Computing Made Easy N° 119 - 15/11/2007 - 303

N° and issue date : 119 - 15/11/2007
Circulation : Unknown
Frequency : Monthly
CompMadeEasy_119_41_303.pdf
Page : 41
Size : 85 %
111N DEPTH
/
Make Windows XP
safe
100%%
ake'indows
XP 100%% safe
look
ten common security
flaws
Windows XP and show you how
fix them
We take
1.100
IN
DEPTH
..............................
.
IN BRIEF
a
at
in
Everyone has
heard horror
stories about the
internet so you
need
know
how
make
sale place for your
fami
surf
to
,
.....
to
to
.........s..
.
......: a.......l.l.......
.
.
are issues that plague both
computer experts and novices
But just what are these threats what do
they mean and how can they be avoided?
answer these questions
We aim
this
feature providing you with the necessary
information
help keep your computer
and its data safe The majority
threats
the internet
,exist as direct result
because this worldwide network provides
an easy means
distribution There are
few computer users who would be willing
give up their internet connection so
important arm yourself with
the knowledge needed
help
.....
to
.
ly
.
.
,
to
in
,
to
.
of
.......
a
of
.
of
'
.'
The majority'
threats gain
access
.
to
,
.
it'
s
your
system via your
internet connection
provides an
to
to
.
to
identity and avoid potential dangers
Viruses are undoubtedly the
mnct-knn cari irity thraat
tri
-
computers for both the home user
and large companies These malicious
it
easy means
.
,....
,
of
distribution..
-4
result
of
a
of
computer that will not start
fairly rare The most likely
an infection are decreased
system performance as the virus takes up
the machines resources replicating itself
forms
programs can take variety
and the term incorporates number
threats under single banner-including
a
it
.
.
.
to
generally
malware
is
to
of
virus can be spread
variety
ways such as email attachments
deliberate infection by hacker infected
downloads
specially coded websites
The effects
virus differ wildly and
in
a
.
avoiding the risk
virus infection
important only
open email attachments that have been
sent by people you know
that you are
receive Attachments from
expecting
When
,
,
to
or
a
,
,
viruses do not cause
large proportion
its data
any damage
computer
amateur
Many infections are the result
to
of
to
in
to
to
a
ll
,
,
certain the files you do download are
fact what they daim
be
it
to
attached
the same network
attempt
emails
spread itself by attaching itself
Virus infections can
few cases
lead
valuable files being deleted
see key system files altered
such
way that renders them inoperable
entirely possible for virus infection
to
to
or
,
to
.
in
viruses
in
a
,
to
ntec
W
a
P?M
d!
ami
.
,F
.
.
is
it
It
.
,
w
,
to
a
fiMfAY IANbSCF
tlvea<fRpluw
F
a
>
w...
.
.
Tfire.t E>plora
tompnh.ns
letest Mnats nsks.nd
,r.bs rtes.sou
rc
.
for
dt
v
d
Hson
.
*
o:
n.
vsv wnniw
t
.
to
)
)
F
Th
motso
.
.
of
in
,
is
tool not only detects the presence
any
infections that have already made their
also constantly
way onto your system
checks for suspicious activity
help
or
,
.
in
.
An essential tool
the fight against
antivirus software An antivirus
to
,
.
should also ensure that you download only
from trusted websites and that you are
.
to
it'
a
or
of
to
.
be
strange email addresses claiming
free screensaver
something similar are
be far less innocent
likely
reality You
.
to
demonstrate their
programmers keen
the world Once virus
coding skills
has made its way onto one computer
often try
other machines
replicate
is
,
.
or
to
it
,
a
coures
it
of
a
or
a
.
of
.
of
of
is
Messages informing the user that they
have been infected are also common
.
A
a
,
a
trojan horses and worms-but
understood
refer
any type
that has unwanted side effects
in
up but this
side effects
of
a
a.r...
*
,
tiw:
m..d
IY.1.
wk..
.
r
.
LOCAL SECURITY
..............................................................................
.
Security threats computers do not exist solely the outside world
other people have physical access your computer they could quite
ea.ily steal your personal data and important files One the easiest
ways help avoid this
password-protect your user account
also possible password-protect the BIOS prevent
although
unauthorised access Encryption tools such as Steganos Safe www
steganos.com can be used help protect data
to
in
.
>Mt
If
to
F..d
.-W
.
addeA
OESOYMES
e<
w
.s
<hy
-.Mmbc.
/
.
to
of
is
to
,
it
is
to
to
Symantec Threat Explorer pro vides
information about the latest viruses and
how dangerous they are
s
.
(
to
.
)
39
1/4
Copyright (Computing Made Easy) No reproduction without authorisation
STEGANOS
N° and issue date : 119 - 15/11/2007
Circulation : Unknown
Frequency : Monthly
CompMadeEasy_119_41_303.pdf
SPYWARE AND ADWARE
SI
harvesting ail manner information
this may be personal details typed into
websites info about the way you use
your computer-before transmitting the
results an individual company
Perhaps the most worrying aspect
spyware there no knowing what this
information will be used for As with the
fight against viruses spyware and adware
can be combated with dedicated detection
and removal programs such as Ad-Aware
www.lavasoftusa.com and Spybot Search
Destroy www safer-networking.org
date ensure
Keep this software up
protection against the latest threats
The terms `spyware' and `adware' are
frequently associated with the term
`virus' although they are fact entirely
différent problems Adware
type
malware that manifests itself the form
advertisement window While this
an irritation
generally not danger
More worrying are the forms adware
that include spyware components
bid
deliver targeted advertisements Such
malware may monitor the types website
you tend visit and serve up ads with
similar themes the sites themselves
the case pure spyware malicious
programs run invisibly the background
m
of
-
or
in
,
a
.
of
is
.
or
to
in
of
.
of
is
is
.
is
a
it
is
,
Password-protecting your Windows user
account adds an extra level protection
.
of
of
in
a
,
.
to
future infections There are number
commercial virus protection tools available
including Norton AntiVirus www
.
a
Tl
Page : 42
Size : 90 %
of
of
to
.
symantec.com and McAfee VirusScan
www.mcafee.com but there are also
free alternatives available such as AVG
Anti-Virus http: free.grisoft.com avast!
Home Edition www.avast.com Avira
.
)
(
to
to
In
of
)
,
.
in
,
(
)
(
&
.
to
(
)
,
,
,
(
/
/
)
extremely unlikely any bank would
use emails
verify account details
"
4
,
(
)
www.free-av.com and ClamWin
www.clamwin.com
Classic
(
It'
s
)
.
(
"
)
New viruses appear virtually every
day so
vitally important
keep
date
your antivirus software up
this
Many packages will take care
worth checking the
automatitlly but
ensure they will take
update schedule
sensible time -such as first
place
the morning
thing
Although often closely associated
spam and phishing are not the same The
threat can corne
the form
an email
although phishing websites also exist
Phishing derived from the phrase Iishing
for information; involves tricking victim
into divulging information about their bank
account with view
stealing funds
to
to
it
is
,
to
............
.
its most basic form
.
it'
s
Bevigilant'
with your
'
to
.
in
of
,
.
......
.
their account details Should this step be
completed
likely cash will be withdrawn
from the account and never seen again
into your browser' address bar
to
.
If
a
click on
.
to
link
a
the website
s
the email
in
to
it'
In
PHISHING FILTE
S
,
A
visit
in
.
in
,
to
s
Ski
or
in
,
AIR
to
,
the' bank then enter
of
re
of
in
,
to
INTERNET EXPLORER'
to
.
.
a
a
is
a
.
.
a
It'
.
It
originate from genuine banking
institutions sent on the pretence
that the bank needs
verify few
details The victim will be invited
'
,
,
s
a
verify account details-as such virtually all
emails
this type can be deleted
you'
an email' authenticity
any doubt as
touch with the company
you should get
question directly Do not use links
the email but
contact details provided
be correct
type the address you know
infnrmatinn
Never send Bank
account details
via email...'
,
in
.
of
or
to
personal
.
to
such emails
of
to
.
..
can be hard
appearance
but the use
,
a
in
It
a
,
a
a
,
at
completely eliminate the
your inbox
filter
also
spam
helps
important employ little common sense
website
extremely unlikely any bank
with good reputation would use emails
phishi' ng email may
bank account number
and sort code but there are more
sophisticated variations
Some email scams daim
oufi ght for
ask
of
s
.
NET EXPLORER
7'
S
.
BUILT-IN SECU
Free Mortgages
Phishing Fihcr
À
Fvxw
&ntY ,mOO ,QY Ut
E
o
E-bk
gr9n9
o
,j
n
,
,
t
ws.a.
,
,aSd
,
M
,m bruws«
This mn
a
B
,aw.Kauor
1
dphdiq web
fl
Ev
M
dd; tle Tods hAh
1%%#ki3w9 qM
Tv
aUmNk Laedrddq
beeArWartdb
e
adbess
Vmuhdi!
mie Ale
Filer
om2Ez
0
are
n
.
[
tlle
k
K-ft asad.:
b3eve
b
sEe Tae are C%%Mdi9
tidPfthA
+
9
.
Yae
webnte
Fier ad Mm ddkapvt Ths
,
dedUhe
,
WS
ph#Ig Ate
WebATe
k
a
.
.
af
ci
55120
pm3.a
El
iicted
ta
s
y
1
.
Pi
escape
dthe
wxn duxcn9s
E
to
t9oes PheMv Fdt« heb aot«t mes
d&esmanxdt
s
ti
mbo
:
RT
YWre
ttt
,
tI
tEbv
is
greener way
a
.en and
ENABLE THE FILTER
2
Click on Tools then on Phishing Filter>Phishing
Filter Settings Scroll down and
ensure' Turn off
automatic website checking' or' Turn on automatic
website checking' selected before clicking OK
,
.
ta
is
.
-'
Il
donate
CHECK
.
to
t
i5
.
A
bank
wortdwide
SITE
3
With automatic site checking enabled you' be
warned you visit known
reported phishing
site
disabled perform monually by clicking
Tools>Phishing Filter>Check This Website
Il
,
if
a
or
.
If
it'
s
it
,
.
.
REPORTING SUSPECT SITES
users reporting
phishing filter works due
suspicious sites To report site you think unsofe
click Tools>Phishing Filter>Report This Website Tick
the box labelled' think this i-Né phishing website'
The
to
.
a
is
,
.
.
I
40
2/4
Copyright (Computing Made Easy) No reproduction without authorisation
STEGANOS
N° and issue date : 119 - 15/11/2007
Circulation : Unknown
Frequency : Monthly
CompMadeEasy_119_41_303.pdf
V1N DEPTH
/
Make Windows XP
refoxL
Fi
Page : 43
Size : 85 %
safe
100%%
VIDEO HACKING
The increased popularity video download
websites such as YouTube has seen the emergence
new type threat Specially coded videos
that take advantage known security flaws
well-known websites have been used install
trojans as visitors watch videos Once installed the
trojan begins by displaying pornographic adverts
before harvesting personal data from the infected
machine and broadcasting over the internet
similar problem affected MySpace when
worm was posted that exploited JavaScript flaw
Apple QuickTime software To avoid such
problems the same advice applies dealing with
other and virus threats Ensure you have the latest
version any program installed help minimise
the risk there being security holes plus make
installed and up date
sure antivirus softwar
2
The award-winning Web browser
now even ester, more
secure end fully customizable
suit gour ondine lite With
Firefax
we' ve added powerful new entures that make your
anime experience even botter
is
of
(
te
.
,
2
(
,
a
of
.
of
.
in
of
to
.
,
Systam
Othe
,-
"
R
aoeratina
,
maats Relemr NOtu
stems
er
it
Enjoy
j
Firefox
Better Web Experience
a
delwers helpful new features
2
more productive
.
a
A
make your online experience
ta
a
Lr
.
îi;
i
in
s
.
to
,
+
2006
Odabrr
flrtfox
e
lw
7
p
Stay Secure on the Web
e
f
ef.
F
"
,
x
.
Firefox'
Phishing Protection has been added
against spyware viruses and pop-ups
existing protection
to
s
of
,
,
to
of
,
Alternative applications such as Firefox are generally more secure thon the likes Internet
the fact that the more popular programs tend
be targeted
Explorer
only by virtue
à
of
if
of
is
to
.
ta
,
Other scams that work
take long for news
spread and for the
be exploited
vulnerability
order
avoid such problems
similar way
in
a
as' Nigerian email scams'
are known
to
419' emails Such scams advise victim
that they have either won large amount
have been left
money
lottery
will
order
receive these
money
'
.
a
In
,
a
or
,
.
to
funds they must first pay release fee
the prize will never exist so these emails
or
of
,
should be viewed with extreme caution
detect them easily
Most spam filters tend
so few should even make
your inbox
.
it
.
to
not the only form
data
the world
computers
Programs called keyloggers can be planted
on computer where they hide
the
Phishing
is
of
theft that exists
in
of
.
in
a
background monitoring the keys that are
this
pressed and the websites visited
.
In
find out the
way
relatively easy
usernames and passwords used by the
victim
access
secure sites
range
and services Antivirus and anti-spyware
scanners will automatically detect the
overw
ming majority
keyloggers
well-known
Security holes
applications are common means for
malicious users
other
gain access
it
is
to
a
to
to
doesn'
.
,
can learn what type
ta
blocked
traffic should be
reduce the number
of
permitted
confirmation screens displayed
of
or
to
.
à
Update-Windows Internat Explorer
02 Microsoft
,
http: ffupdate.mic
o
oft.comimivosakupdateiv6Jdefa
*
.aspx?In »en-us
_i
M-ft UpdMe
41r
*
mÀM
Customize vour results
Latal Updates
.
usually with the intention
information
)
Select High-Pnority Updates
To help peotect
Plgh
P
,
rity
yow computer agai
e:
ecu ity
th
ea
e
ana
mfo
manne
pob ema
e
s
,
Re ,ew and instal updates
1
(
)
C
]
,
swtwnra
stealing
of
1
(
a
Select by Tyye
opt-d
,
o
(
)
High-priority updates
Hardwm optànal
0
(
)
,
causing damage
Ultimately little can be done
stop the
most determined
hackers but steps can
be taken
make more difficult
access
your computer and the data contains
Microsoft WIndows XP
.
or
sdt by Product
Microsoft .NET Framework
E
1
,1
Service Pack
1
to
ftdcwz
XP(
Sem
of
,
.
it
is
is
to
n
)
Posture Pack
0
)
(
it
to
,
to
it
,
,
to
in
such as Windows and Internet Explorer
are particularly prone
attack As soon
discovered
If
is
is
of
a
.
is
have ail
the
last updates for
Windows installed
help plug
ony security
haies that have
been discovered
,
essentially involves gaining access
another computer without permission
to
security hole
.
to
s
,
of
a
,
confirm the action
the data transfer
best
assume that
unexpected
going on and block
something untoward
the connection Over time the firewall
Ensure that you
,
,
as
,
to
a
is
is
or
,
is
In
is
relevant knowledge generally speaking
only the most popular
programs
that are targeted This means software
it
it
to
of
it
is
.
,
of
.
.
to
re
of
or
)
.
is
plant virus
computers be
browse through the contents
the hard
drive While
possible for virtually
software
include flaws
any piece
that can be exploited by those with the
.
....................
using the very latest version
the program This because
more
likely that known problems will have been
fixed
some cases this may involve
uninstalling your currently installed version
and downloading the latest release but
many software publishers have made
things easier Windows includes Windows
download all
Updates that can be used
the latest fixes for Microsoft operating
system while increasing numbers
companies including Adobe are
incorporating automatic update facilities
into their programs
Hacking often considered as having
links
software vulnerabilities but while
this true
certain extent hacking
also problem
its own right Hacking
ensure you'
,
to
or
a
.
.
of
in
a
to
of
is
,
.
a
it
is
of
*
to
associated with security holes One step
that can be taken with all software
.
(
to
.
of
fixed
.
,
.
is
.
of
to
are more powerful alternatives
available One such program
that available free
charge
ZoneAlarm www.zonealar
another
com Whenever program
communicate with
machine attempts
your computer
your machine attempts
transfer elsewhere you will be asked
of
to
to
of
s
,
/
computer-often an indication
being hacked-but there
will have been:
.
a
-
it'
is
to
to
,
software as
more likely
known problems
,
In
a
firewall that
a
block suspicious
connections
and from your
can be used
up-to-date'
to
to
in
in
,
Use
.
some people turn
using more niche
applications but this does not eliminate
the threat completely and not always
possible
practical From the point
view
the general computer user
little can be done
avoid the problems
a
of
Windows includes
.
to
or
to
to
VI.W Studb zoos
o
(
)
L
it
t
.
41
3/4
Copyright (Computing Made Easy) No reproduction without authorisation
STEGANOS
N° and issue date : 119 - 15/11/2007
Circulation : Unknown
Frequency : Monthly
CompMadeEasy_119_41_303.pdf
Page : 44
Size : 80 %
N
i'*
DEPTH
Windaws Firewalt
a
m
I.......N .......................................
'
E..Pti-
.
.
arn about security
ats and how
oid them
With wireless network
software firewall'
usefui
addition
any security
options offered by your router
Advanced
Y- PCisnpatecte2
_.%%:
fion cnWidows FieweU
a
o
to
,
s
.
Windows Firew
o
from gaining
I
helpt potect your computer by preventn9 unaudwaed mers
cnp
your
a
s
to
throuph the Internez
ar
network
e
.
ta
0
.
0
(
,ecommended
)
E
tartes han
This tetGrq blocks
outide
ccnWvta Wh the exception
al
wireless
The increased popularity
networking products has led
of
With the vast majority
massive
a
Io
equipment supplied with no
security features enabled by default
order
improve ease
set-up many
users never learn about the security
measures available
them
why they
are so important Wireless connection theft
real cause for concern on number
levels
the very least means the
able
person hijacking your connection
access the internet free
charge-it'
be you that' footing the bill Should
not only gain access
somebody manage
your network but also maintain that
connection for long time
possible for
him
her
continually download files
an extent that pushes you over your
allocated monthly bandwidth allowance
homenetworking
the number
home networks
that have been set up While ordinary
wired networks have number
security
issues associated with them the problem
amplified when wireless connections
are added
the equation When setting
the home the
up wireless network
be ensuring that
primary concern tends
the signal reaches
the extremities
the
house
clown
the end
the garden
but this
itself poses problem
the
wireless signal can be accessed by your
own laptop when sitting
the garden
what'
stop your next-door neighbour
someone parked
doing the same
outside your house
car?
boost
in
of
to
is
in
lo
.
,
.
s
.
ipiored
Off not recommended(
(
or
Avoid udng dtie rettng Turnig off 1Vrdovo Fiewat may make
vkuou ard iYruden
computs more vulnerabb
.
.
is
li
.
to
.
to
a
a
in
of
,
to
.
At
This can results
it
charges
in
from your ISP plus sharing
Secure your
connection with another
don'
user will undoubtedly slow
down your own browsing
pay out for
experience However
someone
there are more important
use your
concerns
consider There
bandwidth
no knowing quite what
wireless network hijacker
will use the connection for and
feasible that they could download illegal
content As the data
being transferred
through your connection
your front
door the police will visit first and you may
Rootkits are difficult detect and many
have difficult time proving someone else
antivirus tools have tendency miss
was responsible
them during scans Several companies
Unauthorised use
wireless internet
have released dedicated rootkit detectors
connections
this way against the law
including Microsoft RootkitRevealer
but unless the perpetrator caught
the
http: tinyurl.com 2or78m Sophos
is
to
of
to
,
of
II
or
of
a
network-
s
.
,
in
a
a
Fxewal
,
of
-
.
necl p6lic netwaks leu secure
whenyou
uch es airpods You will flot be nolued when Windows
poçrams Seledions on the Exceptions lab wil be
fit
locations
of
,
to
Select
to
a
a
thit
te
eIl- exceptions
Dont
El
in
.
connectinp
timon selected on ha Exceptons tab
et
,
of
.
If
..........
to
to
t
elle:
.
,
in
a
,
it
.
,
is
,
s
to
or
or
to
to
,
in
a
to
to
.
.
.
,
is
.
a
it
is
,
ROOTKITS
.
is
it'
s
,
Despite having separate title rootkits
are reallyjust an advanced form trojan
rootkit can be used take full control
computer by successfully hiding any
actions
performing such as making
the registry establishing
changes
connections other computers and
running malicious code Rootkits can work
variety ways and
theory there
no limit what they are able achieve
driver rootkit can
By taking the form
disguise itself and its activities as those
also
legitimate piece hardware and
possible fora rootkit completely change
the way certain portions operating
system code are run
a
,
to
of
a
.
A
a
to
of
.
a
it
of
is
in
,
,
in
/
/
,
/
(
Anti-Rootkit http: tinyurl.com jcqyp
and UnHackMe www.greatis.com
unhackme There' no particular
technique that can be employed avoid
the threat rootkits and their removal can
often be hampered by the fact that changes
are made important system code
many cases the easiest way completely
remove ail traces
malicious rootkit
perform complete reinstallation
/
act proving guilt virtually impossible
Thankfully there are number
steps
secure wireless
that can be taken
connection and details can be found
the walkthrough below
important
remember that someone has free
access
your wireless connection they
the contents
potentially have access
mind
well
your hard drive With this
worth spending little time ensuring that
the connection
as secure as possible
is
/
/
)
a
/
of
in
is
a
to
.
,
/
,
s
)
to
to
.
in
to
a
a
is
.
of
,
,
a
of
it
is
to
In
.
of
a
,
of
in
.
to
is
.
if
to
to
,
of
It
to
to
to
of
,
(
a
.
,
(
.
of
)
,
to
of
is
is
to
in
to
.
it
is
,
a
a
.
is
a
.
WI-FI LOCKDOWN
rire
n
.
*
_
Y
NM1eee
B.aic Seninga
r
?
.
ffu
WI-FI CON
SECURE YOUR
_
U
wttk
M
.
xorelers
urity
Europe
igs
Channel'
AUTO
ock Sites
Mod
Uptu270Mbp
g
NETGEAR
S
Mur
Narre 9910
ADSL Settinge
q
.
,
(
Wlreine Settingo
wky
Redlon
Loge
)
:
.
F
Block Site
e
X11
nru
SeMce
WYeWS Accaas PaS
.
Enable Wirelsa
.
:
Accne Point
.
:
Sehedul
Nbw B..dC
.
C
E
-s'
cffo
-il
Mairnenan
o
S
ONan
P.sword
C
Bi.gne.Bu
Reuter Bpgr.d
t
ofName 9810
Mlow Broadcast afName ESID
D
(
rvices
hedule
W6eless Station Access List
)
mail
StJlw
A-
LM
rr1r
Y'
C
ntenance
r
Sectoib cVions
Juter Statua
None
tached Devices
WPA-PSK TKIPJ
(
,
WP1
ickup Settings
WPA2-P8
at
WPA-PSI( Seau
Password
rc
.
.
PROTECT SETTINGS
2
Ensure the contrai interface for your modem
router password-protected Use the defouit
or
is
.
usernome and password
choose
a
new password
.
ta
log on with then
,
.
RIDE SSID
3
After ossigning on SSID nome
your wireless
network you should consider disobling its broadcast
detect
helps make more difficult for others
it
to
,
is
needed
to
establish
a
connection
.
..dr.lCw
.
/
9
R2 rNeCACto
GN
R
ENABLE ENCRYPTION
the wireless security section
the configuration
enable either WEP
screen opt
WPA encryption
before choosing possword This will need
be
entered
connect
your network wirelessly
of
)
It
.
.
In
to
(a
as the SSID
ctyufioI
E
tb
.
1
1
WPA2-PSK JAESJ
+
[
,
WP4PBK[
)
Wireless isolation
0
(
.yop«
.
B.ckup Seninga
+
.
.
AR.chad Beeie.
.
Parsless isolation
M.k.
,n
Router Statu
Set
EnableWrelessAccess Point
E
rewall Rules
.
.
Firew.Il Roi.
+
Wreless Access Poid
.
ta
or
,
.
ta
a
.
.
ta
ta
42
4/4
Copyright (Computing Made Easy) No reproduction without authorisation
STEGANOS