HOW SECURE IS YOUR SHOP COMPUTER?

Motor, Feb 2005 by Bell, Sam

Locking the doors at night isn't adequate protection for your shop computer. Today, security threats can arrive via the wires connecting it to the world outside those doors.

Ten years ago, only a few repair facilities owned computers that weren't dedicated to a single-purpose machine, like an alignment rack or engine analyzer. Today most shops have at least one. Ii your shop has a computer, or is thinking about getting one, this article is for you.

Many shops now use computers to generate repair orders, track customer history and control inventory. Many of us have a computer-based repair information system like MOTOR/ALLDATA or Mitchell OnDemand so we can have timely access to wiring diagrams, code-setting criteria, technical service bulletins, etc. Smart technicians also use the knowledge base at the International Automotive Technicians' Network (iATN). There are also both enthusiast- and manufacturer-supported online resources for specific makes and models of cars. Some of us even have our own websites or use e-mail to reach our customers with estimates, diagnoses or updates. Clearly, computers can increase productivity and efficiency in our shops just as they have in the cars we service.

You've probably seen the TV commercials with the message that "millions of Americans are just asking for a computer virus." Dave George has seen them, too. Dave has been in the automotive service industry for 22 years and now manages the RadAir Complete Car Care facility in Garfield Heights, Ohio. Until a few months ago, Dave was among those millions. One day, he got what he "asked for." He was loading a new time clock shop management program onto one of the six networked computers at the shop. Following the manufacturer's instructions, he had just logged on to the Internet to register the program, when things suddenly spun out of control.

"At first, the computer made a funny whirring noise," Dave told us, "and I was connected to another website. I tried to get back, but whatever I did, the computer just kept switching me somewhere else. It started offering to help me find 'adult friends' and going to weird places. Then the popups started."

Dave disconnected his computer from the Internet, but the pop-ups continued. They became more and more explicit. Even restarting his computer didn't slow the onslaught. Soon his computer locked up, its screen literally covered with sexually explicit images.

An October 2004 study of home PCs found that about 80% had become infected with one or more pieces of spyware (see the Glossary below), usually entirely without their users' knowledge. The most common source of infection was from bundled downloads, often of free software, which included hidden spyware or adware programs. Game software was a major source of hidden malware.

Major Internet service providers (ISPs) like AOL and MSN offer free antivirus/cyberspace security solutions to their subscribers. Even so, many of those subscribers' PCs become or remain infected. The most common cause is users clicking on an e-mail attachment, usually ignoring at least one warning dialog box before doing so.

The federal government's policy, as delineated in its National Strategy to secure Cyberspace, is that, of necessity, the entire Internets security rests upon the security of each individual machine connected to it. ISPs have a vested interest in preventing and reducing virus outbreaks, yet they have strongly resisted the idea of government regulation, arguing that voluntary cooperation allows for greater flexibility and faster response times to actual threats.

Former U.S. Attorney General John Ashcroft cited a PricewaterhouseG(X)pers report that estimated that U.S. businesses have spent over $300 billion (an amount roughly equal to the national K-12 education budget) to fight hackers and computer viruses, with costs continuing to rise. Direct aggregate damages from a single highly infectious vims have exceeded $700 million.

Dave George's shop spent thousands of dollars to disinfect and protect its computer network, eventually replacing the most-affected machine entirely. So, what measures should you take? And how safe is "safe enough"?

Never entering sensitive customer information into any computer that is ever connected to the Internet is an extreme measure. This may not be practical for most of us unless we have several computers that are not networked together. Even then, important operating system updates often must be downloaded via the Internet, thus violating the strict no-connection requirement.

Hardware & Software Options

More practical approaches include both hardware and software countermeasnres. Lets take a look at the options.

Any Internet-capable computer needs good antivirus software. Highspeed Internet connections, like DSL and cable, are prime targets for hackers (see "A Hacker's View" on page 28). At the very least, they require a hardware firewall and recently updated antivirus software. Experts stress that each machine should have a licensed copy of a regularly updated antivirus program in place.