Securing your PC or laptop against cyber-criminals

We constantly hear about computer viruses, trojans, spyware, malware, etc that has made most of us indifferent about the need to apply the latest updates against operating system vulnerabilities, and to keep our firewall, anti-virus and anti-spyware solutions up-to-date. Most of us may feel that no matter what we do to secure our desktop PCs or laptops, viruses, trojans, spyware, malware, etc will still penetrate our computer systems. So, why bother? Thus, most PC and laptop users think that defensive efforts are futile. This basically stems from a lack of understanding or misinformation. When an unethical hacker or cyber-criminal gains access to your computer system, the potential for executing malicious acts is very high.

I will use the Microsoft Windows file system for this discussion simply because Windows is the most commonly used operating system in the world today, making it an attractive target for unethical hackers and cyber-criminals.

The Windows NT File System (NTFS)

Microsoft's NTFS file system was introduced with the launch of Windows NT, and is still the file system used by Windows 2000, XP, Vista and the new Windows 7 operating system. The NTFS file system is a major improvement over the previous File Allocation Table (FAT) file system.

The NTFS file system “was designed to include many features, including data recovery, security, fault tolerance, large files and file systems, multiple data streams, UNICODE names, sparse files, encryption, journaling, volume shadow copies, and file compression” (Silberschatz, Galvin & Gagne, 2006, p. 790).

Once a computer system is compromised, unethical hackers and cyber-criminals usually hide their malicious files, instructions or data in the hard disk, using either of two popular methods: (a) low-level formatting, and (b) partitioning.

If the low-level formatting method is chosen, unethical hackers and cyber-criminals typically target the redundant sectors and bad sectors to hide their damaging codes. In the partitioning method, the typical target locations are the partition tables, inner-partition gaps, hidden partitions, deleted partitions, unallocated spaces, and boot records. However, a competent and up-to-date anti-virus and anti-spyware application can identify and act to remove such threats.

A more subtle technique makes use of the multiple data streams (MDS) feature of NTFS. The MDS feature enables multiple independent streams of data to exist in a file. Each stream contains the complete data of the file, for e.g. .doc, .xls, .txt, .zip, etc. Furthermore, the MDS includes a data stream known as Alternate Data Stream (ADS), originally created for compatibility with the Apple Macintosh Hierarchical File System (HFS) but is also used by most application programs and native Windows operating system to store file attributes and for temporary storage of other file related information.

Alternate Data Streams (ADS)

ADS provides the ability to fork file data into other files without affecting their functionality and size or display of file information to file browsing utilities such as the DOS “dir” command and Windows Explorer.

The following steps demonstrate how an unethical hacker or cyber-criminal can make use of ADS to plant malicious codes and launch it later.

Step 1: Using Microsoft Windows XP

1. Create the folder 'ADS_Demo' in your hard disk root directory C:\
2. Copy and paste the applications Notepad.exe and Mspaint.exe into C:\ADS_Demo
3. Your result should be similar to that shown in Figure 1
4. For this demonstration, let us assume that the application Notepad.exe is the file created and planted by an unethical hacker or cyber-criminal into your PC or laptop, and contains malicious codes. In other words, assume Notepad.exe is the malicious file
5. Take note of the file sizes and date stamps as follows: Notepad.exe = 68KB, 4/14/2008 and Mspaint.exe = 335KB, 4/14/2008

Figure 1: Windows Explorer

Step 2: Create an ADS for the malicious file

1. Launch 'Command Prompt' from Start All Programs Accessories
2. Change directory to C:\ADS_Demo
3. Enter the DOS command 'dir' to list the contents of your ADS_Demo sub-directory
4. Your results should be similar to Figure 2
5. Again, take note of the file sizes and date stamps as follows: Notepad.exe = 69,120 bytes and Mspaint.exe = 343,040 bytes. No change in the date stamps
6. Now, to create an ADS, enter the command 'type notepad.exe > mspaint.exe:notepad.exe'
7. Your result at this stage should be similar to Figure 3
8. Notice that the file size of Mspaint.exe remains unchanged at 343,040 bytes although we have already embedded 69,120 bytes of the malicious file to it, but the date stamp has changed from 4/14/2008 to 10/11/2009
9. A check under Windows Explorer (Figure 4) also shows that the file sizes have not changed at all, but the date stamp of Mspaint.exe is now 10/11/2009

Figure 2: Run Command Prompt & List folder contents

Figure 3: Create an ADS for Notepad.exe (the malicious file)

Figure 4: Windows Explorer

Step 3: Launching the malicious file

1. In the Command Prompt window, execute the malicious file using the standard DOS command ‘start’ as follows 'start c:\ads_demo\mspaint.exe:notepad.exe' (Figure 5). On your Windows desktop, the Notepad program (the malicious file) will launch (Figure 6)
2. Then launch Task Manager to check which program is running. If your computer system is NOT protected by the latest updates against Windows vulnerabilities, then Task Manager will wrongly report that Mspaint.exe is running instead of Notepad.exe (the malicious file) as shown in Figure 7

Figure 5: Launch Notepad.exe (the malicious file)

Figure 6: Notepad.exe runs in your Windows desktop

Figure 7: Task Manager wrongly reports Mspaint.exe is running

Step 4: Delete Notepad.exe (the malicious file)

1. Since Notepad.exe is the (assumed) malicious file, we must remove or delete it from our computer system
2. In the Command Prompt window, enter 'del notepad.exe' (Figure 8)
3. Then enter 'dir' to check whether it has been deleted. The 'dir' command shows only the Mspaint.exe file in the sub-directory (Figure 8). Thus, Notepad.exe was deleted or is it?
4. Enter the command 'more <. mspaint.exe:notepad.exe > notepad.exe' and the Notepad.exe (the malicious file) is regenerated as shown in Figure 9, and likewise in Windows Explorer (Figure 10)
5. Note that prior to deletion, the date stamp of Notepad.exe (the malicious file) was 4/14/2008 and the date stamp of the regenerated Notepad.exe (the malicious file) has changed to 10/11/2009
6. Thus, malicious programs embedded using ADS are difficult to be removed or deleted permanently. The use of appropriate anti-intrusion security solutions is usually required

Figure 8: Delete Notepad.exe (the malicious file)

Figure 9: Easily regenerate Notepad.exe (the malicious file)

Figure 10: Windows Explorer

Conclusion

From the above demonstration, we can conclude that when unethical hackers or cyber-criminals gain access to a computer system, they can easily hide malicious programs to existing files, and the file size shows no increase in size even after malicious codes have been added. Later, the malicious programs are launched to cause havoc to the computer system or take control of the computer system to further spread malicious programs to other computers via the Internet.

Therefore, it is important that as a computer user, you ensure that your computer system is:

• updated with the latest updates or patches against operating system vulnerabilities
• protected by a firewall application from a reputable security software company to prevent malicious access or intrusion
• using a firewall program that is regularly updated with any new patches released by the manufacturer (use the auto-update feature)
• protected by an anti-virus and anti-spyware program from a reputable security software company and that the program scans in real-time for viruses, trojans, spyware, malware, etc
• using the latest anti-virus and anti-spyware definition files (use the auto-update feature)

While there are good firewall, anti-virus and anti-spyware programs which are downloadable free-of-charge for use, these typically have some missing or disabled features. For e.g. in most free versions of anti-virus and anti-spyware programs, these solutions do not run in live mode i.e. they allow the computer systems to be infiltrated by the virus or spyware, and then during scheduled scans, take action to clean or remove the virus or spyware. It is highly recommended that you use anti-virus and anti-spyware programs that run live and thus, is able to intercept the incoming virus or spyware in real-time, in addition to scheduled scans.

References:

Gralla, Preston. (2005). Windows XP Hacks, Second Edition. New York: NY, O'Reilly

Silberschatz, Abraham; Galvin, Peter B. & Gagne, Greg. (2006). Operating System Principles, Seventh Edition (Wiley Student Edition). Singapore, John Wiley & Sons Asia

Sinchak, Steve. (2004). Hacking Windows XP. New York: NY, John Wiley

Solomon, David. A. & Russinovich Mark. E. (2000). Inside Microsoft Windows 2000, Third Edition. Redmond: WA, Microsoft Press

Tanenbaum, Andrew S. & Woodhull, Albert S. (1997). Operating Systems: Design and Implementation, Second Edition. Upper Saddle River: NJ, Prentice Hall

Tanenbaum, Andrew S. (2001). Modern Operating Systems, Second Edition (Eastern Economy Edition). New Delhi: India, Prentice Hall India

Value-based Marketing: A Quantitative Approach to Creating Shareholder Value (Part 1 of 2)

The dot.com crash of the late 1990’s, gross errors in business strategies, and corporate mismanagement scandals such as Enron, Tyco International, WorldCom, Parmalat, Marconi, and Daewoo had generated renewed interest in corporate governance and in the creation and sustenance of shareholder value.

Thus, it has become increasingly necessary to ensure that companies and corporations are effectively and efficiently managed for shareholder value. One approach is known as value-based management.

The Chartered Institute of Management Accountants’ official terminology defines value-based management as “a managerial process which effectively links strategy, measurement and operational processes to the end of creating shareholder value” (Starovic, Cooper & Davies, 2004, p. 2).

Value-based management attempts to identify the basics of value creation by focusing on issues that matters to shareholders, resulting in an acceptable annual return on their capital investments.

Among the key activities and resources being focused around value creation is marketing, and the ability to identify the contribution of marketing and evaluate or measure its effectiveness is necessary in value-based management.

An approach to creating the ability is via value-based marketing. Value-based marketing defines the central objective of marketing as contributing to the maximization of shareholder value by aligning customer focus marketing to the interests of shareholders (Doyle, 2000a, p. 4).

Many companies realize that the key to sustainability and profitability lies with customers. Thus, we see an increasing shift of companies to become more customer-focused in order to increase customer value, and managing customer loyalty to create higher shareholder value (Best, 2009, p. 36).

What is Shareholder Value?

What is shareholder value? How do we measure it? Shareholder value is a financial concept under the ownership of the financial management discipline. Shareholder value is determined by four factors:

• The level of cash flows
• The time value of money or cash
• The durability of cash generating assets i.e. the concept of net present value
• The risks of future cash flows i.e. the opportunity cost of capital (Doyle, 2000b, p. 300)

In non-financial terms, shareholder value can be created when corporate actions result in the:

• Introduction and sales of new products or services, or variations of existing products or services, clearly differentiated from competitors’ offerings
• Adoption of new technologies that will create or enhance its core competencies
• Developing and implementing entry barriers against potential rivals
• Reduction of operating costs or the increase in efficiency of resource utilization (Subbrayan, 2008, pp. 13 – 14)

Consistent successes in creating shareholder value are typically reflected in a company’s share price. In Value-Based Marketing, Doyle says, “The basic principle of shareholder value is that a company’s share price is determined by the sum of all its anticipated future cash flows, adjusted by an interest rate known as the cost of capital” (2000a, p. 33).

Thus, companies that adopt the shareholder value approach will need to maximize returns for shareholders by developing and executing marketing strategies that maximize the value of cash flows over time.

Quantifying Shareholder Value: Basic valuation methods

a) Shares and Shareholder Returns

Shareholder return is derived from the capital appreciation on the value of the stock, and the dividend distribution by the company.

Let us consider a simple example at the personal shareholder level – assuming that the stock of Malaysian Airline System Bhd (MAS) is trading at Malaysia Ringgit 10 per share, and you decide to buy 1,000 shares. Your investment amounts to RM10,000. Five months later, the share is trading at RM10.95 per share, and the company declares a RM2 per share dividend.

What is the current market value of your shares?
Current market value = RM10.95 x 1,000 = RM10,950

How much is the capital gain?
Capital gain = (RM10.95 – RM10) x 1,000 = RM950

How much did you benefit from the RM2 per share dividend?
Dividend income = RM2 x 1,000 = RM2,000

Thus, the total shareholder return = RM950 + RM2,000 = RM2,950. In other words, the original RM10,000 investment has grown into RM12,950 through capital gain and dividend income.

What is the total percentage of shareholder return?
Total percentage return = RM2,950 / RM10,000 = 29.5%

How much of 29.5% is due to capital gain and how much is due to dividend income?
Capital gains yield = (10.95 – 10) / 10 = 9.5% i.e. each Ringgit invested has returned 9.5 sen in capital gains.

Dividend yield = (RM2 / RM10) x 100% = 20% i.e. each Ringgit invested has produced 20 sen in dividends.

In total, each Ringgit invested in MAS’ stock has returned 29.5 sen.

b) Discounted Cash Flow (DCF) and Net Present Value (NPV)

Using a simple example, let us assume that investment analysts have projected that MAS is to produce annual cash flows of RM100,000 for the next five years due to its business transformation plan of implementing a value-based marketing strategy. Will it be worthwhile to invest in MAS now?

We will need to compute the Net Present Value (NPV) of the projected cash flows over the five year period. For this purpose, let us assume the required rate of return is 10 percent.

Referring to a Present Value Table http://www.studyfinance.com/common/table3.pdf for the Present Value Factor, we can create the following Table 1.

Table 1

Since the sum of all present values of cash flows is RM379,070, thus, an investment amount today that is lesser than RM379,070 would constitute a prudent investment.

c) Economic Value Added (EVA)

A measure of shareholder value that has gained popularity is the Economic Value Added (EVA) model, established by Joel M. Stern and G. Bennett Steward III.

The proponents of EVA claim that it is a measure of a company’s true economic value creation, but presently, there is wider acceptance of cash flow as indicator of shareholder value and wealth creation. The fundamental percept of EVA is that true shareholder value is only created if a surplus is created over the total capital invested in the business.

Using data from the 2006 and 2007 Annual Reports of MAS, the EVA is computed as follows:

EVA = EBIT(1-t) – (Capital x WACC)

Table 2: Economic Value Added (EVA) of MAS

* To simply the discussion, we assume that WACC = 15%

Since MAS was loss making in the financial years 2005 and 2006, the EVA reflects that negative shareholder value was created (i.e. the destruction of shareholder value) during those financial years. For the financial year 2007, MAS was profit making again, and positive shareholder value was generated.

We have identified that shareholder return is derived from capital appreciation on the value of the stock, and dividend distribution by the company. The capital appreciation of the value of the stock i.e. creation of shareholder value is determined by the sum of all its anticipated future cash flows, adjusted by an interest rate known as the cost of capital.

Figure 1: Relationship between Marketing and Shareholder Value

Then, how is future cash flows generated? Obviously, the primary source is from sales revenues (Figure 1). Activities such as operational costs reduction and the efficient use of cost resources are indirect means of enhancing cash flows. The higher the sales revenues, the higher the potential for the company to generate more cash flows. In turn, higher sales revenues can be achieved through the successful execution of strategic marketing plans and marketing activities that create higher customer values. Thus, marketing is related to and central to the creation of shareholder value.

References:

Best, Roger J. (2009). Market-Based Management: Strategies for Growing Customer Value and Profitability (5th Edition). Upper Saddle River, New Jersey: Pearson Education Inc.

Creating the Lexus Customer Experience. (2009). The Executive Issue, No: 34, January. Management Centre Europe. Downloaded from http://www.mce-ama.com/downloads/cases/MCE_cat09_CCS-Lexus.pdf

Doyle, Peter. (2000). Value-Based Marketing: Marketing Strategies for Corporate Growth and Shareholder Value. Chichester, England: John Wiley & Sons Ltd

Doyle, Peter. (2000). “Value-Based Marketing.” Journal of Strategic Marketing, Vol. 8 (4), pp. 299 – 311

Hodge, Richard & Schachter, Lou. (2006). “Accelerate Your Customers' Success: The Lexus Sales Story.” CustomerThink.com, September 5. Downloaded from http://www.customerthink.com/article/accelerate_your_customers_success_the_lexus_sales_st

Lexus Earns Best-Selling Luxury Brand Title for Sixth Consecutive Year – Surpasses 300,000 Sales in Record-Breaking Year. (2006). Lexus.com, January 4. Downloaded from http://www.lexus.com/about/news/articles/2006/1/20060104_1.html

Malaysian Airline System Bhd (MAS) 2006 and 2007 Annual Reports. Downloaded from http://www.malaysiaairlines.com/hq/en/corp/corp/relations/info/reports/annual-reports.aspx

Starovic, Danka; Cooper, Stuart & Davis, Matt. (2004). “Maximising Shareholder Value: Achieving clarity in decision-making.” The Chartered Institute of Management Accountants. Downloaded from http://www2.cimaglobal.com/cps/rde/xbcr/SID-0A82C289-AA3CDFE4/live/tech_techrep_maximising_shareholder_value_0105.pdf

Subbrayan, Radhakrishnan. (2008). How a Company Creates Shareholder Value. Petaling Jaya, Malaysia: Leeds Publications

The Chartered Institute of Management Accountants. (2005). “CIMA Business Talk: Creating Shareholder Value.” New Straits Times - Appointments, July 2, p. 12

Wilson, Richard M. S. & Gilligan, Colin. (2005). Strategic Marketing Management: Planning, Implementation and Control (3rd Edition). Oxford, England: Butterworth-Heinemann / Elsevier