The Enemy Without
by Cheryl Brannan
As technologies advance, more and more home users are able to access inexpensive, faster connections through broadband: cable, ADSL and even satellite. The advantages are obvious--faster downloads, realistic streaming video and the ability to be on-line by simply turning on the computer.
It is the last of these that poses the most threat to the average home computer user. Is your computer protected or an open door?
If you think a virus checker is all you need, think again. Many times, access to broadband services makes your computer as vulnerable to hackers as a web server. Likewise, you need to take appropriate measures to secure your computer.
Jane didn't realize she was hacked until she looked over and saw her cursor moving on its own accord. Someone had gotten into her system and had taken control of her computer. Ron didn't know someone had accessed his system until his hard drive was erased and several weeks work was lost. Now he's wondering if someone found his online-banking records and if he is going to have to close his accounts just to be safe. Neither realized that anyone would be interested in accessing their personal computer.
The dangers of broadband
Broadband is different from a regular dial-up service because it is "always on". When you use a dial-up connection, you are assigned a "dynamic" IP address by your ISP (Internet Service Provider). An IP address is a number that identifies you, much like your home address identifies you when you send and receive mail at the post office. A dynamic IP address changes each time you log in, making illegal entry harder and less likely because you disconnect the service when you are finished. What makes cable or ADSL different is that you may be assigned your own IP number as a fixed IP address. This is why you can turn on the computer and connect to the Internet immediately. Unfortunately, that can leave you open to those who want to snoop through your files or destroy them.
Malicious hackers or the more correct term, crackers, have a number of tools they can use to attempt a break-in. One such program is called a sniffer, which acts like a burglar checking to see if a door is locked. Sniffers can be used for helping security personnel to find vulnerabilities or holes in their security, but they can also be used to report back to the cracker about any "unlocked doors" or, in this case, ports open for access on your computer. Also used by crackers are "Trojan horses." Just like the gift horse that defeated the city of Troy, trojans can infiltrate your computer through a benign-looking program or email attachment. Once inside they open ports for the cracker to exploit.
Computer security may seem daunting, but today's programs for the home are user-friendly and accomplish the task admirably at little or no cost.
Start with basic security
If you are just beginning to secure your system, start with basic necessities first. Make sure you update your operating system (OS) and browser with the latest security fixes. You should check with your OS maker or go to their website and search for security updates. When you get email, don't open attachments from an unknown sender and question the ones sent to you from friends. As was first seen with the I LOVE U virus, there are copycats that can infect one computer and then send themselves to everyone in the user's address book.
Of course, make sure your virus checker stays updated. Some virus checking programs let you schedule regular updates so you won't forget. Virus data should be updated at least weekly to stay current. For additional protection against trojans, a trojan cleaner such as "The Cleaner" by MooSoft will detect many more trojans than a virus checker alone.
Keep in mind that certain programs you use to connect to other computers, such as Napster, Gnutella, PC Anywhere or even ICQ can make your computer vulnerable, as they open ports to potential attack and some allow others access to your files. If you use such software, be sure you know how it works and what to do to maximize your protection. Password-protect your shared folders or turn them off altogether if you don't really need them. To see if you are vulnerable and where, pay a visit to Steve Gibson's site. His Shield's Up script will probe for vulnerabilities, report them to you and will tell you how to fix them step by step. A good check for Microsoft Internet Explorer users is at this site under the Internet Security section. This site will check your IE browser for security holes and let you know of any fixes or patches available. This is especially important since IE is now tied into the Windows computer operating system.
Firewalls for home use
For true protection with a fixed IP address or broadband connection, you will need a firewall. A firewall is a program that stands guard over what comes into your computer as well as what information goes out. A good firewall makes you invisible to malicious hackers. It's also interesting to see if any of your non-web applications are connecting surreptitiously when you go online. I discovered a program installed by my computer maker that was connecting every time I went on line. A graphic program I installed also did this when I opened it and was on-line. Neither of these programs let me know they were trying to "phone home," but my firewall did and I short-circuited their contact.
More firewalls for home use are finding their way to computer store shelves, including ones by the two top anti-virus checkers Network Associates (McAfee) and Symantec. Read comparisons such as this one from PCWorld, however, before you install anything, to decide which one best suits your needs. Two of the top firewall programs are Black Ice Defender ($40 USD and $20/year for update) and Zone Labs' Zone Alarm (free for personal use). Both are highly rated in several reviews and each has their pluses and minuses. A firewall should put your computer into "stealth mode," i.e., hide it from others or programs scanning for open ports. It should also alert you and log potential attacks including IP addresses for tracking. It should alert you if one of your programs is trying to connect to the outside. Ideally, it should tell you what type of attack is occurring to distinguish from false alarms, although no product is perfect at this. It should be flexible enough to set up which programs can access the net and allow you to lock out all traffic if you walk away or in an emergency. Another good feature is to be able to select which other computers or addresses can connect to your computer, such as those within a local network.
Keep in mind that a few programs, especially those that allow users to download files directly from another computer user, may not work from behind a firewall and you may or may not be able to configure it to do so. Also, don't panic the first time an alert comes up. Most of the contact alerts are harmless traffic or websites checking to see if you are still connected. That's why I prefer a log rather than pop up alert messages. If you use any software known as "adware" that carries advertising for the free use, you may find alerts going off frequently as the ad changes or refreshes. However, if your computer is hit with several alerts from the same address for an unknown reason, a little investigation is in order.
After all that, can you relax? Well, no. You have to remain aware of your system and vigilant to security updates and fixes. Crackers, like burglars, are using ever more sophisticated ways of getting into your computer, so you must make sure your "burglar alarm" remains up-to-date.
Computer security may seem daunting, but today's programs for the home are user-friendly and accomplish the task admirably at little or no cost. Nothing is impenetrable, but a little attention to security now can pay a dividend of letting you enjoy your broadband connection without the heartache of missing files or stolen personal information later.
© Cheryl Brannan. All rights reserved.
Cheryl Brannan is a web/database developer at an global oil services company. She has a degree in journalism and enjoys combining programming and writing into some fun projects. Cheryl's 'babies' consist of 3 dogs and 3 cats and she has had several articles on pet care published.
(Note: All the software and resources mentioned in this article apply to Windows only. For Mac OS security issues, the MacInTouch Security Resources page is a good place to start. - Ed.)
[an error occurred while processing this directive]