Careful Browser Settings Can Limit Hacker Attacks

BERLIN/BRUSSELS, 14 October 2003 — “Lovesan” and “Sobig.F” made big news as the latest heavy-hitters in the world of computer viruses. Their headline-grabbing disruption has given many people the wrong impression: That Internet users are helpless against computer science experts who can fire their “@ bombs” at will across the Net.

Yet a bit of care and a little manual adjustment of the browser settings can severely restrict a hacker’s ability to attack your computer.

A computer’s most vulnerable spot to hackers is the software that connects it to the Internet. This includes both e-mail programs and the web browser. Both can be protected by antivirus software.

“One kind of virus scanner inspects every e-mail for undesirable attachments and known viruses,” says Patrick Heinen, a virus expert for the software maker Symantec.

Such programs are only effective if they are updated regularly and can recognize the latest virus variants. This means that patch management, or a commitment to regular downloads of updates for virus protection programs and web browsers, is an important part of computer security. “It is worth it, however, to invest between $30 and $50 for an all-around virus shield,” says Markus Bautsch, an expert in computer science for the European consumer group “Stiftung Warentest”.

The problem with unprotected surfing on the Internet is that users often notice a “Trojan” or virus only once the pest has already made its way onto the computer. While e-mail attachments can often be filtered out as questionable based on the type of file attached or the sender of the message, “Trojans” are often an integrated part of a website.

In many cases the virus hides within a seemly acceptable program download, like a screen saver. Users then usually only notice what is going on when it is already too late.

By that time, small programs using active content like Active X, Virtual Basic Scripts (VBS), plug ins, or Javascript may have already opened up external access to the computer.

“In a worst-case scenario, information is lost, personal files are handed over to the operator of a website or chat forum, or a hacker takes complete control of the infected system,” says Filip Schepers, a security consultant at the software firm Internet Security Systems in Brussels.

Active content was ironically originally integrated into websites to make surfing more interesting for users. Users must now decide whether they want to do without certain special effects on websites, or whether they want to take the risk that these same features will be abused. No browser is considered completely safe, however.

Depending on browser type, active content can be activated or deactivated with certain security levels. Complete denial of access to active content, or demanding confirmation as each step is performed, does not make sense for most users, since this requires a constant stream of clicks on the user’s part. A better option is to make a selection of pages that are considered trustworthy, and give them and them alone full access to carry out as they wish.

It is not just users of Microsoft operating systems, but also Mac users, who need to check their individual settings. “There have been relatively few Mac viruses until now,” says Frank Limbacher, an Apple press contact. This does not mean that Apple users should let down their guard, however. It is just a question of time before Mac viruses surface, agrees Symantec employee Patrick Heinen.