Sources Select Resources

From the Canadian Science Writers' Association

They Really Are Out To Get You

Dan Hogan

When it comes to computer security and privacy these days, it pays to be a little paranoid.

Computer viruses, hackers, and other threats to personal privacy are not just hot topics for science and technology journalists to report on. They're also problems that we ourselves have to face daily, whether at home or at the office.

Case in point: as I was writing this very article, my computer started flashing a bright red warning message on the screen VIRUS DETECTED. The source of this unwelcome intruder was a fellow science writer, whose computer had been infected with something called the "VBS.LoveLetter.Variant" virus. This devilish script had hijacked his Microsoft Outlook Express E-mail program and started to send copies of itself to everyone in his electronic address book.

If you've never installed an antivirus program on your computer, there's a good chance that a nasty little file like this one could be E-mailing itself to everyone in your address book, too, or corrupting years' worth of your word-processed documents, or even waiting until one fateful pre-programmed date to start erasing your entire hard drive.

Many of use have learned the hard way just how true these possibilities are, taking the necessary precautions of vaccinating our computers only after the inevitable computer virus attack has happened. Yet despite such precautions, the same disasters can repeat themselves. An antivirus program is only as good as its last update. Unless you download and install the new virus definitions for your antivirus program on at least a weekly basis, your computer is always vulnerable to the next generation of crooked code.

Antivirus sleuths are constantly scouring the Internet for new viruses to add to the list of thousands already discovered. The names given to them by their malevolent authors range from the deceptively innocuous (such as "Sunflower" and "New Hope") to the outright threatening (such as "CyberHack" and "DeathKiss").

The best kind of antivirus program to use is one that automatically updates its own virus definitions, to keep up with new strains that have been unleashed on the public. Norton Antivirus and McAfee VirusScan are among the most popular software packages. Some products can scan every Microsoft Word document before you even open it and every E-mail message before you read it, safely isolating and removing the offending viruses (or "trojans" or malicious "macros" or other types of potentially damaging files) before they wreak havoc on your system.

However, don't let these programs lull you into a false sense of security. Even a seemingly impenetrable line of cyber-defense can let a virus slip through and strike your computer. The best strategy, experts say, is to practice safe computing. If you share files with others (either on disks or through the Internet), be sure to take some precautions.

For example, if you receive an E-mail, even from a friend, with an attachment you weren't expecting, think twice before opening it. Attachments that are executables (those ending with the ".exe" suffix, in PC parlance) or scripts (ending with the extension ".vbs" for example) should be regarded with suspicion. If you really don't know what it is, just ask your friend if he or she really meant to send the file.

Another threat to computer users, one that is becoming increasingly more common as more and more of us leave our computers online all the time is the backdoor hacker. Once mainly the foes of large corporate computer systems, hackers are now routinely breaking into home computers, especially those with high-speed cable or DSL connections to the Internet. Even dial-up modem users are vulnerable to hacking.

Anyone can now easily get a hold of hacking tools, such as "sniffers" and other underground software, that effectively let hackers scan thousands of computers to see which ones have an open "port" or some other security hole in their systems. Once a vulnerable computer is found, a hacker can gain control of it and others, using them to launch other attacks on more important computers (such as major Web sites).

Although large-scale companies are usually well-equipped to guard against such attacks, the average home computer user has been virtually helpless, until recently. The past year has seen an explosion in the consumer computer security market, with the launching of products such as BlackICE Defender and Norton Internet Security. These programs act as scaled-down software versions of corporate "firewalls" that prevent data from being transmitted to or from your computer to the Internet through certain ports that might otherwise let hackers in.

Also available now are relatively inexpensive routers, devices that let two or more computers share an Internet connection and that also usually provide some built-in firewall protection. Examples of these are the new cable/DSL routers offered by Linksys, D-Link, SMC, and other manufacturers.

A potentially much bigger threat to personal privacy is not the hacking underground, but rather Big Brother. Recent revelations that United States law enforcement officials have developed methods of eavesdropping on electronic conversations, such as the highly publicized "Carnivore" program, have sent shivers through many circles. Although proponents of high-tech investigative techniques like this say they're needed to monitor criminal or even terrorist activity in an ever more wired world, civil libertarians argue that the same techniques could all-too-easily be turned on law-abiding activists and other citizens whose views may be against those of the government.

While these kind of Orwellian scenarios may seem far-fetched to some, others have taken them seriously enough to pre-emptively protect computer users from the prying eyes of the state. Services such as and allow users to surf the Web and send E-mail anonymously, by cloaking their Internet addresses and identities.

But perhaps the most insidious invasion of computer privacy is from advertisers. The ubiquitous banner ads that pop up on Web sites these days routinely leave crumbs of computer code on your computer called "cookies." Though harmless in themselves, cookies can let advertisers track users from site to site and build sophisticated profiles of consumer preferences, in order to target advertising to those most likely to buy certain products.

Fortunately, counter-measures have been devised to help privacy-minded users keep cookies out of their computers. Although there are ways of disabling cookies in both Netscape and Internet Explorer, many Web sites require that a user's browser have the cookie function turned on in order to navigate the site properly or to make online purchases, for example. If you really want to keep cookies out of your system, you can install programs such as CleanSweep or WindowWasher, which can let you selectively delete cookies while keeping those that are useful (such as personalized settings for your browser's default opening page).

If all of these options for protecting yourself online seem terribly inconvenient and cumbersome, they are. Fighting against viruses, hackers, and snoopers should not be left to under-equipped computer users to take on by themselves. Internet service providers could take a more proactive role in protecting their customers by offering services to filter junk E-mail (which often harbor viruses) and to thwart hackers, for example.

Paranoia may have become a necessary evil in the Digital Age. Yet we shouldn't become paralyzed by our fears. Nor should we as journalists unnecessarily worry readers in our coverage of computer security and privacy issues. But whatever solutions we propose, we should all lead by example and practice safe computing.

Dan Hogan is a longtime member of the Canadian Science Writers' Association and a science writer with the National Human Genome Research Institute, part of the National Institutes of Health, in Bethesda, Maryland. He is also the founder and editor of ScienceDaily Magazine and a regular contributor to the CSWA's ScienceLink.

Published in Sources, Number 47, Winter 2001.

Sources, 489 College Street, Suite 201, Toronto, ON M6G 1L9.
Phone: (416) 964-7799 FAX: (416) 964-8763

The Sources Directory     Include yourself in Sources     Mailing Lists and Databases

Media Names & Numbers     Sources Calendar     News Releases     Parliamentary Names & Numbers