In a previous article dealing with online security prompted many readers with home PCs to ask for advice on how to stay safe and still get the most out of the “information highway”.
The first and fundamental step is to install software on the computer that will protect you from any nasty surprises. This software should include a program capable of detecting potentially dangerous activity on the computer as well as warning when a dangerous file tries to enter the system.
It should also be capable of detecting any suspicious file or activity, even if the software has no prior record of this activity. An old enemy is easy to spot, but what about new threats? Reliable software should be able to detect dangerous behavior without needing a previous description of the culprit.
This software should also be able to operate at low levels i.e. when data enters the system, the program should be the first to know it and alert the user when necessary. For example, in the event of an e-mail-borne virus that activates simply when viewed in the Preview Pane (without having to open the message or any attached files), the user should be alerted even before the e-mail program notifies that a new message has been received.
Another essential feature of a reliable program is that it should be independent from the rest of the software on the computer. This means that the protection should be the same regardless of whether browsing the Internet with Microsoft Internet Explorer, Netscape Navigator or Opera, or whether mail is processed through Eudora, Outlook Express or Pegasus.
So what kind of software are we looking at here? We’re talking about antivirus programs. Although you might think that, as the name suggests, these programs only protect against viruses, they are also a fundamental part of protection against all attacks. By preventing even the smallest amount of software from entering your computer, no one will be able to take control of your system to carry out malicious acts, like hackers.
An antivirus doesn’t just simply deal with viruses. As the software is fundamentally designed to root out viruses, it is quite simple to add information to the database to detect Trojans, backdoors, etc. So when an attacker tries to insert a program on a computer, it will be filtered by the antivirus, which will sound the alarm.
Flaws or vulnerabilities in software applications are another cause for concern, as they can make an attacker’s job easier, without them even needing to insert programs or code on the victim’s computer. In these cases there is usually a solution or “patch’ available before most users have even realized that a problem exists. All software manufacturers are constantly updating products to protect against possible errors, so it is well worth being aware of these issues and applying the updates where necessary. If in doubt, the manufactures website is usually a reliable source for the latest information and all license holders are entitled to download these updates. So there are good reasons for avoiding pirated software after all!
Speaking of updates, remember that all antiviruses should be updated regularly. How often? Well this really depends on the manufacturer. Each vendor will no doubt recommend updating as soon as a new update is available -logically-, but bear in mind that 15 or so new viruses appear every day, waiting two or three days before updating an antivirus can prove to be an increased risk.
Another practical security measure is the installation of a personal firewall. Firewalls constantly monitor activity across all ports on a computer. It is possible to configure the firewall to keep a specific port closed or to warn when someone is scanning open ports
These tools are generally not easy to configure, and they are not simple to configure, which is why they are not recommended for basic users. Reading the user guide carefully before installing and configuring your personal settings can save you valuable time.
To stay on top of security when connected to the Internet, there are several systems for finding out exactly what is happening to your PC at any moment. If you have a personal firewall and an up-to-date antivirus installed, much of this monitoring is carried out automatically by these applications.
That said, it is still worth checking the security levels in your browsers. In most cases, security settings in a browser can be configured according to a wide range of security criteria, from accepting almost everything to rejecting all but the most trustworthy information. A balance between security and practicality is normally the most advisable.
A powerful tool, called NBSTAT, exists which lets users monitor open connections on their PCs. Simply using the parameter “-a”, you will be able see all active connections on your computer. For example, type “NETSTAT -A” and you will see the following:
TCP FCUADRA:1588 WWW.PANDASOFTWARE.COM:80 ESTABLISHED
The information after TCP, is the type of protocol used, the first word indicates the name of the local machine, followed by the port in use. This is followed by the website and port to which you’re connected and finally the connection status.
The most frequently used ports are those used for http connections (80), e-mail (110 and 25), FTP transfers (21), accessing NNTP newsgroups (119) or IRC chats (194). All ports between 0 and 1,023 are registered for standard services, and those between 1,024 and 49,151 are assigned to non-standard, but recognized functions. Ports from 49,152 to 65,535 however, are dynamic and can be used for a variety of functions, which can unfortunately include the notorious activities of Trojans. If you notice that one of these ports is open, it is time to start worrying as someone else may be accessing your system. The web page http://www.iana.org/assignments/port-numbers has a complete list of these ports.
The ports used by Trojans and other malware tend to vary greatly. In fact there are so many that it would be virtually impossible to list them all here. Your antivirus vendor should be able to help you determine whether a connection has been made by an e-mail program or Trojan trying to enter your machine.
If you suspect that someone or something is connected to your PC without your consent, you should immediately disconnect. Another solution, although not without risks, is to try to enter the machine that is trying to attack you. However, a safer option is just to disconnect, scan your entire system with your antivirus and then reconnect.