The Dummy's Guide to Computer Security (Revision 1)
By Brent M. This document used with express permission.
You can contact Brent on AIM (NilKemoryaX), on YIM (nil_kemorya), or by Email ([email protected])
Introduction
Because of the intense amount of technical illiteracy that I've seen on another forum and in chat, I've decided that more than a few people on these forums could use a basic how-to on protecting their computer. Because of the amount of enemies that my position here has made me, I've learned a thing or two about computer security in the past few years. I'm going to try and share this knowledge, on a level that your average, computer-literate user should be able to understand.
If at any time there are any questions regarding what I've left here, feel free to ask away. If I don't know the answer off the top of my head, I can probably find it somewhere. If you absolutely need an answer to your questions, your best bet would be to contact Wes in the Adminstrative and Technical support forums. Note: Do not send me a private message on the forums; It will not expedite you getting help.
The most important thing to understand about computer security is that it is a field that is in constant motion. To stay completely on top of the world of computer security is not an easy task, but there are corporations who pay top Dollar to gather individuals for that very reason. However, you probably don't have access to the time or funding of these individuals - you're just an average computer user who wants to be able to use the Internet without fear of the various bogey-men who seem to dwell under every rock and around every corner.
If this is the case, then this is your guide. A preface will explain to you the dynamics of computer security, as well as the basic fundamentals that you must keep in mind when working with the three areas of computer security that I will explain afterwards. These three sections are Intrusion Countermeasures (commonly referred to as IC or ICe), Anti-Viral Warfare, and Spyware.
Overview
As I mentioned above, the computer defense world is one of the busiest parts of computer sciences in general. The Internet is rife with people who are constantly working to cause harm to other users, whether for profit or personal satisfaction. Likewise, there are countless software engineers who work around the clock to foil these malicious users and their creations. They do so through through either creating patches or stand-alone programs that shore up the vulnerabilities of common programs, usually operating systems.
Many people fail to take advantage of the work of these engineers, though, and they are generally the ones who end up suffering the worst. "But I only go online to check my email, and to say hello to relatives - how could I possibly be at risk?" and the like are common excuses that many people use to psychologically justify avoiding the problem all together. Coincedentally, putting their head into the sand just means they don't see somebody stealing their credit card information from underneath their nose. If you have a connection to the Internet, you are at risk from the moment you connect forward.
Therefore, the golden rule of computer security is that you must accept that your computer is at risk whenever you are online, regardless of what you are doing.
Almost as dangerous as the head-in-the-sand approach to computer security is the false sense of comfort people take in applying protection to their computer. Many people think that an anti-viral program is a magical shield that will make their computer invincible to all known threats on the Internet, when in reality, it's only covering one third of the computer defense picture - and that's only when it's updated. In order for computer defense to prove effective, you must address all three aspects of computer security on a regular basis. The three aspects of computer security are:
Therefore, the silver rule of computer security is to update, update, and UPDATE. Just installing the software and running it won't help you - you need to make sure that your defenses are tuned to the latest threats out there. The most important updating that you will ever do, however, is the Windows Update. When new vulnerabilities are found in Windows, Microsoft can usually be expected to have released the necessary patches within hours. By keeping your operating system updated, despite the chore that it poses, you can help to keep yourself one step ahead of malicious users.
And so, having covered the basics, we can move on to the specifics for the three areas of computer security.
Intrusion Countermeasures
When a malicious user has a specific computer or network in mind, the easiest way to attack the target is to create a connection with the computer or server in question, and either issue it illegal commands, or insert malicious software to do the dirty work in the malicious hacker's absence. In order to do either, the hacker first obtains the target's IP address, and then uses a port-scanner on that particular IP address to determine which ports that computer is accepting traffic through.
IP addresses serve as a computer's fingerprint on the Internet. Each computer, barring alteration, possesses a unique identification number which is broken down into four groups of three numbers known as "octets". These addresses tend to look a little something like this: 255.255.255.255 Port addresses, meanwhile, can take on any range of numbers. Internet Explorer typically uses port 80 to communicate with the Internet, while most email programs (such as Outlook Express) utilize port 25.
Firewalls are programs that watch over the traffic coming and going from these ports, and block connections and commands from reaching your computer, based on a reference file telling it what transmissions are commonly associated with illicit activities. They also allow users to restrict which ports are available for traffic. Many corporations and government offices use firewalls to restrict connections to port 80 and 25 only, which prevents the use of instant messaging software and other "unproductive" programs.
Many firewalls also come with an added form of protection known as "Application Protection". These programs determine what programs are normally allowed to communicate with the network by taking a snapshot of your registry and labeling it "Reference". Programs not on the reference list which attempt to connect to the network are frozen in mid-process, and can either be granted or rejected access to the network by the user through a Yes/No prompt which is generated.
Like other protection programs, firewalls need to be updated regularly. If you're short on cash, you can always download a free copy of ZoneAlarm. It's free to use, and comes with a basic form of application protection for your use. BlackICE is another popular firewall program that features many useful functions including application protection. Unlike ZoneAlarm, BlackICE is not free, but features a very easy-to-use interface combined with a powerful engine.
Once you've acquired a firewall, you simply need to configure the settings to your preferred level of security, and the program will run in the background (i.e. your system tray). You can set most firewalls to alert you to any illicit activity they block, and to set up logfiles of such occurrences that can be used to pursue legal action against malicious hackers, should you feel the desire to do so.
Anti-Viral Warfare
Of all the security devices known to the Internet, the anti-viral program is probably the best-known and most widely used. This is at once a good thing and a bad thing, as many computer-illiterate users install these on their home computers expecting total immunity to the threats out there on the Internet. Largely, this comes from the fact that many computer users do not know the difference between the various threats to their computer, and lump them all into the "virus" category. Granted, many forms of computer attack come in the form of self-propagating scripts, but that's only a fraction of the picture.
Viruses and worms are very similar in nature, in that they self-propogate themselves through computer networks from host to host. The difference between the two, however, lies in transmission medium. A virus is a program that lies latent within another program, and relies on this program to deliver it into each new host. Viruses are most commonly transmitted via email, in the form of attachments that infect a computer when opened. Worms, meanwhile, have a much more sinister intelligence about them. Worms run as stand-alone scripts, and maneuver themselves through computer networks on their own programming. You don't even need to run an infected program to catch a worm. Both can have disastrous effects, ranging from simple annoyance to the causing your computer hardware itself physical damage.
Trojans are the more unusual variant of malicious coding, however. These come disguised as innocuous programs, sometimes even games, but carry a payload of malicious coding - a clever play on the idea of the Trojan Horse. How are Trojans different from viruses, then? When a Trojan is activated, it inserts a code that does not attempt to self-propagate or cause any immediate harm to your computer. Rather, it creates an open communications port on your computer that a malicious hacker can access using the companion program that comes with most Trojans. These companion programs allow a user to scan a range of IP addresses for computers affected with their corresponding Trojan, and give the hacker a means to bypass a firewall and connect to your computer directly. The programs usually feature simply graphical interfaces that work much like Windows Explorer, and allow users to control your computer as if it were their own.
These programs are notoriously difficult to get rid of without the proper software, although it's not impossible. However, for the technically illiterate among us, there are programs to help. Grisoft has a free anti-viral program for download called AVG. AVG also has a more powerful commercial version which you can try free for thirty days. There are also the more popular commercial versions, such as Symantec's Norton Internet Security suite and McAfee Security Software. If you decide to go with a commercial anti-virus, be prepared to pay for the service anually.
Once you've chosen a software bundle, install it and immediately run whatever updater it came packaged with. Once you've updated your program, disconnect your computer from the Internet and perform a comprehensive, in-depth scan of your entire computer. Remove any infected files you find, and allow the program to continue running in the background. Make sure you configure any automatic protection options, such as automatic email scanning, that you want to run.
Spyware Removal
Because of the fact that spyware has been in the news of late, this problem is perhaps the most well-known and easily-countered problems out there - but this makes it no less dangerous. Rather, spyware is some of the most dangerous material that can be found on your computer. Spyware acts as a miniature version of a Trojan Horse, sitting in your computer mining all sorts of valuable information about not only your computer, but about you as well. Spyware can transmit anything from your system schematics to your credit-card number to various Internet companies who then distribute said information to people who really don't need it. All this is done without your permission.
Along with Spyware, there are a number of items known as "Ad-ware". Rather than mine your personal information, these scripts integrate themselves into your Internet browser and generate large numbers of pop-up ads whenever you're actively surfing the Web. Ad-ware is a major source of the bane of everybody's existence - the pop-up ad. While pop-up blockers such as the one found in Windows XP Service Pack 2 and the Google Toolbar can deal with a large number of these pop-ups, it is no less important to use a Spyware removal tool to keep these files from amassing on your computer.
Last, but certainly not least, are a group of scripts known as "hijackers". Though technically a form of Ad-ware, hijackers get special mention because of the fact that they not only alter your Internet browser settings, but also make changes to your system registry as well. Hijackers like to change the default starting page of your Internet browser, as well as redirecting your browsing to a third-party search engine. Most spyware removers can stop the progress of these files once they work their way into your computer, but only one program that I know of can prevent this sort of thing from happening. This program is called "Tea Timer", and comes bundled with the Spybot Search & Destroy program. When activated, this program alerts you whenever a registry value is about to be changed, allowing you to deny the changes. It also safeguards your Internet browser by locking many of the settings that hijackers commonly change.
Because of the sudden discovery of spyware, a number of programs exist to help you remove said programs. LavaSoft has released Ad-Aware 6.0, a free program that you can use to periodically scan your computer for said programs. There are premium versions of the software as well, each custom-tailored to run on different types of machines. SpyBot Search & Destroy is another program which has been released free to the public. The program is free, although the creators accept donations to help cover development costs.
It is good to have a spyware removal program on your computer, but even better to have multiples. There are spyware files which are recognized by some programs, but ignored by others. Having multiple removal programs helps overlap your protection and make sure that you get all the files in one swoop. When running your spyware removal suites, the first thing you'll want to do is update both programs to current date. Once both have been updated, disconnect your computer from the Internet and allow both programs to run in-depth scans of your entire computer. Remove any spyware that you find. If your programs come with immunization features (these help prevent spyware from ever reaching your computer), then by all means make sure that it is configured and active before you reconnect your computer to the Internet.
A Special Note on ActiveX Controls:
Also, with the release of Service Pack 2 a new threat vector for malware has been addressed - the ActiveX control. Many websites try to force your computer to download ActiveX controls that install malware on your computer. It's my recommendation that most users should disable ActiveX controls in their browser completely.
Conclusion:
If you follow these simple steps, you'll make your computer a very hard target for hackers to penetrate. While no defenses will ever make your computer impenetrable, you can make your computer highly resistant to damage from malicious users. Malicious users are more likely to pass over well-defended computers to find easier targets on which to prey, so it pays to be the hardest target you can possibly be.
Remember - the threat does exist. Be prepared.
By Brent M. This document used with express permission.
You can contact Brent on AIM (NilKemoryaX), on YIM (nil_kemorya), or by Email ([email protected])
Introduction
Because of the intense amount of technical illiteracy that I've seen on another forum and in chat, I've decided that more than a few people on these forums could use a basic how-to on protecting their computer. Because of the amount of enemies that my position here has made me, I've learned a thing or two about computer security in the past few years. I'm going to try and share this knowledge, on a level that your average, computer-literate user should be able to understand.
If at any time there are any questions regarding what I've left here, feel free to ask away. If I don't know the answer off the top of my head, I can probably find it somewhere. If you absolutely need an answer to your questions, your best bet would be to contact Wes in the Adminstrative and Technical support forums. Note: Do not send me a private message on the forums; It will not expedite you getting help.
The most important thing to understand about computer security is that it is a field that is in constant motion. To stay completely on top of the world of computer security is not an easy task, but there are corporations who pay top Dollar to gather individuals for that very reason. However, you probably don't have access to the time or funding of these individuals - you're just an average computer user who wants to be able to use the Internet without fear of the various bogey-men who seem to dwell under every rock and around every corner.
If this is the case, then this is your guide. A preface will explain to you the dynamics of computer security, as well as the basic fundamentals that you must keep in mind when working with the three areas of computer security that I will explain afterwards. These three sections are Intrusion Countermeasures (commonly referred to as IC or ICe), Anti-Viral Warfare, and Spyware.
Overview
As I mentioned above, the computer defense world is one of the busiest parts of computer sciences in general. The Internet is rife with people who are constantly working to cause harm to other users, whether for profit or personal satisfaction. Likewise, there are countless software engineers who work around the clock to foil these malicious users and their creations. They do so through through either creating patches or stand-alone programs that shore up the vulnerabilities of common programs, usually operating systems.
Many people fail to take advantage of the work of these engineers, though, and they are generally the ones who end up suffering the worst. "But I only go online to check my email, and to say hello to relatives - how could I possibly be at risk?" and the like are common excuses that many people use to psychologically justify avoiding the problem all together. Coincedentally, putting their head into the sand just means they don't see somebody stealing their credit card information from underneath their nose. If you have a connection to the Internet, you are at risk from the moment you connect forward.
Therefore, the golden rule of computer security is that you must accept that your computer is at risk whenever you are online, regardless of what you are doing.
Almost as dangerous as the head-in-the-sand approach to computer security is the false sense of comfort people take in applying protection to their computer. Many people think that an anti-viral program is a magical shield that will make their computer invincible to all known threats on the Internet, when in reality, it's only covering one third of the computer defense picture - and that's only when it's updated. In order for computer defense to prove effective, you must address all three aspects of computer security on a regular basis. The three aspects of computer security are:
- Intrusion Countermeasures (IC or ICe): This field of computer security deals with keeping unauthorized users from connecting to your computer, and deals with programs referred to as FIREWALLS.
Anti-Viral Warfare: More than just viruses, this section also deals with worms, trojans, and other malicious scripts which propagate from computer to computer autonomously, and deals with programs reffered to as ANTI-VIRALS.
Spyware Removal: Considered by many to be the least dangerous of the three, spyware can actually prove to be the straw that breaks the camel's back. Spyware consists of programs installed to a user's computer without permission for the sole purpose of mining information from that system and returning it to a central database. This section deals primarily with programs referred to as SPYWARE REMOVERS.
Therefore, the silver rule of computer security is to update, update, and UPDATE. Just installing the software and running it won't help you - you need to make sure that your defenses are tuned to the latest threats out there. The most important updating that you will ever do, however, is the Windows Update. When new vulnerabilities are found in Windows, Microsoft can usually be expected to have released the necessary patches within hours. By keeping your operating system updated, despite the chore that it poses, you can help to keep yourself one step ahead of malicious users.
And so, having covered the basics, we can move on to the specifics for the three areas of computer security.
Intrusion Countermeasures
When a malicious user has a specific computer or network in mind, the easiest way to attack the target is to create a connection with the computer or server in question, and either issue it illegal commands, or insert malicious software to do the dirty work in the malicious hacker's absence. In order to do either, the hacker first obtains the target's IP address, and then uses a port-scanner on that particular IP address to determine which ports that computer is accepting traffic through.
IP addresses serve as a computer's fingerprint on the Internet. Each computer, barring alteration, possesses a unique identification number which is broken down into four groups of three numbers known as "octets". These addresses tend to look a little something like this: 255.255.255.255 Port addresses, meanwhile, can take on any range of numbers. Internet Explorer typically uses port 80 to communicate with the Internet, while most email programs (such as Outlook Express) utilize port 25.
Firewalls are programs that watch over the traffic coming and going from these ports, and block connections and commands from reaching your computer, based on a reference file telling it what transmissions are commonly associated with illicit activities. They also allow users to restrict which ports are available for traffic. Many corporations and government offices use firewalls to restrict connections to port 80 and 25 only, which prevents the use of instant messaging software and other "unproductive" programs.
Many firewalls also come with an added form of protection known as "Application Protection". These programs determine what programs are normally allowed to communicate with the network by taking a snapshot of your registry and labeling it "Reference". Programs not on the reference list which attempt to connect to the network are frozen in mid-process, and can either be granted or rejected access to the network by the user through a Yes/No prompt which is generated.
Like other protection programs, firewalls need to be updated regularly. If you're short on cash, you can always download a free copy of ZoneAlarm. It's free to use, and comes with a basic form of application protection for your use. BlackICE is another popular firewall program that features many useful functions including application protection. Unlike ZoneAlarm, BlackICE is not free, but features a very easy-to-use interface combined with a powerful engine.
Once you've acquired a firewall, you simply need to configure the settings to your preferred level of security, and the program will run in the background (i.e. your system tray). You can set most firewalls to alert you to any illicit activity they block, and to set up logfiles of such occurrences that can be used to pursue legal action against malicious hackers, should you feel the desire to do so.
Anti-Viral Warfare
Of all the security devices known to the Internet, the anti-viral program is probably the best-known and most widely used. This is at once a good thing and a bad thing, as many computer-illiterate users install these on their home computers expecting total immunity to the threats out there on the Internet. Largely, this comes from the fact that many computer users do not know the difference between the various threats to their computer, and lump them all into the "virus" category. Granted, many forms of computer attack come in the form of self-propagating scripts, but that's only a fraction of the picture.
Viruses and worms are very similar in nature, in that they self-propogate themselves through computer networks from host to host. The difference between the two, however, lies in transmission medium. A virus is a program that lies latent within another program, and relies on this program to deliver it into each new host. Viruses are most commonly transmitted via email, in the form of attachments that infect a computer when opened. Worms, meanwhile, have a much more sinister intelligence about them. Worms run as stand-alone scripts, and maneuver themselves through computer networks on their own programming. You don't even need to run an infected program to catch a worm. Both can have disastrous effects, ranging from simple annoyance to the causing your computer hardware itself physical damage.
Trojans are the more unusual variant of malicious coding, however. These come disguised as innocuous programs, sometimes even games, but carry a payload of malicious coding - a clever play on the idea of the Trojan Horse. How are Trojans different from viruses, then? When a Trojan is activated, it inserts a code that does not attempt to self-propagate or cause any immediate harm to your computer. Rather, it creates an open communications port on your computer that a malicious hacker can access using the companion program that comes with most Trojans. These companion programs allow a user to scan a range of IP addresses for computers affected with their corresponding Trojan, and give the hacker a means to bypass a firewall and connect to your computer directly. The programs usually feature simply graphical interfaces that work much like Windows Explorer, and allow users to control your computer as if it were their own.
These programs are notoriously difficult to get rid of without the proper software, although it's not impossible. However, for the technically illiterate among us, there are programs to help. Grisoft has a free anti-viral program for download called AVG. AVG also has a more powerful commercial version which you can try free for thirty days. There are also the more popular commercial versions, such as Symantec's Norton Internet Security suite and McAfee Security Software. If you decide to go with a commercial anti-virus, be prepared to pay for the service anually.
Once you've chosen a software bundle, install it and immediately run whatever updater it came packaged with. Once you've updated your program, disconnect your computer from the Internet and perform a comprehensive, in-depth scan of your entire computer. Remove any infected files you find, and allow the program to continue running in the background. Make sure you configure any automatic protection options, such as automatic email scanning, that you want to run.
Spyware Removal
Because of the fact that spyware has been in the news of late, this problem is perhaps the most well-known and easily-countered problems out there - but this makes it no less dangerous. Rather, spyware is some of the most dangerous material that can be found on your computer. Spyware acts as a miniature version of a Trojan Horse, sitting in your computer mining all sorts of valuable information about not only your computer, but about you as well. Spyware can transmit anything from your system schematics to your credit-card number to various Internet companies who then distribute said information to people who really don't need it. All this is done without your permission.
Along with Spyware, there are a number of items known as "Ad-ware". Rather than mine your personal information, these scripts integrate themselves into your Internet browser and generate large numbers of pop-up ads whenever you're actively surfing the Web. Ad-ware is a major source of the bane of everybody's existence - the pop-up ad. While pop-up blockers such as the one found in Windows XP Service Pack 2 and the Google Toolbar can deal with a large number of these pop-ups, it is no less important to use a Spyware removal tool to keep these files from amassing on your computer.
Last, but certainly not least, are a group of scripts known as "hijackers". Though technically a form of Ad-ware, hijackers get special mention because of the fact that they not only alter your Internet browser settings, but also make changes to your system registry as well. Hijackers like to change the default starting page of your Internet browser, as well as redirecting your browsing to a third-party search engine. Most spyware removers can stop the progress of these files once they work their way into your computer, but only one program that I know of can prevent this sort of thing from happening. This program is called "Tea Timer", and comes bundled with the Spybot Search & Destroy program. When activated, this program alerts you whenever a registry value is about to be changed, allowing you to deny the changes. It also safeguards your Internet browser by locking many of the settings that hijackers commonly change.
Because of the sudden discovery of spyware, a number of programs exist to help you remove said programs. LavaSoft has released Ad-Aware 6.0, a free program that you can use to periodically scan your computer for said programs. There are premium versions of the software as well, each custom-tailored to run on different types of machines. SpyBot Search & Destroy is another program which has been released free to the public. The program is free, although the creators accept donations to help cover development costs.
It is good to have a spyware removal program on your computer, but even better to have multiples. There are spyware files which are recognized by some programs, but ignored by others. Having multiple removal programs helps overlap your protection and make sure that you get all the files in one swoop. When running your spyware removal suites, the first thing you'll want to do is update both programs to current date. Once both have been updated, disconnect your computer from the Internet and allow both programs to run in-depth scans of your entire computer. Remove any spyware that you find. If your programs come with immunization features (these help prevent spyware from ever reaching your computer), then by all means make sure that it is configured and active before you reconnect your computer to the Internet.
A Special Note on ActiveX Controls:
Also, with the release of Service Pack 2 a new threat vector for malware has been addressed - the ActiveX control. Many websites try to force your computer to download ActiveX controls that install malware on your computer. It's my recommendation that most users should disable ActiveX controls in their browser completely.
Conclusion:
If you follow these simple steps, you'll make your computer a very hard target for hackers to penetrate. While no defenses will ever make your computer impenetrable, you can make your computer highly resistant to damage from malicious users. Malicious users are more likely to pass over well-defended computers to find easier targets on which to prey, so it pays to be the hardest target you can possibly be.
Remember - the threat does exist. Be prepared.
