Our Opinion May 2002

Our Opinion Page for May 2002

Securing your Windows PC (Part 2)

Port Numbers

In dealing with remote security over the Internet, we come to what’s called port numbers. These are, in Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), a series of numerically assigned ports, which are used to connect a client or send data to and/or from a client to a server through different yet specific processes or services running on each port. For example, if a home computer wanted to connect with a university server through telnet, it would have to connect to port 23 of the university server, which is the default telnet port. If a client wanted to connect to a server via File Transfer Protocol (FTP) (port 21) to transfer files, the client would have to send a request to the server in which the server would verify which port the request is asking for and then connect the client to the requested port, which is port 21 of the university server.

The Internet Assigned Numbers Authority (IANA) holds a list of port numbers, their protocol, and what processes are running on them. If you wish to see the list, you can go here.

Firewalls

Firewalls are programs, which protect the resources of a private network from unauthorised entry by users of another network. All data flowing in and out of a network or your computer goes through the firewall. They can be both hardware and software and are used to block and regulate what data is acceptable and not acceptable for access through the ports of a computer network.

Some firewalls are made for packet filtering, which means they filter out what packets (data messages) are allowed to go through the firewall depending on a set of rules created by the user. Other firewalls, more notably called proxy servers, sit between you (or a network) and the Internet and filter all information through the proxy (also providing caching) along with providing protection for the LAN (Local Area Network) or your computer by hiding the computer’s Internet address from outsiders.

So why should you get a firewall anyway? Well, for one, you can go on the Internet and download really good ones now for home use for free! So now you don’t have any excuses not to get one to protect your computer while online. It also doesn’t matter what type of connection you have since a firewall can be used on anything from a slow 28.8k modem to the highest speeds available. Another reason is obviously for security. Unfortunately, the Internet has people on it who think they can do whatever they want without getting caught. These people like to go around and tamper with or break into other people’s computer systems. On Windows systems, port 139 (Netbios/file sharing port) is the main target by attackers who want to use programs to flood a connection offline or break into a computer if file sharing is turned on. A firewall is the first line of defence to stop these idiots from penetrating your system.

A firewall is a must for users of cable or DSL connections since these connections stay online 24/7 and are the most likely to be the main target of a computer break-in. Most cable and DSL connections also have a static IP addresses, which means your computer’s Internet address is always the same when you are online and never changes like a dynamic IP would. This means that the attacker would be able to find your computer online any day of the week if he/she felt that your computer was exploitable. Firewalls can add to the security of your computer greatly while online or on a network in that they will help block the ports that these attackers are trying to gain access to or exploit. Also, almost all of them come with logging capabilities that will log (by date, time, month, connection type, type of attack, attacker’s computer address, etc) anyone attempting to access the ports on your computer.

So you’re not sure which firewall to get but you would like one that is affordable, user friendly, and one of the best? Well I picked two of the free ones that I’ve tried and also the ones that seem to be the most popular…

Tiny Firewall 2.0.15 – A personal favourite of mine, which is why I use it. It is a free firewall that is easy to install and comes with local and remote administration access as well as logging capabilities. Easy/novice understanding of its configuration is needed. Advanced features include the ability to edit, add, and delete filter rules for one port, multiple ports, or a specific remote IP address/range. For more information on Tiny Firewall, including an online manual, visit its website at http://www.tinysoftware.com/.

Zone Alarm 2.6 – Zone Alarm is a free firewall, which extracts itself when you download it for easy installation. It’s made for people with little knowledge of networking. Zone Alarm comes with a configuration that’s real easy to understand and easy to configure. Two gauges on the side monitor incoming and outgoing activity. Logging includes a “Whois” function to identify unauthorised intruders. Has a stealth mode that makes your connection seem invisible to outsiders while online. A drawback is that it comes with some spyware that you can remove quickly by downloading the free program Ad-aware to fix that problem. For more information on Zone Alarm visit its website at http://www.zonealarm.com/.

Viruses

A virus is an artificial or man-made code or program that is made to secretly infect or attach itself to one’s computer by infecting executable files and important system files on your hard drive by replicating or copying itself which can use up your computer’s memory. Generally they are harmless but can also be a danger to the files on your computer depending on what they were programmed for.

Not all viruses are the same and only do the tasks that they were programmed to do. There are viruses that are only programmed to infect program files for the sole purpose of damaging them or interfering with the computer’s operations. Some viruses, called macro viruses, are programmed to infect applications such as Microsoft Word or Excel, executing itself each time the application is opened. Other viruses can infect the boot sector of floppy disk and hard drives which means that if the boot sector of a hard drive is infected then any floppy you put in it will be infected and if the boot sector of a floppy is infected then the floppy can infect the computer that you inserted the floppy into. Viruses called multipartite infect both the boot sectors of hard drives and floppies as well as program files. So how does one’s computer become infected with these viruses? Here are a few ways…

Common ways to catch a computer virus:

1. Through the exchange or use of infected floppy disks, CDs, Zip disks. Even if these items are brand-new are come straight from a trusted friend, they can still be unknowingly infected.

2. Downloading infected files from the Internet, especially third-party vendors. (If your going to download anything off the Internet, make sure the website is trustworthy and reputable)

3. Through e-mail attachments. (Make sure you scan the file with a virus scanner first before you open an attachment)

4. Be careful of double file extensions like “Songs.txt.exe” that are made to trick a person into thinking they are downloading a text file when they are really downloading a virus program.

5. Through file transfers while in chat sessions and instant messenger chats. (Never except strange downloads from a stranger, especially ones that end in .exe, .sys, .vbs, .zip)

So that was common ways on getting infected with a virus. Hopefully this next bit will make even less paranoid of viruses. Here are a few things that viruses cannot do…

Common virus misconceptions:

1. Viruses absolutely cannot harm your hardware or physical computer components. They can only harm the data inside. Also, a virus cannot blow up your processor or monitor, so for all you rookies, this is real life, not the movies, let’s not get crazy.

2. You cannot get a virus from reading your e-mail. You would need to execute an infected attachment to catch a virus. (Hotmail and Yahoo mail both run virus scans on attachments first before you can download the file.)

3. Computer viruses cannot run on your system until they are executed.

4. You can still get viruses from disks and CDs even if they are brand new so don’t think that just because you just bought it, doesn’t mean it won’t contain a virus.

5. Viruses are not alive. (Yes, some people actually believe or question this.) They are only programs doing what they were programmed to do.

So now the next question is, “How do I protect myself against these viruses?” For one, you can read over the steps we just went over to see how people can get infected, and secondly, you can download or buy yourself a virus scanner, which will keep watch on your computer (as long as its turned on) and warn/protect you from any files that you would receive that might contain a virus. They also can scan your system automatically (by a set schedule), and keep you informed of any knew virus definitions (list of new viruses found to scan your computer with) to make sure your system is virus free. The two top virus scanners out for Windows are Norton AntiVirus and McAfee.

It’s important to have a virus scanner on your computer since viruses are spawning faster than there are ways to stop them, even if you have to spend a little money. I guess you have to ask yourself, “How much is your data worth to you?”

Trojans

Derived from Greek legend in which the Greeks won the Trojan War by hiding in a large, hollowed out horse to gain entrance to the City of Troy, the computer version of a trojan will come off as (hidden inside of) a useful application such as a free screensaver or chat program, only to later display harmless messages, destroy files, or create a backdoor in your system for an intruder to gain access to your computer. A Trojan is not a virus because it does not replicate itself.

You can get a Trojan on your computer in many of the same ways you can get a virus, but one of the main purposes of the Trojan is for an intruder to access your computer remotely and even control it. You do not want one of these things on your system at all. If an attacker installs a Trojan on your computer by getting you to download some application, he/she can browse through your files and even your registry, format your hard drive, spy on you by viewing what you type on chats or instant messengers, spy on you through your webcam, listen to you talking through your own microphone, read your e-mail messages, etc. Basically, just about anything you can do on your computer locally, the attacker can do remotely.

The most notorious of these trojans are Back Orifice, SubSeven, and Netbus. The Internet is filled with immature little teenage boys who think they are hacking gurus because they can trick people into downloading one of these programs that they didn’t even create so that they can gain access to others computers. Online society has dubbed these people “script kiddies” because they use tools that were created by other people for malicious attacks. They have no comprehension on how to use these Trojans properly (even sometimes infecting themselves in the process), which makes them even more dangerous to your computer. So how do you know if you get infected with one? Here are a few symptoms…

Possible signs and symptoms due to Trojan infections:

1. Your CD-ROM door opening and closing by itself (classic sign).
2. Messages start popping up on your monitor screen that appear to be talking to you.
3. Your printer may print out strange messages on its own.
4. Your mouse pointer may start having a life of its own.
5. An unknown person starts typing in your instant message window when you are talking to a friend.
6. Anything weird and out of the ordinary that your Windows PC does (excluding the errors, screen freezes, and blue screens of death).

If you think you have a Trojan than you should turn off your computer. Once you sign on again (offline) you can find out if you have one by seeing if there are any common Trojan ports open by going to the DOS prompt and type in the command “netstat –a” (without the quotes). For a list of common Windows ports that Trojans run on, you can go here.

Even though Trojans aren’t viruses, antivirus companies still add them to their virus definitions to prevent Trojans and these people from exploiting other people’s computers without their knowledge. So it is always good to have a virus scanner running on your computer. There are also scanners designed for the sole purpose of finding and deleting Trojans from your system. The Cleaner and LockDown are two good ones that you can download for a free 30-day trial.

Denial of Service Attacks

A Denial of Service (DoS) attack occurs when a malicious person(s) sends another user or server a large amount of data for the sole purpose of disconnecting the connection from the Internet, slowing down or disabling their services, or crashing the remote system. DOS attacks are mainly just used to cause destruction from a single person or a group a people who wish to flood another person, websites, or servers of companies or organisations. To businesses, an attack on the company website could render the site unreachable for hours or more by its consumers which could cause the business to lose money or even damage the website servers.

A person-to-person (one person flooding another) attack would most likely occur on chat servers that support Internet Relay Chat (IRC). IRC is filled with people who like to use these attacks (called “nukes” on IRC) against others for fun, to kick people off the chat server out of anger, to harass someone, or to show others that they are “powerful”. The basic DOS attacks used on here consist of ping attacks (sending large ICMP packets to a host; also called Ping of Death) and SYN attacks.

The majority of Internet users who do use these attacks are teenage kids who don’t even know that it is illegal. Yes, that’s right boys and girls, illegal. To all those who do use DOS attacks (nukes or nukerz for the extremely lame), you should know that inflicting any harm to someone’s computer as well as tampering with it by remote flooding of any kind is illegal in the United States under the National Information Infrastructure Protection Act of 1996 and Computer Fraud and Abuse Act of 1986. If you are caught you could go to jail for a good amount of time as well as pay a hefty fine. I doubt using these attacks on people is worth all of that.

Protecting your computer from one of these attacks is not easy. People on dial-up are the easy targets since their connections are slower and more people nowadays use cable or DSL connections, which are much faster and can easily send more data to a host to slow it down, disconnect it, or crash it. The best way to protect yourself is to update your computer with the necessary patches and install a good firewall. This should protect you from a few of the attack tools that some attackers use online. For more information on the tools these attackers use and patches for them, visit http://www.irchelp.org/.

Checking Your Security

A good way to see if your computer is remotely secure is to run it through security tests. You can do these checks yourself or you can do it with the help of Internet security sites. Here are a few things you can do…

1. (For people with firewalls) Use a port scanner to scan your system and see if any of your ports are visible or open. If they are then make the necessary adjustments to your firewall rulesets. Also, anyone can test their system’s security by doing a quick security check test at ShieldsUp!, HackerWhacker, and Symantec Security Check. Those who don’t have firewalls can use these tests to see just how vulnerable you are.

2. Make sure that you scan your computer for viruses every 2 weeks and also make sure your virus scanner is updated with the latest virus definitions.

3. Use the Windows Update to download any necessary system patches or upgrades.

Conclusion

Finally finished. This sure took up a lot of my time. I hope you liked reading this as much as I liked putting it together for you and hopefully you found it useful and learned something new from it at the same time. Having read this, you now should have a better understanding on what to do to secure your Windows PC. Always remember that your security is what you make of it and with a little time, patience, and know-how, your Windows box can be a “hard target” for any intruder or attacker.

Until next month cya in cyberspace.