the "blaster.worm" or one of its several variants that were making the rounds in October, congratulations! Many other new computer owners were not that lucky. The blaster worm did not spread through email, but by looking for computers that had not been secured against a specific Microsoft Windows networking vulnerability documented (and corrected) months earlier. If you had virus scanning software installed it might have caught the program before it could be installed on your computer. All this really means is that you were not one of the many computers that were helping spread the threat around. By the way, there are still computers connected to the Internet that are infected and trying to spread the program to your computer the first time you connect to the Internet. When we test-connected a "new" system on a broadband cable connection to the Internet, our test system became infected within the first 1-2 minutes of attaching the network cable.

There are several methods to protect your system from this type of threat, and all of them require regular checks and updates. Attacks from this particular threat could be prevented by using firewall software, using a current anti-virus product, installing "critical" operating system patches, or the most effective - keeping your computer turned off and stored in a closet. Since this last option leaves a lot to be desired by most computer users, this means the other options of firewalls, updates and antivirus software need to be used and kept current to shield your system properly.

Windows XP Firewall:
Windows XP users have a feature built into their operating system that blocks most common types of network intrusions or attacks. This is not usually turned on when you receive your new computer because the vendor does not know how you will be connecting to a network or the internet. The firewall can be configured independently for each active network connection whether you connect through a modem (dial-up), Local Area Network (LAN) or some other device. The following steps are from Microsoft's "Protect Your PC" web pages.

1. Click Start, and then click Control Panel.
2. Click Network and Internet Connections.
3. Click Network Connections.
4. Highlight a connection that you want to help protect, and then click Change settings of this connection. If you are using your modem for a Dial-Up Internet connection, this connection or modem should be listed. With DSL or Broadband cable connections, the Internet connection to choose should be the Local Area Network (LAN) adapter.
5. Click Advanced and then select "Protect my computer and network by limiting or preventing access to this computer from the Internet."
6. Click OK. NOTE: The Windows XP Internet Connection Firewall can block useful tasks such as sharing files or printers through a network, transferring files in applications (e.g., instant messaging), or hosting multiplayer games.
Critical Updates:
Most recent versions of Windows include something called " Windows Update" which connects your computer to a section of Microsoft's web site where patches to Windows and its integrated applications are posted. The Update process checks your system for installed versions and identifies patches, fixes, or updates that can be applied. Fixes for the security flaw that was exploited by Blaster, Welchia and others were made available almost a full month before these started to attack computers. The Windows Update site breaks any available downloads into one of three types: "Critical Updates and Service Packs", Windows OS-specific (i.e. Windows XP, Windows ME, etc., and "Driver Updates". In most cases, you can choose "Windows Update" from the Start Menu, or from clicking Start, All Programs, and Windows Update.

Virus Definitions:
Installing an antivirus product is a good start, but the protection is only as good as the list of known viruses or threats that it comes with. Each brand of antivirus software is slightly different in how they obtain updated lists, but all require their definitions or dat file updates to be replaced regularly. These data files are called different things by the antivirus vendor, but they all serve the same purpose. The file contains a "signature" or pattern of characters that is unique to the particular virus or malicious program. When active, the antivirus software searches new files that appear on your computer against this list of known patterns. If a pattern match is found, the antivirus software can then signal an alert, isolate the file or program, delete the file, or perform some other action that you choose. Since new viruses or variations of old ones are being released every week, keeping this list of patterns up to date is especially important to keep your computer secure. Most antivirus vendors have been updating their signature files every week, and when a particularly active threat like blaster shows up, they may make several changes or additions within days of each other.

Some viruses are written specifically to disable antivirus software or hide from this type of application. Updates to the antivirus software itself are released when this becomes known. To keep protecting your computer, you need to connect to the Internet and download both new signature files and program updates on a regular basis. If you use a dial-up connection, you may want to set these update options to manual updates, but make sure to make the time and update every week or two to stay safe. If you have a high speed, always-on connection like DSL or cable, you can usually configure your program to check for and install these updates automatically.

More information:
For more information and step-by-step procedures for your specific Windows Operating System, check out the "Protect Your PC" page at http://www.microsoft.com/security/protect/. This Microsoft page has a drop-down list to select your OS-specific steps for protecting your computer from common threats.

Apple Macintosh users can find system specific information on the Apple Product Security pages, starting with http://www.info.apple.com/usen/security/. From this page you can find links for updates, patches and Apple security briefs.

Get Random Access

Understanding Tech

Print this article

Shop Online

Send-to-a-
Friend

Your Name:

Your Email:

Your Friend's Name:

Your Friend's Email:


 © Micro Center