AntiOnline Security Spotlight: Trojan and Backdoor Myths

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

AntiOnline: Maximum Security for a Connected World

This week we spotlight a tutorial about common Trojan and Backdoor misconceptions. In many instances, they can be used to deposit keyloggers, which in turn can be used to capture sensitive information including username/password combos.

For organizations, this can kick down the doors to restricted areas of your network, say the servers that hold customer records or your company's R&D. Don't believe us? You have to look no further than last week's AO spotlight.

For individuals, this is a real concern if you bank online or use the Internet to manage your brokerage account. What's more, you may want to avoid using the terminals at Kinko's and other "business solution centers", or at the very least, limit your usage to non-critical online chores. You simply don't know who was there before you and what they may have left behind during their visit.

As it turns out, anti-virus programs and firewalls are pretty good roadblocks that keep your system from letting the majority of bad code run amok. However, many Trojans and backdoor programs have proven to be somewhat sneakier.

One method of minimizing the risk of an infected PC is to practice safe computing habits. This means being mindful of opening attachments and being selective of what to download off of the Internet. And, at the risk of sounding like a broken record, patch those systems!

Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.

Direct link to this week's spotlight thread:

Trojans/Backdoors - My Observations


From England, slarty provides us with the following brief tutorial on Trojans and Backdoors. He observes that...

Myth 1: Virus checkers will protect you.
This is untrue.

Virus checkers mostly work by comparing programs against signatures in their databases. This works very well against viruses, as each virus exists in huge numbers, and they're all the same. This does not work against trojans.

Clearly a backdoor program (not necessarily a trojan) can be handcrafted on a per-installation basis; therefore there will not be another one in existence that is the same. No virus scanner can have it in its database, because it has never been seen before.

Virus checkers have signatures of well known binary-distributed backdoor "blackhat" programs in their databases. This mostly prevents kiddies. It will do nothing against adversaries who rolls their own, or compile a modified version of a source-code distributed one.

Still not convinced? Blissfully surfing the Web behind a firewall?
Myth 2: Firewalls will protect you.

So you think firewalls will protect you? No.

There are two types of firewall - network and application. The former are common in companies and filter packets on a rule-basis or by stateful inspection. They won't help, because a backdoor program can disguise its malicious traffic as normal traffic.

Application firewalls won't help either. These are common on desktops, and often used by home users. However, a backdoor can easily get around them, by masquerading as a normal application and creating "innocent" type of traffic.

thehorse13 drives home the point of why a layered approach to security is all the rage at security-minded IT departments.
There is no such thing as a 100% secure network - period.

This is for obvious reasons, many of which are noted very well by Slarty. The information given in this thread is accurate. For that reason alone, layered approaches to network security are in place at many (not all) IT shops.

This includes security awareness training that stresses safe computing techniques.

Catch the rest of this thread here.

What is AntiOnline?

AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on security hazards and how to protect your systems against them.

We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process. Stay tuned as Enterprise IT Planet spotlights the eye-opening discussions and expert participants that have helped make AO the "go to" online resource for network security.

Submit a Comment

Loading Comments...