Computer Security


The Internet is a public network of millions of computers, all sharing information. On the Internet, communications move back and forth across public lines and through numerous connections. As with any public lines, intrusion is possible.  Fortunately, your browser software contains features that safeguard security. There are also several things you personally can do to safeguard your privacy and security while on the Internet. Click one of the links below to learn more.

For an introduction to computer security issues for the average computer user, lets look at an older issue of Jim Williams' regular column on Internet and Network Security :
If you use the Internet at all, you are at risk immediately. The most common form of attack is computer viruses. If you download anything from  the Net, or put a diskette in your computer that you got from someone else, you put  yourself at risk for virus infection. A virus is a small piece of computer code that usually  is not meant to be harmful. Because virus authors do not code these little applications  carefully they can sometimes cause inadvertent harm. Other viruses are meant to intentionally cause harm and can delete files, scramble files, or format your hard disk.

Unfortunately the damage is done before you even know you have a virus unless you use a good virus protection program and update the virus definitions often. It is a cat-and-mouse game of new virus, new cure, new virus.

Another common form of attack is the mail bomb. If you post an article or question on Usenet and someone does not like your article or question, or just hates your name, they can mail bomb you. A mail bomb is when someone sends you thousands of e-mail messages, all at the same time. This can, at the very least, tie up your e-mail software for hours while it tries to receive all of those useless messages. The worst case is that the mail bomb will shut down your ISP's mail server from overload. Since the offending mail has your name on it and is going to your account, the ISP will probably cancel your account because you became a nuisance, and it wasn't even your fault.

Another form of attack is e-mail forgery. It can be as simple as someone using your e-mail address to send out damaging or slanderous e-mail in your name. A more ambitious hacker can disguise all traces of the forgery so that it cannot be tracked back to him. For all intents and purposes, the mail looks like it came from you, and appears to be mailed from your server. Judy Heim, an editor for PC World magazine was victimized this way.

A third, breech of your home PC's security is an attack called WinNuke. If you have ever been on the Web and all of a sudden your PC gives you the "blue screen of death", there is a possibility that you have been nuked. Winnuke is when someone sends what is called an "out of band" message to your Windows 95 or Windows NT computer. Your computer does not know how to handle the message and freaks out.

Finally, what if you come home one day and find that your computer has been stolen. If you have a good homeowners policy, then all you have lost is whatever work you have done on that computer, right? Wrong. If you use a financial package like Quicken or Microsoft Money, even with a password, a hacker can get all of your account numbers for your credit cards and savings and checking accounts. God forbid that you just store that information in notepad or a word processing document. In that case, all the thief has to do is read notepad or your Word document for your account information."

What's to worry about?
"Unfortunately, there's a lot to worry about.... To the end-user, Web surfing feels both safe and anonymous. It's not. Active content, such as ActiveX controls and Java applets, introduces the possibility that Web browsing will introduce viruses or other malicious software into the user's system. Active content also has implications for the network administrator, insofar as Web browsers provide a pathway for malicious software to bypass the firewall system and enter the local area network. Even without active content, the very act of browsing leaves an electronic record of the user's surfing history, from which unscrupulous individuals can reconstruct a very accurate profile of the user's tastes and habits.

Finally, both end-users and Web administrators need to worry about the confidentiality of the data transmitted across the Web. The TCP/IP protocol was not designed with security in mind; hence it is vulnerable to network eavesdropping. When confidential documents are transmitted from the Web server to the browser, or when the end-user sends private information back to the server inside a fill-out form, someone may be listening in."


Exactly what security risks are we talking about? There are basically three overlapping types of risk:

1. Bugs or misconfiguration problems in the Web server that allow unauthorized remote users to:

  • Steal confidential documents not intended for their eyes.
  • Execute commands on the server host machine, allowing them to modify the system.
  • Gain information about the Web server's host machine that will allow them to break into the system.
  • Launch denial-of-service attacks, rendering the machine temporarily unusable.
2. Browser-side risks, including:
  • Active content that crashes the browser, damages the user's system, breaches the user's privacy, or merely creates an annoyance. The misuse of personal information knowingly or unkowingly provided by the end-user.
  • 3.Interception of network data sent from browser to server or vice versa via network eavesdropping. Eavesdroppers can operate from any point on the pathway between browser and server including:
  • The network on the browser's side of the connection.
  • The network on the server's side of the connection (including intranets).
  • The end-user's Internet service provider (ISP).
  • The server's ISP.
  • Either ISPs' regional access provider.
    It's important to realize that "secure" browsers and servers are only designed to protect confidential information against network eavesdropping. Without system security on both browser and server sides, confidential documents are vulnerable to interception. Viruses aren't the only danger lurking on the Internet. In addition, hackers and other online criminals can use the Internet to get into your system and wreak havoc. Without protection that goes beyond anti-virus, your data is not secure.
                             - From W3C, The World Wide Web Security FAQ, provided by Lincoln Stein.
 Always-On? Always Vulnerable!
 PCs that are connected to the Internet through high-speed, always-on connections such as cable modems or DSL connections are especially vulnerable to Internet attacks. Leaving your always-on Internet connection undefended is like going on vacation and leaving your front door wide open.  Every computer with an always-on broadband connection (cable, DSL) to the Internet should use anti-virus and personal firewall software for protection from hackers and script kiddies. If you are connecting two or more computers to the Internet, you should also consider using a hardware router with firewall features.

If you want to take advantage of all the extraordinary benefits of using the Internet, while having the peace of mind that comes from knowing you're protected from the Internet's dangers, you need a Firewall. Any time you're online, hackers and criminals anywhere in the world can attack your PC through the Internet. Using malicious code, they can:

 • Penetrate your system.
Once they've identified your computer, criminals may be able to see the contents of your hard drive, including all your most private information and files.
Steal your private information
Sensitive data such as your Social Security Number, credit card numbers, and bank account numbers may be stored on your hard drive without your even realizing it. Intruders know how to find them, copy them, and use them for their own benefit.
  • Control your computer remotely
Using specialized software, hackers can take control of your PC, just as though they were seated at your desk. They can change passwords, corrupt files, or erase your entire hard drive. They can even see exactly what you're typing, as you type it.
  • Attack other systems from your PC
Once in control of your computer, a stranger can use it as a launching-pad for malicious attacks on others, such as the Distributed Denial of Service attacks that made headlines recently. When investigators track such attacks, they'll identify your PC as the source.

 

Spyware
Many Web sites have ads that are distracting and a drain on bandwidth. Some sites send cookies and other files to your computer. Still others acquire information about you, your machine, and your browsing habits by using single-pixel Web bugs and other methods. This compromises not only your privacy, but your security as well. There is software monitors this type of Web activity and allows users to control or block the ads and tracking systems.  SpyBlocker goes one step further and strips ads out of ad-supported software by disabling the ad module and tracking capabilities without disabling the functionality of the program. Here is a list of programs possibly infected with spyware.

What is a "cookie?"
A "cookie" is information sent by a web site server  to your computer. Usually it is information about your interactions that may be needed later to perform a function. Cookies allow web sites to provide more interactive features such as Preview/Index, Clipboard, History, and the Cubby. Cookies placed by more considerste websites are removed from your computer after a set time period. Cookies can be used to store information about where you go, and what banners you click, so companies can put specialized Advertisements and data which appeal to you. It's a bit like someone putting a tag on you when you go into a supermarket and then following you around the store. Some folk consider this loss of privacy offensive.

If you are interested, there are many web sites that provide information about cookies.  Cookie Spy will present you with a list of all the cookies on your computer, revealing how many cookies are on your computer and where they came from? This little utility will not only show you but also lets you delete the ones you don't want. Download Windows Installer CleanUp Utility 2.5.0.1 Free.

Utility suites are among the most popular additions to Windows because they provide essential tools for dealing with PC disasters, such as lost data, hacker attacks, and viruses that can corrupt your files. There are a lot of products targeting this need. It's a good idea to choose one that is versatile and known to be dependable.
Comodo free antivirus software - excellent

 
    - Links -

    Many WWW sites provide information about various topics in computer security. Some of these sites are simply large indexes but others contain a collection of information on a specific topic.

Virus stuff
  • Computer virus myths homepage
  • Comodo free antivirus software
  • Symantec Antivirus Research Center 
  • Dr. Solomon's Virus Central 
  • DataFellows Virus Information Center 
  • Stiller Research Virus Information 
  • Virus Bulletin Home Page 
  • Joe Well's Wild Lists - Viruses in the wild. 
  • NIST Virus Information Page 
  • McAfee Virus Pages 
  • Sophos Virus Information Page 
  • Seven Locks Software
  • Cheyenne Security Center
  • Trend Micro Virus Encyclopedia
  • AVP Virus Encyclopedia
  • Security events list
  • Dynalynx Hacker Links
  • Nasty thing to punish a troll


    • Privacy

  • Anonymizer.com
  • IDzap proxy
  • Safeweb SSL surfing
  • Subdimension page id swapper
  • Freedom Internet Privacy Suite
  • Cyveillance
  • Ewatch.com
  • FTC identity theft resources
  • Identity Theft Data Clearinghouse
  • Privacy Rights Clearinghouse
  • Privacy links
  • CA Dept. of Consumer Affairs legal guide
  • Identity Theft Survival Kit
  • CalPIRG Privacy Rights Education Program
    • Pretty Good Privacy
    PGP phone
    Misc Software


    Anti-Spam

    To Add this page to Your Bookmarks -  Press (Ctrl-D) On Your Keyboard.