In last month’s column (www.CPATechAdvisor.com/go/1761), I discussed web advertising, its four basic components and how it works. As you may recall, the four most common types of web advertising include the following:
- Click-Through Advertising
- Direct Advertising
- Internally Developed HTML Formatted Unsolicited Commercial Email
I also defined each of the forms of advertising and discussed how each is distributed. This month, we are going to turn our attention to how this malicious web scripting can be embedded in web advertising in order to infect a person’s computer with a Trojan software program that enables one to steal information or control the computer.
Things You Can Do To Prevent Infection
- Institute an Internet Policy in your firm that bans the use of non-work related sites.
- Educate employees on the potential problems that might occur from visiting non-work related websites such as YouTube using work computers.
- Make sure you use Internet site security controls and other content control mechanisms at the Group Policy level in your network domain to prevent users from easily modifying the settings on their own machines (your network consultant may need to help you with setting this up in your environment).
- Keep your computers updated on a regular basis, and make sure all security vulnerabilities are patched immediately.
- Be vigilant for new threats that emerge over time and keep your antivirus/antispyware products updated.
- Use a managed service content filter provider who screens both e-mail (to remove unsolicited commercial e-mail) and website content (for malicious code). MX Logic is one company that offers this combined type of service. Many providers in this space offer either unsolicited commercial e-mail filtering or web content scanning, but not both. When considering a service, make sure they can do both, as it helps to eliminate the threats in your environment.
- Use a firewall that also offers intrusion protection scanning and monitoring.
The Cisco ASA 5510 and higher models offer an intrusion prevention module.
SonicWall also offers an intrusion
detection and prevention module on its devices. These devices scan the content coming in from the Internet and block content that is not appropriate.
Why This is Important to Practicing Accountants
- You need to protect your clients’ financial information.
- You need to prevent your computer systems from being compromised by viruses and malware. A compromised computer can be used to send spam, attack other computers, participate in denial of service attacks, host illegal copies of software or, worse, be used by child pornographers to distribute their illicit materials.
- Infected computers perform poorly, crash frequently and sap the productivity of the user trying to work on a trial balance or tax return.
This is important to you as a practicing accountant because of the problems it causes and because of the potential for embarrassing disclosures of information. An infected computer can cause a large amount of damage to your firm in terms of image and lost productivity. An infected computer allowing a hacker to steal your entire set of client financial information might be a serious problem. Now that we know what we are faced with as practicing accountants, let’s take a quick look at how this advertising works and then get into figuring out how to fight against this threat.
How Click-Through Advertising Works
Before I explain how the content is delivered, let’s take a look at some terms with which you need to be familiar:
- Advertiser — The company providing the content.
- Click-Through Provider — The company responsible for providing the HTML code to display the advertising content, tracking the number of clicks on the content from the sponsor’s website, and providing payment to the sponsor. Microsoft, Yahoo!, and Google all have subsidiaries, divisions or third-party providers under contract who provide this service on their company-controlled websites as well as selling content directly to sponsors.
- Sponsor — The company or website signing up with the click-through provider to provide the advertising on their website. Anyone with a website can sign up with a click-through provider to obtain advertising content for their own website. The only requirement is that they have the ability to insert the HTML code into their website.
A company wishing to promote its product or website signs up with a company that provides click-through advertising content defined here as the click-through provider. The advertiser provides the click-through provider with the content to be displayed on the website. The sponsors who sign up to provide the advertising on their website place special HTML code on the sponsor’s website. When the sponsor’s website is displayed for viewing, the advertising content from the click-through provider is also displayed along with the sponsoring company’s content.
How Your Computer Gets Infected
Additional Protective Measures
In addition to the items outlined below, additional protection can be obtained by actively using the site settings functionality in Internet Explorer via the Security Tab in Internet Options. Mozilla, Firefox, and other browsers offer similar functionality in their products, as well. Because I’m most familiar with Internet Explorer, those are the settings I will discuss here. However, feel free to use the concepts here to implement content control in your favorite browser.
Much of the web advertising content can be locked out by simply using the concepts of trusted sites in Internet Explorer. One of the key components in last month’s column was pointing out that all web advertising content is going to be coming from a website other than the one being visited. By simply raising the level of your Internet site zone security settings and using the trusted sites settings functionality to trust sites that you are visiting, you can block 99 percent of the web advertising content. An example of this is Sun Microsystems’ Java website: The main website is www.java.com, but all the advertising on the site comes from http://ads.sun.com. If you put java.com in the trusted sites and raise your Internet security level, the ads.sun.com will be blocked from displaying because they are not part of a trusted domain. (See my April/May 2007 column, “Internet Explorer 7: Finally Creating A Safe Browsing Experience,” at www.CPATechAdvisor.com/go/1515). Trusted sites are one of the best ways to prevent unwanted content from displaying in a web browser, including web advertising.
Virtualization Can Help
Virtualization can provide a means of allowing you and your employees to access the Internet for both personal or business needs without worry about impacting your office or your operations. By using either Microsoft’s Virtual PC 2007 or VMWare’s VMWorkstation, you can set up a second PC running on your computer — a virtual machine that uses the resources of your computer to run a second computer. You can then use this second PC for browsing the Internet, and it won’t matter where you go online. If the machine becomes infected, you simply erase the virtual machine and create a new one. In my December column, I am going to focus more on the virtues of virtualization technology along with the security benefits of using virtualization.