Mon, 01 Sep 2003

Exhausting ordeal when worms attack!

Vishnu K. Mahmud, Contributor, Jakarta vmahmud@yahoo.com

The past few weeks have been exhausting for IT departments in Indonesia. After the recent enactment of the Indonesian Intellectual Property law, which caused many corporations to scramble to ensure compliancy, an Internet worm attacked computers worldwide.

The "MSBlast" worm, which reached its peak on Aug. 15, caused many PCs and servers to be rendered practically useless. Targeting Microsoft Windows operating systems, the worm had managed to exile computer users from their documents, programs, networks and the Internet. Those using the Linux operating system or Apple's Unix-based Mac OS X were not affected.

MSBlast was followed by another worm (dubbed Welchia, which ironically was created to target computers infected with MSBlast), a virus (Sobig.F, which sends out spam that clogs up e- mail systems) and an announcement of yet another vulnerability in Microsoft's Internet Explorer web browser application.

All in all, nearly a million computers worldwide were infected, including those at an American nuclear power plant, the Air Canada national check-in counters, the U.S. Navy intranet systems and the Maryland Department of Motor Vehicles, to name but a few, not to mention countless small and medium business enterprises.

Microsoft, to its credit, had issued a software patch to protect against the MSBlast-type of threat in July but many users either did not know or chose not to install it. During the height of the worm infection, users couldn't even access the Internet, let alone download the patch. In one case, a Jakarta-based IT consultant had to ask a friend to download the software for him, on a Red Hat Linux machine!

Many companies had to take their network offline in order to clean and patch the systems. Business came to a near standstill as documents and e-mails could not be created or sent. It seems that computers are no longer communications tools to be used for business but are actually the lifeblood of the company. It seems that we have gotten so used to using these tools that we have forgotten how to do things the "old-fashioned" way, such as using manual typewriters and faxes, which are admittedly slower but still effective.

What worries IT analysts the most is not that the world has survived these latest computer attacks, but what virus coders could do in the future. The fact that MSBlast can infect a computer without users double-clicking an e-mail attachment, which is usually how viruses or worms attack, opens a new era of virtual assaults.

How can we avoid this in the future? The basics still apply: back up your data, patch your computers early and often, and secure your computers with antivirus software with the latest viral signatures. Considering the effectiveness of MSBlast in entering computers via the Internet without any user interaction, a firewall is highly recommended, especially for those with computers constantly connected to the Internet.

Download.com (www.download.com) has an abundance of firewall programs (some free, some for a small charge) that can be installed on your personal computer. Some of the more popular programs are Norton Personal Firewall, BlackIce Defender, ZoneAlarm and Sygate's Personal Firewall. Corporations should consider high-grade firewall solutions from Cisco or Computer Associates.

Microsoft Windows has a built-in Windows Update feature that informs users of the latest security patches. Activate it to let you know what patch is available and for what purpose. You can then decide whether you want to install it or not.

Businesses should also consider diversifying their operating systems. As shown in these latest attacks, having a homogeny of computer systems could cause problems if they all go down. It may be a good idea to use different systems (such as a Linux box or a Mac OS X computer) in certain departments, which could be used in case of emergency.

One story floating around the Internet showcased how a man, who fought the IT department tooth and nail for an Apple Powerbook laptop, helped his company grab two important contracts when all the other computers were offline. A working computer and a phone line was all it took.

But perhaps the most important weapon against this new form of cyberterrorism is information. IT Managers and even regular computer users should keep up with the latest news in the IT world. CNN's IT section (www.cnn.com/tech) and CNet (www.news.com) are great places to start.

People who drive cars or use heavy machinery are trained and licensed. Although computer users do not need to be registered, if you consider the amount of damage a PC can cause to the Internet these days, you would want at least to keep ahead of the game.