this product is unavailable for purchase using a firm account, please log in with a personal account to make this purchase.

I.T. in practice: Good v evil

Every Issue

Cite as: December 2009 83(12) LIJ, p.80


Constant vigilance is needed to protect a practice’s IT from invasion by a virus.

Most practices now have in place anti-virus, firewall and anti-spam software that is being kept up to date on a daily (or even hourly) basis.

The effectiveness of this is now so high that many people tend to forget that the battle between virus software writers and anti-virus software writers continues unabated.

The problem of viruses was highlighted recently with discussion in the mainstream press about a piece of software known generally as “Conficker”.

Space does not permit a broader and more technical discussion of cybercrime, botnets, online scams and phishing sites, however, suffice to say that Conficker is a form of virus called a worm. Worms create a secure base on an infected computer from which to remotely install unauthorised software.

The Conficker worm can be acquired by a computer which has not been kept up to date with Microsoft Windows updates, or can be picked up from infected files on network shared locations or from USB memory sticks.

Viruses need to be dealt with promptly but technology consultants involved with the removal of such invaders say discussion with clients about the problem revolves around several myths.

Myth 1: It’s not about money

One of the most commonly-asked questions about viruses is “why do people do this?”. This implies that writing virus software is a malicious or anti-social activity, which is largely incorrect. Virus software is sold, just like any other software, and can carry a price tag running into tens of thousands of dollars. Moreover, there is cybercrime that accompanies virus-like activity, such as identity-theft related activities, scams or credit card fraud. That is one of the reasons why rewards are offered for arrest and conviction of virus developers – Microsoft’s bounty of $US250,000 earlier this year relating to the Conficker worm is a prime example.

Myth 2: It’s personal

Practices addressing a virus infection often believe that they have been directly targeted for that infection. The probability of this is extremely small – almost all viruses and spam are spread through fully automated and undirected processes, mostly generated from already-infected computers somewhere else in the world (zombies). For example, the Conficker worm originated in Ukraine, and spread in an automated fashion through a Windows vulnerability to form a “botnet” of over two million computers in the US.

Myth 3: It’s an artificially-created problem

In much the same way that the Y2K issue of 10 years ago is now commonly (but incorrectly) thought of as a money-making scam propagated by technology consultants, some people think that viruses are developed by anti-virus corporations so that you will buy their software. While it is true that large anti-virus software developers do have teams of staff developing virus-like software to test their own anti-virus measures, this software never leaves their test labs.

Myth 4: Viruses should never exist

Software is developed by humans, and unfortunately sometimes humans make mistakes in software development and testing. Rather than ignoring security flaws in their software, both Apple and Microsoft release automated, free updates on a reasonably regular (usually monthly) basis to fix and remove vulnerability issues. In addition, both of these corporations have introduced free anti-virus and anti-spam features into their latest major operating software versions, or as add-ons, the most recent being Microsoft’s “Morro” product.

Myth 5: Viruses are a Windows-only problem

Two of the earliest “virus” programs could be found on the original Apple Macintosh computers. They were practical jokes in the form of software that took specific advantage of the (then) new mouse-driven interface. One piece of software, when installed, would reprogram the computer so that the “Ok” box would move away every time the user brought the mouse pointer anywhere near it. In another piece of software, a small animated cartoon man would run in from the side of the screen, grab the mouse pointer and run off again with it, thereby preventing any work from being done until a system restart. From the mid-1980s, virus development went from pranks to software protection (“Brain” – 1986) to social cause awareness (“Chernobyl” – 1999) and gradually became recognised for its money-making ability via criminal activities. Viruses exist on all computing platforms, but they are most prevalent on the Windows environment because the proportion of Windows-based systems in use drives the potential for cybercrime revenue maximisation.

Regular readers of this column will note a continuing theme behind the “Technology To-do List” is remaining current with upgrades.

Constant vigilance thankfully comes in an automated fashion – keeping application software, operating systems, anti-virus and anti-spam protection and firewall devices up to date is usually a matter of ticking a box or selecting an installation option.

For peace of mind, many practices also bolster this with minor six-monthly technology security checks.


ADAM REYNOLDS is the principal of Proficio, an independent IT consulting firm. For more IT in-practice information, see the contributions of the LIV Legal Practice Management Committee and IT e-Marketing Department at www.liv.asn.au.

Comments




Leave message



 
 Security code
 
LIV Social
Footer