| Unfortunately, the need for protection against
computer viruses and other hacker activity has become as routine for
businesses as the need to remain vigilant against other criminal or
terrorist acts. While some of the professional organizations and
corporate executives in this
niche have world-class protection capabilities through sophisticated IT
infrastructures and specialists, many organizations are small and have very
limited technology support resources or training. Despite good
intentions, their vulnerability can lead to disruptive problems among their
entire network of contacts, or expose contacts and communications which
should be private. There are many ways to protect
against such risks, but there are always people who will try to find new
ways to defeat protective measures, as if it were a game. Regardless
of precautions, mistakes may happen, and some attacks will succeed, at least
temporarily, at disrupting or damaging the professional work of people who
are trying very hard to be productive and create jobs and opportunities
which benefit communities worldwide.
This is a pernicious threat to the welfare of many people
as the electronic equivalent of rape or terrorism, rather than a sign of
technical prowess or sophistication, even for a criminal. There is no
excuse for it. There are some wonderful third-world jails we know
where the perpetrators of these acts, like terrorists, should be given a
chance to spend quality time.
Unfortunately, there are so many fast-changing risks, and so many
protective measures, that it is hard for well-meaning "laymen" to keep track of what works well, and
what needs to be done, without trying to become an expert in such defensive
measures and thus waste valuable time on this subject.
We therefore encourage the open sharing of "best practice" knowledge
among professionals about what works well to stop this disruptive problem.
It is a real threat to a profession such as this, which necessarily requires
many new contacts and the selective sharing of potentially sensitive or
confidential business information by electronic means as people collaborate
on a global basis to improve rather than destroy our communities.
We welcome suggestions of information sources which can be shared openly here
or elsewhere among professionals in this community about effective responses
to the virus problem.
|
We obviously try to use the normal precautions
by using leading virus protection and firewall software, and assume others will do so in
their work, and in any correspondence with us. If a virus, worm, or hacker attack does
succeed against any participant in these services, and seems likely to
spread further, please let us know so we can take appropriate precautions
ourselves and perhaps alert others to the risk.
If any virus is somehow propagated through any of our own work, despite
all protective measures, please alert us immediately to the problem so that
we can deal with it.
It is our policy to cooperate fully with US and international law
enforcement officials, intelligence agencies, and industry efforts to track
down and prosecute those who engage in the creation and spread of computer
viruses, benign or malign, or other types of hacker attacks.
It is also our policy to not do business with organizations whose
employees are known to repeatedly propagate viruses, intentionally or
innocently, through inadequate protective measures which prove harmful to
ourselves or the many contacts we maintain to perform our services.
We expect all active participants in our services to take the basic
measures necessary to maintain current protection against known viruses, and
apologize in advance if our own defensive measures ever fail and cause
unintended inconvenience or harm among any of our many contacts worldwide.
Nobody is perfect, but together we can minimize this threat to our
professional work. We also welcome information about any serious attacks
among active participants to which we should perhaps alert our network of
contacts. Given the nature of the threat, most detailed
knowledge must be shared directly through more private means than
publication here. Please do not create links to this page from other
websites for the same reason. |
|
Under development Participant
suggestions of tools and defensive best practices for e-mail protection (and
possibly feedback / pointers to be offered here)
www.mcafee.com
www.symantec.com
www.networkice.com
Participant suggestions of tools and defensive best practice for website
security
Participant suggestions of tools and defensive best practice for personal
or network "firewall" protection
www.mcafee.com
www.symantec.com
www.networkice.com
Published sources of information about suggested protective measures to
guard against attacks
www.microsoft.com
Sources of information about current attacks and defensive measures
against active viruses in general
www.microsoft.com
www.mcafee.com
Sources of information about more secure communications options, such as
to develop more secure intranets, VPN, encryption, etc.
Who to call to report an attack which may be new, rather than a known
vulnerability which is already controllable
Government authorities to contact (sources of information, criminal law
enforcement contacts engaged in tracking down hackers, etc.) -see
below
|
News of serious, current virus attacks
It is not our intention to publish general news about
reports of virus attacks, which are a daily problem worldwide better left to
specialists in that niche.
Specific reports or alerts will be limited to serious attacks within
this community, such as among the active participants in our services, when we
believe routine defensive measures may not prove sufficient to handle the
threat, and the risk of serious harm to other professional work seems high.
We may, in cooperation with contacts such as professional
associations or publications, try to help to quickly alert participants to
current problems of an emergency nature, such as by e-mail or phone,
although we do not assume responsibility to do so.
Please let us know if such support is of interest, and who
to contact in such circumstances (such as your IT specialist, rather than
the person we may usually contact when dealing with our normal business ).
Likewise, perhaps such technical contacts can help to alert us to serious
problems quickly, and distinguish real threats from the common hoaxes and
misinformation.
It is not our intention to become a clearinghouse or
publisher for virus information, or to assume responsibility for the
protection of participants against such risks, which remains the individual
responsibility of everyone. We just want to help
avert serious problems within this community if we can, since viruses can be very disruptive of
valuable work by our participants. Example :
There are many variations of e-mail Trojans in circulation at the moment
which may appear harmless, and they are disguised by the use of authentic
subject lines captured from stored messages of the user, who is therefore
likely to be recognized by the recipient as a friendly contact with a
legitimate message to be read. They launch the virus automatically,
such as through the simple act of selecting the message with the preview
pane of the browser active (just as some area representatives and other
advertisers or publishers have done with some very irritating spam
broadcasts!). It is not necessary to open a file attachment, and the
virus may launch and do damage even if you delete it without doing more than
the preview. It may attempt to disable anti-virus protection, block
other user actions (such as to load the anti-virus software again), and then
load harmful additional software from an Internet site so that such
protective measures will be defeated. The virus doesn't just look up
addresses (as in Outlook's address book, as was common with some viruses in
the past). It may actually search through a variety of sources for any
such addresses and related subject lines and stored message content to
appear more legitimate, and then broadcast itself to reach more potential
victims among all known e-mail contacts of the user.
As a specific example, such a virus was apparently in fairly
widespread circulation in July 2002 among the e-mail contacts of a leading
European area representative in a message disguised by the Trojan as further
news about an actual investment project (repeating content which we were
obviously not supposed to receive, as it was originally written for somebody
else in another language). In short, this isn't a hypothetical
problem, and one would have expected the agency involved to have better
protection in place. The resulting files and
infection activities may be randomly named and located on the hard disk so
that, even after virus protection is restored, they are not easily detected
and can potentially continue be triggered to do further damage at a later
time, or expose the PC to a hacker more easily, or transfer valuable files.
If the user involved has "administrator" rights (go read the fine print in
Windows XP Help now!), the virus can do considerable damage from which
recovery is very complex. The anti-virus or firewall software may
detect and block some such attacks, but you might "get lucky" and receive
one of the new ones they haven't blocked yet. If it gets past their
software, you're pretty much out of luck - there is little they or anyone
else will do to help, and the cost in wasted time, money, and aggravation
can be very high. In other words, be very vigilant
about keeping all virus protection measures and operating system or browser
software "patches" current, and make sure that all the protection settings
in such software and other settings (such as for browser settings, user
access rights, etc.) are appropriate. Minimize any sensitive
information on systems which might be vulnerable. Some of the attacks
are quite sophisticated, and may appear harmless at first. The user
may think the virus has been removed safely, while it remains active.
Above all, be sure to keep current backups of anything
important, so that recovery can be rapid if an attack succeeds despite all
protective measures. After all, if an attack succeeds, the only viable
remedy may be to completely wipe the hard disk clean as for a brand new PC,
and then reinstall everything from a backup which is known to precede the
time of the attack. Since some of the Trojans can act after a delay,
recent backups can be infected, so the recovery process requires some
professional foresight and diligence, and can still be complicated even with
a good backup process in place.
Like recovery from terrorist attacks, it takes time,
dedicated efforts, and resources to clean up the mess hackers make, block
their attacks, and to rid the world of such vermin. Together, however,
we can at least "harden the target" through cooperation within this
community so that the good work of participants is not delayed or
diminished, and instead can grow as a more positive response to the local
development needs of the entire world. |
Add our site search tool to your iGoogle page
