Windows Platform Internet Security - What You Need
Fortunately, there's no big mystery here. But if you don't know about a topic, everything's a mystery. Lucky for you, I've created this web page :-). Here, I'll tell you how to make your computer safe from hacker attacks while you're on line - believe it, it's possible, it can happen.
Summary
This document contains information, and links to information and free software to help secure your internet connected computer. Here, there is also information on dial-up network connect security. At minimum, you may need to make some simple adjustments to your operating system networking configuration. You can go further, by installing a personal firewall to monitor and gatekeep relative to all communication in and out of your computer. And it doesn't have to cost your a penny. After you've read everything on this page, you'll be ready to be your own ISP!
Elements of Internet Security
To begin, it'll be helpful to list the main ideas, topics, or elements involved in this discussion, which will serve as a little map, or overview for where we're going.
The elements discussed here are:
Communication programs internal/external to your computer
Shoring up security vulnerabilities
OK, the above appears to be getting a bit daunting. Hint: the last two are probably the most important and usefull.
Internet Connections - Are You Receiving or Transmiting Data?
I used to be of the mind that my paltry little dial-up modem connection to the internet could not possibly be more than harmless. But after installing a few programs that do their work relative to the internet, it started to sink in. My dial-up internet connection may be slow compared to a "real" internet connection like those of big time internet service providers like Mindspring, MSN, and AOL, but nevertheless, it is an internet connection.
For instance, I installed one of those nifty programs that perform voice mail services when you're on-line tying up the phone. Pretty darn cool. You set up your phone to, when you're tying up the line, forward calls to the computer voice mail service. Their computer answers the forwarded call, records the message to a computer sound file, and then transmit that file to your computer. For all this to work, you have to be on-line at the time of the call. And this is the point.
While you are on-line, in order to make all this work, there's a little program running on your computer acting as nothing less than a real as you wana be network server! It's listening for connections from the voice mail service, so it can receive in comming messages recorded by the service. And all this works wonderfully, without a hitch. I was very impressed. And that's when it started to dawn on me.
If this little tiny program can do all that on my palty little internet connection, then there's probably very little limits to what kind of behind the scenes networking processing that could be carried out on my machine. And it could be carried out without me ever knowing about it.
I saw an email tag-line the other day that read, "My other computer is your Windows box."
IP Addresses, Probing - The Truth Is Out There..
There is one big difference between a permanent internet connection, and a dial-up connection. With a dial-up, your internet address (IP address) changes or is at least subject to change, each time you dial-up and connect - though the address will usually always be within the same range of addresses. By the way, an internet address is just a four digit number assigned to your connection - it's used to identify your connection, and/or computer - that is, IP addresses for permanent internet connections, for all intents, always identify the same computer, where as dial-up connection IP addresses change from one connection to the next.
The IP address is important to this discussion, because it is the first line of communication between your computer, and any other computer on the net. Computers talk to each other through software they are running. Software designed to talk to other computers' software on the net starts out by locating the computer they want to talk to. They use the IP address to locate you (your computer).
Now this is another issue I had - sort of related to the paltry little computer with the dial up connection complex mentioned above. How can someone on the internet talk to my computer? How do they even know my computer is there? I don't advertise, or have a telephone number with which people can call up and connect to my computer. You can't type my IP address into a web browser and talk to my computer.
When you, like the greater percentage of internet users, dial-up to the intenet you connect to some sort of local telephone switching system, which in some manner or other relays your call to your ISP - the folks you are paying for the dial-up service (for instance, I use mindspring) - I tell you, ISPs must get some really great long distance rates!. And thus, you are connected to your ISP's intenet computer(s) - the ones with the "real" internet IP addresses. Now when you make this connect, your ISP assigns your connect/computer an IP address from a range of IP address it uses for dial-up connections. Which one you get, and from which range, is probably a function of your geographic location.
So now, you, your computer, has the minimum of what it takes to talk with other computers on the net - an IP address. You don't have to advertise. There are plenty of computer savy folks out there who can, will, and do, write, and use various software to probe ranges of IP address, and the ports of the computers assigned those address. And there are other more straight forward ways of obtaining someone's IP address, or likely IP address within a certain range, and so on. For instance, every web or ftp site connection you make can be traced back to the IP address of the computer with which you made the connection. Your ISP assigned IP address is in the header of every email you send. Yep, that's right.
An IP address describes where, on the internet, to find your computer. A port, is a hardware point of entry into your computer - which is just another computer hardware implement like a memory chip, or processor, though maybe a little less complexe. So if the IP address is the house, a port is the front door, or a window.
To illustrate, say I'm a software program, given your computer's IP address. From whereever I happen to be on the network, I can look up directions on how to get to your address/computer. These directions might be something like, go to this computer address, then this one, then this other one, and so on until finally I reach the address of your computer.
Now that I'm at your computer, I still need to get in, so I introduce myself, and I direct my introduction to a specific hardware port. This might be visualized as a person standing outside a house tapping on the front door, or a specific window. If someone's listening at the particular door or window (or port) and I say the right thing, they might let me in so to speak. For a software program listening on a port, this would mean the software had been periodically checking the port for 'vistors' or service requesters, noticed one, and shook hands. At which point, the visiting software program could issue commands through the port to the listening software on the other end.
Communications - It Takes Two To Tango
I know, corny sub-title.
As mentioned above, computers talk to each other through software. So it's really the software that's doing the talking. T'was a time when IPC (interprocess communication) was a very specialized software characteristic. If a program did IPC, that was probably its sole purpose. That remained pretty much true even with the advent of fancy web browsers. The web became increasingly popular, and before you knew it, MS Windows was shipping with a web browser, and the operating system won't work without. The IPC popularity trend continues.
IPC is no longer, by any means, isolated to specialized programs. Modern programmers have the tools to plop IPC functionality into programs of any sort, and this functionality need not be apparent to the user. As long as the program is running (and the user need not even be aware the program is running), and as long as there's a net connection, the IPC functionality can work.
So IPC is easy, accessible - and more open to misuse. There can be programs - known/unknown, friendly/unfriendly - on your computer that come to life when you make an internet connection. These programs might use your connection to, 'phone home,' and send data (your data) from your computer to their, shall we say, 'mother ship.' And/or, data might be transmitted to your computer and received by a program that is, on your computer, listening for the data.
Computer Communication Mechanics
It's useful, for our purposes, to know a little bit about the structure of computer conversations. If you know a little about this, then you know where to start to solve security problems. You know what to look for, and what should alert you, and such.
We've already covered the basic elements, and that's about as low level, nuts and bolts, fortunately, as we'll get.
A malicious remote computer program can't just 'come up to your computer, and walk in.' No, such evil programs are sort of like Dracula, they have to be invited into your computer, by software that is running on your computer. Likewise, software on your computer can't, without invitation, connect to a remote computer. So you see, it takes two computer programs to make a connection, open up a line of communication, and carry on a conversation, or transmit/receive, receive/transmit files. And that's pretty much, in a nut shell, the way it's done.
Here's an example. One that doesn't involve evil Dracula. When you connect to an internet web site, your browser is the communications program on your computer. On the remote computer resides a communications program called a server, and it's just running in the background there on the remote computer waiting for a connection request (your browser). The server is 'listening,' to hardware "ports" on its computer. Your browser sends a message to the port the server's listening to (which ports to use for which type of communications, are standard), and if the server can handle another connection, it'll respond by sending data to your browser.
Now note in the above example, that this conversation, is sort of a one way street. The "client," your browser, is not allowed to send to the server any data it wants. Its part of the conversation mainly consists of requesting data - like web pages - from the server. The server decides whether to honer each request individually, and sends or does not send data accordingly. Your browser receives the data, formats it, and displays it in your browser.
The point is, it takes two software programs to carry on a conversation relative to two computers on the internet. In the example, one program, the server, acted as a giver of data, and the client, your browser, acted as a data requester/receiver. That's the straight forward simple approach to IPC, but there's no rule that says both programs can't take on either role, though a conversation of any sort does require a conversant program on each network computer.
So now you know a little about how computers talk. Now we can start to thinking in terms of how such facilities can be abused.
IPC abuse is really quite easy. That's good, because it implies that this abuse might be, in turn easy to prevent.
So IPC requires two programs, one on each network computer. How many programs have you downloaded from the internet - that you know about? How many that you don't know about? Even some Windows versions come installed with network communications software of dubious nature, not to mention known security flaws.
At least some Windows flavors act as communications conduits through network file sharing options vulnerabilities. Also, some Windows install certain "snitchware" communications servers providing "hooks" into, through your computer ports, any installed "hook aware" software! And there's the infamous LoadQM.EXE, that does what, noone seems to know - except send and receive data over the net via your computer ;-) (actually, as near as my research thus far has revealed, LoadQM.EXE is a Microsoft quality control manager (thus the QM) program that just wants to ensure you get the latest/greatest MS software quality experience - but hey, who asked them?).
Programs can get into your computer without you knowing it, through your internet browser. Most people, by now, know about this, and there are configuration options in browser to deny out of hand the automatic downloading of such files. There are also signiture security features that are supposed to authenticate the integrity and security of such automatic downloads. And for the most part, such downloads don't cause any problems. But there's really no way to know if that Java code or that ActiveX component automatically downloaded by your browser is a "Trojan," a program designed to serve up files (your files) to client program on a remote computer somewhere.
That free email tag-line generater program you downloaded, or that ad enabled shareware, could be a file server, monitoring your keystrokes, and thus serving up your passwords, credit card numbers, ssn, and mother's maiden name. Man, I gotta tell ya, all this sounds pretty darned far fetched, but you better believe that it is well within the realm of possibility. If you read the foregoing, you already know that.
Basically, any program that communicates over the network (the internet) is suspect. Even programs you trust, like your internet browser, or you email program. If it communicates over the internet, it is a security risk. That doesn't mean trusted commercial software companies are scheming to invade your privacy, but even trusted programs are vulnerable to exploitation in their dealings with internet server software. Yep, there are malicious web sites out there which, when you connect might try to talk your browser into doing something you might not like it to do.
As mentioned above, IPC enabled programs are proliferating, and increasingly so. So much so, that such functionality could be in any program you run. It's getting so it's difficult to keep track of the programs you know have IPC functionality, much less, those that you do not know about. It's getting so every program you run is suspect as long as you are on line - and programs don't need to be on-line in order to collect and store information, for transmission when you are on-line.
There is an increasing number of security diagnostics internet sites. I hit one and was astonished to learn from its report that it knew what was on my Windows clipboard! Aside from that, the report revealed my IP address (that was easy), my web browser, operating system, and geographic location. All of the above is routine information available to every web site you browse. It's not really a security risk - depending on what you happen to have on your clipboard, that is.
The NetBEUI information site linked below can probe for port, and the Windows/NetBEUI vulnerability. This site has a lot of other information and links too.
For a long time, I went around with naging thoughts about what went on in the back-ground when I was on-line. I'd hear my harddrive churning, and check that little system tray dial-up icon to see if data was being received/transmitted. I knew the issue was not brain surgery, or rocket science - a network connection is a network connection; the internet is a very big network; as with any large population, there are outlaws. I don't worry anymore though. I did something about it. It's not a difficult proposition, and you can do something about it too.
The key to remote computer intrusion threat peace of mind is controling what software is allowed to send data out of your computer, and controlling what software is allowed to receive data into your computer. It's just that simple.
But is it, in practice, that simple? Well, as mentioned, even your trusted software can have security flaws whereby malicious servers you've unknowingly connected to try to coax your communications software into bad behavior. But the answer is, yes, with the right communcations, and monitoring software it is that simple.
OK then, here's how to make sure your computer is secure when you go on line. If you read the foregoing, you should be able to judge for yourself the effectiveness of the advice that follows. I followed the advice, and I no longer have any security worries realtive to remote internet computer intrusion.
Secure Your Windows - I don't know if all Windows versions/flavors have this vulnerability, but at least 95, 98, and NT do. The issue, which you can read more about, involves network file sharing configuration options, and the NetBEUI network protocol. The sollution is easy - just turn off network file sharing. I did that, and I removed the NetBEUI protocol alltogether. In fact, I removed all network protocol software, and options except for TCP/IP (internet protocol), and Dial-up Networking. That was my first sollution ;-). The above linked site has step by step instructions on how to neutralize the problem regardless of which vulnerable Windows encarnation.
Install a good personal firewall. I installed ZoneAlarm. All indications - reviews, tests, my, albeit thus far, short personal experience with the software, etc. - are that it does what it is supposed to do. That is, it monitors communications going out of computer, and monitors communications comming in. It made a lot of noise - much reporting - the first time I went on-line, reporting every program that communicated. It adds these programs to its list, and you can then set various permission options for each program.
ZoneAlarm warns you with a pop-up message whenever unauthorized communication attempts are made. I received two such warnings that turned out to be real "honest" to goodness port probes - one from a dial-up in Russia, and another from an untracable IP - within three hours of installing ZoneAlarm.
After going on-line and loading ZoneAlarm, I disabled several communications programs I didn't know I had - including Windows' LoadQM.EXE (suspected "snitchware"), RPCSS.EXE. Both these programs were flagged when they tried to talk to the internet. I don't know what they were saying, but they're silent now, and I've had no resulting system performance problems. It makes sense to eliminate security problems at their source, but if you're just looking for a silver bullet, then ZA is the way to go - regardless of how many or what manner of unruly software programs are on your computer, ZoneAlarm manages them. More importantly, it'll protect against any future internal or external intrusion attempts - it's kind of fun to witness port probes caught in action too.
ZoneAlarm runs in your system tray. It's small, and easy to use. There's a pay version with a few more features, but I like the free version ;-).
Copyright (C) 2002, Bryan Hoover, Warren Excellence Computing Systems