Many types of malware (malicious applications) exist that an intruder can place on a computer in order to obtain information that he could not get just by having regular file access to the computer. The most common types of malware today are viruses and spyware. Viruses are capable of disabling desktop PCs, taking web sites down, and even overloading email servers. A wireless host connected to a public access network or on an unsecured corporate wireless network is a perfect place to put a virus. The unsuspecting authorized user would then take the virus into the corporation where it could do its intended harm.
Trojan Horse applications (often called just “Trojans”) are specific types of viruses or malware that pose a serious threat to network security. According to legend, the Greeks won the Trojan War by hiding in a hollow wooden horse to sneak into the fortified city of Troy. In today's computer world, a Trojan Horse is described as a malicious, security-breaking program that is disguised as something benign or even useful. For example, suppose a user downloads what appears to be a movie or music file, but when the file is opened, a dangerous program is executed. This new executable erases the user’s hard disk, sends their credit card numbers and passwords to a stranger, or lets that stranger hijack the user’s computer to commit illegal denial of service (DoS) attacks.
Another specific type of virus is a worm. Worms self-replicate and self-proliferate creating a very large-scale problem in a very short period of time. Worms often come in the form of email worms that send themselves to everyone on a user’s email address book by disguising themselves as harmless attachments. Worms often do most of their damage well before they are ever noticed.
Most worms, trojans, and other types of viruses can be caught and disinfected before they do damage by using properly installed, configured, and updated virus scanning software. Tons of virus scanning applications exist on the market and it has recently been suggested that running two such applications simultaneously is worthwhile. Considering the high risk associated with wireless LANs, such a belt-and-suspenders approach is worthwhile to consider. Using at least one such scanning application should be required. Of course, you may need to pay close attention to the vendor’s requirements. Many vendors will not support their antimalware application running alongside other such applications.
Another distinct, and relatively new (in the grand history of computing), type of malware is spyware. Spyware typically comes as a multi-featured software package that can:
- Capture instant messenger traffic
- Capture email traffic
- Capture web site traffic and sites visited
- Capture keystrokes and passwords
- Be installed remotely and without an install dialog
- Automatically form and publish web-based (HTTP) reports
One of the most used spyware applications the spying software available at spytech-web.com. When combined with utilities like Hyena and VNC that can push the spyware to unsuspecting hosts and remotely execute and control them, spyware can be a powerful tool for gathering information. A hacker can collect the gathered data by simply pointing his or her web browser to the authorized user’s IP address and proper port number (defined by the spyware application).
Many web sites are dedicated to virus details, removing viruses, and avoiding re-infection by a virus. Two of the most popular such sources are www.symantec.com and www.mcafee.com Spyware is often not detected as a virus because spyware is an installed application that looks like any other authorized program. For this reason, companies have started making anti-spy software that works much like a virus scanner, but more specifically hunting down spyware. Several companies produce products, such as Avast, that combine antivirus and anti-spyware into a single package. Keep in mind that one can prevent malware from being placed on a wirelessly connected computer by using personal firewall software in most cases.
Windows Vista and Windows 7 come with the Windows Defender application. I personally run Avast and Windows Defender on my computers and have not had a single virus or spyware problem in 2009. And this is on computers that I use frequently for security and hacking research. Needless to say, this means I end up at cracking sites quite a lot. I am by no means perfectly protected with this combination, but I am far better off with my wireless clients configured with this protection.
