The Sasser Worm

by Bob Seidel

OK. This is your last warning! If you are still using a dial-up Internet connection it's time to upgrade. The reason for this action lies in the recent Internet worm called Sasser that did quite a lot of damage this week.

Sasser, apparently written by a German teenager who is now under arrest, did not actually cause much damage although it had the potential to do so. Once it takes over a PC, its main effort is to find and infect other computers. This causes severe performance degradation of your PC and the increased amount of traffic did affect overall performance of the Internet. It also does some other damage such as inhibit the normal Windows shutdown mechanism.

The issue here for me is that PCs using dial-up Internet connections were particularly vulnerable to this worm, although not for obvious reasons.

Sasser does not travel in e-mail. You get it directly from your Internet connection and it can occur any time you are connected, even if you are not actively surfing the web or reading e-mail. You don't have to open or click on anything to get it. Once Sasser gets in, it makes some modifications to Windows that allow it to continue to run, and then it begins to scan for and infect other PCs. Since it can't work when your PC is shut down, it attempts to inhibit the shutdown mechanism.

There are three reasons that PCs got infected. The first is that there is a programming bug in Windows that allows Sasser to communicate with and infect PCs. But this bug was identified and fixed long ago - why was Sasser able to spread? The second reason is that a hardware or software firewall would have stopped the infection. Windows comes with a firewall, why doesn't it protect PCs? The third is that the anti-virus software on the PC was not up to the latest virus definitions.

The answer to these questions is largely because of the way people use dial-up connections. Dialers (if I may call them that) do not get regular Windows updates, or anti-virus definition updates because the time to download them is so long. Downloading some of the Windows updates could be an all-night proposition. Dialers rarely have software firewalls because they think they do not need them if they don't have a permanent Internet connection and they rarely turn on the built-in Windows XP firewall.

On the other hand, most people with high speed, permanent Internet connections use the automatic Windows Update feature and also use the automatic virus definition update feature offered by their anti-virus software. In simple terms, a properly configured PC with a broadband connection would not have gotten the worm - it would have been blocked by the firewall, the bug in Windows would have been fixed, and their anti-virus program would have caught it as a last resort.

So if you are a dialer, you need to make the decision now to upgrade. If you check, you will find that the local available services offer some good inducements to sign up. You need to have a permanent Internet connection (Road Runner or DSL) to protect your PC in the future. You should also consider buying a hardware firewall router if your Internet connection modem does not have one built-in (Road Runner does not, recent BellSouth DSL modems do).

Just to round the discussion out, I am sure there are a few people out there who are upset with this column and me because they don't have broadband Internet where they live. In that case, you need to take a few steps: 1) check for Windows Updates frequently. 2) If you have Windows XP, turn on the built-in firewall. 3) Check for anti-virus updates each time you dial in, before you do anything else.

To turn on the Windows XP firewall, go to Start / Control Panel and click on Network Connections. Right click on the appropriate connection, select Properties and then the Advanced tab. But be aware that if you have a home or office network, doing this will block your network. This is because there is no way to customize the IP addresses that the built-in firewall blocks. Microsoft has already committed to fix this in the next Service Pack update of XP. In the mean time, if you have a home or office network, consider getting another software firewall, such as Norton Personal Firewall or Zone Alarm.

(Bob Seidel is a local computer consultant in the Southport / Oak Island area. You can visit his website at www.bobseidel.com or e-mail him at bsc@bobseidel.com).