<HTML><HEAD><TITLE>Chapter  19 -- Virus Protection and Hostile Applets</TITLE><META></HEAD><BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000EE" VLINK="#551A8B" ALINK="#CE2910"><H1><FONT SIZE=6 COLOR=#FF0000>Chapter&nbsp;19</FONT></H1><H1><FONT SIZE=6 COLOR=#FF0000>Virus Protection and Hostile Applets</FONT></H1><HR><P><CENTER><B><FONT SIZE=5><A NAME="CONTENTS">CONTENTS</A></FONT></B></CENTER><UL><LI><A HREF="#HowIntranetVirusScanningSoftwareWorks">How Intranet Virus Scanning Software Works</A><LI><A HREF="#HowaquotHostilequotJavaAppletCanAttackanIntranet">How a &quot;Hostile&quot; Java Applet Can Attack an Intranet</A></UL><HR><P>The most publicized dangers to an intranet are computer viruses.While the danger is not as extreme as portrayed in the press,nonetheless, the danger is real. Viruses are malicious programsthat can cause many different kinds of damage, such as deletingdata files, erasing programs, or destroying everything on a harddisk. Not every virus causes damage; some simply flash annoyingmessages on your screen. Still, any virus attack must be takenvery seriously. There's no way of knowing when one has been createdout of malicious intent or whether the perpetrator thought itwas merely a harmless prank. In most cases, a virus causes realdamage.<P>Viruses pose particular dangers to an intranet. On an intranetall computers are connected to one another, and that means thatviruses can quickly spread from one networked computer to another.For example, let's say someone on an intranet gets a virus froma program they've gotten from the Internet via an FTP transfer.That virus will infect that person's computer. Before it doesdamage, however, and before the person knows an infection hasoccurred, the file might be shared with someone else by sendingit via intranet e-mail. That person in turn might send it to yetsomeone else, who in turn shares it with another person. In avery short time, hundreds or thousands of computers can be infected.A virus can spread very much like an epidemic spreads.<P>An even greater danger to an intranet is a virus that infectsa network server. The consequences of this can be disastrous.The virus could destroy the server software or its data. Thiscould bring the entire intranet to its knees if the server isone that is vital to the functioning of the intranet. It is evenmore dangerous if the virus gets loose on a server that hostscorporate databases. The virus could conceivably destroy the entiredatabase.<P>Other threats to intranets are special viruses called <I>worms</I>.Worms are viruses that have been designed to attack not just individualcomputers, but an entire network - an intranet, for example. Below,you'll find out more information about worms.<P>The term virus refers to many different kinds of programs. Theyusually attack four parts of a computer: its executable programfiles, its file-directory system that tracks the location of allof a computer's files (and without which, a computer won't work),its boot and system areas that are needed in order to start yourcomputer, and its data files. Viruses usually are found in executablefiles, such as programs. For many years, it had been thought thatviruses could not infect data files. Recently, new &quot;macro&quot;viruses have been written that hide inside a data file. The datafile itself is not the culprit, but when something triggers themacro (which is, essentially, a little program file), the virusis let loose to do its damage.<P>Even more ominous for intranets, viruses can also hide themselvesinside Java applets or be Java applets-applications written ina programming language that is expected to be used to build thenext generation of interactive Internet and intranet applications.When a Java applet runs on your computer, an executable programis downloaded from an Internet or intranet server to your computer.When that program is on your computer, it runs and your Web browsershows the results of its running-for example, you'll see a newsticker flashing across your screen.<P>The developers of languages such as Java have done much work totry and make sure that viruses can't infect programs written inthe languages. In Java, for example, when the applet downloadsto your computer, before it is executed it is put into protectedmemory so that if it has a virus, it can't infect any part ofyour computer. Java applets also cannot read from or write tolocal drives. Some Java developers will tell you that becauseof security measures like that, there's no way that a virus froma Java applet could infect your computer.<P>However, other people maintain that there are many security holesin Java through which a variety of viruses can slip through. Thesepeople claim that some of these holes will do things such as lockup a keyboard and a mouse, or do more dangerous things, such asallowing a cracker to use Java as a way to circumvent firewallsecurity and slip a virus into an intranet undetected. These kindsof Java applets are often called <I>hostile applets</I>. In fact,some of these hostile applets have been publicly posted on theInternet, with warnings about them, as a way to alert people thatJava has dangerous holes in it.<P>As these hostile applets are made public, those who create theJava language-and other similar Internet programming languages-attemptto plug the holes. That's what happened when a team of computerscientists at Princeton University discovered a serious securityflaw that could allow crackers to use Java to attack intranets.Pictured later in this chapter is an illustration of how suchan attack could be made. The security flaw has since been patched,but people using older versions of Netscape are vulnerable toit.<P>Java, as yet, is not a great threat to intranets. It is stillnot in sufficiently widespread use, and there have yet to be documentedattacks spread through using it. Of more immediate concern areseveral kinds of viruses. <I>Trojan</I> <I>horses </I>are programsthat disguise themselves as normal, helpful programs, but do damageto your computer, its data, or your hard disk. For example, someonemay download a file that claims to be a financial calculator.When the program was run, it would do calculations. But in thebackground, it would be doing damage to your computer. The theoreticalJava security flaw that the Princeton researchers uncovered wasa kind of Trojan horse.<P>Other viruses are called <I>worms</I>. These viruses are relativelyrare, but they are of great concern to those on an intranet. That'sbecause they have been specifically designed to infect networks.They travel between networked computers, replicating themselvesalong the way. They can attack the networked computers or thenetwork itself. They can also chew up an enormous amount of networkresources as they replicate and run. That's what the most infamousworm of all did. It was an Internet worm released on November2, 1988. It copied itself onto many Internet host computers, andeventually brought huge sections of the Internet to a halt.<P>The most common viruses hide themselves inside other programs.Many of them can hide in any kind of program. You get this kindof virus by running a program that has the virus inside it. Whenthe program is run, the virus is let loose, and it travels throughoutyour computer, infecting other program files. Depending on thekind of virus it is, it can attack certain sections of your computer,such as the boot sector, which could damage all your programsand data. Or it could attack other sections of your hard disk.If you don't check regularly for viruses, you may only find outabout the infection after it's too late and the damage has beendone. <P>Antiviral software has long been used on individual computers.A <I>scanner</I> checks to see if your computer has any filesthat have been infected, while an <I>eradication program</I> will