Consider this before
Downloading Files or using Information from the
Internet
Consider this before
Downloading Files or using Information from the
InternetI believe that you should consider two separate issues before using a program (or accepting information) from the Internet:
Can you trust the author of the information or the program ?
How reliable is the security vs. the chances of a person taking the time to hack into the download page, or just outright lie and fraudulently claim to be someone else ? (I.e., " Did it really come from 'the author'?" )
Regarding the first issue, note that I said the author (programmer) must be
trusted, and not just the site that is distributing the program. It is possible
that a new virus/trojan could be placed on a major download site if people are
not careful in "checking out" its author. Sites vary a lot, and even if they say
otherwise, may leave all the checking up to you!
I try to use programs that come from both a reputable site and whose author I've
been able to contact (or at least read about). The more references to a program
on major sites and information about its author, the better the chances are that
it is a legitimate and useful program. If the program is open source (check out
all the projects at
http://sourceforge.net/) and has many people working on it and many
downloads, chances are it's quite safe. On the other hand, if a cracker can break into such a
place, that would be a 'juicy prize' indeed.
(Caution:
Knowledge of widespread
programs by reputable authors, such as
WinZip ®,
may
be used by virus writers to infect your computer after they infect a copy of the
program or hide a trojan in it: Just because a program has
the same
name
as a famous one, that
certainly
doesn't
make it the same thing!
This is why some programmers
have added 'self-authenticating' code routines to their software and/or list MD5
sums of their files. But before you can trust either of these, you may need
independent confirmation that the MD5 sums are trustworthy, or that a program
really should have 'self-authenticating' routines in the first place! Thus, the
next step for those who are very security conscious is the use of PGP-signature
files; see below.)
Never use a file that someone offers only by email or in a newsgroup, unless you have good reason to trust them. Such methods may make it easier for a person to remain anonymous, and more likely that the file is bogus.
Remember that a "trusted friend" could have already been duped into running a virus/trojan on his/her computer. Treat files from them as you should treat any rumour: Ask for verification of authenticity!
The
second issue may depend upon an ISP's ability to keep crackers from breaking
into their servers and whether or not there is much chance of someone wanting
to do so. Websites which are very critical of crackers, or seemingly boast about
how invulnerable they are, would be the kind they normally go after: the CIA,
FBI, an Internet security company, or some large media organization.
On the other hand, if someone really wanted to distribute a virus/trojan far and
wide, they would probably choose a website with little security...
There have already been a number of documented cases! For example:
On a large website, a program that claimed to remove the Back Orifice trojan was
made available for download. It appeared to search for BO when run. However,
those in charge of the website had to be informed by a third party (who goes by
the handle, "pchelp") that this program was in fact just another form of the
Back Orifice trojan itself! Someone had disguised it as a working anti-BO
program, and many unsuspecting people installed it on their computers.
(The details may be found at pchelp's website here:
http://www.nwi.net/~pchelp/bo/nosniff.htm.) This BO-trojan trojan was
called, BO Sniffer, but it could easily be lurking out there under a different
name. So, beware! (And again, just because a program has the same NAME as a well
respected tool, that doesn't make it the same program either!) A more recent
(November 2002) example of a well-known website that was broken into and had a
trojan attached to some of its download files can be seen here:
Trojan Horse in tcpdump and libpcap Distributions, or read the CNET news
article about it here:
Hackers drop spyware into popular tool
Ref: n.d. Keeping Viruses Out of your Computer, viewed 30 August 2003, <http://www.geocities.com/thestarman3/avt/download.html>.