Strategies to keep your computer safe from hackers
From the March ACP Observer, copyright © 2005 by the American College of Physicians.
By Jerome H. Carter, FACP
The Internet has been a tremendous boon for increasing the use of information technology in health care, and that's good news.
But here's the flip side: Some people find it amusing or profitable to steal, destroy or otherwise tamper with your data. While firewalls and antivirus software can serve as a good first-line defense, they may not always be enough to keep you safe.
Three big threats
Three basic programs threaten the security of your information: viruses, worms and Trojan horses.
Viruses. Viruses have been around since the MS-DOS era. (The Brain virus, for example, was released in 1986.) Viruses are small programs that infect other programs, replicate and do some type of mischief. They may delete files, erase your hard drive or use your computer to send infected messages to other people. Viruses come in three basic types: boot sector, file and macro.
Boot sector viruses affect that part of your hard drive that contains the software that runs when you turn on the computer. These viruses load whenever you run your operating system and other essential programs.
File viruses infect specific programs—such as files with .EXE extensions—on your computer. Viruses often make their way to your machine through infected shareware programs, downloaded games and other "freebies."
Macro viruses have become infamous of late. The Melissa virus, which brought down thousands of computers a few years ago, was a Microsoft Outlook macro virus. Microsoft Office programs—such as Word, Excel and Outlook—have an internal programming language that may be used to write small programs that customize the particular application's performance.
For example, a macro virus might be used to customize the format for printed documents that go only to new patients. Or in the case of Microsoft Outlook—software that manages e-mail messages—a macro virus might read your address book and send itself or an insulting message to everyone listed there.
Worms. Unlike viruses, worms are self-contained programs. Once loaded into your computer, they can replicate without infecting other system files. As a result, worms can go undetected for a long time. Once they are active, however, worms may perform numerous maneuvers—and even inactivate your antivirus software!
Worms are often embedded in e-mail attachments, Web pages or shareware programs. They reproduce by directly searching out other computers across the network or via e-mail.
Worms do not require user activation. MyDoom and BugBear are two recent examples of worms that have propagated across the Internet.
Trojan horses. Like their ancient counterpart, Trojan horses often appear as gifts. Games, wallpaper, utilities and other downloads are the perfect cover. Trojan horses tend not to replicate or infect other files, but instead give hackers direct access to your system.
While viruses and worms give you some clue that they are present, Trojan horses often go unnoticed.
The most common type of Trojan horse is the "backdoor." This type of file opens a "port" (which is a communication channel) to your computer, giving the hacker who placed the malicious program access to yours. Once inside your machine, hackers may upload or download files, collect passwords and perform other tasks.
While viruses and worms may give you clues that they are present, Trojan horses prefer working undetected. This makes them a particularly ominous computer threat.
Unlike hackers who create viruses, worms, and Trojan horses to cause problems or gain control of your computer, the producers of "snoopware" want to know what you are doing. Again, three basic types exist: cookies, adware and spyware.
Cookies. The most common type of snoopware latches onto your computer's "cookies." Cookies are small pieces of code that are downloaded to your computer when you visit Web sites. They stay there and help the computer navigate Web sites.
Some cookies make your life easier. When you don't want to keep track of your various user names and passwords, for instance, and tell a Web site to start logging you in automatically, you are giving that Web site a green light to place a cookie on your computer. The next time you visit the site, the cookie provides a faster log-in.
Cookies are also used to create sessions, which help a Web site you are visiting remember what you've been doing there for the past 20 minutes. When you're shopping online, for example, sessions let you keep a list of what's in your shopping cart.
While cookies can be helpful, some Web sites may decide to track more than just your interaction with them. They may place cookies on your computer that send them information whenever you go online.
Adware. Adware has a simple purpose: to make sure your surfing is not commercial-free. Adware refers to programs that are downloaded and installed on your computer.
Why would anyone download adware? The answer is simple: You have no idea you are downloading it. Adware is usually loaded as part of a license agreement or installation of a utility or other item that you want. Once installed, adware tracks the Web sites you visit, the products you purchase and the searches you perform.
This information is then used to create a profile, which advertisers use to send you an endless stream of junk e-mail, pop-up ads and other online messages. (Sometimes, Adware can lead to old-fashioned paper junk mail.)
Gator and Comet Cursor are two common adware programs. If you notice that your computer is sluggish, your Web surfing is slower or that you are swamped with ads, adware may be the culprit.
Spyware. The worst type of snoopware is spyware. It's used to collect information entered into online forms, capture passwords, read keyboard strokes, track Web site visits—virtually anything you do with a computer.
Many companies use some form of spyware to make sure their employees don't misuse their Web access privileges. Hackers, however, may use spyware for everything from borrowing your credit card to stealing your identity.
A variety of software is now available to help protect you from these cyber invaders. Here's a quick rundown:
Antivirus software. This is essential for any computer, and typically works in two ways.
First, these tools scan incoming or resident files for viral signatures. These signatures are stored in databases maintained by antiviral software vendors, who update their files on a daily basis.
To take advantage of these updates, you have to update the software on your computer regularly. When you log onto the Internet each day, you should check for them. Even better, set the option in your software to automatic updating.
A method known as heuristics (think of this as a set of very educated guesses) gives your computer a second way to detect viruses. These antiviral programs look for suspicious code based on problems they have seen before.
One problem with heuristic software is that it's always possible that these programs will guess wrong and delete harmless files. This typically seems to be a problem with e-mail attachments.
Firewalls. Firewalls come in two flavors: software and hardware. While hardware firewalls are found in routers used to set up wireless networks (see "Tips to help you head off wireless woes," below), most users rely on software firewalls to protect their computers.
Put simply, firewalls monitor traffic to and from your computer. Firewalls rely on ports, those communication channels that provide to-and-from access. Ports are numbered, and software must use specific ports to send and receive data. Web browsers, for example, use port 80 to surf the Web.
Firewalls monitor port traffic and block attempts to access unauthorized ports. When you install a firewall, it reviews your computer's software for programs that can access the Internet and then assigns access rights to each program.
Once this process is complete, a firewall program alerts you when another computer tries to access your computer or when a program on your computer attempts to access the Internet for the first time. If you grant the other computer or the software access, the firewall assigns permission to that program for future access attempts.
Adware/spyware protection. As snoopware has become more prevalent, vendors of antivirus and firewall software have added snoopware detection features to their products. (For more information, see "Protecting your computer.")
Excellent products exist for detecting and eliminating snoopware. In addition, your browser software has features to manage cookies, including the ability to block all cookies or to permit only those from selected sites.
And one final word of caution: I became aware of the exciting world of adware when I allowed my daughter to surf the Web on my business desktop, which has full firewall and virus protection.
She downloaded a few games and took a few online quizzes. It then took me six hours and two visits to the Symantec Web site to get my computer back to normal. The moral? Use your work computers only for work, and don't visit any Web sites unless you're certain they are safe.
Jerome H. Carter, FACP, is chief executive officer of NT&M Informatics Inc., an informatics consulting company based in Atlanta. He is the former Chair of ACP's Medical Informatics Subcommittee and edited "Electronic Medical Records: A Guide for Clinicians and Administrators," published by the College in 2001.
Dr. Carter also maintains the "Computing for Clinicians" Web site.
Now that wireless technology is easy to deploy, unsuspecting wireless network owners need to know about security issues that once concerned only information technology professionals. Here is an overview of some basic threats you need to be aware of—and some solutions.
Most widely available wireless networks are based on the 801.11b or 802.11g standard. Wireless signals are broadcast at 2.4GHz frequency, the same as microwave ovens and cordless phones—which may interfere with the signal.
Wireless signals travel in a spherical path from the antenna and can be detected up to 300 feet away. That means your wireless signals may travel far beyond the walls of your home or office.
Any type of computer with a compatible wireless receiver, from laptops to PDAs (personal digital assistants), potentially can pick up the signal coming from your wireless network. Most wireless networks will accept all users, so you need to apply security features immediately.
To work, wireless networks require a special piece of hardware called a "router." The router provides an IP address (the Internet version of a phone number) for each computing device on the network. Routers then broadcast the signal to those computers and provide a connection to the Internet via either a cable or DSL modem.
Service set identifier
The service set identifier (SSID) is the name of your wireless network. The SSID is broadcast, so any device within range will "see" your network. This is like having a bright red flag waving over your network saying "I'm available."
You should change your SSID from the factory setting and select the "no broadcast" option. This will not stop someone from accessing your network, but it will take down the flag advertising its presence.
Wireless networks broadcast too much useful information to would-be hackers. The best way to fix this problem is with data encryption.
The Wi-Fi protect access (WAP) protocol provides the best available encryption for 802.11g networks, but it is by no means foolproof. If you are sending sensitive data over a wireless network and have a capable router and sufficient technical skills, a virtual private network (VPN) will provide the highest level of security.
If you need this level of security, consult a professional.
Media access control
The final step should be enabling the media access control (MAC). Every network device has a unique, built-in MAC address. Better quality routers allow you to designate the MAC addresses for all devices that may access your network.
This provides a fairly good level of access security, although it isn't perfect. It will, however, deter all but the most diligent hackers from accessing your network.
Selecting a router
If you have computers that use the older wireless standard (802.11b) and plan to add newer computers to your network that are 802.11g compliant, buy a dual mode router that is 802.11b and 802.11g compatible. This will allow you to take advantage of the improved security and higher throughput of the newer 802.11g technology for your newer computers without rendering the older 802.11b equipment completely obsolete.
If you're going to install a wireless network, look for the following features:
- ability to turn off the SSID broadcast;
- MAC address filtering;
- WAP encryption protocol; and
- VPN capability (if data security is a major issue).
For casual home users, VPN capability might be overkill. But if you have a home office, you may need VPN capability to ensure proper security compliance with the Health Insurance Portability and Accountability Act.
Internist Archives Quick Links
Internal Medicine Meeting Early Registration Discount
Register early for Internal Medicine Meeting 2015 in Boston, MA to lock in the lowest possible rate. Learn more or register now!
Are You Using ACP Smart Medicine®?
This online clinical decision support tool is a FREE benefit of ACP membership delivering point-of-care access to evidence-based recommendations. Includes more than 500 modules, images and reference tables. Start now or watch the video tour.