Computing isn’t what is used to be, especially if you use the Internet for looking up information, or to send and receive e-mail. Whilst users at institutions or companies are protected from computer viruses and hackers, many home users are vulnerable simply because they are unaware that someone has gained access to their machine.

They do this by secretly planting a small program on your machine which can:

• corrupt files,
• steal files and passwords,
• damage your computer,
• monitor your keyboard strokes,
• record your surfing habits,
• use your computer as a “zombie” in denial of service attacks,
• steal credit card and bank account details.
• they can also find out your interests and sell that information to other companies who will fill your mail box with junk mail.

How can you protect yourself?

It’s surprisingly easy, and it doesn’t have to cost much either. In fact, you can download all the protection you want from the Internet for free if you so wish.

VIRUSES

Viruses are usually sent by e-mail, although they can be picked up from an infected floppy disk or Website. It’s wise not to share floppy disks unless you are certain that it doesn’t contain a virus. E-mail viruses normally come as an attachment, and the golden rule is to never open an attachment unless you are quite certain that it is safe to do so. Even if you know the sender, don’t assume that he or she actually sent the mail to you in the first place. Most viruses propagate by sending themselves out to everybody in the address book of an infected computer. Your contact may have his or her address stored on dozens of other computers and would be completely unaware that the virus is using it.

If you receive an unsolicited e-mail which tempts you to visit an “unusual or interesting” website, there is every likelihood that it is no more than a ploy to infect you with a virus, so be warned!

Viruses can cause all sorts of problems. They can physically damage your computer by telling it to switch off the cooling fan, or completely format your hard disk causing you to lose everything you had stored on it. Some will corrupt files or send your files to all your contacts for them to see. Others obtain your personal details and use your credit cards. Many viruses are little more than nuisance value because they just flash words on your screen, but unfortunately the more malicious ones seem to be the most successful.

Beware of E-mails warning you of a virus and asking you to forward the warning to everybody in your address book. These are usually hoaxes and are no more than chain letters. To find out if you have received a hoax warning check: http://vil.mcafee.com/hoax.asp

USING ANTIVIRUS SOFTWARE

You can buy Antivirus software from any computer store, and it’s not expensive. My personal favourite is Norton’s 2002, but McAfee is also very good. Alternatively you can download AVG Free Antivirus Software from http://www.grisoft.com or http://www.grisoft.cz But remember, new and more dangerous viruses are being discovered all the time. So it’s important that you regularly update your antivirus program at least once a week (more often if possible) by downloading the latest virus definitions from its website.

A comprehensive list of the Anti-virus software available can be found at http://www.pc-pals.com/antivirus.php

SPYWARE

Spyware usually consists of small programs known as Trojans. They can be planted on your computer when you visit certain websites, or download shareware. Trojans conceal themselves inside programs and spy on your surfing habits, relaying information back to the website owners. At worst spyware can contain a keylogger which will record every word you type and send it to a cyber criminal living half way around the world. Often, spyware arrives in the form of a “cookie”which is a tiny data file that a website sends to your browser to store on your computer's hard drive for later retrieval. The stored data is then sent back to the website every time you visit that site. The data can contain information such as a user name and password, items you are purchasing, or other text information the Web site has been set up to ask you for. Not all cookies are spyware though. Many websites (e.g. PC-Pals) drop cookies onto your computer to help you browse their website faster by alerting you to any new additions since you lasted visited it.

Unfortunately, antivirus software doesn’t detect spyware, but there are several free downloads which will weed out these Trojans. One is Ad-Aware which can be obtained from http://www.lavasoftusa.com If you want a list of software which is known to be spyware look at http://www.spychecker.com You might then wish to consider whether you want to continue using it.

Whilst Ad-Aware will search your computer for spyware and remove it, it will not prevent the spyware being re-planted the next time you visit the website which planted it in the first place. This is easily solved by using Cookie Wall which alerts you to any new cookie (and therefore potential spyware) being sent to your computer. As explained earlier, some cookies are very useful, and Cookie Wall allows you to permanently accept them. However, it will always reject those cookies you have added to the delete list. Download free from http://www.pcmedixwebs.com/cookie_wall.htm

Another excellent SpyWare remover is SpyBot Search and Destroy, which is available free-of-charge from http://www.safer-networking.org

HACKERS

Once you are connected to the Internet your computer is wide open to attacks from hackers. Information passes in and out of your computer through “ports”, and anyone with sufficient knowledge can gain access through one of your computer's open ports. Hackers use scanner programs to search for vulnerable Internet users. Once they find a computer which allows them access, they can have full control of it if they wish to do so. They can access your files, passwords, bank accounts and personal details. They may choose to use your computer as a “zombie” to make Denial of Service(DOS) attacks on websites or Internet Service Providers. If you want to learn more about DOS attacks, look at https://grc.com/default.htm There is, however, a way of preventing hackers from getting information from your computer, and that is by installing a personal firewall. These can be purchased from computer stores, or downloaded for free. One of the best is Zone Alarm. http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zadb_zadown The basic version is free, but you can, if you wish, purchase Zone Alarm Pro which gives the same protection, but provides more information about the source of the attack. The vast majority of people use the free version because even if you know who is attempting to hack into your computer, there’s not really much you can do with the information.

If you want to check how vulnerable your computer is, click on Shields Up http://grc.com/x/ne.dll?bh0bkyd2 It’s a security site which will attempt a “friendly” hack, and will inform you if it has succeeded or failed. Firewalls only allow programs of your choice to access the Internet and will make your computer “invisible” to potential hackers by closing its ports. Another security site which will attempt a “friendly” hack and also perform a free virus check is http://security2.norton.com/ssc/home.asp?j=1&langid=us&venid=sym&plfid=23&pkj=NDQEORVWHFHMFNZMBBX Yet another useful site is http://www.pcflank.com which provides many differing simulated attacks with which to test your PC's defences.

A list of Personal Firewall software is available at http://www.pc.pals.com/firewall.php

SPAM

Anyone who has the misfortune of having their e-mail address posted on a website or newsgroup is in danger of receiving unsolicited junk mail, or “spam”. There are numerous ways of dealing with spam but my favourite is Mail Washer http://www.mailwasher.net/

MailWasher allows you to preview your mail before downloading it from your server and can be used with any mail client such as Outlook Express, Hotmail or Yahoo mail. This free download contains a set of filters which will warn you which mail contains spam. It can do this because 80% of all known spam is sent out using fictitious addresses, but from just 20 domains which it blacklists. If you wish, you can add other addresses or entire domains to that blacklist. You then have the choice of bouncing the mail back to its sender (giving the impression that your address it no longer valid), deleting mail from your server before its downloaded (useful if you suspect it contains a virus), or allowing Mail Washer to download your mail via Outlook Express, or other e-mail programs, such as IncrediMail, Eudora etc.

Should you wish for slightly more automatic detection of spam emails, consider using SpamPal from http://www.spampal.org/ This installs as an email "proxy" and filters out the spam before you download it.

HOME PAGE HIJACKING

This is a growing problem. You visit a website and your usual Homepage is hijacked by some website you have visited. Sometimes it’s easy to restore from Internet options, but more often than not, no mater how hard you try, each time you re-boot your computer the errant Homepage returns. Prevention is better than cure, and although it’s not particularly difficult to cure Homepage hijacking by editing the registry, Start Page Guard will prevent it happening in the first place. http://www.pjwalczak.com/spguard/index.php

WINDOWS UPDATES

Microsoft release frequent security patches for all editions of Windows and Internet Explorer. By clicking http://v4.windowsupdate.microsoft.com/en/default.asp will scan your computer and advise you of any security patches you should acquire. This is a free service.

UNPLUG AND PRAY

The Universal Plug and Play service (UPnP), which is installed and running in all versions of Windows XP — and may be loaded into Windows 98 and ME — essentially turns every one of those systems into a wide-open Internet server. This server listens for TCP connections on port 5000 and for UDP 'datagram' packets arriving on port 1900. This allows malicious hackers (or high-speed Internet worms) located anywhere in the world to scan for, and locate, individual Windows UPnP-equipped machines. Any vulnerabilities — known today or discovered tomorrow — can then be rapidly exploited. https://grc.com/unpnp/unpnp.htm

I would like to thank Adept, Bat69, Simon, Rodders and Sandra for fine tuning this article.

Further Reading

• Tech TV - Top 10 Ways to Fight Malicious Code

©2002-2004 Clive Down