[Additional comments below] http://www.abcnews.com/sections/tech/DailyNews/vandal980429.html Hacker Tools Getting Smarter Watch Out For Vandals! These are sneaky, sneaky bits of code that seem harmless until they come in contact with your computer. Shimon Gruper, eSafe Technologies By Michael J. Martinez ABCNEWS.com S E A T T L E, April 29 The traditional image of a hackersweating nervously in front of a computer while battling network security programshas become a thing of the past, thanks to a new generation of smart hacking tools called vandals. [Vandals? The correct word is "trojans". This is an attempt to coin a new buzzword.] Most computer security measures are still aimed at real-time intrusionssomeone trying to break in using the computer equivalent of brute force. Vandals, however, are innocuous looking programs that lie in waiting in e-mail and on Web sites. These are sneaky, sneaky bits of code that seem harmless until they come in contact with your computer, says Shimon Gruper, founder and chief technology officer of eSafe Technologies. They are very, very popular right now. [Trojans are no more popular now than a year ago. Hackers and crackers see the use for them, but typically do not rely on them as a means of compromising system security.] Hacking the Easy Way Whats the difference between a vandal and other hacker methods? Traditionally, hackers had to log on to the network they wanted to crack and try to circumvent all the security measures in real time. Vandals are let loose into a computer system and forgotten about. Sound like a virus? Not really. Viruses are simple bits of code, designed to cause mischief or destruction once they enter a system. Vandals, on the other hand, can be programmed not only to destroy specific items within a network or on a hard drive, but also to bring information stored on a computer back to the hackersuch as the passwords to the entire network. [Viruses spread themselves in a different manner than trojans. Despite what people think, a trojan OR a virus can destroy information, retrieve information, or anything else. The difference, is that trojans require a user to actively run the program (usually disguised as another program, thus the name), while a virus may spread itself once installed into a computer's memory. Viruses are often platform specific, while trojans often escape that limitation.] Defenses against traditional hacks and viruses are relatively easy. Firewalls and password protection can stave off most assaults, at least until the networks administrator can be alerted. Anti-virus programs are commercially available, and most can readily identify any of the 3,000 or so viruses out there today. [The estimate of 3,000 viruses is closer to a timeframe of 1991. In 1997 it was purported to be closer to 10,000 by many anti-virus companies.] All of these items have been on the market for years, Gruper says. But these vandals are different. Watch That Applet! Vandals are hidden within other executable programs, like a Java or ActiveX applet in a Web page, or an .exe file sent via e-mail. Theyre implanted in a system by something as simple as opening a Web page or a program attachment in e-mail. They get the info they need, cover their tracks, and then send that information back to their creator, usually piggy-backed on top of unrelated outgoing e-mail. Unfortunately, vandals arent caught too often. Like most security measures, those designed to catch vandals in the act are often outdated within weeks or months. [This would be a prime time to ask for cited material on this.] Gruper thinks he has a solution. Instead of writing a program to clamp down on specific vandals, Grupers eSafe Protect program sniffs out almost anything thats out of the ordinary. [Ahh, the real motive of this article.] First off, the eSafe program learns how you go about your computer tasks. It records how you use each application, and how each application works. Then, after anywhere from a day to a week, the computer digests all of that information and creates a set of parameters for normal computer use. Any program that enters the computer from an outside source will be compared to those parameters. Those behaving oddly, in the computers perspective, will be sealed off and not allowed to affect the rest of the computer. [So if I visit a web page every day for news, it will learn that and consider it normal behaviour. If the page is hacked and a 'vandal' is placed on it, it would be missed because visiting that page is normal. Right?] Anti-Vandal Software While this approach certainly maximizes safety, and won an Editors Choice award from PC Magazine, computer security expert John Vransevich says it might be just a little too paranoid. Vransevich says the eSafe program questioned too many of his computing moves, making Web surfing on Java or ActiveX-enhanced pages more than a little tiresome. In my mind, for computer security software to be effective, and for it to be something that your average person would actually use, it should be almost invisible, Vransevich says. With its constant interruptions, as Id call them, the software is almost annoying, and I think the average user would find themselves closing it just so that it would leave them alone. On the other hand, some computer users would rather be safe than sorry. [ Here is another example of horrible journalism. First what the hell is with this term "vandals"? This is nothing more than a trojan. Second although the article title would make you think they are talking about some new attack the article itself reads more like an ad for eSafe. What, could not find any other product to compare it to? And lastly our friend from AntiOnline has now officially been named a security expert. - aleph1 ]