How to Secure Your Computer Using Free Tools and Smart Strategies

Transcription

How to Secure Your Computer Using Free Tools and Smart Strategies:
An Internet Self-Defense Course
Version 1.08
-1-
© 2004 Douglas Partridge & Kevin Ryan — All Rights Reserved. www.SecureYourComputer.Net
Unauthorized duplication or distribution is strictly prohibited.
This is NOT a free eook and does not come with resell rights.
If you’re interested in making money with this book see page 74.
Disclaimer of Warranty / Limit of Liability
Disclaimer of Warranty: The authors of this material used their best efforts in preparing this
material. The authors of this book make no representation or warranties with respect to the
accuracy, applicability, completeness or the contents of the book. The authors disclaim any
warranties (expressed or implied) for any particular purpose, or any consequences arising
from the use of this material. The authors shall in no event be held liable for any loss or
damages. You are advised to seek the opinion of a legal professional when dealing with
business matters.
The content of this ebook and bonus materials are protected by International copyright laws
and may not be reproduced, redistributed, resold without the prior permission of the original
authors.
The authors of this material did not develop any of the software programs mentioned within
this book and bonus materials. Should you have an issue with a business or product, your
only recourse is to contact the company or developer directly.
Trademarks: All trademarks and product names used in this book and bonus materials are
properties of their respective owners. Windows and Windows XP © Microsoft Corporation.
Regarding Internet Links: An active web connection is needed to view links recommended
in this book and bonus materials. While every effort has been made to keep the links updated
at the point of writing, the authors cannot be responsible for any outdated or broken links. All
links are for informational purposes only and are not warranted for content, accuracy or any
implied or explicit purpose.
We strongly recommend that you make a full computer backup before changing any system
settings and installing programs.
-2-
About the Authors
Doug Partridge
Doug Partridge has been in the
Information Technology field since
1990 and has worked in employee
and consulting capacities from startups (during the infamous "dot bomb"
era) to global, multi-national
companies.
He received his MCSE certified
(Microsoft Certified System Engineer)
in 1997, and has spent the past four
years working in Information Security
and as an Email Administrator for
Nestle.
Kevin Ryan
Kevin Ryan has a decade of
experience in the Information
Technology industry. Holding the
premiere Information Security
certification (CISSP), Kevin has
worked in Information Security at a
leading global 100 company for the
past seven years.
-3-
Special Message to the Reader
The Internet today is comprised of some unquestionably great minds,
and what’s their mission? For some it’s simple: to figure out every
possible way to exploit the average computer user. These shadowy
figures exploit people’s trusting nature, and in most cases, lack of
adequate computer security to gain unauthorized access and infect
computers with Spyware and other malicious threats. The environment
on the Internet today requires paying very close attention to what
information comes in and out of your computer. You can have every
security tool imaginable protecting your machine, but without a basic
knowledge of the current threats, to some extent you’re still vulnerable.
Why We Wrote This Book
It was these thoughts that prompted me to call my long-time associate
in the Information Security field, Kevin Ryan. It turned out that Kevin
shared many of the same thoughts about the poor state of Internet
security. While the average IT professional knows exactly how to
protect his computer and practice “safe computing,” recent Internet
studies show that general security awareness is desperately lacking.
This is truly unnecessary; with just a little bit of information and the right
tools, anyone’s computer can be just as secure as those of computer
professionals. With the number of people using “always on” broadband
Internet connections on the rise, this information is especially vital.
With this goal in mind, we sat down and outlined all of the information
that became this ebook. Our objectives were simple:
-4-
With high-speed Internet users in mind, write an easy to
understand, step-by-step “how to” security book (note: for
reasons explained later in the book, dial-up users would do well
to follow the same steps).
Highlight effective free security tools and services, and show how
to use them.
More than simply mention tools – explain not only why you need
them, but how and why they work.
Share “smart strategies” to protect your private data – and reduce
the risk of threats like online Identity Theft.
If you follow these steps, after reading this book and bonus materials,
you will have a secure computer now, and you’ll know how to remain
protected against future threats. You will have a keen eye for
“Phishing” (email-based scams designed for identity theft) and other
email-based scams. When making an online purchase, you’ll know if
you’re in a “safe” environment or not. Most importantly, you’ll be armed
with knowledge and that is a vital component of security.
We sincerely hope you enjoy this holistic Internet self-defense course.
Sincerely,
Doug & Kevin
P.S. A little bit about “I,” “we” and “ours.” As you know this book was written by two
people. When we split up the chapters, we chose to write in the first person. At the
same time, you’ll see phrases like “our eBook” and “we hope,” usually this is when
referring to this work as a whole. Hopefully you don’t find this distracting.
-5-
Table of Contents
About the Authors....................................................................................3
Doug Partridge.....................................................................................3
Kevin Ryan ..........................................................................................3
Special Message to the Reader ..............................................................4
Table of Contents ....................................................................................6
Introduction – The “Perfect Storm” of Modern Day Computing..............8
Another “Perfect Storm”.......................................................................9
Remainder of this Book .....................................................................14
Punch #1 – Personal Firewall................................................................16
What is a Firewall, and Why Do You Need One?..............................16
Your Firewall is “Muscle” on Your Side .............................................17
The Truth Exposed Through Security Scans.....................................18
Sygate’s Personal Firewall ................................................................23
My Security Scans After Installing a Firewall.....................................26
Zone Alarm ........................................................................................28
Doesn’t Windows XP Have a Built-in Firewall? .................................30
Punch #2 – Anti-Virus............................................................................31
Malware – What is it? ........................................................................31
Anti-Virus Programs...........................................................................36
AntiVir Anti-Virus Software ................................................................38
AntiVir Configuration Tips ..................................................................38
Virus Hoaxes .....................................................................................42
Punch #3 – Adware & Spyware Removal .............................................44
Spyware.............................................................................................45
How Spyware Gets on Your Computer .............................................47
Signs That You’re Infected ................................................................49
Spyware Removal Tools....................................................................50
-6-
The Benefits of “Real-Time” Protection .............................................53
A Moment for Security Reflection … .....................................................55
Punch #4 – Windows Security Settings ................................................56
Creating A Password-Protected Log-on ............................................56
Creating A Password-Protected Screensaver ...................................59
Creating Private Folders ....................................................................60
Disable Unused Services...................................................................61
Stop File and Print .............................................................................62
Stop the Messenger Service..............................................................64
Windows Patches and Updates.........................................................66
Windows Web Updates .....................................................................67
Download Summary ..............................................................................71
Bonus #1 – Online Identity Theft: Self-Defense 101 .........................72
Bonus #2 – Email Security & Smart Strategies .................................73
Bonus #3 – Smart Strategies for Reducing Spam.............................73
Parting Thoughts ...................................................................................74
Recommended Reading........................................................................75
-7-
Introduction – The “Perfect Storm” of
Modern Day Computing
Note: this chapter provides background information and general
commentary on the current state of security on the Internet. Reading it
will provide a good foundation for the rest of the book, however, if you’re
eager begin securing your computer – jump to the next chapter.
The condition of modern day computing is well illustrated by the George
Clooney and Mark Wahlberg tour de force, “The Perfect Storm.” For the
benefit of those who missed this movie, it’s a riveting tale based on real
events that took place in October 1991. The factors responsible for this
perfect storm are so rare they are said to occur, maybe, once every
hundred years. In October 1991, three significantly powerful storm
systems came together creating one apocalyptic force. This storm
caused winds in excess of 125 miles an hour, and created ocean waves
over 10 stories high. Few people on earth had ever witnessed such a
cataclysm. Tragically the six members of the commercial fishing boat,
“The Andrea Gail” never got the warning and went straight into the
center of this tempest.
Now how could George Clooney, Mark Wahlberg and a fiercely
powerful storm back in 1991 possibly relate in any way to modern
computer security? Well, it illustrates how powerful forces can come
together to create a threat much greater than the individual parts. I’ll
resist the temptation to go further with this illustration: imagine you and
your computer are like the Andrea Gail, out on the open and angry sea,
danger lurking ‘round every corner! That would just be too much. ☺
-8-
Another “Perfect Storm”
Here are the four factors creating our “Perfect Storm” on the Internet
today:
Factor One – the Open Nature of TCP/IP
TCP/IP is the protocol your computer uses while on the Internet. What
is a protocol? Sometimes protocols are likened to languages, but
they’re really more like “rules” computers must follow when attempting
to “speak” to each other. This idea can be illustrated by a common
every day task – making a phone call.
You want to talk to your friend; you initiate the process by dialing their
number. When your friend answers with “hello” or “what’s up?” or “who
this!?” – then you would normally reply with your name. The connection
is successfully established on both ends, and you and your friend go
with the conversation.
This simple exchange is similar in concept to how computers using
TCP/IP start conversations with each other. These “connection
conversations” are going on behind the scenes every time you do
something ordinary like view a web page or send email.
The “open nature” of TCP/IP dates back to its origins in the mid-to-late
1960s. The whole purpose of TCP/IP was open communication – not
only between different computers, but also between different types of
computers. In this way, TCP/IP has been, and continues to be a huge
-9-
success. Right now, people using Windows, Macintosh, Unix, Linux,
and other systems, are all on the Internet using this one protocol –
pretty amazing when you think about it.
You’re forgiven if you’re wondering how any of this creates a “security
threat.” The important thing to know about TCP/IP, and the reason why
it contributes to our perfect storm, is this: it doesn’t have a native, or
we could say, “built-in” concept of security. What exactly does this
mean? TCP/IP was designed for the purpose of sharing and
exchanging information between groups that basically trusted each
other. Going back to our phone call analogy, TCP/IP has no built-in
method for evaluating the call or even the caller to determine if this
is someone you want to communicate with. TCP/IP merely
facilitates the request.
To sum up our first contributing factor – everyone on the Internet is
using a communication protocol with no built-in concept of security.
Factor Two – Many “Ain’t it Cool” Windows Features
Around the time of Windows 95 with the introduction of their new user
desktop (does anyone remember Windows 3.x?), Microsoft (MS) put a
strong emphasis on being more “user friendly” (and by extension
dominating the desktop market). MS developed many new features into
Windows, and they were so sure everyone would want them that “out of
the box,” they were enabled. What some people call features others
call security holes. Whatever you want to call them – these “features”
have been exploited to no end by viruses and worms over the years.
- 10 -
One good example of this in action is the security vulnerabilities in
Microsoft’s web server software called “Internet Information Services”
(IIS). Two well-publicized worms, Code Red and Nimda, easily took
advantage of security holes in IIS and spread with ease across the
Internet. ISPs and web admins had a stressful few days as they
attempted to get their servers under control. However, the real
awakening here is the large number of home users running IIS (web
server software) on their computers. Even though most people had no
need for it, many were running Microsoft’s web server software on their
home Internet-connected computers. Non-secured home users
running IIS played a big part in spreading these worms.
Factor Three – The Rise of “Always On” Internet Connections
Broadband or “high-speed Internet access” falls into two major
categories: DSL & Cable Modem. Just how many people use
broadband connections? As of September 2004, the number is
estimated to be over 48 million according to the FCC. Now we all love
broadband, and if you’ve switched over from dial-up, you probably
couldn’t imagine going back. However, there’s one key element
introduced by broadband that makes exploiting your system much
easier.
It’s your IP address.
An IP address is the unique address assigned to your computer by your
Internet Service Provider. Having an IP address is mandatory for you to
use the Internet. It’s how you’re able to send and receive information.
So, you must have one – there’s no getting around it.
- 11 -
Back in the dial-up world, you would receive a different IP address
every time you connected (or dialed-up). When you’re using a
broadband connection, you’re likely to have the same IP address for
long periods of time. If you leave your computer turned on, you now
have a computer with a “live” Internet connection and a non-changing IP
address. This makes your computer an accessible and “stationary”
target for everything from self-spreading worms, to hackers attempting
to break into your system. With a broadband connection, a determined
hacker may have several days or even weeks to work on getting into
your computer.
One other note, even if your IP address changes, once your system has
been compromised, hackers can install notification programs on your
computer to contact them with your new IP address. Nice, isn’t it?!
The point I’m emphasizing is this: broadband users are especially at
risk. However, I want to address one myth right now – it’s the idea that
you’re not at risk if you use a dial-up Internet connection – WRONG.
The SANS Institute (a security research group) published a report
stating that an unprotected Windows XP system can be discovered
and compromised in as little as 20 minutes (update: the current
figure is 16 minutes). The bottom line, if you ever connect to the
Internet – you need to be concerned about security, and take steps to
secure your system.
Let’s add one more factor to our “Perfect Storm” contributors.
- 12 -
Factor Four – People Looking for Vulnerable Systems
Yes, we need one more element to tie this all together – to create a true
ominous threat. This is one area where I’ve noticed a shift in attack
methods over the years. A few years back the thinking was, unless
you’re the government or a large corporation (especially one viewed as
“world dominating” or “evil” by hackers at large), no one would be
interested in breaking into your computer. Hackers are still interested
in going after high profile targets; they’ve just invented new and creative
methods to accomplish this task.
A common attack launched against a targeted company involves
flooding their website with more traffic than the site can handle, which
will ultimately take it “off the air.” This is usually done by what’s called a
“distributed attack.” This means that the attack is coming from
thousands, maybe even millions of computers simultaneously. If you’re
someone like Amazon or Ebay, downtime caused by such an attack is
especially devastating and costly.
Now, you’re probably reading this wondering why a “distributed attack”
should of interest to you? Without your knowledge, your computer may
have participated in the last big distributed attack! The key here is that
the instigators of such attacks realized that instead of using their own
computers to launch attacks, it’s better to find and infect an army of
“zombie” home computers to do their biding. Not only is this extremely
effective, it makes tracing the true source of the attack much more
difficult.
Who’s interested in getting on your computer?
- 13 -
You’re looking at everyone from criminals actively seeking account
information to commit fraud – to people looking for available systems to
use in distributed attacks, as mentioned above – to beginning hackers
who don’t intend any damage, they just want to see if they can get on
your system. Whatever the motivation, you don’t want any of them on
your system!
Examining these “Perfect Storm” factors individually as we have should
really impress upon you the urgency of taking proactive security
measures immediately.
Remainder of this Book
The remainder of this book is organized by priority. We are assuming
that you have not taken any steps to secure your computer. The next 4
chapters are referred to as the Mandatory 1-2-3-4 Punch. These steps
are more than merely a “good idea,” they are mandatory steps you must
do to secure your computer. Why? Without doing these steps, you’re
practically guaranteed to be hosting everything from viruses and worms,
to other malicious programs designed to exploit Windows security
holes.
If you already have one or more of these in place, wonderful. You may
still want to skim through the chapters to see if there are any pointers
you can use. Along with mentioning “real world” examples, where we
can, we’ll highlight well-regarded and effective tools available for your
use.
- 14 -
Enough discussion, it’s time to fight back.
- 15 -
Punch #1 – Personal Firewall
What is a Firewall, and Why Do You Need One?
Let’s start with “why you need one” first. Once you know this, you’ll
absolutely want one now. In order to understand why you need a
firewall, we need to talk just a little bit more about the inner-workings of
TCP/IP.
You already know what an IP address is; it’s the unique number
identifying every computer on the Internet (they look something like this
“192.168.2.124”). In addition to IP addresses, TCP/IP uses something
called “ports” as a communication mechanism. We won’t delve too
deeply here – but having some background knowledge will prove useful.
A port is what it sounds like: a portal – a potential entry point for data in
and out of your computer. Every program uses a port when
communicating with another computer. For instance, your email
program uses one port to send, and a different port to receive. A web
server “listens” for web requests on a port, and your web browser uses
the same port to request a web page. When a program is using or
“listening” on a port – that port is said to be “open.” This means that if
a request is directed to that port, your computer responds to the
request. The important thing to know about ports is that every open
port on your computer is a possible entry point for an attack.
How many ports are there? Only 65,535! Hackers use programs called
“port scanners” to scan entire blocks of IP addresses to see: 1.) how
many computers they can find and; 2.) how many have open ports?
- 16 -
Port scanners are extremely effective at discovering this information.
To relate this to the real world, imagine if a burglar, from the privacy of
his home, had the ability to scan entire city blocks to see not only who is
home, but also which doors and windows are unlocked! Makes you
goose-pimply just thinking about it ….
What if a port scanner detects an open port? Usually one of two things,
either an attack is launched immediately, or this information is logged
for later use. Remember, with a broadband connection, you’re likely to
be at the same IP address for quite some time. Aside from being
extremely effective, port scanners are readily available on the Internet
and don’t require much technical experience to operate.
This is a good place to mention that it’s not necessary to understand all
of the inner workings of TCP/IP, ports, and port scanners. For now,
what you should take away from this introduction is that exposed ports
on your computer present a security exposure. This brings us to the
remedy, a personal firewall.
Your Firewall is “Muscle” on Your Side
A firewall acts as a powerful security checkpoint or boundary between
all data coming in and out of your computer (note: we’ll also talk about
why you want to know about data leaving your computer). To put it
another way, it examines all data coming in and out of your computer,
and compares this against its “firewall rules” (we’ll also explain rules a
little later), and then decides if the traffic can proceed or should be
blocked. Remember, the “open nature” of TCP/IP provides no such
functionality. Without a firewall, your computer will respond to
connection requests without a second thought. Make sense?
- 17 -
That’s basically how a firewall works – but we should really focus for a
minute on what this actually means for you. Because a firewall
intervenes before your computer can acknowledge a request for
information, your computer will appear invisible to port scanners.
People searching for computers to exploit will not even know your
computer exists. We’ll see this demonstrated later in this chapter.
Another benefit is that now you must grant programs permission to use
your Internet connection. The truth is, without a firewall in place,
programs both legitimate and otherwise could be making outbound
connections using your Internet connection at their will, and you would
never know about it!
The Truth Exposed Through Security Scans
Illustrations usually help drive home a point. So think of your computer
as an expert and shameless flasher – always ready to expose
information – information about you. OK, that illustration was over the
top.☺
Naturally, by this time you’re probably curious about your own
computer’s security – and how many open ports you’re exposing right
now. Fortunately this information is easily obtained using free security
scanning websites. How do they work? The website will record your IP
address and launch a port scan of your computer and display the
results. A note of caution: since security information about your
computer could be valuable information in the wrong hands, I would
- 18 -
only use a reputable website for such a scan. The two sites I use in this
chapter are both highly regarded.
In order to demonstrate the virtues of a firewall, I thought it would be
interesting to load a new installation of Windows XP, and then run a
scan before and after installing a firewall.
Sygate Security Scan
For the first scan, I’ll use Sygate Security Scan. In case, you’re
unfamiliar with Sygate, in addition to security scans, they make an
excellent personal and corporate firewall.
Sygate’s site offers several free scans ranging in duration from 30
seconds to 45 minutes. I usually run the “Quick Scan” and the
“Stealth Scan.” Both scans take about 30 seconds and provide a
good overview of your security level.
- 19 -
Sygate security scan before installing firewall.
As I expected, without a firewall in place, I’m exposing several open
ports (much more than can be seen on the screenshot). As the last box
shows, in addition to open ports, my computer responds to ICMP or
“Ping” requests.
What’s Ping, and why should you care?
The first thing that may come to mind when you read “Ping,” might be
the sonar device used by submarines. One submarine will send out a
- 20 -
sonar signal, and based on the response (or lack of) they know if there’s
another object in the water, and how far away it is.
The Ping command works similarly in concept, except its sending out
data and not a sound signal. Ping is a useful TCP/IP command used to
test connectivity between computers. However, Ping reveals useful
information to a hacker. If fact, usually the first thing a port scanner
does is Ping an IP address to see if a computer responds. Not only
does a successful Ping response confirm there’s a computer at the IP
address, it usually reveals what operating system you’re running:
Windows, Macintosh, etc. This is extremely useful information to
someone planning to launch an attack against you.
GRC Scan
I like to confirm my scan results using another scanner. Gibson
Research Corporation provides several free scans. You can’t link
directly to the page running the scan. Just keep clicking on “Sheilds
Up” and you’ll get there. From GRC.com, I usually run the “Common
Ports” scan. The results from this scan are below.
- 21 -
GRC security scan before installing firewall.
This does not look good at all. Both of these scans reveal that my
computer is exposing information – namely open ports to the Internet.
As we’ve already discussed, open ports present a huge security
exposure. You may be surprised to learn that closed ports are less than
desirable as well. Say what? If open ports are horrible and closed
ports are bad too – what else is there? I hinted at it earlier in the
chapter, but I’ll explain it in detail a little later in this chapter. For now,
let’s get our firewall installed.
- 22 -
Sygate’s Personal Firewall
I’ll mention another great firewall at the end of the chapter – for this
exercise I’ll use Sygate’s Free Personal Firewall. This is a top-notch
firewall that also checks your system for malicious software programs!
Not only is this a great product, it’s easy to install and use. In fact,
during installation, you can accept all default options.
Creating Your Firewall Rules (a.k.a. “Program Control”)
Once your firewall is installed – you will begin creating your firewall
rules – i.e. which programs will be allowed to use your Internet
connection. You’ll need to do this for every program before it will be
allowed to make an outbound connection. As your firewall detects
programs attempting to make outbound connections – you’ll be
prompted with a message like the one shown below when I started
Internet Explorer for the first time. Program control is absolutely
essential for security.
Sygate alerts you when a program attempts to use your Internet connection.
Notice that the message clearly tells you the name of the program – and
the destination of the connection (in this case, my.yahoo.com). You
have the option of answering Yes or No; clicking the checkbox makes
- 23 -
your choice permanent (meaning that you will not receive this prompt
again for the same program).
There’s a common group of programs that you’ll probably immediately
OK, and make the choice permanent – e.g. web browser, email, and
instant messaging programs. All of those programs obviously need to
use your Internet connection.
Invariably, you will see programs attempting to use your Internet
connection, and it will surprise you. Be very careful when allowing
programs “free reign” to your Internet connection – especially if it
doesn’t make sense to you that this program wants to make an
outbound connection.
At the same time, you don’t want to be too strict here – for instance,
your Anti-Virus program will need to connect to the Internet to download
updated virus definitions (this is discussed in the more detail in the AntiVirus chapter). Not allowing this action to occur will mean your AntiVirus program will quickly become outdated in a short amount of time,
and significantly weaken its usefulness. Similarly, programs may be
configured to automatically check for updated versions. This is usually
a good thing to allow. If in doubt, you may want to allow the program to
make a one-time outbound connection – i.e., do not check the box to
make your choice permanent.
In addition to protecting your Internet connection through program
control, Sygate provides an additional benefit by verifying that the
program you allowed has not been replaced by another version.
- 24 -
Hackers in an attempt to gather information about your computer, or to
make your computer unstable, may try to replace a trusted program on
your system with a “hijacked” version.
When Sygate detects a change in a program you accepted – you’ll see
a notification like the one below.
Sygate's alert of a change in a previously trusted program.
In this case the change is legitimate; Yahoo Messenger was upgraded
to a newer version. Be very concerned if you see a message like
this for no apparent reason. Note: after running Windows updates,
it’s not unusual to see messages like this for many Windows related
components (we explain Windows updates in our Windows Security
Settings chapter).
As an extra security measure, you can password protect this program.
The main reason for this step is to protect your settings from being
changed by others (either mistakenly or maliciously). You even have
the option of forcing the password to be entered before the program can
be shut down.
- 25 -
To enable this feature, go to Tools
Options – look for the “Password
Protection” area at the bottom.
My Security Scans After Installing a Firewall
Let’s see how our security scans look after loading Sygate Personal
Firewall. Getting back to our earlier question about open and closed
ports – we know open ports are horrible – closed ports while better, still
aren’t what we want. What else is there?
What we’re after is often illustrated in futuristic sci-fi movies. We’re all
familiar with the “cloaking device” on spaceships. They allow a
spaceship to appear invisible to the enemy’s scanners. In fact, a
cloaked spaceship can fly right past an enemy ship, and it wouldn’t be
detected. You have seen this before, right? Hope I didn’t lose you with
that one.
You don’t want any evidence that your computer is on the Internet. All it
takes is one port, open or closed, for your computer to be discovered by
a port scanner. What you’re after is what’s commonly called “stealth
mode.” “Stealth mode” occurs when your firewall blocks all
unauthorized connection requests to your computer. By virtue of this
feature, it’s impossible for an outside party (e.g., someone running a
port scanner) to determine the status of any of your ports (either open
or closed). Even better with a properly configured firewall, outside
parties will find no evidence that your computer is on the Internet. This
“stealth mode” is only achieved by using a firewall. Now that we know
what we’re after – I’ll run the same scans on my firewalled computer …
- 26 -
Sygate security scan after installing firewall.
- 27 -
GRC security scan after installing firewall.
Both scans confirm that all port information is hidden, and I’m no longer
responding to Ping requests … Ladies & Gentleman (and whomever
else may be reading), we have a fully stealthed computer!
The best defense against an attack is avoiding detection entirely.
Zone Alarm
Another good free firewall is Zone Alarm from Zone Labs. In fact, Zone
Alarm is probably the most well known free firewall. Between the two
free versions (Sygate & Zone Alarm), I think Sygate’s offers more. For
- 28 -
instance, Sygate’s free firewall allows you to set a password to protect
your settings – while the free version of Zone Alarm does not.
It’s worth mentioning that Sygate and Zone Alarm are not the only free
firewalls available. I recommend these two for the following reasons:
they’re both highly regarded and well respected in the industry, and
they’re un-expiring and truly free versions.
Note: some claim to be “free” versions but are really free trial versions,
and will make you buy the full version after the trial period expires.
Zone Alarm Pro is an excellent full-featured firewall that also adds
incoming/outgoing email protection. Zone Alarm Pro is not free, so why
do I mention it? Throughout the book, where possible, we’ll use the free
versions in our examples and screenshots, and we’ll also mention the
full versions for a few reasons:
1. The free version is usually a “lite” or stripped down version of the
full version. Additionally, the free versions are usually only free
for personal use. Using the program in a business or commercial
setting usually requires the purchase of a licensed or full version.
2. While the various software companies are kind enough to provide
useful free versions, at the same time, they’re in business to
make money and want you to buy their full version. To entice
you, they often include useful features and benefits only available
in the full version. Sometimes technical support is only available
in the full versions. In some cases, the additional benefits make it
- 29 -
worth buying the full version, even for personal use. Otherwise,
the free version more than adequately does the job.
3. Finally, some people just can’t accept that a free program is
useful. For those people, we’ll highlight some key benefits found
in the full version.
Doesn’t Windows XP Have a Built-in Firewall?
Yes, and it’s turned off by default. If you don’t want to load another
firewall – please enable this one. Alternately, if you have a brand new
system, enable the Windows firewall until you can get Sygate or Zone
Alarm. The Windows XP firewall is better than none at all, and it’s a
welcome addition to Windows. However, security-wise it’s limited. For
instance, Sygate and Zone Alarm monitor both incoming AND outgoing
traffic. The Windows XP firewall only monitors incoming traffic – in
other words, it doesn’t provide program control. As I mentioned earlier,
you want to know exactly which programs are making outbound
connections. Unauthorized programs using your Internet connection
pose huge security risks. One other limitation: since it lacks “program
control,” you will not be alerted if a trusted program is replaced with a
hijacked version.
TIP
Never run multiple firewalls simultaneously.
Doing so will not provide added security, and will likely cause
system instability and/or crash your computer. Always disable
or uninstall one firewall before loading another.
- 30 -
Punch #2 – Anti-Virus
Before I mention any Anti-Virus programs by name, I think it’s useful to
talk about what they protect against and how Anti-Virus programs work
and are kept up-to-date.
Malware – What is it?
Let’s begin by discussing what is referred to as “malicious code.” This
destructive programming code comes in many forms and is transmitted
in many ways. In fact, there are so many types of programs designed
with malicious intent that a new term was required to describe them,
“Malware.” Malware, meaning “malicious software,” is not any one thing
but describes an intention.
Any malicious program that secretly copies itself onto your computer
can be called Malware. It can take many different forms and execute a
wide variety of destructive tasks, from harmless but annoying taunting
(e.g., playing sound files with a pornographic or rude message), to hard
drive failure (loss of data), to the most serious, identity theft.
Some of the most popular and widely publicized invaders are the Virus,
Trojan Horse and Worm. Let’s examine each in more detail.
Virus
A computer virus is a program or programming code that replicates
itself by copying to another program, computer boot sector (a small
program that tells your computer how to load its operating system), or
- 31 -
document. Viruses can be sent as an email attachment, or reside in a
downloaded file.
Once it’s downloaded to your computer, the malicious code can begin
its destructive phase. Viruses have varying agendas and execution
schedules. Some will begin the attack immediately, while some will wait
for a trigger such as a time, date or running of a program. The
destruction to your system can vary. Some viruses will erase all data
on your system requiring you to reinstall Windows, while others may
simply send irritating pop-up messages taunting the user. They can
also attack specific programs such as Microsoft Word and Excel by
scrambling words and numbers.
By nature a virus will copy itself to files on your computer and/or
programs. Some may self-propagate by using a worm (discussed
below) to send itself as an attachment to other computers. Below are
some of the more famous viruses and the destruction they caused.
Notice how the recent viruses are taking less time to infect while
causing greater destruction.
- 32 -
Virus
Year
Type
Time to become
Estimated
prevalent
damages
Jerusalem 1990 Boot Sector
3 Years
$50 million
Concept
1995 Word Macro
4 Months
$60 million
Melissa
1999 Email enabled
4 Days
$93 million to
word macro
I Love
You
$385 million
5 hours
2000 Email enabled
$700 million
Visual Basic
script/Word macro
Clearly the new generations of viruses are getting more intelligent and
destructive. They use worms to self-propagate and infect at incredible
rates. Not only will they infect your computer but some can read your
email address book and send themselves as an email attachment to all
of your friends, family and business associates. This is an extremely
devious and effective transmission method. Why? The recipients likely
will not suspect a virus, and open the infected attachment because after
all, they believe you sent it! Now they are infected, and the cycle begins
again. It’s truly a “gift” that keeps on giving.
I’m sure you see the potential for great destruction. What you also need
to know is that new viruses are being created daily, which makes not
only running an Anti-Virus program, but also keeping it updated and
configured properly absolutely mandatory. Note: this is covered in
more detail later in this chapter.
- 33 -
Worm
A worm is a self-replicating virus. However, unlike the virus, the primary
job of a worm is to copy itself across the network to every available
(unprotected) computer. The network can be a home office, large
corporation or the Internet.
The troubling fact is that a worm can carry a payload (virus) and
distribute it to all of its targets. Once the worm has infected its victim – it
will start looking for available network connections on the newly infected
computer. To get other computers to respond, usually it will send out
network broadcasts. This will reveal which computers are vulnerable.
When the infected machine finds a vulnerable computer, the worm will
make new connections, infect the remote computer and start the cycle
all over again.
You can imagine what this waste of network traffic (bandwidth) does to
the speed of legitimate network traffic. In some cases the excess traffic
is so extreme; it will practically bring the network to a grinding halt. This
is called a “denial of service” (DOS) attack. Hackers have used this
method to shut down government and large corporate websites. You
may remember some of the more destructive worms such as Love Bug,
Code Red, Nimda and Blaster. Code Red at its peak infected an
estimated 2,000 computers per minute and eventually infected 359,000
machines. Once again, you can see the potential for infection.
Remember the Sans Institute Statistics? An unprotected computer can
be infected within 16 minutes. This very real threat is out there actively
searching for vulnerable computers; let’s make sure you’re not one of
them.
- 34 -
Trojan Horse
A Trojan horse (commonly abbreviated as “Trojan”) is a program that
infects your computer and allows a hacker to run hidden tasks without
your knowledge. Here’s a bit of trivia for you. Where does this odd
name come from? The term comes from the Greek story of the Trojan
War, in which the Greeks give a giant wooden horse to their foes, the
Trojans, seemingly as a peace offering. After the Trojans bring the
horse inside their city walls, Greek soldiers sneak out of the horse's
hollow belly and open the city gates, allowing their compatriots to pour
in and capture Troy.
Trivia aside, this is the kind of Malware everyone should be most
worried about. The program works behind the scenes and waits for
instructions (either from a hacker or from other infected machines).
Symptoms of a Trojan-infection include files or programs opening or
closing automatically. Sometimes hackers will display obscene
graphics that cannot be closed until the computer is shut down.
In something reminiscent of the movie “Poltergeist,” people reported
that their CD drive tray would open and close for no apparent reason.
In some cases Trojans give hackers the ability to activate web cameras
so they can watch you without you knowing it! I know it sounds like
horror movie material, but it’s real.
Because the Trojan horse is a virus, it can be spread in many different
ways including the most popular method, email attachments. Another
popular way is attaching it to a legitimate file, and placing it on the
- 35 -
Internet for download as a shareware or freeware program. Usually, it’s
disguised as something fun like a game or other free download. Once
this file is downloaded, the Trojan is installed in the background and is
sitting there waiting for a hacker to connect and take control of your
computer such as the infamous “Sub Seven” Trojan. This point is
repeated throughout this book – you should never open a mail
attachment you’re not expecting – even if it’s from someone you know.
The reason I went through these detailed explanations is this:
complacency is a big problem when it comes to security on the Internet.
I believe that once a person truly understands the risks they face; they’ll
be diligent and take the necessary steps to protect their computer.
Anti-Virus Programs
Let’s talk for a bit about how Anti-Virus programs work.
What are Virus Definitions?
As mentioned before, merely running an Anti-Virus program on your
computer is not enough. To truly be effective, your Anti-Virus program
needs to be configured properly, and have a current set of virus
definitions.
What are virus definitions? Anti-Virus vendors analyze each new virus
to find its programming code or “signature.” This new information, along
with older virus signatures is packaged together in what’s called virus
definitions. Simply put, virus definitions are a listing of known viruses.
During a virus scan, your Anti-Virus program compares files on your
computer against its virus definitions. Since new viruses practically
come out daily, you can see why it’s critical to always have up-to-date
- 36 -
virus definitions. In fact, not having up-to-date virus definitions, in
time, will make your Anti-Virus program almost entirely useless.
Studies show that many people do not update their definitions
frequently enough – in some cases people’s definitions are many
weeks, if not months old. In these cases, the security they may feel by
running an Anti-Virus program is truly a false sense of security. There
is absolutely no need for this to happen.
How often should you update your definitions? Since new definitions
are released almost daily, I would check for updates every 1 to 2 days,
and at a minimum, once per week. Fortunately this process can be
automated, so you don’t have to constantly remember to do this. The
point to (over) emphasize again: always have up-to-date virus
definitions. It’s absolutely critical for security.
Understanding Virus Scans
What happens when a virus is found? Anti-Virus programs will attempt
to handle this in 1 of 3 ways. Repair (if it is able), delete, or quarantine.
I recommend first attempting a repair. If the file can’t be repaired,
delete it.
How do Anti-Virus programs “repair” a virus?
It just means your Anti-Virus program will remove all traces of virus
code from the file. “Quarantining,” means moving the infected file to
your Anti-Virus program’s quarantine folder. After each new virus
definition update, your Anti-Virus program will try to repair the infected
file. Most of the time, I find they are beyond repair and are better off
deleted. Later in this chapter, I will show how to configure these
- 37 -
program settings. How often should you run a full system scan? At
least once a week.
Personally, I run a full virus scan about three times a week (yeah, I’m a
little on the paranoid side).
AntiVir Anti-Virus Software
There are very good personal Anti-Virus programs available. One I
recommend is called AntiVir. This program is free for personal use and
provides free updates and virus definitions. AntiVir is especially good at
finding Trojans, and has been known to find things other scanners
missed. Like all good Anti-Virus programs, AntiVir includes a
background “agent” to provide real-time virus protection. Without such
an agent, viruses would only be discovered during a virus scan. An
agent can discover and remove a virus the moment it lands on your
system.
AntiVir Configuration Tips
Below is the first window you will see after installing the program. You
can see that you can simply check the box corresponding to the drive
you want to scan. The screen shots following are recommendations of
how you can configure the scan; handle viruses and schedule virus
definition updates. All Anti-Virus programs have the functionality
described below in case you already have one installed on your
computer.
- 38 -
Configuration 1
AntiVir main window.
Configuration 2
What to scan. Select from the toolbar “Options” and click
“Configuration”, make sure “Search” is highlighted. The default is to
scan all “Program and macro files,” change this to “All files.” This will
make your virus scans take longer, but it also provides the most
thorough protection. This configuration is highly recommended.
- 39 -
AntiVir Search Settings
Configuration 3
Schedule the virus definition updates. From the toolbar, click on “Tools”
and then “Scheduler”. From there choose “Insert” and select the
“Internet Update” tab. From there you can choose the “Scheduler”
button and set up the automatic updates. Note: when you select your
frequency, you’re scheduling both the check for new virus definitions,
program updates, and virus scans.
If there’s one thing I don’t like about AntiVir, it’s that you’re required to
download the entire program (program plus definitions) for an update.
For broadband users this is not such a big deal, however, it’s more of a
- 40 -
concern for dial-up users. Hopefully a future version will provide the
ability to download virus definitions separately from the entire program.
AntiVir Scheduler
Keep in mind that if you already have an Anti-Virus program on your
computer you can configure it the same way. It may look a little different
but you can always check the help section or visit the website of the
manufacturer.
If for some reason, you don’t like AntiVir, or you need an Anti-Virus
program for a business or commercial setting, VirusScan from McAfee
is a stellar product. VirusScan also includes protection for email and
Instant Messaging.
TIP
Wouldn’t it be great to test your Anti-Virus software without
actually downloading a virus? If you’ve never seen your AntiVirus program react to a virus incident – it’s nice to verify it’s
working correctly. Of course, “testing” with a real virus is crazy
- 41 -
– not to mention if your Anti-Virus program failed the test – you
now invited a virus onto your system. Doh!
Fortunately there is a better way. Anti-Virus researchers
worked together to develop the Eicar test virus string.
Important note: Eicar is not a real virus, nor is it a
“deactivated” virus. It poses no threat to your system. It’s just
harmless text characters that Anti-Virus programs were told to
recognize as a “virus.”
If you would like to test your own Anti-Virus program, you can
download the Eicar test string here.
Virus Hoaxes
I’ll wrap up this chapter by discussing virus hoaxes. The Internet is full
of hoaxes, and hoaxes about viruses are no exception. Usually these
hoaxes take the form of an email chain letter. They may falsely alarm
you by asking you to search your computer for the presence of a valid
system file; only the hoax will claim that this file is evidence of a virus.
Of course hoaxes do not actually infect your system, but are worth
mentioning because they cause a great deal of wasted time and energy
(and sometimes panic) which is propagated each time someone
forwards the warnings on.
Below are several tip-offs that can help verify a virus hoax.
- 42 -
• Does the warning urge you to forward it to everyone you
know? Genuine virus alerts do not ask that you participate in a
frantic distribution scheme.
• Did a genuine security expert send you the alert? Did the
alert come from your friend’s mechanic that knows a lady that
works for a security guy at Microsoft?
• Does the alert offer links to experts that will validate this
threat? An alert should quickly summarize the threat and if it has
a link, it should go to a well-known company or organization such
as Microsoft, MacAfee, Symantec, etc.
Finally, McAfee has a list of virus hoaxes which can be used to crossreference potential hoaxes.
If you have a friend or family member who is constantly sending out
phony virus alerts, let them know they are not only propagating
misinformation, but also playing into some hoaxster’s agenda. Junk
email wastes everyone’s time – note: we discuss this topic in more
detail in our “Email Security & Smart Strategies” special report. Please
do all Internet users a favor and ask them to stop. Be nice however,
they mean well.
It bears repeating again that having all of the proper tools loaded; your
best defense is the knowledge of how hackers and Malware can infect
your computer. This takes us to our related chapter on Adware &
Spyware.
- 43 -
Punch #3 – Adware & Spyware Removal
If you just finished reading our Anti-Virus chapter, you’ll probably notice
some cross-over information. Adware and Spyware are so prevalent,
and potentially devastating that they rightfully deserve their own
chapter. According to most security experts, Spyware is quickly
becoming the most serious threat on the Internet.
As evidence of just how widespread this menace is, a recent study
sponsored by AOL and the National Security Alliance examined 329
computers. Notice these findings:
• 77% of those surveyed thought their computers were safe, yet
four out of five had Adware and Spyware on their computers.
• Two-thirds of the group did not have a firewall installed.
• While the majority of the group (85%) had Anti-Virus programs –
most had not updated their virus definitions in over a week.
• Imagine the shock one person must have felt when learning there
were over 1,000 Spyware programs running wild on his
computer!
One more finding of this study, complacency played a contributing
factor in these computers getting compromised. No one wants to
believe that it could happen to them. Unfortunately, it can and it does.
- 44 -
Spyware
Spyware is a general term for any program that secretly monitors your
actions. It’s very common to see the terms Spyware and Malware used
interchangeably, so I thought it might help to breakdown these terms.
Spyware with malicious intent is also known as “Malware.” Malware,
literally “malicious software,” is a blanket-term for any such software –
think viruses, Trojans, malicious Spyware, etc. Unfortunately, as the
AOL study shows, getting infected with Spyware/Malware is much
easier than one would imagine. Spyware comes in many forms; let’s
examine a few of the more serious types.
Adware
Adware is usually bundled with “shareware” or “freeware” programs. It
can also get loaded when you do things like click a button in a web popup ad, or even something as simple as visiting certain websites.
Adware comes alive when it senses you’re on the Internet. Adware has
two main objectives:
1. Deliver ads to your desktop usually in the form of pop-up windows
and Spam.
2. Track and record information about your online activities and
purchases for the purpose of selling this information to
advertisers (which leads to more Spam and pop-ups than you
ever imagined).
To assist Adware in its efforts to “profile” you – programs called “dataminers” look for trends in your activities. For instance, if you were
viewing real estate websites, you may soon be pelted with real estate or
- 45 -
home loan related pop-up ads and/or Spam. Some data-miners may
record your habits in a centralized advertising database.
Keyboard Loggers (a.k.a “Keystroke” or “Key” Loggers)
These have one single-minded purpose: Identity Theft. Keyboard
loggers are secret or hidden programs that record everything you type.
Some keyboard loggers can be programmed to recognize significant
information like credit card numbers, and user account/password
information. This is especially alarming when you consider how many
people access financial information like online banking and shopping.
What makes keyboard loggers so insidious is their stealth nature. In
contrast to a virus, which usually does something to let you know it’s
there, keyboard loggers don’t want to be discovered and quietly sit in
the background recording information about you.
Browser Hijacker
This is one of the most annoying things you can get on your computer.
Once it’s on your system, a Browser Hijacker can do everything from
installing links on your desktop, to installing software without your
permission. If you’ve ever had your start page repeatedly changed to
another location – you’ve met a Browser Hijacker. I’ve worked on
friends’ computers where they’ve lost all control when trying to navigate
to a website. Yet another example, imagine my friend’s intrigue and
then frustration as his My Yahoo start page changed repeatedly to a site
called “Sex Patriot” – seriously. There is really no end to what Spyware
can do once loaded onto a computer. It’s really a jungle out there!
- 46 -
Modem Hijacker (a.k.a. “Dialers”)
This is a potentially costly form of Spyware. It’s a small piece of
software that uses your modem to make long-distance phone calls to
numbers overseas, and adult chat-line numbers. Some victims have
received monthly phone bills exceeding US $2,000! Modem Hijackers
are commonly transferred through a virus, by using MP3 file-sharing
networks, and by visiting porn sites.
Cookies
In general cookies are useful. They’re small text files placed on your
computer by websites to store information like passwords, user
accounts, and display preferences for a website. Without cookies a
website doesn’t have a way to “remember” you.
While technically not Spyware, cookies may be used by Spyware tools
to build profile information on you. Marketing groups use this
information to fine-tune their ads that are sent directly to your computer
via pop-up or email Spam. Cookies are usually permanent and remain
on your hard drive until removed through your browser settings or
Spyware removal tool.
How Spyware Gets on Your Computer
Never click links in Spam email. While on the web, never click links for
offers of free movies, prizes, contests, etc. If it looks suspicious – it
probably is – get away from that site.
Just when you think you’ve seen it all, Spyware creators find new and
creative ways to exploit people. For instance, some of the most
deceptive Spyware will mimic Windows dialog boxes, actually warning
- 47 -
that your computer is infected with some sort of Malware. However, if
you follow the directions and click the button to remove it, you could
actually be loading more destructive program code on your system!
Yes, you caught that correctly – Spyware warning you about potential
Spyware loads Spyware on your computer! Notice the pop-up below.
Beware of these types! By clicking Yes, (and sometimes even “No”)
Spyware/Malware could be installed on your computer.
Clever advertisement made to look like a Windows system message.
TIP
To reduce the risk of loading unwanted programs from pop-ups
like those pictured above – either close the Window by clicking
the “X” in the upper right-hand corner, or press ALT+F4 on
your keyboard.
While Spyware can certainly land on your computer through no fault of
your own, this is not always the case. Many times it’s installed with your
permission. Have you ever clicked the “I agree” box without reading the
license agreements? Peer-to-Peer file sharing programs such as
Kazaa & Bearshare are known to install loads of Spyware. If you read
the fine print, some programs openly tell you they will install this kind of
software. It’s important to point out that none of the truly malicious
Spyware is loaded this way.
- 48 -
If you take one thing from this section, take this: there are a lot of clever
people trying to get inside your computer. They will deceive, cheat, and
steal to do so. Be very weary of any unsolicited warnings or “freebies.”
It’s a scary thing to click the “ok” button today on the Internet, do not
take this action lightly.
Signs That You’re Infected
Sometimes it’s blatant like the Browser Hijacker example, and
sometimes it’s subtle evidence. Have you experienced any of these
symptoms?
• Your computer runs progressively slower and it takes longer to
start up.
• Your home page is mysteriously changed to something else
(usually something pornographic).
• Starting your browser means spending several minutes trying to
close pop-up windows.
• Strange icons appear on your desktop.
• You notice that new programs were installed on your computer.
The likely culprit is Spyware running in the background consuming your
computer’s resources like processor, memory, hard drive space and
Internet bandwidth.
Let’s talk about fixing this mess.
- 49 -
Spyware Removal Tools
Anti-Spyware programs (Ad-Aware) will scan your hard drive, memory
and Windows registry (a database of program and Windows
information) for Adware & Spyware. It also has the ability to remove
cookies but that’s not its main focus. In most cases, cookies can be
removed by clicking “Tools” on your browser’s toolbar, and then
selecting “Internet Options”. There you will find a button labeled “Delete
Cookies”. Internet Explorer is used in this example but similar steps
can be taken with non-Microsoft browsers.
Internet Explorer's Internet Options screen.
- 50 -
Keep in mind that there is a difference between Anti-Spyware and AntiVirus programs. They are designed for two different threats and both
are needed in the quest for a secure computer. While your Anti-Virus
program may discover some of the more serious forms of Spyware, you
can’t rely on it to find everything. Anti-Spyware is necessary for the
removal of Adware, Spybots (automated Spyware programs) and
unwanted cookies.
Ad-Aware
Ad-Aware from LavaSoft was one of the first to introduce a removal
tool. Below you see a list of processes and objects running in the
background that were found after a scan, all are related to
Spyware/Adware or cookies.
Ad-Aware Scanning screen.
- 51 -
At the end of a scan, Ad-Aware will display the results (shown below).
It’s not uncommon for Ad-Aware to discover many objects – especially
on a first scan. If you’re curious and would like to know more about the
discovered objects, click on the “Category” tab – this will sort objects by
category. To find out more information about a particular object – rightclick on it and select “Item Details.” This will tell you the actual severity
of the object – it can be quite an eye-opening experience.
When you’re ready to remove the found items, right-click anywhere in
the results window and select “Select All Objects.” Next, click “Next” to
process the objects. This will add all objects to a quarantine file.
The reason these objects are not immediately deleted is just to make
sure removing them does not break one of your applications. I’ve never
seen this happen, but Ad-Aware takes a cautious approach. How often
should you run an Ad-Aware scan? At least once a week, probably
more often if you’re a heavy Internet user. Similar to an Anti-Virus
program, Ad-Aware uses a definition file. Clicking “Check for updates
now” on the main program window, as you would guess, checks for
updates. To be prudent, do this every time you start the program.
- 52 -
Ad-Aware Scan Results screen.
Ad-Aware is free for personal use. Here’s a list of download sites.
The Benefits of “Real-Time” Protection
The free version of Ad-Aware does not provide “real-time” protection.
This means that it will not prevent Adware/Spyware from getting on your
system – it will only discover objects during a system scan. This is not
so terrible as long as you run frequent scans. To entice you into a “set
and forget it” mode – Ad-Aware Plus adds a real-time monitoring
agent. The benefit, of course, is “always on” protection.
If you’re interested in this approach, I would recommend using Spy
Sweeper by Webroot. Not to discourage Ad-Aware in any way, in fact, I
know several people who run both the free version of Ad-Aware and
Spy Sweeper together for the most complete protection. This is a great
strategy. Just one thing you should know, sometimes Spy Sweeper
detects objects in Ad-Aware’s quarantine (and vice-versa), and this has
- 53 -
lead some to mistakenly think that Ad-Aware itself is Spyware. Rest
assured this is nonsense.
- 54 -
A Moment for Security Reflection …
We’ve covered a lot of material in these last few chapters, let’s just take
a moment to reflect on everything you’ve accomplished.
By installing a personal firewall, you now enjoy these benefits:
“Stealth mode” on the Internet, much dreaded port
scanners will not even know you’re there.
“Program Control,” programs cannot make outbound
connections without your permission.
Through a combination of Anti-Virus and Anti-Spyware programs, you’re
now protected from the following menaces:
Viruses
Worms
Trojans
Adware
Spyware
Please take a moment to congratulate yourself. If you didn’t have any
of these tools in place prior to reading this book, your security level, and
awareness have increased dramatically. Good job. This brings us to
Punch #4, Windows Security Settings.
- 55 -
Punch #4 – Windows Security Settings
In addition to your personal firewall, the settings on your computer may
very well be your first layer of security and therefore extremely
important. This section on locking down Windows is targeted for
Windows XP, but a lot of the principles described here can be applied to
previous versions of Windows.
Note: this is the most “hands on” chapter in this book. I know most
people don’t like to get their hands dirty with configuration settings.
Acknowledged. However, doing these simple steps will greatly increase
your computer security.
Creating A Password-Protected Log-on
Windows XP out of the box does not set up password-protected user
accounts and anyone walking by can log on to your computer. During
the install, Windows asks for a user name and it creates a user icon that
you click on, but a password is not configured at this point. On older
operating systems such as Windows 98, user logon security was not
available. Access to your computer only required a user to hit the power
switch. Did you ever have a “friend” who would see your computer and
assume it was OK to log on just because they knew how to operate it?
Well I did, and it was irritating to say the least.
Let’s take a look at the Windows XP users and passwords section in
“Control Panel.” You can get there by selecting “Control Panel” from the
“Start” menu. The layout of the “Start” menu may differ a little depending
- 56 -
on whether you have Windows XP Home version or Windows XP
Professional but they will include basically the same content. At this
point you want to select “User Accounts” where you can view, create,
edit or delete users. This is where you control how users log on to your
computer and what rights they have once logged on.
Windows XP Control Panel
Once you select “User Accounts” you will have the option of changing
an account, creating a new account, or changing the way users log on
and off. For this example you will click “User Accounts” and then
“change an account”, you have several options here, but for now we’re
- 57 -
interested in “create password”. You will need to select a password and
type it in twice to verify. Your account will now prompt you for this
password every time you log in. Congratulations, you have just taken a
major step toward a secure computer by eliminating access to anyone
walking by. This process should be repeated for each person using this
computer. A benefit to creating user accounts for everyone who logs on
to your computer is that Windows will now keep track of user
preferences such as favorite websites, default font size and type,
desktop wallpaper, screensavers and more.
A few password tips:
• When selecting a password make sure it does not exist in the
dictionary in any language.
• Try to include numbers.
• Include upper and lower case letters
• Stay away from obvious passwords (your name, birthday, etc.).
As an example, the password “MyCatsName334” is a lot more secure
than “password.”
TIP
Instead of using an account with Administrator access as your
general account, it’s highly recommended that you create a
general user account for daily use. This serves as a protection
against making inadvertent system changes (general users
don’t have sufficient access to do this). Finally, if your user
session is hijacked by someone, they’ll only be able to do
limited damage.
- 58 -
Creating A Password-Protected Screensaver
Another great way to protect your computer is to set a “passwordprotected” screen saver. If you’re pulled away from your computer, the
logon screen will automatically appear after a preset amount of time. To
set this, right-click on your desktop, select “properties”, and select the
“screen saver tab”. Once you choose the screen saver and time to wait,
click the button, “On resume, display Welcome screen” and then “OK”.
That’s it. Based on the example below, the screen saver will turn on
after 10 minutes of inactivity. Once a key is pressed or the mouse is
moved, the welcome screen will appear and ask the user for the
account password. In order to use this function, users must be
configured with passwords as described earlier in this section.
- 59 -
Setting a password protected screen saver.
TIP
To lock your Windows XP computer manually, just press the
Microsoft button (a.k.a. Windows key) and the letter “L” on your
keyboard. Most keyboards come with this button. The Microsoft
key is between Ctrl and Alt.
For those running Windows 2000, do Ctrl + Alt + Delete to lock
your workstation.
Creating Private Folders
If you have multiple users logging on to your computer or connecting to
it over a network, you may want to protect files and/or folders by making
them “private.” Note: this section requires that your user account(s)
has/have been established with passwords, as described earlier in this
section. When you make a folder “private,” you’re saying that only I (the
person logged on) can open this folder. Anyone else that tries to access
this folder will receive an “access denied” error message when trying to
view the data. Let’s look at how to make a folder private.
1. Double-click on “My Computer”.
2. Double-click the drive on which Windows XP is installed. (Usually
C:)
3. Double-click on the “Documents and Settings” folder.
4. Double-click on the folder labeled with your user name. Drill down
until you get to the folder you want to make private.
5. Right-click on the folder to be made private and choose
“Properties” from the menu.
- 60 -
6. Click on the “Sharing” tab and check the box next to “Make this
folder private”.
There you have it. Any other user that directly logs on to your computer
or connects over a network will not be able to access this folder.
Disable Unused Services
Windows XP has several “services” enabled by default. This means
that there are services running in the background ready to perform
tasks. They’re active without you doing anything other than installing
- 61 -
Windows. Hackers know about these services and are very good at
exploiting them. As a rule of thumb, you should not run any services on
your computer that you’re not using. A concept used in the security
world states “start with no services\access and turn them on as
needed.” This means that you start by turning everything off, and then
you can turn on individual services, when you need them. This helps to
ensure you don’t have anything running in the background that could be
exploited. The other benefit is that you’re not wasting computer
resources by running unused services.
Stop File and Print
The first service you should be concerned about is a Windows service
called “file and print” sharing. By default, your computer is set to act
like a server, which “serves” up files or other resources on your
computer. This is a common service exploited by hackers and worms.
Skip this section if you don’t connect your computer to a network,
including the Internet. Everyone else read on. ☺
To turn off this service you can just right-click on “My network places”
and select “Properties.” You will see the check box near the label “File
and printer sharing for Microsoft networks”. Uncheck this box.
- 62 -
Disable File and Print Sharing.
Disable IIS (Windows XP/2000 Professional Only)
The next unused service you should check for is IIS, which stands for
“Internet Information Services.” This enables your computer to act as a
web-server and once again creates an opportunity for someone to
exploit your computer. To check if this service is enabled, select Start,
Settings, Control Panel and click on “Add/Remove Programs.”
- 63 -
Remove Internet Information Services
If IIS is installed it will appear checked. Uncheck and click “Next” to
remove IIS. Unless you’re learning HTML programming, there’s
virtually no reason to run IIS on your home computer. As mentioned in
the Introduction Chapter, highly destructive worms such as Code Red
and Sasser exploited this service; you can see why this is an important
step. If you fall into that category of requiring this service on your home
computer – make sure you always run the latest Windows updates (I’ll
show you how to do this below).
Stop the Messenger Service
The next service of concern is the “messenger service.” It’s a Windows
service that receives network messages through the Alerter service.
- 64 -
Network administrators use this service to send broadcast messages
between computers such as “you will be disconnected,” or “get off the
system!” Windows and other software can use this service. One
example is the message you receive when finishing a print job. AntiVirus programs often use this service to send you notifications.
Important note: even though it sounds like it, this service has nothing to
do with MSN messenger chat. On a home computer, this service is not
needed. And guess what – using what’s called “Messenger Spam,”
hackers and Spammers found a way to exploit this service to send
Windows pop-up messages. Yes, it’s turned on by default.
Here's how to turn it off.
1. Click Start, Settings and then Control Panel.
2. Click “Performance and Maintenance”. (If you are in classic view
you can just click Administrative tools here).
3. Click “Administrative Tools”.
4. Double-click “Services”.
5. Double-click “Messenger”.
6. Change the start up type to “Disabled” as shown below. This will
prevent Windows from starting this service during your next
reboot.
7. Click the “Stop” button to immediately stop the currently running
service.
- 65 -
Messenger Service Properties Window.
Congratulations, your Messenger service is now disabled.
Windows Patches and Updates
When Microsoft releases a new version of Windows, all is good in the
world … until the problems surface. The problems, usually security
related, are normally discovered in one of two ways – Microsoft finds
them, or “others” discover these problems. Sometimes these “others”
notify Microsoft, and sometimes these “others” are people with
malicious intentions, and go about creating the next big virus or worm to
- 66 -
exploit their finding. In any case, when Microsoft knows of an issue in
Windows – they’re usually quick to create a fix for it. Anytime Microsoft
creates a fix, it’s available for download from their website. When
Microsoft gets enough of these fixes, they combine them and roll them
up into something called a “Service Pack.”
Microsoft makes it easy to update your computer, which means
connecting to the Microsoft website where it scans your system for
patches or updates, and then downloads and installs the ones you’re
missing. This procedure is really very easy, as a matter of fact, this can
be automated so you don’t even have to think about it. Note: updating
Windows is a mandatory step; many of the Windows security exploits
over the past few years would have been avoided if more people had
regularly updated their systems.
Windows Web Updates
If you are using Microsoft Internet Explorer as you browser, you can just
open it, click on “tools” and select “Windows Update.” Alternately you
can start Windows Web Update here. You will be connected to the
Microsoft website where it will scan your system and create a list of
patches and fixes. You will have the opportunity to read about and
install them. I recommend you just install all of them. If you have never
done this, or it’s been awhile since your last one, this would be a good
time to do that. Note: on a dial-up connection, please be aware this
could take some time to complete.
- 67 -
Microsoft's Windows Web Update.
Note: Internet Explorer (IE) must be used in order to run the Windows
Web update. Running a web browser other than IE is a great idea, but
you'll still need IE for this purpose. For the advanced user, Windows
updates and patches can be downloaded individually from Microsoft's
Download Center (even using non-Microsoft browsers). However,
updating automatically through Windows Update is still the preferred
method.
Automating Windows Updates
As I mentioned, you can have your computer automatically check and
download updates by right-clicking on “My Computer” and select the
“Automatic Updates” tab. From here, just check the box, “Keep my
- 68 -
computer up to date”. You have the option of scheduling the updates.
You also have a few options on how to download it. This is a great “set
it and forget it” option, especially if you know you’re not going to be
diligent about checking for updates.
Enabling Automatic Windows Updates in Windows XP.
One final, but very important point: Microsoft does not send out updates
and patches through email attachments. Hackers will send an email or
pop-up message supposedly from Microsoft claiming that there’s a new
security patch that needs to be installed. Microsoft will never do this;
in reality it’s a Trojan, virus or some other type of nasty Malware. The
- 69 -
point is to realize that the bad guys are out there, constantly coming up
with new and creative ways to break in to or exploit your computer.
Impersonating trusted sources like Microsoft is a common method of
attack for hackers. We examine this subject in more detail in our
“Online Identity Theft: Self-Defense 101” special report.
- 70 -
Download Summary
For your convenience, here’s a list of all tools we mention in the main
book and bonus materials.
Ad-Aware Adware/Spyware scanning and
removal tool. Free for personal
use.
AntiVir Free Anti-Virus program for
personal use.
Gibson Research Corporation Free security scans to check which
TCP/IP ports your computer is
exposing. Note: keep clicking on
“Shields Up,” and you’ll get to the
scanning page.
Spy Sweeper Adware/Spyware scanning and
removal tool, also adds “real-time”
monitoring to prevent Spyware
from getting on your computer.
Sygate Free Personal Firewall Excellent free personal firewall.
Sygate Personal Firewall Pro Full version of Sygate’s free
firewall.
Sygate Security Scan Free security scans to check which
TCP ports your computer is
exposing.
Virus hoaxes McAffe’s list of known virus
- 71 -
hoaxes.
VirusScan McAffe’s Anti-Virus program which
includes Email and Instant
Messaging protection.
Windows Web Update Microsoft’s website for
downloading updates and fixes for
Windows.
Zone Alarm Free personal firewall.
Zone Alarm Pro Full version of Zone Alarm’s free
firewall.
Bonus #1 – Online Identity Theft: Self-Defense 101
Browser check Check if your browser supports
SSL encryption features.
Earthlink Internet Service Provider with a
strong commitment to security.
Subscriber’s get the following free
services: email virus scanning,
Spyware and pop-up blockers.
ScamBlocker Earthlink’s browser toolbar to help
prevent Phishing scams, also
includes pop-up blocker and
Google search features. Currently
only works with Internet Explorer.
"Whois" lookup page “Whois” lookup used to check the
register of an Internet domain.
- 72 -
Bonus #2 – Email Security & Smart Strategies
Encrypt Program to create secure
encrypted email attachments.
Encrypt can create attachments
suitable for Windows, Macintosh
and Unix computers.
Secure Email Attachment (SEA) Free security tool to encrypt email
attachments (between Windows
users only).
Bonus #3 – Smart Strategies for Reducing Spam
Mailwasher Pro Excellent Spam filter that works
with every mail program.
Mailwasher Pro allows you to
examine your email on the server
before it’s downloaded to your
computer.
My Trash Mail Free service for creating
temporary disposable email
accounts.
Qurb Excellent Spam filter that tightly
integrates with Outlook and
Outlook Express.
Spam Gourmet Free service for creating
temporary disposable email
accounts.
- 73 -
Parting Thoughts
We worked very hard to make this Internet self-defense course not only
informative, but also enjoyable to read (and maybe even a little bit
entertaining).
While obviously there’s a strong emphasis on tools and the underlying
reasons you need them, it’s really your knowledge and security
awareness that will serve you best. If you followed the
recommendations in this book and the bonus material, we’re confident
in saying that you’re very well armed against current threats both on
and off the Internet.
Here’s to practicing safe computing.
All the best,
Doug & Kevin
P.S. We’re always trying to improve our product, and appreciate
feedback. If you found areas that could use improvement, please let us
know by sending an email to [email protected]
P.P.S. If you enjoyed this book and want to recommend it to others,
we’re cool with that. ☺
Please visit our Affiliate page to learn how
you can earn generous commissions on each referral.
P.P.P.S Any corrections or updates to our book will be posted here.
- 74 -
Recommended Reading
What’s the best kind of book? Thrillers? Mysteries? Biographies?
Lust stories? In our opinion, the best are the ones that entertain as well
as educate. All of these fall into that category. There are no sleepers
here. Enjoy.
"Cuckoo's Egg: Tracking a Spy Through the Maze of Computer
Espionage" by Clifford Stoll. This is the book that started it all! It’s
part thriller, part international intrigue – think Tom Clancy meets Michael
Crichton. This is Cliff Stoll’s gripping personal account of detecting and
chasing a hacker through cyberspace (before it was called that).
"The Art of Deception : Controlling the Human Element of
Security" by Kevin Mitnick. Kevin Mitnick is the world’s most famous
hacker (he was the inspiration for Mathew Broderick’s character in the
movie War Games. From the age of 17 Kevin’s spent nearly half of his
adult life either in prison or as a fugitive. Read this fascinating
examination of how he skillfully manipulated computer systems and
people.
"Secrets and Lies : Digital Security in a Networked World" by
Bruce Schneier. Bruce Schneier is a true security visionary with a
sense of humor to boot. Who would have thought that Star Wars and
Raiders of the Lost Ark could be used as examples and metaphors for
digital security? Bruce expertly explains that security is a not a product,
it’s a process, and technology alone is not the answer.
- 75 -

How to Secure Your Computer Using Free Tools and Smart Strategies

Transcription

Similar documents

love generation - Ryde Eastwood Leagues Club

capstone design teams - Mechanical Engineering

Ryan Adler Illusionist

View Coupon

McGuffey`s 3rd Reader - Eclectic Education Series

Steady Stewards - Celebrate City Living

About Ryan

Douglas Commons Douglas Commons

This ad - Humber College