Computer and Internet Security: Firewalls, Antiviral/Spyware Software and Other Solutions by Bud Stolker, Landmark Computer Laboratories, Inc.

---

--from SatireWire

If you really believe "ordinary people" don't need to be concerned about Internet security, then read no further. Do you think that, just because the Internet is a strange and complicated place, you don't need to know about it?

Wrong. You need to understand not only the Internet, but the social, legal, economic, and ethical issues it raises. If you believe -- as I do -- that our futures are inextricably tied to the twin technologies of personal computing and global networking, then take a moment to read on.

Analysts expect e-mail volume to increase 40-fold by 2005. Expect more spam, and expect more sophisticated attacks on your computer to arrive through your Internet connection. Every time you log on to retrieve your mail, you are, like it or not, putting your personal information and your computer's contents at risk.

Minimizing that risk is the topic of this Web page.

In the Twenty-first Century, the future belongs to the technologically hip. There's a lot to learn, and the Internet makes that easy. Follow the links below to find a wealth of information, most of it written by ordinary people who are experiencing change -- and learning how to deal with it -- along with the rest of us.

This page is neither comprehensive nor definitive. It is, quite simply, an attempt to stimulate you to learn more about life in a networked world.

Most programs mentioned here are available for free download from their respective publishers. There may be restrictions on their use; check their Web sites for details. I cannot vouch for their suitability in your particular situation, nor can I offer free technical support about configuring your computer.

The programs and techniques I mention are specific to Microsoft Windows-based computers. I make my living by working on Windows systems, and enjoy them for their unparalleled complexity. Interested Macintosh users will find their own ways of accomplishing my Windows-specific instructions. My company, Landmark Computer Labs, is a personal computer systems integrator. We are in the business of making people and their PCs more effective and more secure. (That's as much of a plug as you'll see here.)

Comments, tips, asides and links (on most browsers) are in blue. If you have corrections, updates, contrary views, or other useful contributions, contact me at landmark@landmark.org. I will keep these pages updated if there is sufficient interest.

-- Bud Stolker

When you connect to the Internet, you plug into a world-wide network of computers, institutions, companies, governments, and people. There are all kinds of companies, governments, and people out there. Most are good and benign and ethical. Some are not.

You and your computer are vulnerable to intrusions whenever you are on the Internet. If you shift from a dial-up connection to a full-time link such as cable or DSL, your vulnerability increases dramatically. Where once you were a moving target with a changing IP (Internet Protocol) address and an on-again, off-again relationship with the network, you now become a fixed target with a single, unchanging IP address that's always available.

Whether you are on an office network that connects to the Internet or just sitting at your home computer, it is possible -- indeed it is likely -- that someone will try to break into your computer.

In the three weeks or so since I was asked to put together this presentation, I have been tracking unauthorized intrusions to my personal computer. I have seen hundreds of attempts. They have come from locales as distant as Argentina, Australia, France, Italy, Korea, New Zealand, and Spain, and from places as mundane as Utah Valley State College in Orem, Utah and Clemson University in Anderson, SC.

My logs show that many attempted intrusions are sequential probes of my connection ports: sure signs of automatic scanner programs.

One of the most common classes of crackers is the college crowd. I get lots of probes from colleges, presumably by people with an interest in computer science (or with too much time on their hands). The nicest thing one can say is that they are exhibiting youthful exuberance. More likely, they are indulging their larcenous side.

Self-styled crackers do it, often for the sheer thrill of peering into someone's private files, sometimes for the high of harming a total stranger. Their automated software looks for unprotected computers on the Internet and probes them for vulnerabilities.

Companies interested in mining data from your computer also seek entry.

Professional programmer Steve Gibson asks the question, "Can anyone crawl into your computer while you're connected to the Internet? You may be VERY surprised to find out!" Gibson offers a free service called Shields UP! that lets you check your Internet vulnerability.

Webopedia defines a firewall as "a system designed to prevent unauthorized access to or from a private network." More detail.

A firewall can be a hardware device, but that is relatively expensive and difficult to configure. Software that monitors the Internet connection is generally sufficient unless you're on an office network.

Zone Labs' ZoneAlarm is free for personal and non-profit use, or $39.95 for the business/professional version. This is a software-only product that blocks unauthorized entry into your computer, and reports attempted intrusions. It can also cloak your machine so that it doesn't even show up on the Internet.

Detailed, illustrated explanation of firewalls by Vicomsoft.

eAmnesia.com's domain name reverse IP lookup offers a way to identify intruders logged by ZoneAlarm, though it is far from perfect. Depending on the particular intrusion, you can often find the owner of an IP address.

At its worst, spyware can be used to steal data from your computer. Perhaps the best-known example of spyware is Back Orifice, described below.

But not all spyware is written by hackers or crackers. Steve Gibson has found that major software companies such as RealNetworks and Netscape can monitor their users by sending a report of every file they download from anywhere on the Internet. In fact, Gibson declares that "Big Business may be SPYING on you through the Internet." His claims are well worth reading, and his findings may shock you.

Banner resides on the Fake Banner Ad Exchange

Cookies talking to banners? What kind of a world is this?

Have you ever wondered how those ubiquitous banner ads that clutter the Web seem to know your interests and Web surfing habits? Read about photography, and suddenly the ads are all about cameras. Surf to a Web site about Hawaii, and instantly airline discounters are all over your computer. Blunder into a porno site, and you are bombarded by sex ads.

You have been targeted by a simple form of computer spying. Many of the banners are served up by DoubleClick Inc., an Internet ad provider. DoubleClick places a cookie on your computer's hard disk to, in the company's words, "enhance (the) user's Web viewing experience."

Each time a Web page containing a DoubleClick banner ad is requested by your computer, DoubleClick retrieves and analyzes its resident cookie and bases the content of the next banner ad on that cookie's contents. Then DoubleClick reaches into your computer and updates the content of its cookie . . . without your knowledge or assent.

According to DoubleClick's opt-out page, "DoubleClick believes all users should have a positive Web experience. Because of this belief, we allow advertisers to control the frequency (the number of times) a Web user sees an ad banner. We also deliver advertising based on a user's interests if that user has chosen to receive targeted advertising. We believe that frequency control, and relevant content makes advertising on the Web less intrusive by ensuring that users are not bombarded with repeat and irrelevant ad messages."

There are good reasons for accepting and storing cookies on your system. The Web is a "stateless" environment; that is, one Web page doesn't know what you've told another Web page. If you are shopping, for example, you need to maintain your shopping list as you move from the "selection pages" to the "purchase pages." Cookies are useful for passing information from one Web page to another. But they can also be used to report on your browsing habits. Advertisers can also use cookie content to e-mail you additional ads.

More advanced techniques are on the horizon. According to CNet News, "Predictive Networks, a start-up based in Cambridge, Mass., is using artificial intelligence to map out the kind of person a consumer is and the kinds of ads he or she might want to see." (Sept. 26, 2000) Amazon.com has revamped its privacy policy, eliminating the "opt-out" feature and stating that customers will be bound by whatever version of the privacy policy is in effect at the time.

Want to see the cookies on your computer? Using Windows Explorer, navigate to C:\Windows\Cookies and view the list of files. Each file represents a cookie placed on your hard disk. Find out why Microsoft wants you to accept cookies. Learn more about Internet cookies at Cookie Central and Cookies Cache. SmartComputing tells you how to remove cookies from your system.

The :CueCat® reader by Digital:Convergence Corp. is a hand-held device similar to a mouse. It is being given away at Radio Shack stores, and Forbes magazine has passed it out with new subscriptions. Attached to a personal computer, it reads any product code (for example, UPC, EAN and ISBN) as well as Digital:Convergence’s unique printed "cues." Then it uses :CRQ(tm) software to convert cues into corresponding Web addresses.

This is a way for the user to get up-to-date information on a product. If I am interested in a Radio Shack telephone, for example, I can scan the bar code associated with it and go right to that product's Web page.

The :CRQ software also works with TV audio. Use the optional "convergence cable" between the TV and your computer, and programmers and advertisers can punch up Web addresses on your computer while you watch TV!

Voluntary, targeted marketing: in :CueCat retailers see a dream device!

But with every swipe of the Cat, your unique serial number is transmitted to powers that have the ability to link that number with your name, address, and demographics. This information can be used in ways you might not have anticipated. You unknowingly relinquish a layer of privacy, and someone else profits from that loss.

Digital:Convergence states the benefit succinctly for advertisers: "(Our) parallel mission is to gather demographic and psychographic information from our :CRQ users, subscribers, and :CueCat device users. Members develop a personal web history that can be culled to provide relevant content and define new special offers. Member histories can also help promote long-term usage of our technologies."

An interesting twist: Hackers around the country have dissected the :CueCat in an effort to keep it from transmitting a unique serial number back to Digital:Convergence with each bar code scanned. In so doing they have stumbled across an interesting legal issue: Digital:Convergence claims that the CueCat is only 'on loan' to the user, and that "you may not reverse engineer, disassemble, modify, rent, lease, loan, sublicense, or distribute the :CueCat reader." Despite this, the company has sent unsolicited units to users via the US Postal Service, and put the ownership information inside the shrink wrap. Can Digital:Convergence take the units back? Can they stop people from writing bar code software of their own design? Can they stop people from posting self-written source code on the Web? If the :CueCat lets them spy on us, are hackers not allowed to open up their unit and find out how the spying is accomplished in the privacy of their own homes?

Take a look at the amusingly threatening letter Digital Convergence has sent to hackers who are posting their own :CueCat software on the Web. Here's the Privacy Foundation's advisory on the :CueCat and a lucid rant about :CueCat and the loss of privacy it engenders.

:CueCat photo resides at Arizona Reporter on the Internet. Cue sample resides at Digital:Convergence's Web site.

In 1998 a group of cyber-pranksters named The Cult of the Dead Cow stunned the world with a stealth program named Back Orifice. (Back Orifice is a clever play on words. Read about Microsoft's BackOffice Server, which Back Orifice mocks with its elegance and sophistication.)

Using Back Orifice, a "cracker" anywhere on the global Internet can access your computer and do almost anything you can -- and some things you can't -- without arousing your suspicion.

According to the Cult:

Back Orifice is a remote administration system which allows a user to control a computer across . . . the internet. BO gives its user more control of the remote Windows machine than the person at the keyboard of the remote machine has.

BO is small, and entirely self installing. [It] can also be attached to any other windows executable which will run normally.

Once running, BO does not show up in the task list or close-program list. It runs automatically every time the computer is started. The filename that it runs as is configurable . . . and it's as easy to upgrade as uploading the new version and running it.

Back Orifice gives an intruder extraordinary control over your computer. It can . . .

• Log keystrokes.
• lockup or reboot the machine.
• Get detailed system information, including:
  • current user
  • screensaver password and other passwords, including those for dialups, web and network access
• Copy, rename, delete, view, and search files and directories.
• View all accessible network resources, all incoming and outgoing connections, list, create and delete network connections, list all exported resources and their passwords, create and delete exports.
• Control multimedia resources
• Capture screen shots
• Upload and download files
• Enable user to write his/her own plugins and execute code in the user's language of choice in a hidden system process.

Back Orifice is a trojan horse. It enters your computer masquerading as another program, and then it springs its ugly surprise.

Now The Cult of the Dead Cow has introduced Back Orifice 2000. Microsoft warns that hackers could use Back Orifice 2000 to control users' PCs. The Cult responds with a "moral justification" for releasing Back Orifice.

How to detect and remove Back Orifice. More on trojan horses: SANS (System Administration, Networking, and Security) Institute's list of port numbers used by well-known trojan horses.

Cult of the Dead Cow logo resides on its Web site.

First there was freeware and public domain software. Then came shareware. As personal computing became popular, software distribution methods grew easier and more sophisticated. Now the Internet has made adware popular.

So what if a program is constantly flashing advertisements at you? It's a small price to pay for software that never expires and never requires payment to the author. Adware is easy to download and easy to install . . . except for that harmless registration screen that you must fill out. Typically the installation process includes a friendly letter from the program author pointing out the benefits of ad-supported software.

What you don't know is that behind the scenes, some adware programs load additional software that can report on you and your computer to someone . . . somewhere.

Take Radiate.com, for example: a prime distributor of adware. In 1996 Radiate was an Internet startup with three college kids at the helm. Now it has offices in New York, London, Dublin, and Silicon Valley, and boasts of "28 million consumers using its 500+ software products with 100,000 new members joining the network each day."

Radiate's strategy is simple: Give software developers a pre-built mechanism for incorporating ads in their programs, and kick back some of the revenues to them. "Just drag and drop (our advertising technology) into your application, it's that easy. Then watch the dollars roll in."

But note that Radiate can target ads based on usage habits and user-supplied demographics. So while you think you're giving a program author some basic information on who you are and what kind of software you like, you're actually feeding Radiate's demographic database. Here's a four-screen sequence on how Radiate software captures demographics and targets ads to users.

BinaryBliss.com: Web site featuring Radiate software.

Since I've started hunting for adware on client's computers (and my own), I have noted that Radiate's software pops up frequently.

It's possible to fight fire with fire. I have located a free program by Lavasoft, a German firm, that helps ferret out spy software that may be lurking in your PC. Using Lavasoft's Ad-Aware on my home computer, I was shocked to find 43 occurrences of spyware in my files! Ad-Aware removed them, but I have a feeling they'll sneak back.

There's a place in my software library for adware. I use a couple of ad-enabled programs frequently to diagnose problems on clients' computers. I like one disk space analyzer program that has extremely bad manners: It tries to connect to the Internet the moment it is successfully installed. Tactless and tacky, but it's a terrific tool.

I always uninstall such programs when I'm finished, then use Ad-Aware to fully excise the rogue software. (If you uninstall the adware, the application program you originally downloaded will no longer work!)

I highly recommend downloading and running Ad-Aware. It's small and devastatingly effective. And the Lavasoft Web site is kind of cute and quirky.

Computer viruses are increasing exponentially. According to Symantec Corporation, a major name in computer security, in1986 there was one known computer virus. By 1990, viruses were appearing at the rate of one per week. Today, between 10 and 15 new viruses appear every day.

While diskettes were formerly the primary source of virus infection, according to ICSA.net, a private computer security firm, infections that spread through e-mail attachments -- the source of macro viruses -- are now the biggest problem. Diskettes are still the common carrier for boot-sector viruses.

We are keeping quite busy killing viruses for clients. Virus attacks make the front page, and with good reason. They destroy productivity and waste money. We can often fix the damage, but watching victims cope with their loss is not pleasant. I've seen businesses lose weeks of work because some punk kid in Silicon Valley learned how to download a virus construction kit from the Internet. (Here's an outdated list of such kits).

The Landmark Web has several pages about virus protection, an e-mail scam that fooled me, and links to virus information.

More material: From Symantec's Antivirus Research Center: The low-down on viruses and worms. eHow's How to protect a computer from viruses: one of many such pages on the Web.

Download a 30-day evaluation copy of Proland Software's Protector Plus Antivirus Software. This outstanding software originates in Bangalore, India, the heart of the subcontinent's software industry. Protector Plus is easy to download, install, and uninstall, and I find that it works where the better-known programs fail.

• First and foremost, get a good virus protection program and keep it up to date! Norton Antivirus 2000 is a particularly aggressive program that will attempt to download new virus definitions at least once a month. Virus protection programs are intrusive and annoying, but they are a necessary evil.
• Get a firewall, too, even if you are a casual Internet user. It's important (but only if your data and your time are valuable).
• Back up your computer frequently to ensure continuity in the face of a killer attack.
• Think twice before sending personal data to strangers. Growing up in West Philadelphia, I learned not to give suspicious strangers the time (or spare change, or cigarettes) just because they asked. The cyberworld requires similar caution. Be careful with your name and e-mail address, not to mention more sensitive information. The Anonymizer is a wonderful tool for keeping your Web experience a private one.
• Don't open unsolicited e-mail attachments. Heard of the Love Bug? 'Nuff said.
• Read the newspaper and read the Web. Internet privacy issues are on everyone's radar screen, and the issues are important to all of us. More resources are available on the Web; thousands of Web pages are devoted to these topics.

There is more, much more. Intelligent people should consider Internet research an essential skill, and I invite you to use the Web as your personal informant. The more you know about the risks you face, the better equipped you will be to ride the wave of change.

As you surf the Internet, be sure to check this page and the Landmark Web from time to time, too, for updated information.

Let's share information. We're all in this together.

url: http://www.landmark.org/security/index.html. Version 2.0. Last update: 4-16-2001.

To top of page
To Landmark Computer Laboratories home page