Keeping Your Computer Hacker Free and Away From OIT
WelcomeTeachingPublicationsInfo for prospective studentsCitizen ScienceGeocachingLinksBioTAP

by Benjamin Wolf

            Have you or any of your friends ever received an e-mail from OIT informing you that your computer is infected with a virus?  Even worse, have you heard about someone's internet connection being shut down because their computer was hacked?  Do you fear that your computer is next?  Whether you know it or not, your computer is susceptible to infection due to vulnerabilities in the software you use on a daily basis.  In order to minimize the opportunity for hackers to invade your computer, you must understand why your computer is insecure, what software developers are doing to secure it, and what you can do to reduce your risk of being hacked.

            Due to loopholes in software security, your computer is vulnerable to being attacked by hackers.  These loopholes are better known as contextual vulnerabilities, meaning they can only be taken advantage of by hackers in certain scenarios.  According to computer scientists Jesper M. Johansson and E. Eugene Schultz (2003), “contextual vulnerabilities are currently very much ‘on the radar’ of software vendors.”  Therefore, it is appropriate that these two scientists discuss different solutions that software vendors can take in order to repair these vulnerabilities.  Some solutions they present include:  “removing code,” adding warnings, and changing contextual rules for the software.  While each of these solutions introduce new problems, they are helpful in eliminating vulnerabilities.

          Perhaps the most logical solution to eliminating vulnerability is to delete the problematic code.  If the code that tells the computer program what to do has a section that is vulnerable to hackers, why not get rid of it?  According to Johansson and Schultz, “Completely removing the object solves the problem [of vulnerability], but at a substantial cost”(2003).  As you can see this solution is the most straightforward, but when you delete code, you run the risk of the program no longer working.  When software developers can remove the questionable code without losing the functionality of the program, then the problem is solved, however, this option is not always a possible one.

Another option software developers use is adding warnings.  If you use Microsoft Internet Explorer, you are probably familiar with these warnings.  The advantage of this solution is that it gives you, the user, the option to deny other software from using the code that is vulnerable.  On the other hand, this assumes that the user knows how to assess the risk of clicking “yes” to continue.  If you are the type of person who clicks “yes” before reading warning messages, you might want to get in the habit of reading them.  By taking the extra few seconds to determine what you are agreeing to, you will be able to make your system more secure.  Software developers are attracted to this approach because it is easy and effective, yet, it will not work if you ignore these warnings.

The last approach developers try is creating rules for context.  There are two ways of doing this:  either disallowing the software to run in certain scenarios or allowing the software to only run in certain scenarios.  While these two options seem very similar they are in fact very different.  The first requires developers to identify all of the loopholes in the software before hackers do.  This would solve the problem, but it is very difficult to identify every loophole in the program.  The other solution restricts the program from running in any scenario other than those identified as safe by the developer.  This solution accounts for all of the unidentified loopholes, but may restrict the software from running in scenarios that might otherwise be safe.    Creating rules for context is the most difficult but most effective approach for developers to take in minimizing software vulnerabilities.

Although most of the software you use is insecure, there are three easy things that you can do that will make your computer more secure.  First and most importantly, you can update your software.  Almost every month Microsoft comes out with a new security update for their software.  This update uses one of the methods described above to help minimize vulnerabilities in their software.  These updates cannot help you unless you download and install them.  Secondly, you can be more conscious about the warning messages you get.  These software developers didn’t spend time programming in warning messages just to annoy you; they included them so you can protect yourself.  Read warning messages and make sure you know what you are saying yes to before you say yes.  Lastly, keep your virus-scan up to date and use it.  Virus-scans protect you by finding those viruses that made it through the loopholes and onto your computer.  While no computer is completely secure, you can take actions to make sure that your computer is more difficult to hack into and thus less attractive to hackers.

Don’t fall victim to hackers that are taking advantage of loopholes.  Software developers have ways of repairing these loopholes such as deleting the vulnerability, creating warning messages, and making context rules.  All you need to do is keep up to date with patches that fix these vulnerabilities, read before you click “yes,” and keep your virus scan current.  Make these three easy routines habit and your computer will be better protected from hackers.

 

Works Cited

 

Johansson, Jesper M, and Shultz, E. Eugene.  2003.  Dealing with contextual vulnerabilities in code: Distinguishing between solutions and pseudosolutions.  Computers and Security vol. 22:  p152 – 159.

About the author

Enter content here

Enter content here

For more information, contact Julie Reynolds at julie.a.reynolds at duke.edu