|
A
long time ago safe computing meant being careful with other
people’s floppies. In today’s networked world, viruses and
worms can attack your PC over the Net, through your mail and
sometimes even on CD-ROMs. Despite that, protecting your PC
isn’t that tough, you just have to be systematic about it,
says Prashant L Rao
“Why
should I worry about anything happening to my PC? I have anti-virus
software.” Famous last words! When was the last time
you updated your anti-virus software? An out-of-date virus
scanner is as good as having none at all. Viruses, however,
are just the tip of the proverbial security iceberg. Your
browser, e-mail program and even your Internet connection
can be used to knock your PC for a loop.
It’s important to start at the very beginning, which
for most of us means Windows, since 99 percent of desktops
run some variant of Microsoft’s operating system (OS).
Microsoft is constantly releasing security and other updates/patches
for Windows, as bugs come to light and vulnerabilities are
discovered. The site to visit for getting these is http://windowsupdate.microsoft.com
where you will find the latest security patches and fixes
for Windows 98 and later (support for Windows 95 and NT 4
has ceased. If you’re running either, you have to upgrade
in order to avail of security or other updates from Microsoft).
By default, Windowsupdate will suggest that you download everything
and the kitchen sink. You could of course do that, but I recommend
that you do what I do—go over each and every suggested
update and decide for yourself whether you really need it.
The rule of thumb in these matters is that security updates
are a must. Download and install them without a second thought.
Other updates should be taken on a case-by-case basis. Some
solve niche problems that most users will never encounter.
Give these a wide berth.
Up-to-date anti-virus
Once your copy of Windows is secured, it is time to update
your anti-virus scanner. If you don’t have a virus scanner
there are several that are free for home use. Of these I recommend
Avast that can be downloaded from www.asw.cz. You have to
register and they’ll e-mail you a key for free. If you
are working in an office you need to buy a commercial anti-virus
solution. It’s quite likely that your company has already
purchased one, in which case you need to talk to your system
administrator. You can also do a complete anti-virus check
online for your PC using Trend Micro’s free online virus
scanner at housecall.antivirus.com. The first time you do
this, it would take a while, as the requisite files have to
be downloaded onto your system.
Once you have a scanner the next step is to update it. Anti-virus
tools look for patterns that betray a virus’s presence
in the files and memory of your PC. To do this they use virus
profiles called signatures. When you talk about updating your
anti-virus you are downloading the latest virus signatures
from the vendor. Vendors come out with updates at least every
month, sometimes you may find an update overnight if a new
virus has achieved critical mass and is attacking PCs on a
large scale. You should be updating at least once a month.
You would want to update more frequently if a particularly
nasty virus or worm is on the loose (remember Love Bug and
Melissa? The Love Bug knocked out all the marketing data at
a company where I used to work; they had a backup, but that’s
another story). Most scanners have an in-built tool for picking
up updates. You will need an Internet connection to take advantage
of these updates.
Browser & e-mail
The next step is to get your Web browser shipshape. All browsers
have bugs that are relentlessly probed by hackers and crackers.
When a hole is found (it’s called an exploit in geekspeak)
the company that made the browser will release a patch. For
Internet Explorer the patches are available at Windowsupdate
along with
other Windows patches. If you’re running Netscape/Mozilla
or Opera, the Help menu will take you to the support site
where you can pick up patches. The easy way of keeping reasonably
up-to-date is to upgrade your browser every time a major release
(like IE 6 or Mozilla 1) comes out. Keep in mind that browser
holes are rarely exploited and in six years of being online
I’ve never run into a problem that was related to a browser
exploit. So if you have the latest major version of your browser,
don’t worry, you are reasonably safe.
E-mail clients are a different story. Most of the viruses
that we see nowadays are script viruses/worms. These mostly
take advantage of the relatively weak security in older versions
of Outlook Express. Before version 6, Outlook Express defaulted
to an insecure setting that let the bad guys execute scripts
when you merely viewed an HTML mail with some nasty VBScript
code in tow. That’s a very good reason to upgrade right
now to Outlook Express 6 (part of the Internet Explorer 6
suite). Melissa, Love Bug et al, took advantage of this Achilles’
heel in Outlook Express. If you must use an older version
of Outlook Express, please go to Tools - Options, click on
the Security tab and select the radio button option that says
‘Restricted sites zone’. You’ll be much safer.
If you’re using one of the other e-mail clients like
Eudora or Netscape/Mozilla mail you are a little safer. However,
just to be certain, clear the ‘Use Microsoft’s viewer’
check box in Tools - Options -Viewing mail in Eudora. For
Mozilla Mail just ensure that the check boxes for ‘Enable
JavaScript for Mail & Newsgroups’ and ‘Enable
Plugins for Mail & Newsgroups’ are both cleared in
Edit - Preferences - Advanced - Scripts & Plugins.
Broadband blues
A dialup connection is by its very nature safer than an always-on
connection like cable/DSL. Simply put, with dialup, you aren’t
connected long enough or for that matter from the same IP
address at every session. Every time you dial in, your call
connects to a pool of modems at your ISP. Your PC is assigned
a different IP address every time you make a connection. This
makes it very tough (though not impossible) for an attacker
to take control of your computer. That doesn’t mean that
people don’t try. While running the personal firewall
ZoneAlarm on a dialup connection, I have found people probing
my PC’s ports (every connected/networked PC has ports—addresses
where bits of software communicate with other bits of software
on the network. Your browser uses Port 80, for example).
However, when you are connected using Cable/DSL you have a
fixed IP address, which makes it easier for intruders to break
into your PC. Often, broadband providers use well-known IP
addresses for home users. This lets attackers target a range
of addresses, which might well include yours. Cable operators
turn a neighbourhood/building into a LAN, sharing the same
bandwidth. This shared topology not only throttles your bandwidth,
it makes you susceptible to packet sniffing and attacks on
unprotected Windows shares.
The solution is to install what’s called a personal
firewall. ZoneAlarm is the best
known of these, though there are other good ones. The software
is a free download. You configure it using a wizard, a simple
matter. There is a good tutorial if you have any doubts. Once
you have ZoneAlarm installed and configured it will warn you
if any application on your PC tries to use the Internet without
your permission. Similarly if someone tries to break in, ZoneAlarm
will tip you off. You can get ZoneAlarm from zonelabs.com.
Keeping your PC safe is simple if you follow the steps I’ve
outlined in this article. Just keep your PC software up-to-date—OS,
browser, e-mail software, anti-virus and firewall. Remember,
there is no such thing as a one hundred percent secure PC.
However, following the safe computing tips outlined in this
article will keep your PC safe from most attacks. Take full
backups every week and do a daily incremental backup. You
can use floppies/CD-RWs for this. With CD Writers dropping
to around Rs 3,500 or so, they are an excellent backup option
and will insure you against that hundredth time when things
go wrong despite reasonable precautions being taken. Security
without a backup is meaningless. So backup regularly, keep
your PC software up-to-date and you’ll have no cause
for worry.
| Threats
and safeguards |
|
Trojans
Trojans (named after the mythical wooden horse in Homer’s
Odyssey) are a way for bad guys to trick you into installing
‘backdoor’ programmes on your PC. These let
crackers access your computer without your knowing it.
Solution: Use an up-to-date anti-virus scanner
and a personal firewall.
Denial-of-service (DoS) attack
In a DoS attack your computer crashes or stops
responding due to a flood of network packets bombarding
it. Keep your PC up-to-date to prevent this. Sometimes
your PC may be used to launch a DoS attack on another
computer. There was a famous instance a couple of years
back when crackers used this method to bring Yahoo!
to its knees.
Solution: Firewall in conjunction with the
latest security patches for your OS.
Unprotected Windows shares
Windows can be used to set up small workgroups
with a few computers connected to each other. This kind
of setup is called a peer-to-peer network. In a peer-to-peer
network or workgroup, you use something called File
and Print Sharing for Microsoft Networks. Now this technology
has some vulnerabilities that could potentially let
intruders get into your PC if a PC with unprotected
Windows networking shares is connected to the Internet.
This usually happens if the Dial Up Adapter component
in the Control Panel -Network applet is bound to File
and Print Sharing. [If your system is stand-alone, this
does not apply to you.
Solution: Go to Control Panel-Network. Click
on the item labelled TCP-IP->Dialup Adapter. Click
on Properties and ignore the warning by clicking OK.
Now go to the Bindings tab and clear the check box that
says File and printer sharing for Microsoft Networks.
Keep clicking OK till you are back in the Control Panel
at which point Windows will prompt you to reboot. Do
so and your Windows shares are now safe.
E-mail spoofing
E-mail spoofing is when you receive e-mail that
appears to have come from one source but is actually
from someone else. This technique can be used to trick
you into making a damaging statement or releasing sensitive
information (passwords, credit card information). For
example, you could get mail that claims to be from a
system administrator asking you to change your password
to a specified string and threatening to suspend your
account if you don’t comply.
Solution: Never give your passwords or credit
card numbers to anybody over e-mail. While an ISP might
ask you to change your password, they won’t specify
what you should change it to. Nor will they ask you
to mail them your password.
E-mail borne viruses
E-mail viruses are becoming quite common. They
spread through infected attachments and HTML messages
(with VBScript embedded). Sircam, Klez, Melissa are
all such viruses.
Solution: Use the security options in Outlook
Express. Keep your anti-virus tool up-to-date.
Hidden file extensions
By default, Windows hides file extensions for known
file types. E-mail viruses exploit hidden file extensions.
The VBS/LoveLetter worm contained an e-mail attachment
named “LOVE-LETTER-FOR-YOU.TXT.vbs”. Since
Windows wouldn’t show you the .vbs part of the
filename, people thought it was a harmless text file
and opened it, much to their misery. Other examples
include the AnnaKournikova.jpg.vbs virus.
Solution:
Disable extension hiding from My Computer - View - Folder
Options - View (Windows 98/2000) or My Computer - Tools
- Folder Options - View (Windows XP) by clearing the
check box that says ‘Hide file extensions for known
file types’.
Chat
and IM
Chat and Instant Messengers let you exchange executable
files. These could be viruses or other damaging programs.
Solution:
Avoid exchanging files over Chat/IM. Most IM clients
let you specify that you must be asked before someone
can send you a file. Either block all such requests
or set it up so that you are prompted every time someone
sends you a file and you can disallow the request if
required.
Packet
sniffing
A packet sniffer is a piece of software that captures
data from information packets travelling on a network—which
could include user names, passwords and confidential
stuff that’s not been encrypted. Cable modem users
are most likely to be affected by these tactics, as
a neighbourhood of cable modem users is part of the
same LAN. A packet sniffer installed on any cable modem
user’s PC could capture data from any other cable
modem equipped PC in the same area.
Solution:
Use a personal firewall like ZoneAlarm, available from
zonelabs.com
|
| Useful
security websites |
-
Security advice: http://www.cert.org
- Shields Up - Internet security testing : https://grc.com/x/ne.dll?bh0bkyd2
-
Virus scanning online: http://housecall.antivirus.com
-
Check how secure your PC is: http://www.hackerwatch.org/probe
-
Get ZoneAlarm 3 (free personal firewall for Windows):
http://zonelabs.com |
| Safe
computing tips |
-
Don’t open an e-mail attachment unless you are
expecting one: The chance of getting infected from
e-mail attachments is quite high. So unless you know
the sender and are expecting him to send you an attachment,
delete it. It used to be enough to know the person
sending the attachment but most recent mail viruses
have taken over e-mail clients and sent mails that
look like they’ve been sent by someone you know.
-
Avoid running software that you have not scanned for
viruses: If you download a file, scan it. If you get
software on a CD, scan it. To put it succinctly—trust
no media. I’ve seen viruses on CD-ROMs handed
out by respected government bodies. Be paranoid. It’s
your PC that’s at stake here.
-
Use an anti-virus scanner that scans in real-time:
Most commercial anti-virus scanners do real-time scanning
in the background as you work. Some free scanners
like F-Prot (a good product if you’re adept at
tinkering around with software) don’t have real-time
scanning. While you can always use them to manually
scan anything you copy/download/install, chances are
you’ll forget one day and that will be the day
you get an infected file. Play it safe, use a real-time
scanner. If you have one you should see an icon in
the Windows system tray.
-
Avoid pirated software: Pirated software is very likely
to have bugs if not viruses. It’s not very smart
to put your precious data on a PC that’s running
a patched OS or anti-virus. There are good freeware
alternatives for most commercial products. If you
can’t find a suitable alternative, bite the bullet
and buy the software you need. It’s safer in
the long run. A lot of Windows-related complaints
are due to use of cracked software.
-
Keep backups: Make a copy of your most important files
on a CD-R/CD-RW or a Zip disk. CD writers have dropped
in price to the point that a 24x drive is available
for Rs 3,200. Backup media for CD writing is cheap—CD-Rs
cost Rs 25-30 (reliable brands; you can get cheaper
ones too) and CD-RWs are available for Rs 100. Even
floppy disks can be used, though they lack the capacity
to store audio, video or software. They will do just
fine for word processor documents or spreadsheets,
particularly if you zip up the files before taking
a backup.
|
|
