Protect your Computer

The Internet has become a war zone. You should take immediate steps to actively protect your computer and your property. Installing anti-virus software on your computer is a necessary first step but is by no means sufficient. To be safe, you must implement a multi-layer defense strategy. The table and discussion that follows lists the main current threats to your computer and what you can do to protect yourself against them.

Summary of the major current threats

What are IP addresses?

This introduction we hope will help you better understand the threats and defense discussions that follow.

Every computer on the Internet is assigned what is called an IP ("Internet Protocol") number. This number is the unique "address" of your computer in the global Internet. Almost all server computers, including those that host web sites, are assigned "permanent" IP addresses. When you surf to a particular URL, such as www.amazon.com, special computers called "name servers" translate this alphabetic URL to the "real" numeric IP address of the amazon.com main server (in this example, the corresponding IP address is 207.171.163.30).

Most client computers, such as your home computer, are assigned, usually by your Internet Service Provider (ISP), "temporary" IP addresses. The ISP is normally pre-assigned one or more "blocks" of these addresses from which they assign a temporary IP address to each of their customers as they log in to use until they log off. In case of a broadband connection, the IP address may be assigned for a limited period of time or until activity stops at night. Some ISPs, usually for an extra charge, offer a "fixed" IP address to some of their broadband and business customers.

Direct attack

Every computer has, as part of its software and microprocessor architecture, thousands of numbered access "ports" which are used by various services such as web surfing, e-mail, etc. and also by internal communication between software components. The danger here occurs when some of these ports are inadverdently left "open" to the Internet. Think of this as leaving the rear door to your house unlocked in a high crime area.

Intruders ("crackers") run software on computers which sequentially interrogate all IP addresses in a block to see if a computer is using a given address. They do this by a process called "pinging", which is to send a special probe message called a "ping" to the address and see if the address responds, which is the normal behavior. Once they find one such computer, they then run another software called "port scan" in an attempt to identify what ports if any are open to the Internet on the subject computer. Note that this "cracking" process is entirely automated and they can interrogate may thousands of IP addressess per hour.

Once they find an open port, the cracker will attempt to introduce a small software program through this port (sometimes called a "trojan horse") and run it on the subject computer. This malicious software installs itself on the subject computer, running in the background under a false name so the owner is not aware of its existence.

Depending on the cracker's objective, this software may, for example, log all the keystrokes on your keyboard and periodically report back to the cracker any credit card numbers and passwords that you may have typed, or may just keep the cracker aware of your current IP address so that he can make your computer, unbeknownst to you, take part in concentrated attacks on a target site (such as was recently done to the Microsoft.com and Whitehouse.gov computer sites).

DEFENSE

Check your vulnerability by making use of Steve Gibson's "Shields Up" free test utility. Go to www.grc.com and follow the links for "Shields Up".

If you are on a broadband connection, connected to the Internet at all times, you are particularly vulnerable. We highly recommend the use of a hardware router between you and the Internet. A router translates the IP address assigned by your ISP into one or more IP addresses which are only valid within your local network and are not visible from the Internet.

Look in your router manual and make sure you enable "Block WAN Request" (on Linksys routers) or whatever it is called in your unit. This will prevent your router from responding to any "ping" requests and effectively make the router and all the computers in your home network invisible to probes from the Internet.

If you get a wireless router or access point, be aware that you can also be attacked through the wireless port. Be sure to enable encryption on our wireless links (must be done at both ends of the each wireless link) and also enable the MAC filter function to only allow your own computers to connect wirelessly to the router or access point. Refer to your router or access point manual for more details.

If you are on a dialup connection you are still vulnerable. A recent survey done by PC Magazine reveals that the average time between connecting to the Internet and getting a port probe scanning for vulnerabilities is now only about 20 seconds.

In either case, broadband or dial-up, you should install a software firewall. Windows XP Service Pack 2 now has a firewall enabled by default, but we have read reports that this built-in firewall still leaves open certain ports for "enhanced functionality". We recommend Zone Alarm Pro which is the only firewall we are aware of that blocks unauthorized packets in both directions, from your computer to the Internet as well as the reverse.

"Phishing" scam

Read the FTC Consumer Alert

Read how to recognize a "phishing" e-mail message and where to report it at the Anti-Phishing Working Group.

This is cited as an example of what is now called "Social Engineering", using what looks like important "offical" communications from you bank or financial institution to deceive you into revealing private information such as account numbers, passwords, social security numbers, etc.

In its most current form you receive an official looking e-mail from your bank, financial institution or other organization in which you have an account, such as Pay Pal, e-Bay, department stores or manufacturers, telling you that there is a serious problem with your account and you must immediately verify you account information in order to re-establish access to your account. The message often tries to scare you by threatening that if you don't respond immediately your account will be cut off.

NEVER NEVER NEVER click anywhere on this page (the entire page is a trap)!

The way the scam works, when you click on this page, it takes you to a fake web site (usually outside the US) which is a replica of the real web site of the financial institution (the scam e-mail typically disguises the true destination by using numeric IP addresses or one that is made to look legitimate by including the institution's name in the first part of the address). When you log onto this fake page, using your real account number and password, you have just given the thieves what they need to access your real account and steal all your money.

DEFENSE

NEVER NEVER NEVER click anywhere on the e-mail!

If you got deceived by this scam contact your financial institution IMMEDIATELY and have them block access to your account.

If you are in doubt about the status of your account, call the Customer Service telephone number of your financial institution, or go DIRECTLY to their real web site (use your bookmarks, NEVER use any links in the scam e-mail!)

Fight back by forwarding the received e-mail, including all the routing headers, to the FTC phishing scam line at spam@uce.gov and also to the "scam" or "abuse" e-mail address of your financial institution (the larger ones now have an address such as "scam@citibank.com" or "abuse@citibank.com"). At the top of the forwarded e-mail you can ask "is this real or a scam?" You will probably get an interesting reply.

Some sophisiticated e-mail filters used by ISPs are now catching the phishing scam e-mails.

My favorite e-mail filter software, ChoiceMail One, will intercept e-mails where the body of the e-mail uses numeric IP addresses and it thus catches most phishing scam and other fake e-mails.

Hijacked Web Sites

A recent development is the hijacking of web sites of companies providing advertisement images to many popular web sites. These advertisements are modified to include a virus which can infect your computer just by visiting the site carrying the advertisement. The virus can infect your computer if you use some versions of the Internet Explorer web browser and does not affect computeers that contain the Service Pack 2 upgrade to the Windows XP® operating system.

DEFENSE

If you are running the Windows XP® operating system, be sure to install the Service Pack 2 upgrade, available free of charge from Microsoft, for increased security.

Since many of the recent attacks target the popular Internet Explorer browser, we recommend that you simply switch to another browser. We highly recommend the Open Source Mozilla Firefox, which is available for download free of charge from the link on the menu at the left of this page.

Web-Bots

Web-Bots are tiny invisible images embedded in commercial spam e-mails. These images are usually only 1x1 pixels (the minimum size) and may be transparent in color. When you view an e-mail containing a web-bot, the web-bot image is served by a dedicated server which captures the IP address of the computer. It thus serves to validate your e-mail address as a) active and b) perhaps interested in the subject of the e-mail since you viewed the message..

These Web-Bots would seem to serve a legitimate purpose for the advertiser, except that it contributes to the general spam problem by serving to generate lists of valid e-mail addresses. Particularly insidious is that you need not read the actual message, all you have to do is "preview" it with your e-mail software preview function (the feature that shows you the first few lines of received messages).

DEFENSE

My favorite e-mail filter software, ChoiceMail One, will let you preview messages while blocking ALL images in the message from being served. Thus you can look at the text while retaining your privacy. This is particularly important for messages that look "legitimate".

Spy-Ware

Read the FTC Consumer Alert

Some popular software unbeknownst to you will install "spy-ware" (sometimes called "ad-ware") on your computer. This software tracks the web sites you visit, the video and music files you download, or other personal information and periodically report back this data which is then sold to advertisers. An early instance of a major commercial multi-media player doing this was exposed by Steve Gibson of Gibson Research Corp. You can read about it on his web site. Steve developed an early package "Opt Out" (now obsolete) to scan and eliminate this type of software.

Some "spy-ware" has been developed for malicious uses and logs your typing on the keyboard to capture personal and financial information such as credit card numbers. It then periodically reports back this information to the thieves.

Since such "spy-ware" and "ad-ware" uses your computing resources, extreme cases have been reported where the performance of your computer is significantly affected when several of these programs are active in your computer.

DEFENSE

Two major free software packages are available to scan and eliminate such spy-ware from your computer:

SpyBot Search and Destroy, from Germany (available as "donorware" - free software, but they ask for voluntary donations)

Lavasoft's Ad-Aware, from Sweden (available in both a free version and a commercial version with enhanced features)

Ad-Aware SE (the commercial version) also includes a memory resident component which intercepts in real-time any attempts of installing "ad-ware" or "spy-ware" and also alerts you of any Windows Registry changes.

e-mail "spam"

"spam" (in lower case) refers to any unsolicited commercial offer or propaganda sent by e-mail to a large number of users.

Aside from being a nuisance, many "spam" e-mail messages are completely fraudulent offers. Usually these e-mail messages make attractive offers for getting-rich-quick, meeting attractive girls (or boys); or offering pornography, sexual enhancement drugs, discount drugs, gambling, discount software, low mortgage rates, low cost loans, etc., etc., etc. Others are disguised as "Important" notices from banks, stores and even government agencies (see the "Phishing" scam section above for one such example).

One of the most notorious offers of recent years is the "Nigerian Scam" where someone offers you a part of a large amount of money deposited in a bank, usually in Nigeria, or other parts of Africa, but more recently extending to Europe, the Pacific and other parts of the world.

The objective of all this spam is to get you to respond via e-mail or to visit a web site where they will offer you a participation in this "treasure". First you have to demonstrate your "good faith and character" by providing your financial account information, an amount of money or a credit card number as security. This rapidly leads to your account being drained, your money dissapearing, or your credit card being charged, without much hope of recovery.

"Genuine" spam is merely advertising e-mail offering you goods or services. Unfortunately there is a very thin line between a "genuine" offer and a fraudulent offer. IT IS BEST TO IGNORE ALL THESE OFFERS COMPLETELY.

Almost all e-mail "spam" will have a forged "From:" address (usually they do not want you to answer the e-mail, instead they want you to visit some web site). They also try to disguise the address of the web site that they want you to visit so it will not be obvious to you that it is probably an overseas web site. Sometimes they will only provide a numeric IP address for the web site, sometimes they will disguise the IP address by formatting it in a way readable by the computer but not by humans.

DEFENSE

My favorite e-mail filter software, ChoiceMail One, allows you to intercept all spam by using multiple mechanisms. ChoiceMail is provided with a number of filter rules to intercept suspect spam and hold it in a "junk mailbox" for inspection and disposition.

The e-mail filter rules provided by the manufacturer inspect the subject line and body of the message for occurence of typical spam words (you can add to the list), it also looks in the body for disguised IP addresses, for numeric IP addresses and also for IP addresses on a list of known spammers. The software looks for e-mails with malformed or disguised structure which attempt to bypass less sophisticated filters. It even detects when the sender adds random words to get around probabilistic "Bayesian" spam filters.

ChoiceMail treats as spam all e-mails that come from someone who is not in your list of approved senders (initially generated from your address book) and forces any new correspondents to go to a web site and visually copy a random number or word to prove that they are human and not a spam robot. The software has other essential features such as the ability to preview messages without requesting any images from servers. You can also set up a "black" list to block individual addresses or entire domains. All the filtering rules are customizable to you own preferences and you can create new rules as desired. Because of its complexity the software takes a bit of effort to set up all the features, but well worth the results.

Viruses and Trojan horses

Please visit our page on Viruses and Trojan Horses

| CubaGenWeb Home | Getting Started | Lookup | Queries | Sources | References | Links | Shop |

Copyright © 2007-2015 - Ed Elizondo
All Rights Reserved - Todos los Derechos Reservados