How should we protect against phone-home functions of manufacturers? How can we stop manufacturers from pulling PC information?
Blake: The best solution is to not buy products that employ these features and complain vehemently to the vendor. Failing that, tight egress filtering and use of an HTTP proxy is your only hope, but good programmers can bypass that, too.
How critical is it to secure back-end servers, such as staging or development servers not exposed to the Internet?
Blake: Nimda showed us that a multi-vector worm can bypass firewalls through one or more of its attack methods. If your network is "crunchy on the outside, chewy on the inside" (good perimeter security, bad internal security), these worms will be able to run rampant through your staging and development servers. It only takes one person opening an attachment in their web-based free email service.
We had a virus attack. After installing Norton Virus Scan 3, files couldn't be deleted or quarantined, since Windows was using the files. Running NAV in DOS mode didn't find the files. What's the best way to deal with this type of attack?
Blake: Reinstalling the operating system is your best bet. If a system file is infected, who knows what else is wrong with the system. Failing that, restore the infected file manually from a trusted source, like the vendor's CD.
How can I prevent denial of service (DOS) attacks? What can I do about them if they happen?
Blake: You can't prevent them. DOS attacks are a fact of life, not just on the Internet. Remember the fax attack? Take 2 sheets of blank paper, tape them end to end. Dial someone's fax machine and send. When the leading edge comes out of the machine, tape it to the trailing edge. Go home for the weekend. Better yet, write something on the paper, that way the victim will run out of toner or ink, too. The best defense against DOS is more bandwidth. Increase the speed of your connection until the attackers can't fill it with bogus traffic.
How can I find out which applications are most vulnerable to hackers? I need to know so I can watch those applications carefully on our users' machines. Also, what's the difference between Trojans and hackerware?
Blake: Almost any application that listens on the network or handles data is vulnerable to hackers. There are approximately 20,000 known vulnerabilities in software ranging from operating systems to games. (We expect about 2,000 new ones this year,. and the rate is roughly doubling every year) Your best bet is to keep the machines patched, use the highest security settings in the Web browser, and keep the antivirus database current.
For more information:
Can you stump our experts with your security problem? Pose your questions to Scott Blake and Laura Hunter.
Here's more expert advice on system security: