InfoWorld
Lead with Knowledge
HOME/ SITEMAP
SUBJECT INDEXES
ABOUT US
WHITE PAPERS

Learn to secure your PCs from new and unknown hacker attacks.

Free IDC White Paper - Discover Secure File Sharing for the Enterpriseattacks.

SEARCH:  
Home  //  Article
Print Article    Email Article
Window Manager
Brian Livingston
Self-replicating virus exploits the File and Printer Sharing flaws of Windows networks

THE FILE AND PRINT Sharing weakness in Windows, about which I warned readers several months ago, has become a true online nightmare. A new virus now on the Internet systematically searches for PCs with File and Print Sharing security holes, according to the National Infrastructure Protection Center of the FBI (www.nipc.gov/nipc/advis00-038.htm).

If your PC is connected to the Internet and you have a share that is unprotected, the virus silently installs itself on your computer. After passing itself via the Net to several other victims, the virus erases your Windows folder and root folder on the 19th of the month and -- here's a sick twist -- uses your modem, in certain cases, to dial 911, possibly causing a bogus call for police or fire services.

This so-called 911 virus (technically, it's a worm) is noteworthy only for its stupid, mindless viciousness -- and the fact that victims don't even have to open a file or view an e-mail message for it to infect their PCs.

I want to use this news to emphasize the seriousness of the holes that Microsoft and some other software vendors leave in their default Windows configurations.

I wrote about the weakness of File and Print Sharing in my Nov. 1 column (see "Software solutions can provide remedies for Windows security risks on the Internet"). In brief, installing Internet Explorer and some other products binds the Net's TCP/IP protocol to File and Print Sharing by default. If a user then enables File and Print Sharing without setting passwords on every share -- likely in a small workgroup -- the machine is wide open to be logged on to by anyone else on the Net.

The 911 virus exploits this situation in a self-replicating way by scanning the Internet for IP addresses that have wide-open shares. Anti-virus companies have quickly developed updates to eliminate the threat. The worm, made up of batch files and Visual Basic scripts by inexperienced "script kiddies," is easy to detect and delete. Network Associates' description of the problem and remedies is at vil.nai.com/vil/wm98557.asp. For Symantec's take, go to www.symantec.com/avcenter/venc/data/bat.choad.worm.html.

Eliminating the File and Print Sharing hole so you're not as vulnerable to malicious port scans while you're on the Internet is simple. There's no logical reason why TCP/IP should be used for sharing within a local-area network. You can disable this flaw and enable the safe, nonroutable NetBEUI protocol for local sharing.

The procedure is explained at grc.com/su-bondage.htm. Read about the problem and its solution, then click the "Shields Up! Home" link at the bottom of the page. This leads to a test routine that shows whether or not your PC is vulnerable -- a program developed by site author Steve Gibson.

Of course, no one should connect to the Internet without a firewall. If Windows didn't default to the weakest possible security settings, we wouldn't have to worry so much about morons with crude VB scripts.

Eliminate personal info from Windows

I've written a lot lately about hackers logging on to PCs remotely and "Trojan horses" sending out your info via the Net. Because you never know when you might catch one of these bugs, now might be a good time to eliminate some personal information that Windows blithely gives out about you.

You may recall that, when you installed Windows, you were asked to type in your name and company name. Windows stores this information in plain text in the Registry at Hkey_Local_Machine\Software\Microsoft\"OS"\CurrentVersion, where "OS" is "Windows" in Windows 9x or "Windows NT" in Win NT or Win 2000. Any Windows program can read this information. And any Trojan horse can link it to your IP address, your Web surfing history, and so forth.

So I'm very choosy when I'm presented with a dialog box that requests this type of information. If the question is, "Where do you want your lottery winnings sent?" they get my correct name and address. If they're just building up a marketing database, they get "Joe User." I have to manually retype a few "pre-filled-in" forms this way, but if there's no real need for the information, I don't give it.




RELATED SUBJECTS

Operating Systems
Security

MORE >
SUBSCRIBE TO:    E-mail Newsletters  InfoWorld Mobile InfoWorld Magazine
Home  //  Article Print Article    Email Article
Back to Top
 ADVERTISEMENT
 

SPONSORED LINKS

Download the J.D. Edwards CRM white paper. Visit jdedwards.com/crmpaper
Introducing Primus Quick Resolve. Click to download a fact sheet.
Download the J.D. Edwards CRM white paper. Visit jdedwards.com/crmpaper
Gateway: Your Reliable IT Provider of Business Technology Solutions
Learn to secure your PCs from new and unknown hacker attacks.

SUBSCRIBE
E-mail Newsletters
InfoWorld Mobile
Print Magazine

Web-based training
ABOUT INFOWORLD  |  SITE MAP  |  EMPLOYMENT  |  PRIVACY  |   CONTACT US

Copyright 2001 InfoWorld Media Group, Inc.