Does it seem like there have not been any new viruses released recently? It used be that the only protection you needed was updated antivirus software. However, this isn’t your father’s Internet. The amount of vulnerabilities, scams, threats, Trojans, worms, viruses, etc continues to grow at a staggering rate. The Symantec Internet Security Threat Report dated March 21, 2005, states that, “From July 1 to Dec. 31, 2004, Symantec documented more than 7,360 new Windows 32 virus and worm variants. This represents an increase of 64% over the previous 6-month period. As of Dec. 31, 2004, the total number of documented Windows 32 threats and their variants was approaching 17,500.” Folks, that is just the virus and worm variants. It does not include all the other threats and vulnerabilities. This is worse than the mosquitoes on a warm June night in Maine.
I will explain the different threats that are out there and what you can do to protect your office computers. Many different protection options are available, and there is not enough space to go through each one in great detail. The solution you choose should include some basic fundamentals—prevention, scanning, education, and monitoring. These provide a framework for your defense plan and need to be reviewed on a regular basis.
PREVENTION
An ounce of prevention is worth a pound of cure. If you think that your network is safe simply because you allow every computer access to the Internet but use e-mail only on one computer, then you are in for an expensive surprise. It would be nice if the only way your network could be infected was by opening e-mail attachments, but that is no longer the case (it never really was that way, but it was the most popular method for awhile). A new threat is spreading quickly that does not use e-mail or attachments. As I write this in early April 2005, this new threat is just making the tech news, and you will likely have heard about it by the time this article is published. This threat is “pharming,” and I will explain more about it later in the article.
The first step to implementing prevention is buying the software that will stop these pests or at least remove them when you use the software to scan your computers. Another option is not to have Internet access in your office or have a computer that can connect to the Internet but is not on your office network. The best prevention is software that runs in the background, scanning files and e-mails when you open or receive them. This is most commonly known as autoprotection, and most antivirus programs offer this option. The concern is that some of the other problems, such as adware and spyware, will not be detected by the autoprotection, which leaves you vulnerable. The antivirus software packages are starting to recognize the adware, malware, and spyware, but not very effectively.
SCANNING
Even if you have the autoprotection running in the background, it is a good idea to run a system scan on a weekly basis to make sure something did not get past the autoprotection. You can usually schedule these scans for off-hours when no one is using the PC. The PC needs to be left on in order for the scan to run. The scan should be thorough and set to scan the entire PC. One issue you may run into is that the scan will find a virus and quarantine the file. The quarantine takes the file from the original location, moves it to another folder on your hard drive that you most likely will not access, and should keep the file from running. The next time the scan runs, it may detect the file in quarantine and flash a message that it has found a virus. This makes it look like you keep getting infected with the same virus or the software is not running correctly. Check the location of viruses found to make sure they are not the files in quarantine. Over time, you should delete the files in quarantine to help eliminate these false-positives.
Many of the adware/spyware removal tools now include the ability to set up scheduled scans. If your software does not have this option, then try starting a scan before you go to lunch, and it should be finished when you return. You could also start the scan before you leave for the evening if you can leave the PC on overnight.
EDUCATION
Keep your staff updated on what you are doing to protect the PCs and also the latest threats and issues. Don’t assume that everyone knows about the latest virus, the newest scam, or all of the ways in which a computer could be infected. I don’t mean that you should turn your staff into computer geeks, but imparting general knowledge will help. The Symantec report states, “Nine of the top 10 reported spyware programs were bundled with other software.” This means that a software program was installed on purpose and that another software program was installed along with it, but the user was probably not made aware of this additional program. It may state this in the license agreement, but who reads that legal mess? So, the next time your front desk staff members want to install that cute background software their friend told them about, they may think twice.
If your entire office has Internet access, then your entire practice has the opportunity to give away the shop. If your office manager receives a fake e-mail that looks like it is from your bank asking for practice financial or username/password information, he or she may provide the information, unaware that these types of e-mail scams exist (see “phishing” later in this article). You don’t need to keep them updated on every virus or threat that comes out; instead, cover the basics and give examples.
MONITORING
When was the last time you checked the log files of your antivirus software or the date of the definition file? Definition file, you say? Your antivirus software needs to be updated, and the definition file is the information source for your software updates. This is how your antivirus software is educated about the new viruses that have been released since the last definition file. If the software is not updating, then it can become outdated quickly. If the antivirus software was installed more than a year ago, then it is probably not updating because the subscription has expired.
Also, you need to make sure that the antivirus software is scanning on a regular basis. You should be able to determine the last time the computer was scanned, the number of viruses found (zero is the best score), and what the status is of any viruses found (cleaned, quarantined, removed, etc). If you rely on seeing that little icon next to the time display on your computer to let you know that the antivirus software is running, then you need to check it immediately. There are viruses that will keep your software from updating, or worse, keep it from running at all.
I DON’T KNOW WHAT IT’S CALLED, BUT I’M SURE I’VE GOT IT
If you have computers in your office, then I am confident that you know what computer viruses are and how they spread. But, you may not know what adware, spyware, malware, phishing, and pharming are, what they do, and how they get into your computer. Hopefully by the time you finish reading this article, you can at least complain about them at the next gathering with your colleagues.
Adware, Spyware, and Malware
These 3 pests can be annoying, but some have the potential to be very costly. They monitor your Internet browsing and use this information mainly to cause those annoying pop-ups. A pop-up is another Internet browser window that opens on its own and usually contains an advertisement. Some of these can be graphically offensive and are not the type of thing you want coming up on your front desk or operatory computer.
There are a few of these pests that will capture usernames and passwords that are entered on Web sites and forward this information to another Web server. This means that your log-on information for your bank Web site could be compromised. Think of the other information you enter on Web sites including date of birth, social security number, etc. It would not take long for all of this information to be compiled and used to steal your identity.
The obvious signs that your computer has been infected include your browser home page being changed, your computer running very slowly, and a lot of pop-ups. The 2 most common ways these get onto your computer are through your Web browser when you install a software program. If you see a pop-up that claims your computer is infected and you should click on the button to clean your PC, don’t click on the button; click on the “x” in the upper right corner of that window to close it.
Gone Phishing
This scam is very dangerous and should be discussed with anyone on your staff that uses office e-mail. The way this works is you receive an e-mail that looks like it is from your bank or credit card company asking you to click on a link to a Web site to verify your identity, information, username, and/or password. When you click on the link, it doesn’t take you to your bank or credit card company’s Web site. Rather, it brings you to a Web site that may look very similar to the real site. If you enter the information and click “submit” or “send,” you have just provided valuable information that someone can use to steal your identity and/or hard-earned money. Phishing has become a very dangerous problem. Please treat e-mails like these the same way you treat phone calls from people you don’t know: don’t give out the information. If you received a phone call from someone who claimed to be from your bank, would you volunteer your personal information to this person? I would hope that you would ask for a name and then call your bank to make sure it was the one calling you.
Ain’t Goin’ to Work on Maggie’s Pharm No More
Pharming is a relatively new scam that is probably the most dangerous one of them all. This scam involves changes made to the way you access Web sites, but you probably will not be aware these changes were made because they happen out on the Internet, not on your computer. When you type dentistrytoday.com into your Internet browser and hit the “Enter” key, the Web site for Dentistry Today appears. But how did your browser know where to go on the Internet to get to this Web page? Servers are spread all over the Internet that are called DNS servers. These servers store information about where Web pages are and can convert the human interface type dentistrytoday.com to the IP address 234.275.12.4 (fake address) that computers use to get information.
I will use an analogy to explain how this happens. If you rent a car in a city that is new to you and it has GPS in it, you could use this GPS to get around town. The pharming scam would be like the car rental employee altering the GPS so that you end up at his friend’s office, you get robbed, and you don’t know you have been robbed until a few days later. You didn’t mistype the address, you didn’t go into a seedy part of town, or stop and ask for directions from a strang-er.
The pharming scam changes the valid information on these DNS so that they now contain bogus information pointing you to the scam artist’s Web site, which looks a lot like the real site. You may enter information and not even realize you are on the wrong Web site. This scam does not require interaction on your part to launch, like an e-mail attachment or pop-up ad would need to run. It could be a few days before you realize what has happened, and your bank account could be drained in that time.
Scared? Make you a little uneasy? It should, especially because there is nothing available at the time this article was written to keep this from happening to you. You can’t buy software that will autoprotect your PC or scan your PC. Why? Because it does not happen on your PC like a virus or spyware; the scam happens on servers out of your control.
SUMMARY—CAVEAT EMPTOR
This Latin term is now interpreted as meaning “Internet browser beware.” You need to be a little paranoid when surfing the Internet and reading e-mails. If something doesn’t look right, close the window or application. We wouldn’t give out personal information to a telephone caller or junk mailer, but we trust e-mails. As always, keep your software updated, your PC clean, and don’t trust e-mails from companies or people asking for personal information or business information.
Mr. Walsh is the owner of NDM Networks in Mendon, Mass, which provides computer and networking services to dental practices and small businesses in Massachusetts and Rhode Island. He can be reached at (508) 624-9898 or dwalsh@ndmnetworks.com.
