DE-'BUGGING' COMPUTERS

December 2003
		The Internet has facilitated global communication like never before but also created the need to secure computer networks from viruses and worms. Two security experts on the front line of the battle against these computer "bugs" answer your questions.

Online NewsHour Special Report: Computer Worms and Viruses Forum Introduction I read a lot about vulnerabilities embedded in Web browser code that enable sending data through ports that are normally open and assumed to be safe by most firewalls. Is this a true threat and how serious is it? Have any viruses or worms arrived in .txt or .jpg or PDF files? These are files that by definition have NO executable code and are hence, treated as data and nothing else. Are there NO files that can be safely opened on a PC? I noticed that all of the worms identified on the newshour are w32 ... what responsibility for this security problem should be assigned to Microsoft? Is the ZoneAlarm security program effective against worms? Before switching to a DSL connection, with a (Linksys) wireless router, I always used a (ZoneAlarm) firewall. Now, however, I have been told by many people that there is no need for the firewall as the router serves that function. Is that true, or do I still need a firewall? I have installed a new program for fighting spam - Spam Inspector. It seems to be quite good. My question is that it looks as if the spam is opened (by the spam fighter) to determine if it is spam. Does that opening make me vulnerable to virus attack? Are there free firewalls available on the Web that do the job?	Gerald Berke of Woodstock, N.Y., asks: Have any viruses or worms arrived in .txt or .jpg or PDF files? These are files that by definition have NO executable code and are hence, treated as data and nothing else. Are there NO files that can be safely opened on a PC? And why are there no Mac viruses? And even Unix? I have seen none of these viruses directed at Unix machines. They all seem to be Wintel machines ...99 percent? Larry Rogers responds: Gerald: I agree with you in that the specification of .txt, .jpg, and PDF files does not contain a directive that can cause embedded code to be executed in a way like UNIX-based PostScript previewer ghostscript does. Ghostscript has an escape to the shell directive (the exclamation mark - !) where shell commands can be embedded in the PostScript stream and executed when ghostscript previews it. Ghostscript take a -dSAFER argument to turn off this functionality. There have been vulnerabilities in some of the programs that process these kinds of files; I think specifically .jpg, where there was a buffer overflow in the processing program. This allowed part of the .jpg file to contain machine instructions that the intruder specified and that were subsequently executed on the victim's computer system. It is an implementation error. There are Macintosh-based and UNIX-based viruses, but as I am sure you know, the most widely deployed operating system around the Internet is some variation of Windows. Thus, if the virus writer's goal is to affect the most computer systems possible, the clear choice is a Windows-based virus. However, if the goal is different, such as targeting a specific e-commerce vendor's Web server farm which is built with UNIX systems, perhaps a UNIX-based virus would be more effective. So, it depends upon the goal. In most cases, widespread disruption is the goal and therefore a Windows-based virus is the most effective. And yes, there have been Macintosh and UNIX viruses. Joe Wells responds: In 2001 a VBS worm fooled a lot of people who assumed "AnnaKournikova.JPG.vbs" was a .jpg of the Russian tennis star. Also in 1991 the first PDF "virus," named Peachy, was discovered. However it spread only under the full version of Adobe Acrobat. Not under the Acrobat Reader most people use. Google "PDF virus" or "PDF worm" for more information. Your best defense today is a healthy dose of skepticism and one of the free security/antivirus bulletins you can subscribe to. Most antivirus companies provide such a service (including my company FortiNet). Your safest option may be to use a typewriter. There are viruses and worms for Mac, UNIX, Linux, etc. However, Microsoft has by far the biggest market share. This translates into more targets and more skill programmers (including the disgruntled ones). If Mac or UNIX held the lion's share, circumstances would undoubtedly be different.