A good offence is the best defence against Back Orifice 2000

The Cult of the Dead Cow has done a marvellous publicity job. Before Back Orifice 2000’s release, the Internet hummed with speculation. The good news is this new code represents only a small incremental step in PC-attack capability. Back Orifice 2000 doesn’t exploit vulnerabilities in Windows; it exploits vulnerabilities in your people.

Programs such as Back Orifice create backdoors on Windows PCs. A component runs in the background, waiting for a TCP connection. A remote graphical user interface client can: start and stop applications; delete, copy or change files; capture keystrokes; dump the screen; and even monitor an attached video camera or microphone.

Although a self-replicating backdoor is likely — especially given the availability of Back Orifice’s source code — such hostile code, or “malware,” has not yet appeared. Most backdoor infections are in the form of trojan horses. Screen savers, video games and greeting cards are common on the Internet, but sometimes a double click results in a surreptitious hostile code installation.

Backdoors listen patiently for connection requests. Their convenient GUI management interfaces can scan a range of IP addresses, automatically finding exploitable hosts. Virtually every IP address reachable on the Internet is regularly scanned.

Firewalls aren’t a cure-all for malware. They can reduce successful connection attempts, but hostile code that connects back out from inside a firewall is becoming more common.

Fortunately, while covert code continues to proliferate, effective countermeasures do as well. No single countermeasure is adequate in isolation, but a multipronged approach involving careful systems management and user education is effective.

Install antivirus software on all desktops, configure them to provide real-time protection and ensure that the virus definition files are automatically updated monthly. Virus-wall products that scan incoming e-mail are also useful. Use a different brand of antivirus product on the mail scanner, and remember that antivirus software can only detect known hostile code.

Practise good system administration and allow users access to only what they need. Malware typically exploits the victim’s own system privileges. Don’t let your NT administrators receive mail or execute office automation software using the same account they use for systems management.

The best defence is user awareness. Train users not to execute software sent through e-mail — even if it’s from a reliable source. If users access your LAN remotely through the Internet, then your LAN can be attacked if any remote PC ends up with a backdoor on it. Prepare your laptop users as well and keep their antivirus software current.

The hostile code threat will continue to steadily increase, and no magic bullet can protect your organization. Fortunately, you can survive hostile code by following best practices for administration and user training.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now