You may have heard the term DNS used at one point or another but might not have know what it was. DNS stands for Domain Name Service, and it is the reason why you can surf the Web so easily.
Every device that connects to a network has some sort of address associated with it so that it can be found by other devices. Most networks now use TCP/IP (Transmission Control Protocol/Internet Protocol) to talk to each other. Older networks, such as Netware, used a different form of addressing (IPX, for example), but for the most part that’s all been replaced by IP addresses. An IP address is a series of four numbers, such as 192.168.1.1. Any device that connects to the Internet, be it a corporate email server or your iPhone, has an IP address. It isn’t always obvious, and in most cases you don’t have to know or care what that number is, but it’s there.
Every Web or mail server also has an IP address. In order to access it, you have to know the IP address to connect to that server. Think of an IP address like a phone number. If you want to call your mother, you have to dial her number. You probably remember it, since you call her all the time (you do, don’t you?). Now call your aunt. Your grandmother. Your friend from college. Your boss at work. The woman in accounting who needs to know how much your business lunch cost yesterday. The DMV to find out why your new license wasn’t sent yet. The local video game store to see if your copy of Skyrim has arrived. The pizza place down the street. That’s a lot of phone numbers to remember. Fortunately, most phones have address books or speed dial buttons that can be programmed with names and numbers. You don’t have to remember the phone number, but rather you just look up the name in your contacts and press “Call.” If you don’t know the number, you can look it up by name on the Web or, if you’re really old school, the phone book.
The Internet works in much the same way. When you need to connect to a webpage such as Google, you enter the site’s name in your browser. The site’s name “www.google.com” is sent to your router, which looks in its contact list to see if it knows where Google is. If your router has an IP address for the site, it sends your Web browser to Google. If not, it asks the next server in the chain (such as the one at your Internet Service Provider). Google is a popular site, so most likely the request has to go no further, but if it’s a less commonly used site, the request may bounce a few more times before an IP address is found. This process is called Domain Name Resolution—a DNS server is taking the domain name, such as google.com or apple.com, and matching it up with an IP address. Computers don’t speak in names; those are just there for our convenience. Computers speak in numbers, so if it can’t find a matching IP address for the name you entered, you get an error message back that the site could not be found.
This all works behind the scenes, and it’s usually so quick that you’re not even aware that it’s happening. Because it’s so transparent, you also would not be aware if somehow these requests were being misdirected. This past week I did a repair on a Windows system that had been infected with a fake antivirus program. Like other malware of this ilk, it claimed to have found a virus on the system, and the only way to clean it is to install this new antivirus program. Once the program is installed, it presents the user with a list of problems and says pay up if you want it all removed. This is how typical “scareware” works in order to get your credit card number, but this particular one went a step or two further. It made changes to the way normal Domain Name Resolution works on the computer, preventing connection to certain servers. I tried to go to a website to download a removal program, but I kept getting an error message that the site could not be found. Other sites seemed to work fine. The person who wrote the fake antivirus program didn’t want anyone to remove it, so he designed the malware to block websites like Sophos, McAfee, Norton, etc. Once I realized what was going on, I set the DNS information back to what it should be, which allowed me to download the software I needed to remove the little bugger.
The system I worked on was running Windows, which is easier to infect with malware such as this than a Mac is. It IS possible to infect a Mac with such garbage but not in the traditional way. Hackers are not targeting the operating system, but rather they are targeting the person using it by putting up scary messages to convince you to install their program. Watch where you click, and if a webpage says you’re infected by something, back out of that page, do not install anything it offers and go somewhere else. Legitimate antivirus software can detect the fake stuff, so keep it up to date and pay attention to it if it warns you of a dangerous website.
Did you know that the techs at our Manchester location also repair Windows PCs? If you’re getting strange messages or crashes, or if you suspect some sort of infection, bring it over to our store in the Mall of New Hampshire for a quick clean-up!