THE TROJAN HORSE AND HOW IT WORKS

From a computing point of view, the crew responsible for what one Internet site called a “Day of Atonement” for Israel’s computer safety had all the bases covered.

A sophisticated “Trojan horse” – a program that works stealthily to either wreck computer systems or steal information – combined with the “personal touch” of private investigators or corporate colleagues passing files or CDs to unsuspecting users ensured that the deception went undetected for too long.

Trojan horses are named for the ur-Horse of Greek mythology, where the hapless Trojans didn’t realize they had been invaded before it was too late.

The investigators, executives, programmers and system administrators involved in the most severe case of computer espionage ever uncovered in Israel were able to spread an innocent looking e-mail or document that contained a secret set of instructions enabling whoever was waiting on the other side to siphon off data off their victims’ systems without their being aware – before it was too late.

Of course, the victims were running anti-virus software, which probably cost them a lot of money. But while Trojan horses can spread viruses, they can also spread programs that have legitimate uses – and which can also be put to work for nefarious purposes.

Viruses are, of course, programs that execute unwanted functions (processes) in systems. The anti-virus program you use downloads every so often a database of “bad” programs to watch out for – what we call viruses. You open an e-mail with a suspicious attachment, and your anti-virus program flags it and conducts a search and destroy mission for the offending process before it can do its dirty work.

But what if the program you inadvertently downloaded doesn’t do anything destructive – or anything at all, at least not right away? It’s no longer a virus, but just one of the thousands of programs sitting on your computer – many of which are never actually opened directly by you, but are put to work by other applications or your operating system.

Many Trojan horses are set to work only when being triggered by other events, like the arrival of a certain date (New Year’s Day is popular with hackers who write these kinds of things, for some reasons). Only then will the Trojan horse turn into a virus.

In the Israel case, the culprit was probably contained in one of the small components included in a PowerPoint presentation or Java show sent by “clients.” But wouldn’t a virus program pick up on suspicious activity once it started operating? Most likely, and, hopefully, it would put a halt to the virus before it could do too much damage.

But not all Trojan horses contain destructive programs. Some, like the ones involved in Israel’s latest scandal, just set up “back door” communications channels between the hacker and the victim. Remember, these people were out to spy, not destroy.

Instead of harming their competitors, they simply set up their Trojan horse to install a program that would allow them access to victims’ PCs and servers. A program to record login name and passwords, a mini-mail program to “phone home” and send the data back to the hacker server, and the opening of a communications port, is all it would take.

And if the hackers were really smart, they would insert a function that would erase or, even better, replace the networking records (logs) with ones that deleted the activity on the port that wasn’t supposed to be open, the better to hide their tracks in case the system administrator was on the ball and checked such things out.

Sounds sneaky, eh? Well, it goes on all the time – both in industry, and on PCs. This is just how “spyware,” the bane of modern computing, works – and even the “big guys” with big staffs and big budgets can fall victim, as we have all just witnessed. Until now, many of us would have thought our affairs were too “small potatoes” for information thievery, but not all the businesses on the list of victims were necessarily obvious targets either.

So a review of how you protect yourself from hackers, viruses and Trojan horses is in order. And while your Internet service provider has already probably sent you an e-mail urging you to sign up for premium safety services, there are some things you can do on your own that will probably protect you just as effectively – for a lot less money.

WindowsXP , Mac OS X, and some other users have built in firewalls. If you don’t have a firewall, try the free Zonealarm at www.zonelabs.com – that will take care of unauthorized communication on unauthorized ports.

Anti-virus programs are an essential part of the security mix, so make sure yours is up to date by ensuring that you have the program set to automatically downloads a virus update every so often (check its scheduling feature).

And of course you need an anti-spyware application. I’ve discussed that often, and my choice remains SpySweeper.

But what you really need is a watchdog who will keep an eye on troublemakers that try to nest on your system; for that, try the free Winpatrol (www.winpatrol.com) – any hacker that tries to mess with your computer will get barked at!

Scroll down to the download button and click it.

They take you one page further to the download.

The spyware component does not beat SpySweeper, but the other components put together make this a very valuable addition.

Important: Don’t have two anti-spyware programs running at the same time – you’ll slow your computer down. Run WinPatrol once a day, but turn off the default option to be running real time.

Dennis Turner