Wireless LAN security has long focused on protecting traffic over the air, using encryption to inhibit eavesdropping. Today, most WLAN users realize that when they use a public hotspot without WEP or TKIP or AES or IPsec or SSL, anyone sitting nearby can read that traffic using nothing more than shareware packet capture tools.
But far less attention has been paid to securing wireless laptops, PDAs and smartphones. The next time you visit a hotspot, browse your Network Neighborhood. There's an excellent chance that you'll see another hotspot PC advertising itself (and its public shares) by sending NetBIOS over wireless. Turning on a personal firewall -- whether built into your OS or through a third-party product like ZoneAlarm -- can avoid this common mistake.
Now, let's say that you have Windows Internet Connection Firewall enabled on your wireless connection. You use a VPN client when connecting to your company's network. You let Windows Update automatically apply new patches. You run AntiVirus software with auto-update enabled to protect yourself from this week's newest worm. You've made a serious attempt to apply security best practices to your wireless laptop. Are you completely safe?
Spies among us
Unfortunately, no. These countermeasures significantly reduce your vulnerability to many common threats, but none specifically addresses one of today's fastest growing threats: Spyware.
PestPatrol defines Spyware as "Any product that employs a user's Internet connection in the background without their knowledge, and gathers/transmits info on the user or their behavior." For example, Hotbar is software that adds graphical skins to Internet Explorer toolbars. In addition to this "primary" functionality, Hotbar monitors your web activity, interacting with third-party advertisers to supply information about websites that you visit, the products that you buy, and the topics that might be of interest you. This information is used to target your computer with product advertisements -- yes, those annoying pop-up ads.
This example is typical of Spyware -- a program that you install to provide one function, but is actually designed to track and report on your activity to others. Spyware may be bundled with other shareware that you download and execute, or installed by clicking on an ill-advised link in spam email or a web page. Some spyware even asks for your permission to spy on you -- in the End User License fine print that few users ever read, displayed briefly during installation.
Spy vs. Spy
Once installed, getting rid of Spyware may not be as simple as disabling it. You will probably need a clean-up tool designed to scrub your computer of all executables, DLLs, and registry keys installed by the Spyware.
There are many programs available to help detect the presence of Spyware programs and help eradicate them. Several well-known, reputable examples include PestPatrol, Ad-Aware, Spybot, and McAfee Antispyware. Many such programs not only assist with Spyware cleanup, but can help you to prevent Spyware installation in the future. Here are a few sites where you can learn more about Spyware defenses: CoreCom Spyware Resources, PestPatrol Spyware Research Center, and SpywareWarrior Forum.
BUT: Be very careful that anti-Spyware is not itself Spyware or some other kind of malicious code (e.g., remote access trojan, keystroke logger, DDoS zombie)! A program that shows up in a Yahoo! or Google search on "Spyware" could have been written by anyone, for any purpose. Careless browsing or download is probably how Spyware infected your system in the first place -- don't compound that mistake by repeating it with another Spyware program. Avoid programs like AdWare Remover, SpyHunter, AdDestroyer, and others that appear on this excellent list of Rogue/Suspect Anti-Spyware Products.
Safety first
Spyware is a growing threat, whether you're connected to a wireless or wired network. To reduce this threat, consider running a Spyware detection and blocker program 24/7 as a complement to your existing AntiVirus scanner. In addition, harden your browser to reduce opportunities for infection -- one site with good "how to" advice on hardening Internet Explorer can be found here. Many third-party firewall products now include browser security features that can help with this task.
In addition, WLAN owners may want to consider checking for Spyware in scan-on-connect security measures. For example, read my review of Sygate Security Portal or take a look at products like InfoExpress CyberGateKeeper, Cisco Network Admission Control, Microsoft Windows Server 2003 Network Access Protection, and Perfigo CleanMachines. These are just a few of many new products that have emerged to help companies defend their network from a backdoor attack by infected or under-secured devices.
About the author: Lisa Phifer is vice president of Core Competence, Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of data communications, internetworking, security, and network management products for nearly 20 years. She teaches about wireless LANs and virtual private networking at industry conferences and has written extensively about network infrastructure and security technologies for numerous publications. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
