Indonesian Political, Business & Finance News

How secure is your computer?

| Source: JP

How secure is your computer?

By Vishnu "Ramius" Mahmud

JAKARTA (JP): I was working an excel worksheet at my desk when
Albert, the company's network God, looked up from his computer
monitor.

"You better save it now, dude."

One look at Albert's mischievous face said it all. I
immediately saved and made a quick backup of all my documents.
When I was done, my computer froze; no keyboard input accepted,
no cursor movement recognized. It just hung for no reason. By the
way, Albert is also the company's network security expert.

What he did was actually very simple. He found a hacker
program on the Internet called "Jolt" for his Linux box (computer
running the Linux Operating System). All he did was download and
run the program from his computer targeting mine within the
internal corporate network. Almost immediately my computer
crashed, forcing a cold reboot. It was that simple.

This and other hacking programs are available all over the
Internet. These applications are designed by hackers to explore
the various holes in operating system security or applications
that were not properly closed (or found) by their creators. The
rationale of these programs is twofold: to understand the
workings of programs, computers or networks and to wreak havoc on
anyone who may have offended them, the hacker elite.

According to Winn Schwartau, author of the book Cybershock,
there are many types of hackers. There are the "Black Hats", who
do the illegal things such as infiltrating company networks,
obtaining passwords, changing or deleting entire web sites; the
"White Hats", usually former Black Hats who no longer conduct
unlawful activities, who focus on computer network security; and
there are the "Script Kiddies" otherwise known as hacker
wannabes.

It is this last category that is probably the most dangerous.
These clueless hacker wannabes sometimes get access to powerful
programs that can cause considerable damage. All they have to do
is point and click or type in a command without knowing how the
program really works or what it does. The end result sometimes
backfires on them.

I love you

Much has been written about the "Melissa" and "I love you"
viruses that spread around the world in hours. A coworker
recently double-clicked an attachment in her e-mail hoping to see
a cool "The Matrix" screensaver. Instead, the e-mail propagated
itself, sending copies to everyone in her address book and
overloading the e-mail server. It took six hours and a lot of
cursing by the system administrator to get the server back online
again.

So, how do you protect yourself from all this? Before you
start to shout "Red Alert!" and raise shields, the chances of
you, the home user, being targeted by a hacker are rather slim.
The probability still exists but is small (it actually gets
higher if you've ever insulted a nerd in your life!). For a
corporation, the risk is higher since its website is more
prominent and the address is public knowledge. Still, most
corporate networks have adequate protection and system
administrators to ensure their security.

How to protect your computer

It is better to be safe then sorry. So here are a few
guidelines to ensure your computer is protected (or at least not
easily hacked):

1. Install and keep updated an anti-virus program. There is
usually a small cost involved (if not free) but it is a
worthwhile investment. Make sure you have the latest data files
for the anti-virus so that it can find the newest viruses that
continuously spawn all around the globe. You can easily
get McAfee Anti-virus (www.mcafee.com), Norton Anti-Virus
(www.norton.com) and their data files off the net or from CD's in
various Internet magazines.

2. Keep the anti-virus program running! Too many times I have
seen people running Microsoft Word or Photoshop with their anti-
virus program turned off. They justified it by saying that their
computers slow down whenever the anti-virus is running in the
background. Keep the program active and schedule your computer
to periodically scan for viruses, preferably at the beginning or
end of the day or whenever you receive e-mail.

3. Update your computer system. If you are using Windows 98, ME,
NT or 2000, Microsoft (www.microsoft.com) occasionally issues
security patches to plug any security holes (known as exploits in
geek speak).

Mac and Linux users can rejoice for the moment since most
viruses and hacker attacks are mainly targeted at the Windows
operating system. That does not mean you can be less vigilant,
however.

4. Never open e-mail attachments from strangers or even friends.
Would you suck on a lollipop given to you from a stranger in
Times Square? But too many people eagerly open a binary file in
the hope of seeing a funny or naughty image. Scan them first
with the anti-virus program and double check with your friend to
make sure they really sent it to you. If it's not needed for
business, I'm sure you can survive without viewing whatever "fun"
thing that attachment was suppose to provide.

5. Be careful in downloading and installing software. You know
Microsoft. You know Oracle (The second largest computer company
in the world but number one in databases, which everyone on the
net uses). But do you know ripyouoff.com? Always be wary of
installing software from dubious sites (especially from sites
that insist you install their program in order to view their
library of "special" images). Sometimes anti-virus programs can't
detect them and Trojan viruses can be embedded in the source code
of an application.

These hidden programs can either activate a virus on a certain
date, capture your password and other files to be transmitted to
an outside e-mail account, disconnect you from your ISP and
connect you to a foreign based service provider or provide a
"back door" to your computer which can give full access of your
computer to a complete stranger on the net. In short, it can be a
rather nasty virus that you can unknowingly activate by
installing from a download or e-mail attachment.

6. Don't go to strange web sites. This may be a ridiculous
suggestion since the net offers a wide variety of sites for
whatever hobby or interests. However, malicious hackers can use
many methods from using JavaScript to browser cookies (see
www.cookiecentral.com for more information) to dupe users into
giving away information or actually grabbing information off your
hard drive. The chances are slim for the moment, but with
exploits and security holes being found daily, you may not want
to take the chance.

7. Keep your passwords secure and long. Every time you log on to
the Internet, office network or check your e-mail on the web, you
use a password. Is it written down somewhere? How many
characters is it? Is it based on a person or birthday? The most
secure password should be a combination of upper and lower case
letters with numbers and symbols (such as *, $ or @) tossed in as
well. The longer the password the more unlikely it is for a
hacker to crack your e-mail, excel file or Internet account.
Their programs probably can do it but with the longer password
with many different character sets, it could take them about 2000
years. It is easier to crack a password if it is "daisy" (you pet
dog) than if it is "D@1sY". If your password is your birth date,
a little social hacking (and dumpster diving - going through your
trash) can easily reveal the code. You have been warned.

8. Install a personal firewall. If your computer is connected to
the Internet constantly (cable modem or LAN) or never turned off,
you may want to install a firewall. A firewall is a system or
group of systems that enforces an access control policy between
two networks (check out the Frequently Asked Questions for
Firewalls at www.interhack.net/pubs/fwfaq).

It ensures that you and only you have complete control of your
machine and allows traffic in and out according to specifications
that you alone set. Black Ice (www.networkice.com) is one of many
popular desktop firewall solutions that can log any attempt of
access from an outside source and help trace its origins.

To get an idea on how secure your computer really is, check
out SHIELDS UP! at www.grc.com. This site will safely scan a
computer and inform the user what information their computer is
giving away (from their I.P. number to which port is open to
attack). It will then provide suggestions on what to do with the
security vulnerabilities. The service is free and they do not
save any information about you or your machine.

For more information about hacking and security, there are
many sites you can go to. Slashdot.org (www.slashdot.org) is the
bastion of the open source movement. You can get information
about Linux and it's tools as well as discuss computers and
networks in general.

Rootshell (www.rootshell.com) is a more security specific
website where you can get information on exploits and patches.
Neworder (www.neworder.box.sk) calls itself "the resource for
people to help avoid being hacked, security and exploiting
related files and links". All sites are updated daily (if not
hourly) to ensure the latest information on computer security.

I recommend Winn Schwartau's book Cybershock: Surviving
Hackers, Phreakers, Identity Thieves, Internet Terrorists and
Weapons of Mass Disruption. It is written for the newbie in mind
and explains in great detail the many dangers and glories of
hackerdom. Check out also some fun movies like Sneakers, Hackers
and Keannu Reeves' pre-Matrix hacker film Johnny Mnemonic that
can give you insight on what all this hype is about.

Hacker wannabes beware: whatever you do in the name of
knowledge and curiosity, make sure you do not upset other people.
Despite the nature of the net, you can be located easily and only
the elite ranks of hackers can appear and disappear without a
trace. Learn what you can but Internet ethics calls for
nondestructive education. Besides, the last thing you want is
the wrath of hackerdom on your doorstep. (vmahmud@yahoo.com)

View JSON | Print