As someone who spends way too much time sitting in front of a computer, I sometimes forget that I know things that the general computer-using population rarely thinks about. The truth of that statement was brought home to me this week by two incidents that, although they were unrelated to each other, illustrate a common problem.
Late last week, I started receiving emailed questions about computers automatically shutting down with a warning message shortly after being booted. Because I was getting these messages from a disparate set of users, it was clear that some sort of virus was on the loose. A couple minutes of research uncovered the Windows remote procedure call (RPC) vulnerability that Microsoft released a patch to repair 3 weeks ago. (You can read the details about the vulnerability in the Microsoft article "MS03-026: Buffer Overrun in RPC Interface May Allow Code Execution" at http://support.microsoft.com/?kbid=823980 .)
This vulnerability affects all versions of Windows based on Windows NT that are later than NT 4.0. Because only Windows XP enables automatic updating by default, I'm certain that many users of earlier OS versions didn't receive the patch automatically and probably aren't subscribed to either the corporate or end-user version of Microsoft Security Update. (To learn more about Security Update, go to http://www.microsoft.com/security/security_bulletins/decision.asp ). What bothered me most about the situation is the simple fact that, even unpatched, none of the vulnerable OSs can be attacked if they're behind a properly configured firewall. In this day and age, no user should expose his or her computer to the Internet without adequate protection.
I recently took a trip on short notice, and I grabbed a new notebook computer to take along. Other than configuring my email applications on the notebook, I hadn't done anything with it. When I travel, I use MSN for dial-up access. I don't install the MSN client; rather, I simply configure dial-up networking with a local phone number for wherever I happen to be. When I arrived at my hotel, I connected to the Internet and within just a few minutes began receiving messenger service pop-up ads. Realizing my mistake, I disconnected, brought up the properties for the DUN connection, and enabled the built-in Internet Connection Firewall (ICF) that's available in XP. Doing so stopped the attacks, and my dial-up experience improved immensely. More important, my security level increased.
My experience offers a quick and easy example of what a firewall can accomplish; in XP, increased protection was only a few mouse clicks away. Which brings me to the second incident I referred to earlier. I received a phone call from a panicked friend who was certain that her new work notebook computer had a virus. The small company she worked for had just issued new notebooks to its sales force (of a dozen users), and she told me that when she took hers home and connected to the Internet, carefully following the instructions she was given, all sorts of weird things started happening.
When I took a look at her computer, it was clear that she didn't have a virus; she was simply being inundated with a constant stream of messenger pop-ups. "A simple enough fix," I thought to myself, "I'll just enable ICF and she'll be fine." So I blithely went to the network connections page, right-clicked the network connection (after closing the telephone connection), and nothing happened. No context menu appeared. So I clicked the "Change settings of this connection" entry in the left-pane menu. Nothing.
Wanting to make sure that her notebook was working properly, I configured a DUN connection to my MSN account, which worked fine, with all properties available. So I had to ask her the dreaded question: "Who decided that you should be using AOL for remote access?" I was certain that the AOL client was the problem. To verify that I was correct, I installed the AOL client on a computer I had that was slated for an OS removal. Sure enough, no way existed to modify the connection properties so that ICF could run on the AOL-provided connection.
It seems that, as a cost-saving measure, my friend's company had decided to get rid of the 800 number direct-dial connection that the sales force had been using and instead use a generic Internet connection and Microsoft Outlook Web Access (OWA) to give the sales force email access. Because email was all this group of employees needed, a large cost savings seemed to be available. Evidently, after a discussion about ISPs, the owner of the company had directed the single IT professional on staff to "Use AOL. It works fine for me at home."
I told my friend to have her company's IT guy give me a call. I explained to him that he would either need to purchase and configure a firewall for each of the outside sales computers, or, given that the sales force spent only a short amount of time online each day, simply switch to another national ISP and enable ICF on the DUN connection. As for my friend, I downloaded and configured a shareware firewall product on her notebook so that she could surf the Internet in peace. I didn't send the company a bill for my time. I hope it takes my advice.