the online zone
 

Computer privacy matters to everyone - lock up now!

4: Home security - in depth fixes

The fix - in depth 1

NOTE: the tips here assume you've worked your way through the quick fix page on Internet security. Without doubt, if you are unsure about anything outlined on these next two "in depth" pages, you should leave it. Install the malware scanners I suggest, certainly, but in the case of Icesword read the suggested help pages before doing anything to disable services or processes.
 

A flaw in Windows has been inherited from Windows 3.1, an operating system which was never intended to have an Internet connection. It means that all files and printers on your computer are available to share with anyone who has access to its network. This was fine when the "network" was your local office LAN, but if the "network" is the World Wide Web... So you need to disable the sharing. It may sound like a lot to do if you read through the instructions, but once you start it is really very quick to see what's on and what's off. I believe that Microsoft set XP to a default "no share" for files and printers, but it won't harm to check.

Windows 95/98/ME:
You need to locate your "Networks" panel. Click on Start, then Settings, then Control Panel, then Networks. You may or may not get a message asking if you want to continue; if so, just say "OK". You should see an item called File & Print Sharing. This may be greyed out - in this case, leave it. If not, click it. Uncheck everything that comes up in the next window and click Ok when done. You've just disabled the direct ability to share files with others, which is a good security move.

Return to the Network panel. Look on the list in the top half of the window for something called Microsoft Client or similar (it has differing names in different versions of Windows). If it's there, click it once to highlight it and then click the "Remove" button.

You will probably see one, perhaps two or more, entries with a green icon next to them. One will probably say "Dial-Up Adaptor" if your computer has a dial-up modem installed. Click on this so it is highlighted and then click "Properties" on the middle right. It should display a box with some tabs on the top. Click on the tab that says "Bindings". Uncheck everything except "TCP/IP" by clicking off the checks (if you have AOL, it may also say AOL TCP/IP - leave this as it is). If TCP/IP is the only thing there (or there is nothing there) then you don't have to change anything and you can just click "OK". Repeat this step for any other adapters (entries with green icon).

You should be back in the Networks screen. Look for anything called "TCP/IP ... Adaptor" (just like you did above). They have an icon that looks like a "Y" (it's intended to look like a power cord with a plug). With these, repeat the above steps that you did with the green icon adaptors.

Finally, look for a tab that says NetBIOS. Click it. Look for a box that says "I want to enable NetBIOS over TCP/IP." If it is checked, uncheck it. Then click OK when done. Do this for any other TCP/IP... something Adaptors you may have, if there are any more. OK your way out of the boxes, and if you get a yellow warning asking if you really want to change the Network setting, answer YES.

Windows XP:
You must be logged in as an administrator to do this. Go to the Control Panel as in the instructions above. The icon here is called "Network Connections" (or "Network and Internet Connections"); click it, and you'll see either your dial-up connection or a "Local Area Connection" icon if you're on DSL or cable. In either case, right-click the icon and choose "Properties."



A new box will open - scroll through the entries until you see "File and Printer Sharing for Microsoft Networks." Uncheck the box next to it (a little computer icon).

Now scroll down to the "Internet Protocol" entry in this same window. Highlight it, then click "Properties." Down at the bottom of this box you'll notice an "Advanced" button. Click it and a box called, unsurprisingly, "Advanced TCP/IP Settings" will pop up. You'll notice tabs along the top of this box. Select the "WINS" tab. If you are not using a DHCP server to give you an IP address (check with your ISP if you don't know), check the box "Disable NetBIOS over TCP/IP." (If you are using DHCP, leave it at the "default" setting. DHCP assigns you a dynamic IP address from your ISP.) OK your way out of everything again, and field any warnings you might get.

When you have done all this you may have to re-start your computer before the settings take effect. What will you notice? Nothing - nothing at all! Yet your previously wide-open access is now plugged, and you've climbed a valuable extra step up the security ladder. If you want to install a home network you'll have to reverse these settings, but normally the Network card installation program will do it all for you.
 

Ad-Aware, which I introduced on the previous page, has been around for a long time, and is still an effective spyware tool. "Spybot Search and Destroy" is also an old regular and a good addition to your tool-kit; it will often find spyware on your system that Ad-Aware has missed (and vice-versa). Download Spybot Search and Destroy here - it's 3.5MB in size and free (naturally). Also at this link is a users' forum where you can post any questions you may have about using Spybot S+D. Just don't forget, once it's installed, that it's only as good as its last spyware database update, so update it regularly - this goes for Ad-Aware, too!

When I ran Spybot on some computers in an Indian Internet cafe early in 2004 I found a whole mass of spyware installed on each and every one. Some had about ten instances, others more than thirty. Amongst others: All-in-one telecom, Comload, hosts redirect, an Active-X dialler (to a porn site), DyFuCA, Gator, Money Tree, Proliveration, Rapid Blaster, TIBs, V Loading, Web Dialler, and eGroup, plus the ubiquitous Alexa toolbar. This is the screen-shot I made from one of the worst affected computers (and you can't see all of the list because it scrolls):



And on the subject of spyware removers, you might be surprised to hear that there are other so-called removers (either free or shareware) which do nothing to help you. Some are just useless at removing malware on your computer, others actually install spyware themselves. The ultimate Trojan horse, I suppose. Be warned: look at this list and see if your sweet removal tool is up there.
 

In the struggle against spyware programs, trojans, backdoors, bots, worms, diallers and keyloggers getting onto your computer, to rely on a single piece of detection software is actually to bask in uninformed ignorance. One or two scanners like Ad-Aware plus Spybot Search and Destroy would have sufficed in the early years of this decade (then most anti-virus programs had their definitions updated only every week or less, whereas daily, or even hourly, updates are normal today). 2006 was a record year for known infections, and the unknown ones were probably even more prevalent. Mark Sunner, chief security analyst at MessageLabs told the World Economic Forum in Davos about heightened botnet activity. He said that around the turn of the year (2006-7), security experts had been watching one botnet, called Spam Thru, which not only had its own antivirus protection to clear other botnets off its "patch," but also had the potential to be 10 times more productive than most other botnets while evading detection because of built-in defences. He expected the amount of spam sent to ramp up sharply through 2007, similar to how it had surged in the last quarter of 2006.

It has been said that if a scanner finds one item of malware on your machine, your are probably infected with at least three more, undetected items. Botnet (see the definitions earlier) operators want their tiny control applications to run smoothly and silently on your machine - for this reason, they are now specifically tooled to avoid detection, using a variety of cloaking techniques.

A-Squared is a scanner that's been rated "excellent" by many computer magazine editors, and comes in two versions - paid and free. Naturally, you'll want the free one, which is nonetheless a full-featured application for scanning and removal which lacks only resident protection feature of the paid version. Download A-Squared here: go down the page to "a-squared Free 2.1."

This is the main screen of A-Squared:

Check for updates regularly - both the definitions files and the application itself are updated every few days - by clicking "Update now." When you do a scan of your machine, depending on the level of scan you select and the speed of your computer, you may have to wait quite a while for it to finish, then any results will be presented in the "diagnosis" window. Once the scan has halted you'll be able to see the source of the problem and do something about removing it, as shown in the results window here.

Icesword is perhaps the most geeky tool to present here. Its function is to scan your PC for rootkits, which are processes concealed from the normal operation of the system (the files, network connections, memory addresses, or registry entries of the software are hidden to the operator of the machine, so you won't see a rootkit process by using the CTL+ALT+DEL task manager trick) and which may be spying on you entering passwords, for example. Presently, only a small amount of malware runs as a rootkit. However, we must expect the number of rootkit infections to increase significantly in the coming months, given the ingenuity and speed of adaptation of the online criminal community.

Icesword was written by a Chinese programmer, and is a potent tool, extremely effective at diagnosing rootkits. In fact, a challenge was issued to hackers to design a rootkit which would be undetectable by Icesword. So far, no-one has succeeded. Icesword is another free download from either here or here.

The main screen has a menu at the left where you can start the various checks and processes. The main problem in using Icesword has been that English language documentation was hard to find (the program itself is in English, so there's no problem there), and translating the results of its tests needs detailed understanding, or you'll misinterpret harmless kernel-mode processes as bad ones, and start pulling the operating system of your computer to pieces. However, some fine people have written good directions for using this powerful piece of software, allowing you to make informed decisions about the results it presents.
 

Still using Internet Explorer to browse the Internet? If you have updated it to the latest version and increased the security setting as I explained on the previous pages, then it's not a bad choice. The problem arises within the MS culture which spawned it: denying that there is any security hole in IE until it has been patently proved otherwise - then MS belatedly issues a patch. So the security updates of Internet Explorer are always lagging way behind what is attacking it in the wild. As it's the most popular browser (over 90%) on the Web, hackers will naturally target it. IE incorporates the technology known as ActiveX, which, if running, may permit rogue sites to install toolbars, change your search page and other unrequested treats.



You might want to try something from the opposition. No, not Netscape - that's feeble, if not pretty much dead and buried. Many people now use Mozilla Firefox and think it's great - the last visitor figures to this site show that nearly a quarter of users had some version of the Firefox browser. Even after the introduction of Microsoft's Internet Explorer version 7, Firefox users continue to increase. Firefox is open-source program code, so programmers can work on it to keep it as secure as possible - there's nothing hidden behind locked doors in Redmond. It's also free, very customisable in both appearance and function, and (I think) fun. Firefox has been acclaimed by many PC magazines as a secure and stable alternative to Internet Explorer. Firefox (currently at version 2.0) is a 4.7MB download for Windows, Linux and Mac OSX available here. You can happily have it in the same stable as Internet Explorer, then you can choose if you want one or the other.

Once you have Firefox installed, take a few moments to increase its security setting, like you did with IE:

Click on Tools, then Options. Select the "Privacy" icon at the top, then select the History tab below. In the History menu, enter 1 in the days box. This keeps the history of pages you visited to a single day.
 
Select the Forms tab. Uncheck Save information I enter... You don't want all your private information retained.

Select the Passwords tab. Unless you absolutely need it, make sure the box called Remember passwords is unchecked.

Now click on the Cookies tab. Check Allow sites to set cookies and for the originating website only. I have my Firefox set to ask me every time a site wants to set a new cookie, but it takes some time of clicking dialogue boxes to build up a database of sites you will accept and reject cookies from. Easiest is to select until I close Firefox from the drop-down list, then every cookie on your system is erased when you close the program.

Finally, select the tab labelled Cache. Set the Use up to number to zero for best privacy protection, or to no more than 5000kB.

The newest Firefox builds will automatically download and then notify you of updates needing to be installed. If you don't want updates to be downloaded automatically - say you are on a dialup Internet connection - you should click the "Advanced" icon on the Options menu and then select Ask me what I want to do under the When updates to Firefox are found. This way, you will still get information about important updates (important, as Firefox is still vulnerable to virus writers,  and hackers, and updates will keep you ahead of them), but your Internet connection will not be used to download them until you say.

Click OK when done. That's it!
 

Opera had tabbed browsing when Mozilla wasn't even Firefox or Phoenix. It's another free browser, from Norway this time, and with some intriguing features. Although the newest Internet Explorer (version 8) does this as well now, Opera was the first browser which could zoom an entire page, pictures not just text, at the twirl of a mouse wheel. The latest version incorporates a Bit Torrent application to download large files, a very neat thumbnail preview which pops up over each open tab, and per-site blocking of irritating cookies or graphics. If you are considering whether to change from Internet Explorer (perhaps, as a user or Windows 95/98/ME/2000 you cannot upgrade to IE7, or you think the Fisher-Price blocky tab buttons in Microsoft's product suck) you should definitely try Opera. Your night at the Opera might turn into a lifetime! Download it here.

At this point, I expect you'll let out an involuntary groan when I introduce another anti-spyware product. Yet Spyware Blaster is different from either Ad-Aware, Spybot, or A-Squared. It prevents the installation of many nasties before they can infect you - it places "kill bits" in the system registry to block malware from modifying that entry. ActiveX-based spyware, adware, browser hijackers, diallers, and other potentially unwanted pests are blocked in Internet Explorer and Mozilla/Firefox. Spyware Blaster will restrict the actions of potentially dangerous sites in Internet Explorer. It is a useful tool in this age of online deceit and exploitation. Get it  here.

 

We have seen how software firewalls can protect your computer both from external attacks on the Internet and applications up to no good on the inside of it. Software firewalls are good up to a point, but as is often stressed, you need to adopt a layered approach to security. This is especially important if you are always connected to the Internet (for example by DSL, ISDN or cable modem) and if you leave your computer switched on for a lot each day. Just a peep at your firewall's log will show you how many scans and attacks are happening when you're online. Most of these are automated scans looking for vulnerabilities, many are just "Internet background noise." For sure, though, there are a lot of scanners out there trying to penetrate the defences you have.

One of the best investments for broadband, always-on Internet connections is a NAT router. If you came all this way from page one, you'll have read how I likened a NAT (network address translation) router to a guard at the front desk in a busy office complex. Only this person has the list of actual rooms where people the visitors want to see are situated. A visitor has been told to see Ms Brown in Room 1002; the security guard has a table showing that Room 1002 is really Room B18, and will redirect them. Another visitor wishes to meet Mr Black in Room 1029, and the guard redirects them to Room B36. The NAT router hides your computer's address and translates inbound and outbound packets to an address understood by the Internet outside. You plug your computer into the router's "output," (LAN, or local area network), and your broadband Internet connection goes to the router's "input" (WAN or wide area network) Why can't a hacker just find the LAN address behind the router and use it? This range of IP addresses (typically 192.168.0.0 to 192.168.255.255) is reserved for private networks and filtered at all ISPs, so they can never be used on the Internet in the wild.

NAT routers cost around $50/€50, and have the added advantage that they allow you to connect more than one computer to a broadband outlet (often, your ISP will limit you to one computer by recording the machine address of your network card, a router can "clone" this machine address and appear to the ISP as a single computer, while connecting to four or eight machines on its output!).

Some notes: the NAT scheme itself provides protection, but try to look for a router that features an inbuilt firewall using something called stateful packet inspection. These routers offer the highest levels of protection. Nearly all offer DHCP (a method of auto-configuring the computer's connection) but check to be sure. Another possible extra is an inbuilt print server: this is great if you connect more than one computer to the router and want to use a single printer for them. Just be aware that whatever  level of protection a router offers, it doesn't usually monitor outbound traffic. So keep that software firewall (I recommend Comodo or PC Tools Firewall Plus) going as well!

Once you have come this far, check again at one of the online testing sites (Hackerwhacker is the most comprehensive - their first test is free, after that you'll need to sign up with them) and see just how little of your presence (open ports, services, computer name...) you reveal now. I wish you secure and happy computing!