DE-'BUGGING' COMPUTERS

December 2003
		The Internet has facilitated global communication like never before but also created the need to secure computer networks from viruses and worms. Two security experts on the front line of the battle against these computer "bugs" answer your questions.

Online NewsHour Special Report: Computer Worms and Viruses Forum Introduction I read a lot about vulnerabilities embedded in Web browser code that enable sending data through ports that are normally open and assumed to be safe by most firewalls. Is this a true threat and how serious is it? Have any viruses or worms arrived in .txt or .jpg or PDF files? These are files that by definition have NO executable code and are hence, treated as data and nothing else. Are there NO files that can be safely opened on a PC? I noticed that all of the worms identified on the newshour are w32 ... what responsibility for this security problem should be assigned to Microsoft? Is the ZoneAlarm security program effective against worms? Before switching to a DSL connection, with a (Linksys) wireless router, I always used a (ZoneAlarm) firewall. Now, however, I have been told by many people that there is no need for the firewall as the router serves that function. Is that true, or do I still need a firewall? I have installed a new program for fighting spam - Spam Inspector. It seems to be quite good. My question is that it looks as if the spam is opened (by the spam fighter) to determine if it is spam. Does that opening make me vulnerable to virus attack? Are there free firewalls available on the Web that do the job?	Julie Schmiesing of Irvine, Calif.: I have installed a new program for fighting spam - Spam Inspector. It seems to be quite good. My question is that it looks as if the spam is opened (by the spam fighter) to determine if it is spam. Does that opening make me vulnerable to virus attack? Thank you. Larry Rogers responds: Julie: In theory you are still vulnerable, but not in the way you believe. The spam inspector opens your e-mail differently than does your e-mail reader. The spam inspector opens it for reading but never for any execution. This is, if an e-mail has an exe attachment, the spam inspector will not treat it as an executable and therefore try to execute it. This execution "feature" is how viruses and worms do their voodoo on your computer system. Instead, the spam inspector opens the email as a collection of text, sometimes with formatting, such as HTML. It looks at information in the headers of the email and specific content in the body. My comment about being theoretically vulnerable is that if there is a vulnerability in the spam detector itself, then there is a possibility that a specially formatted email may take advantage of this vulnerability as the way to spread itself. This is much less likely and is also very specific to the spam detector you are using. Part of the "success," if you will, of viruses and worms is the widespread use of a technology that either has vulnerabilities or design characteristics that viruses and worms can leverage. Should your spam detector become the de facto standard and therefore be in heavy use, then any vulnerabilities that come to light represents another way for virus and worm authors to spread their malicious code. Joe Wells responds: I am unfamiliar with this particular product, however every spam checker has to open the spam to read and examine the contents. Opening and reading a file is not the same as running a program, a macro or a script. Correctly done reading the file is both safe and required. John Kulczycki of Chicago, Ill., asks: Are there free firewalls available on the Web that do the job? Larry Rogers responds: John: If the job you are speaking about is blocking network traffic to and from your computer system, then all of the free firewalls do this. Some go further to block based upon content. The two free ones that I am aware of and have experience with are Tiny Personal Software and ZoneAlarm. Their descriptions are accurate with respect to what they do and the goals that you can achieve. There are likely others that do the job as well. As I have recommended in the Home Computer Security document on the US CERT Web site (http://www.us-cert.gov/reading_room/HomeComputerSecurity/#4) purchasing a firewall is a good place to spend your money and get something that does all that you need it do.