The State of Home Computer Security Examensarbete utfÄort i Informationsteori vid Tekniska HÄogskolan i LinkÄoping av Ulf Frisk Semir Droci¶c Reg nr: LiTH-ISY-EX--04/3565--SE LinkÄoping 2004 The State of Home Computer Security Examensarbete utfÄort i Informationsteori vid Tekniska HÄogskolan i LinkÄoping av Ulf Frisk Semir Droci¶c Reg nr: LiTH-ISY-EX--04/3565--SE Supervisor: Viiveke Fºak Examiner: Viiveke Fºak LinkÄoping 6th October 2004. Avdelning, Institution Datum Division, Department Date 2004-10-06 Institutionen för systemteknik 581 83 LINKÖPING Språk Rapporttyp ISBN Language Report category Svenska/Swedish Licentiatavhandling ISRN LITH-ISY-EX--04/3565--SE X Engelska/English XExamensarbete C-uppsats Serietitel och serienummer ISSN D-uppsats Title of series, numbering Övrig rapport ____ URL för elektronisk version http://www.ep.liu.se/exjobb/isy/2004/3565/ Titel Säkerhetsläget för hemdatorer 2004 Title The State of Home Computer Security Författare Ulf Frisk, Semir Drocic Author Sammanfattning Abstract Hundreds of millions of people use their home computers every day for different purposes. Many of them are connected to the Internet. Most of them are unaware of the threats or do not know how to protect themselves. This unawareness is a major threat to global computer security. This master thesis starts by explaining some security related terms that might be unknown to the reader. It then goes on by addressing security vulnerabilities and flaws in the most popular home computer operating systems. The most important threats to home computer security are reviewed in the following chapter. These threats include worms, email worms, spyware and trojan horses. After this chapter some possible solutions for improving home computer security are presented. Finally this master thesis contains a short user survey to find out what the problems are in the real world and what can be done to improve the current situation. Nyckelord Keyword home computer security, worm, spyware, phishing, trojans Abstract Hundreds of millions of people use their home computers every day for di®erent purposes. Many of them are connected to the Internet. Most of them are unaware of the threats or do not know how to protect themselves. This unawareness is a major threat to global computer security. This master thesis starts by explaining some security related terms that might be unknown to the reader. It then goes on by addressing security vulnerabilities and aws in the most popular home computer operating systems. The most im- portant threats to home computer security are reviewed in the following chapter. These threats include worms, email worms, spyware and trojan horses. After this chapter some possible solutions for improving home computer security are pre- sented. Finally this master thesis contains a short user survey to ¯nd out what the problems are in the real world and what can be done to improve the current situation. Keywords: home computer security, worm, spyware, phishing, trojans i ii Acknowledgment We wish to thank our supervisor and examiner associate prof. Viiveke Fºak for smart advices and inspiring comments on our work. We improved our knowledge in the home computer security area a lot during this work. We believe that this area of computer science will become signi¯cantly more important in the future. We also wish to thank the persons who took part in our small user survey. Their collaboration was very important for this thesis. iii iv Contents 1 Introduction 1 1.1 Delimitations . .............................. 2 1.2Methodsandsources........................... 2 1.3Glossary.................................. 2 1.4 Notations . .............................. 3 2 Security related terms 5 2.1 Security related terms .......................... 6 2.2 Abbrevations . .............................. 21 3 The Home Computer 23 3.1 Relevant operating systems ....................... 24 3.2 Case study: Windows XP Home Edition ................ 25 3.2.1 Initial vulnerabilities ....................... 25 3.2.2 Windows Update ......................... 25 3.2.3 Access control .......................... 26 3.2.4 Hidden ¯le extensions ...................... 27 3.2.5 Email settings .......................... 27 3.2.6 Internet Explorer ......................... 28 3.2.7 Other services and aspects .................... 28 3.3 Case study: Windows 98 Second Edition ................ 30 3.3.1 Initial vulnerabilities ....................... 30 3.3.2 Windows Update ......................... 31 3.3.3 Access control .......................... 31 3.3.4 Hidden ¯le extensions ...................... 31 3.3.5 Email settings .......................... 32 3.3.6 Internet Explorer ......................... 32 3.3.7 Other services and aspects .................... 32 3.4 Recent vulnerabilities .......................... 32 3.4.1 RPC-DCOM: one month from patch to attack . ....... 32 3.4.2 The messenger service ...................... 33 3.4.3 Internet Explorer ......................... 34 3.4.4 Application programs ...................... 35 v vi Contents 4 Threats 39 4.1Worms................................... 40 4.1.1 Worm segments .......................... 40 4.1.2 Spreading methods ........................ 41 4.1.3 Famous worms in the computing history ............ 42 4.1.4 The latest worms in the wild .................. 46 4.1.5 Worms of the future - the digital armagedon? . ....... 54 4.2Virushoaxes............................... 56 4.2.1 The jdbgmgr.exe virus hoax ................... 57 4.3Phishing.................................. 58 4.3.1 Phishing scams .......................... 58 4.3.2 An example ............................ 59 4.3.3 Statistics and trends ....................... 59 4.4Spyware.................................. 61 4.4.1 Adware .............................. 62 4.4.2 Spyware .............................. 62 4.4.3 Phone dialers ........................... 63 4.4.4 Statistics and trends ....................... 64 4.5Trojanhorses............................... 65 4.5.1 Malicious actions ......................... 65 4.5.2 Propagation ............................ 66 4.5.3 Protection ............................. 67 4.6 Summary . .............................. 67 5 Possible Solutions 69 5.1 Operating system security ........................ 70 5.1.1 Tips on how to avoid computer worms ............. 71 5.2WindowsXPServicePack2....................... 72 5.3 Memory protection ............................ 75 5.4 Possible phishing solutions ........................ 76 5.5Backups.................................. 78 6 User Survey 79 6.1Background................................ 80 6.2Results................................... 81 6.2.1 Windows ............................. 81 6.2.2 Security software ......................... 82 6.2.3 Internet and email ........................ 83 6.3 Summary . .............................. 83 7 Conclusions per threat category 85 7.1 Default settings .............................. 86 7.2 Security holes . .............................. 86 7.3WindowsUpdate............................. 87 7.4 Automated worms ............................ 87 Contents vii 7.5 Email worms . .............................. 87 7.6Spyware.................................. 88 7.7Phishing.................................. 88 7.8Theusers................................. 88 8 Summary 91 A Questionnaire 95 viii Contents Chapter 1 Introduction "If GM had kept up with the technology like the computer industry has, we would all be driving $25.00 cars that got 1,000 miles to the gallon." - Bill Gates, co-founder of Microsoft Corp. When IBM introduced their ¯rst Personal Computer, PC, in the beginning of the eighties no one could believe that the development of computer techology would progress so fast as it has done in the past 20 years. No one thought that 20 years later there would be a PC in almost every home, and that they all would be interconnected. During these 20 years several big breakthroughs in computer tech- nology helped ordinary people to change their opinion about computers. Graphical user interfaces, the Internet and web browsers helped change the public opinion that a computer was something sold by IBM that had to be serviced by an army of engineers in white smocks. In the middle of the nineties personal computers had become easy enough to use for ordinary people thanks to new Windows versions. This together with fre- quent price cuts and the ever expanding Internet helped spark the interest of many ordinary people. In several countries tax cuts for home computers further helped to spark this interest. It became trendy to own a computer. Today there exists a computer in almost every home in developed countries, and even though the less developed world are still far behind computerization is increasing fast. The huge amount of home computers and the massive Internet usage has im- proved the information ow in various ways. People now have access to the in- formation they need around the clock and can electronically communicate with people around the world. It is hard to list all the bene¯ts, but there are also some important problems that needs to be addressed. Ordinary people has basically unwillingly become system administrators of their own home computers. Most of them don't have any basic knowledge on how to protect their computers from the ever increasing threats on the Internet. Malicious code writers use the Inter- net to launch various attacks on computer systems around the world. Organized crime uses the Internet to steal important information