How secure is your computer?
By Vishnu "Ramius" Mahmud
JAKARTA (JP): I was working an excel worksheet at my desk when Albert, the company's network God, looked up from his computer monitor.
"You better save it now, dude."
One look at Albert's mischievous face said it all. I immediately saved and made a quick backup of all my documents. When I was done, my computer froze; no keyboard input accepted, no cursor movement recognized. It just hung for no reason. By the way, Albert is also the company's network security expert.
What he did was actually very simple. He found a hacker program on the Internet called "Jolt" for his Linux box (computer running the Linux Operating System). All he did was download and run the program from his computer targeting mine within the internal corporate network. Almost immediately my computer crashed, forcing a cold reboot. It was that simple.
This and other hacking programs are available all over the Internet. These applications are designed by hackers to explore the various holes in operating system security or applications that were not properly closed (or found) by their creators. The rationale of these programs is twofold: to understand the workings of programs, computers or networks and to wreak havoc on anyone who may have offended them, the hacker elite.
According to Winn Schwartau, author of the book Cybershock, there are many types of hackers. There are the "Black Hats", who do the illegal things such as infiltrating company networks, obtaining passwords, changing or deleting entire web sites; the "White Hats", usually former Black Hats who no longer conduct unlawful activities, who focus on computer network security; and there are the "Script Kiddies" otherwise known as hacker wannabes.
It is this last category that is probably the most dangerous. These clueless hacker wannabes sometimes get access to powerful programs that can cause considerable damage. All they have to do is point and click or type in a command without knowing how the program really works or what it does. The end result sometimes backfires on them.
I love you
Much has been written about the "Melissa" and "I love you" viruses that spread around the world in hours. A coworker recently double-clicked an attachment in her e-mail hoping to see a cool "The Matrix" screensaver. Instead, the e-mail propagated itself, sending copies to everyone in her address book and overloading the e-mail server. It took six hours and a lot of cursing by the system administrator to get the server back online again.
So, how do you protect yourself from all this? Before you start to shout "Red Alert!" and raise shields, the chances of you, the home user, being targeted by a hacker are rather slim. The probability still exists but is small (it actually gets higher if you've ever insulted a nerd in your life!). For a corporation, the risk is higher since its website is more prominent and the address is public knowledge. Still, most corporate networks have adequate protection and system administrators to ensure their security.
How to protect your computer
It is better to be safe then sorry. So here are a few guidelines to ensure your computer is protected (or at least not easily hacked):
1. Install and keep updated an anti-virus program. There is usually a small cost involved (if not free) but it is a worthwhile investment. Make sure you have the latest data files for the anti-virus so that it can find the newest viruses that continuously spawn all around the globe. You can easily get McAfee Anti-virus (www.mcafee.com), Norton Anti-Virus (www.norton.com) and their data files off the net or from CD's in various Internet magazines.
2. Keep the anti-virus program running! Too many times I have seen people running Microsoft Word or Photoshop with their anti- virus program turned off. They justified it by saying that their computers slow down whenever the anti-virus is running in the background. Keep the program active and schedule your computer to periodically scan for viruses, preferably at the beginning or end of the day or whenever you receive e-mail.
3. Update your computer system. If you are using Windows 98, ME, NT or 2000, Microsoft (www.microsoft.com) occasionally issues security patches to plug any security holes (known as exploits in geek speak).
Mac and Linux users can rejoice for the moment since most viruses and hacker attacks are mainly targeted at the Windows operating system. That does not mean you can be less vigilant, however.
4. Never open e-mail attachments from strangers or even friends. Would you suck on a lollipop given to you from a stranger in Times Square? But too many people eagerly open a binary file in the hope of seeing a funny or naughty image. Scan them first with the anti-virus program and double check with your friend to make sure they really sent it to you. If it's not needed for business, I'm sure you can survive without viewing whatever "fun" thing that attachment was suppose to provide.
5. Be careful in downloading and installing software. You know Microsoft. You know Oracle (The second largest computer company in the world but number one in databases, which everyone on the net uses). But do you know ripyouoff.com? Always be wary of installing software from dubious sites (especially from sites that insist you install their program in order to view their library of "special" images). Sometimes anti-virus programs can't detect them and Trojan viruses can be embedded in the source code of an application.
These hidden programs can either activate a virus on a certain date, capture your password and other files to be transmitted to an outside e-mail account, disconnect you from your ISP and connect you to a foreign based service provider or provide a "back door" to your computer which can give full access of your computer to a complete stranger on the net. In short, it can be a rather nasty virus that you can unknowingly activate by installing from a download or e-mail attachment.
6. Don't go to strange web sites. This may be a ridiculous suggestion since the net offers a wide variety of sites for whatever hobby or interests. However, malicious hackers can use many methods from using JavaScript to browser cookies (see www.cookiecentral.com for more information) to dupe users into giving away information or actually grabbing information off your hard drive. The chances are slim for the moment, but with exploits and security holes being found daily, you may not want to take the chance.
7. Keep your passwords secure and long. Every time you log on to the Internet, office network or check your e-mail on the web, you use a password. Is it written down somewhere? How many characters is it? Is it based on a person or birthday? The most secure password should be a combination of upper and lower case letters with numbers and symbols (such as *, $ or @) tossed in as well. The longer the password the more unlikely it is for a hacker to crack your e-mail, excel file or Internet account. Their programs probably can do it but with the longer password with many different character sets, it could take them about 2000 years. It is easier to crack a password if it is "daisy" (you pet dog) than if it is "D@1sY". If your password is your birth date, a little social hacking (and dumpster diving - going through your trash) can easily reveal the code. You have been warned.
8. Install a personal firewall. If your computer is connected to the Internet constantly (cable modem or LAN) or never turned off, you may want to install a firewall. A firewall is a system or group of systems that enforces an access control policy between two networks (check out the Frequently Asked Questions for Firewalls at www.interhack.net/pubs/fwfaq).
It ensures that you and only you have complete control of your machine and allows traffic in and out according to specifications that you alone set. Black Ice (www.networkice.com) is one of many popular desktop firewall solutions that can log any attempt of access from an outside source and help trace its origins.
To get an idea on how secure your computer really is, check out SHIELDS UP! at www.grc.com. This site will safely scan a computer and inform the user what information their computer is giving away (from their I.P. number to which port is open to attack). It will then provide suggestions on what to do with the security vulnerabilities. The service is free and they do not save any information about you or your machine.
For more information about hacking and security, there are many sites you can go to. Slashdot.org (www.slashdot.org) is the bastion of the open source movement. You can get information about Linux and it's tools as well as discuss computers and networks in general.
Rootshell (www.rootshell.com) is a more security specific website where you can get information on exploits and patches. Neworder (www.neworder.box.sk) calls itself "the resource for people to help avoid being hacked, security and exploiting related files and links". All sites are updated daily (if not hourly) to ensure the latest information on computer security.
I recommend Winn Schwartau's book Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Disruption. It is written for the newbie in mind and explains in great detail the many dangers and glories of hackerdom. Check out also some fun movies like Sneakers, Hackers and Keannu Reeves' pre-Matrix hacker film Johnny Mnemonic that can give you insight on what all this hype is about.
Hacker wannabes beware: whatever you do in the name of knowledge and curiosity, make sure you do not upset other people. Despite the nature of the net, you can be located easily and only the elite ranks of hackers can appear and disappear without a trace. Learn what you can but Internet ethics calls for nondestructive education. Besides, the last thing you want is the wrath of hackerdom on your doorstep. (vmahmud@yahoo.com)