Probate & Property Magazine

Technology Property

Technology-Property provides information on current technology and microcomputer software of interest in the real property area. The editors of Probate & Property welcome information and suggestions from readers.

Protection from Cyberattacks

Everyone has heard about the many viruses distributed by e-mail, the hacker attacks on government and private Web sites and the denial of service (DoS) attacks on commercial Web sites. Less well known is "spyware," software that reports on Internet users' activities to advertising companies.

Lawyers connected to the Internet should pay special attention to ensuring the security of their systems. Arguments have been made that those who fail to ensure that their systems are secure, and who thereby spread viruses or allow their computers to be used in DoS attacks, may have legal liability to the users whose computers are affected. See M. E. Kabay, Distributed Denial-of-Service Attacks, Contributory Negligence and Downstream Liability, Ubiquity Mag. (Feb. 28, 2000); Worse, client data could be compromised on systems without appropriate security. This column considers ways to protect computers and data from attack and use by others for sinister or commercial purposes.

The New Age of Viruses

Various types of programs can execute commands, damage files or undertake other actions on a computer once they are activated. Symantec, a manufacturer of virus protection software, has an extensive Web site discussing viruses (, as do most antivirus software makers. The generic term "virus" actually covers a multitude of evils. Viruses are computer programs designed to spread themselves from one file to another on a single computer. A Trojan horse program comes with a hidden surprise intended by the programmer but totally unexpected by the user. Worms, like viruses, replicate themselves. Instead of spreading from file to file, however, they spread from computer to computer, infecting an entire system.

In addition to the real dangers posed by viruses, Trojan horses and worms, these programs cause another headache: e-mail hoaxes, which are not considered "real" viruses by the general public because they do not replicate themselves on a computer or do "damage" as it is commonly understood. Hoaxes do, however, take up time and computer resources, including Internet bandwidth and hard drive space.

When a user passes a hoax on to others, he or she is perpetuating the damage. The best response is to have an office policy that prohibits passing along messages about viruses, "special offers," "urban folk tales" and other topics that are often the subject of hoaxes, unless the messages have been vetted by the computer department. A firm with no department dedicated to computer resources probably should simply prohibit redistribution of these messages.

Many viruses, Trojan horses and worms spread through e-mail attachments. Activating the attachment used to be the only way it could infect the user's system, and simply reading e-mail posed no danger to the computer. If, however, the user wanted to open attachments, he or she was best advised to have a good antivirus software package.

Recent developments in e-mail have made it easier to spread viruses. E-mail programs now can see e-mail messages not just as text messages but also as Web pages or other formatted documents. As a result, viruses may now be spread simply by opening an e-mail-even one from a trusted source. The only reliable defense against viruses spread by e-mail itself is good virus protection software.

Most virus protection software manufacturers have Internet sites where users can purchase and download their products. When deciding on antivirus software, it is important to choose a commercial software package and not to rely on freeware or shareware. Commercial antivirus software manufacturers regularly update their virus definitions (the list of viruses for which the software searches and against which the software protects a computer)-an additional incentive, beyond reliability and trustworthiness, for using commercial software. Two major manufacturers of antivirus software are Symantec (Norton AntiVirus) ( and McAfee (

Both manufacturers have products that will continuously check the files in use for viruses as the computer is running. Norton also checks files downloaded from the Internet, using Netscape, before the files are saved to the hard drive. In addition, antivirus programs generally allow the user to scan the hard drive at regularly scheduled intervals to make certain no new viruses have been introduced since the last scan.

Personal Firewalls and Spyware

Another pitfall has arisen in recent months, again due to advancing technology. Computers connected full-time to the Internet via cable modems or digital subscriber lines (DSLs) are open to attack by hackers who may seek to steal information or to corrupt data. Even computers that use "old-fashioned" dial-up connections to the Internet are subject to use in attacks on other computers.

Various tools have been developed to test and protect a system from unauthorized access and use. A firm with a direct connection to the Internet, so that the user also accesses the Internet by logging onto the corporate local area network (LAN), will most likely have a firewall in place. A firewall protects the contents of the computers behind it, so that only information requested by the user (such as a file or a Web page) can get through. Someone seeking to hack into that computer has to go through the firewall first-not an easy task if the system is properly administered.

Firms and practitioners who connect to the Internet over a cable or DSL modem do not have this inherent protection from prying computers; the same is true of connections to the Internet by a dial-up modem. The only feature that keeps more dial-up connections from being compromised is that the Internet service provider assigns a different random "address" to a user each time the user dials up. A computer is essentially an "open book" for those with the know-how to find and probe a system.

To find out whether a system in its current configuration is easily compromised, a user can go to the Gibson Research Corp. (GRC) site on the Internet,, follow the "shields up" links through the GRC site and test his or her system. In plain English and with explanations, the GRC site will reveal whether the computer in question is subject to attack.

When the test is completed, the user may want to download a personal firewall-similar to those that are used on networks but much simpler to install and operate-to protect his or her computer. One free personal firewall, called ZoneAlarm, is manufactured by ZoneLabs and can be found at This software not only precludes incoming signals from invading the computer but also restricts Internet access for software on the computer that the user has not authorized. In addition to blocking incoming traffic that does not originate from requests the user has sent, ZoneAlarm essentially makes the computer invisible to others on the Internet by refusing to respond to probes sent by those testing the system. This makes it less likely that the entity probing the user's network will return to that location.

To control outgoing traffic, after the user installs the firewall and starts an Internet application (such as NetScape or Internet Explorer) , ZoneAlarm asks whether the user wants the software application to access the Internet. If the user says no or does not respond, the software cannot access the Internet. Users can set preferences for each application used, and ZoneAlarm will remember the settings.

This feature is especially useful against a number of worms and Trojan horses that, after they have infected a system, will use its connection to the Internet to take actions the user has not authorized. Worms may spread themselves to other computers and Trojan horses may run programs to send information toanother computer.

Trojan horses were used to initiate the DoS attacks on Yahoo and other major commercial Web sites in recent months. Because ZoneAlarm asks whether to allow a particular application to access the Internet, answering no whenever you do not recognize a program seeking to use your Internet connection should prevent you from being an unwitting participant in an Internet DoS attack.

ZoneAlarm also can deter operation of "spyware" on a computer. Spyware is software placed surreptitiously on a computer with the intent of reporting to another computer about certain aspects of the user's Internet activities. Sometimes spyware is installed when one downloads freeware or shareware computer programs from the Internet. The primary difficulties with spyware are that the user is not told of its existence and does not authorize its use, and it may remain on the computer even after the program to which it was attached is removed.

ZoneAlarm cuts off spyware use of a system by the same method it uses to prevent operation of Trojan horse software, by requiring authorization to use an Internet connection. Some spyware programs, however, attach themselves to other programs that are authorized to use the Internet and therefore bypass the ZoneAlarm protections.

To determine whether a system is infected with any spyware, a user can surf again to the GRC site (, choose the link for OptOut and read the instructions. This program searches the hard drive for the files spyware is known to use. It then offers the option of cleaning the files from the system. The user can configure OptOut to check the computer for new files each time it starts up, an excellent option if one regularly downloads application files from the Internet.

More information on spyware, its operation, and how to deal with it is available on the GRC Web site.

Concluding Thoughts

The Internet is a wide open network with computers connected from all over the world. Paying attention to who has access to one's computer makes sense in today's dangerous world.

Technology-Property Editor: Robert A. Heverly, Albany Law School, 80 New
Scotland Ave. Albany, NY 12208, rheve@


Insert additional links