Home
Corporate Home Support 

Home Products Home Search Partners 

Home Top Navigation Bar
Buy It Online
Overview
Details
Requirements
Screen Shot
Privacy Issues
Press Releases
Updates
White Paper
Registration
Add a Product to Our List
Guard Dog
Internet Privacy and Security: A White Paper by CyberMedia
The Internet's explosive growth is rapidly changing the way we do business, communicate and shop. As its reach and capability increase, the Internet also poses serious new threats to our privacy and security that current products and techniques are ill-equipped to handle.

In today's electronic age, our computers store not just data, but our very identity and our wealth. Think of the information that is typically stored there: names, addresses, bank account numbers, tax returns, and personal letters to name just a few. Until recently, one could safeguard this sensitive information fairly easily: keep the computer secure, and use an anti-virus program. But not anymore.

The Old Security: Simple Strings
A virus is a nefarious program that may be present in diskettes you share or e-mail you receive. When you read the diskette or e-mail, the virus copies itself onto your computer. It can then cause serious harm, including wiping out your entire hard drive.

There are thousands of known viruses today, each of which has a distinct "signature" or "pattern". Current antivirus products contain a database of known virus patterns that are updated from time to time as new viruses are discovered. These products typically scan every file that is opened or closed on your computer and detect viruses by matching the patterns in the file with the database of virus patterns. Any virus that is found is then neutralized or cleaned.

Anti-virus products have advanced significantly in the last few years. They are now capable of recognizing mutating viruses which hide themselves by changing their signature patterns, and many of them even employ advanced heuristics to identify viruses whose patterns are not in the database. While these advances are useful and needed, they offer little protection against today's new threats.

Brave New Web: Today's Security Threat
Today's new threats arise from two distinct sources. First, our computers are no longer isolated but are connected to millions of other systems via the Internet. Thus programs are no longer exchanged once in a while via diskettes but are downloaded regularly from Web sites. Today 11 million people download software off the Internet every month. Not surprisingly, there are far more viruses and far more infections than before. But viruses are only one facet of the PC security problem.

The second source of threats arises from the new technology available today: cookies, Active X Controls and Java applets to name just a few. As you log onto the Net, browse the Web, or send and receive email, you enter a complex world of interlocking processes that represents a wide open door into your personal computer. Every day, Internet users expose themselves to unscrupulous individuals who can make mass incursions into victims' computers with complete impunity. Here are some of the most common new threats:

Trojan Horses: Beware of Greeks Bearing Gifts
In the Trojan war, as the story goes, Agamemnon and his men broke through the walls of Troy by building a giant wooden horse and leaving it as a gift at the gates of Troy. The Trojans, assuming the horse was a tribute of defeat by the Greeks, pulled it inside the walls. Unknown to them, the horse contained a legion of Greek soldiers who broke out at night and defeated Troy.

As in the legend, a "Trojan horse" is a program that claims to be a handy utility, perhaps a calculator, screen saver or a self-extracting image, which when run wreaks havoc. Trojan horses have been known to format hard drives and send credit card numbers to hackers over the Internet.

A Trojan horse is not a virus because it does not duplicate itself and is usually downloaded at the explicit request of the user. It is dangerous only when it is executed and is fairly difficult to detect as creators of Trojan horses can easily vary the program's signature or footprint to avoid detection.

The National Computer Security Association (NCSA), an industry consortium based in Carlisle, Pa., has collected hundreds of Trojan horse programs. Dozens of them are targeted at users of America Online, the online service most frequented by inexperienced users. At least three dozen of these (with different names and extensions such as *.exe, *.zip and *.scr) were variations of the same program that captures screen names and passwords and forwards them on to hackers who can use them to access the victim's Internet account.

Perhaps the most potentially disastrous Trojan horse is the AOL4FREE.COM program which erases a user's hard drive. It was created by a hacker who decided to make good on a false rumor of this sort of Trojan horse circulating on the Internet.

In response, America Online added a filtering utility to its email program. The utility, called "Download Sentry," tells users when they are downloading an executable program, but it's still up to them to decide whether or not they will run it. It is not clear how users should respond to such a message because they already know they are downloading an executable program; what they need to know is whether the program is a good one or a Trojan Horse and there is no simple way to determine that - except for programs like Guard Dog.

Hostile Java Applets and Active X controls
On February 3, 1997, the Chaos Computer Club demonstrated on German national television an ActiveX control that is able to snatch money from one bank account and deposit it into another, all without the customary personal identification number (PIN) that is meant to protect theft.

ActiveX controls are typically downloaded from Web sites. Once downloaded, the control scans a user's computer for Intuit's popular Quicken finance software. The ActiveX control then tricks Quicken into transferring funds from one bank account to another the next time a user logs on to a banking service.

The incident underscores something that most computer security experts have known for some time: It is easy to violate a user's security via the Internet. Hostile ActiveX controls and Java applets--small Internet programs that work mainly through Internet browsers-- are able to do virtually anything on a user's computer that a programmer can dream up, including installing a destructive virus.

Both Netscape and Microsoft have stepped up security by requiring developers to register the controls and applets they send out. But the burden is still on the user who has to decide whether or not to accept controls and applets which are downloaded. Microsoft has created an "accountability" system, called Authenticode, which allows software publishers to stamp their controls with a digital signature. If a control does something bad to a user's computer, the publisher can be tracked down and prosecuted. In other words, the Authenticode system does not protect against malicious code; it simply makes it easier to find out who wrote it.

But it's easy for users to unwittingly accept an unsigned ActiveX control if they get lazy or frustrated by repeated Authenticode warnings. Moreover, since the Authentiode certificate costs $400, many vendors skip this process entirely. The Chaos club's ActiveX control, for example, is not signed. Once it is accepted by an Internet Explorer user, the program is free to do its work.

Cookies with your JAVA?
We've all heard about cookies, but what are they? A cookie is a small file, usually under 5 KB, that a web site writes on to a user's hard drive. This file uniquely identifies the user so that every visit the user makes to the site can be recorded and cataloged. In concept, a cookie is like the tag the game warden shoots into the ear of a wild animal to track its progress. Using cookies, a web site knows precisely how many times you've visited the site and what specific pages you have seen.

Typically, web sites silently upload and download cookies on to your computer, without your knowledge or permission. You can set an option within the browser to warn you whenever a web site tries to place a cookie, but then you get inundated with warnings.

A more serious aspect of the cookie problem arises when web sites you don't even visit place cookies on your computer. For example, when you perform a web search or look up a stock quote, the search site can pass on your request (through the "referrer" field) to a company that specializes in building customer profiles or displaying banner ads. The banner ad company then displays an ad and places a cookie on your computer.

Over time, web sites can use these cookies and the "referrer" field to collect information on every web site you visit and every search request you make. This information can be collected, analyzed, and sold to the highest bidder. It is like having a video camera tracking you at a shopping mall - not just to record the purchases you make but to keep track of the items you show interest in.

This sets you up for spamming, direct mail advertisements, and even worse. Over one third of the Fortune 500 check medical records prior to making hiring decisions - will they start checking web surfing habits? Do you want your insurance company getting this information when applying for life insurance? Do you want your bank getting this information when applying for a home loan?

A New Approach: A Security System for Your PC
Publishers of antivirus software have responded to the Internet by extending their pattern recognition technology to e-mail attachments and downloaded files. However, antivirus technology does not stop Trojan horses which can change patterns or hostile ActiveX controls and Java applets and such approaches do not address privacy concerns.

Perhaps more significantly, pattern recognition technology does not address the complexity of the Internet. For example, an ActiveX control can scan a user's hard drive and report back to the web site that loaded the control. If this scan is in conjunction with a useful service, perhaps the user does not mind the intrusion. However, the user should know that this is happening and be given enough information to make their own decision. Or perhaps a user is willing to let The New York Times set a cookie in exchange for customized information, but unwilling to let an advertising banner company (who the user has never visited or heard of) track their web surfing habits through cookies. Again, the user should be made aware be allowed to make the decision.

CyberMedia's newest product, Guard Dog Deluxe, is a suite of protective countermeasures designed from the ground up specifically to address privacy and security threats on the Internet.

Since viruses are a large and growing threat, Guard Dog Deluxe incorporates award winning antivirus protection from Trend Micro. The antivirus protection includes a demand scanner, a real-time background scanner as well as scanning of e-mail attachments, file downloads and floppy disks. New virus pattern files are available every two weeks so users always have the most current protection. However, antivirus is just the beginning.

Rather than relying solely on pattern-matching techniques, Guard Dog Deluxe creates a protective "firewall" around a user's critical files (e.g., Quicken files, passwords, e-mail or user selected files) and continually monitors all access to these (File Guardian). If any application, Active X control or Java applet tries to read or open these, Guard Dog Deluxe checks if the program is permitted to do so. If so, the program may proceed. If not, Guard Dog Deluxe warns the user so the user can decide whether to grant access or not.

Guard Dog controls all access to the Internet (Internet Access Monitor) so no unauthorized program tries to connect without the user's knowledge. In addition, Guard Dog includes a "security heuristic" which blocks certain malicious actions such as formats and hard disk scans. These approaches enable Guard Dog Deluxe to foil most Trojan Horses and hostile applets and controls (including the attack demonstrated by the Chaos Computer Club in Germany). Guard Dog Deluxe can also stop the password-stealing Trojan Horses that are currently plaguing AOL users.

Guard Dog Deluxe also performs a complete security check-up, looking for known security problems, such as out-of-date browsers. One of the most important steps a user can take to protect against security threats is to ensure that their browser is the latest version. Both Netscape and Microsoft create new versions regularly to include new counter-measures and bug fixes.

Guard Dog Deluxe is the world's first comprehensive privacy protection package. It starts with Cookie Blocker, which intelligently handles cookies - because you may not want to block every cookie as some of them can be extremely useful. It automatically monitors every attempt by web sites to plant a cookie or read personal data. If the user has designated the web site as friendly (e.g., the New York Times site), it is allowed to proceed. If the user has blocked the Web site, Guard Dog will silently reject the cookies it tries to place. When a new web site is visited, Guard Dog will step in and offer a recommendation - and ask for your decision.

Guard Dog Deluxe then automatically protects information a user enters into a web site (e.g. stock ticker, search request, registration form) from going to other sites (MyInfo Filter). This new technology cleverly strips information from the TCP/IP data stream so web sites do not analyze your web browsing habits. Thus, search requests made on the Alta Vista engine are not forwarded to their banner advertising company.

Finally, Guard Dog even ensures that people cannot walk up to the user's computer when it is unattended and determine the user's web browsing habits. Most browsers automatically kept a running record showing details of every web site you have visited and the images you have downloaded. Guard Dog Deluxe can automatically clean up the trails left behind by removing the relevant history and cache file information after each web surfing session.

Like all CyberMedia products, Guard Dog will update itself to always be current. Guard Dog Deluxe can thus evolve to protect against the latest threats as they emerge. Given the new security and privacy threats that the Internet poses, no user can afford to be without such a comprehensive, yet easy to use, protector.


Corporate | Products | Support | Partners | Home | Search