Is Your PC a Hacker Tool? How to Test Security

I don't know who was responsible for last week's attacks on Yahoo, EBay, E-Trade and other popular Web sites, but there is a remote possibility that I could have been an unwitting accomplice. That's because I have a cable modem, which connects the PCs in my house to the Internet 24 hours a day. People with digital subscriber lines and businesses with high-speed dedicated lines could be in the same boat.

One possible explanation for the attacks is that an individual or a group of people used software to automatically plant malicious software on other people's computers, which, in turn, bombarded those sites with millions of bytes of information per second. Because my machines are on all the time, this could happen while I am sleeping. Being a potential unwitting cohort in crime is bad enough, but what's more scary is that when you're connected to the Internet, there is also the risk that someone might be able to access data on your computer or know more about you than you care to disclose. Users who dial into the Internet with standard modems aren't likely to pass on a hacker's instructions, but their privacy could still be jeopardized. To find out if you're vulnerable, visit the Shields Up Web page at http://www.grc.com. Run by Steve Gibson, head of Gibson Research Corp., the site tests your machine to see if your privacy or data security is at risk. I tested my Windows PCs on Gibson's page and, until I installed some security software, they were "wide open." To begin with, Gibson's Web page greeted me by name, which it inferred from information on my machine. So much for anonymity. If his Web site can figure out my name, so can any other site whose operator is determined to find out who is visiting. Next it told me that my printer, my hard drive and my floppy drive were accessible via the Internet. I'm a bit of a cynic so I called Gibson to see just how much information he could really extract from my machine. I gave him my Internet protocol (IP) address and permission to hack and, less than a minute later, he told me what directories I have on my hard drive, the names of some of my files and then planted a text file on my hard drive. What's even scarier, he taught me how to do the same using some simple commands with software that's already on all Windows computers. In this case, I disclosed my IP address, but there are plenty of ways for hackers to get that information without your permission.

Minutes later, I was spying on a system myself. I couldn't get into just any machine but I was able to penetrate a friend's system after he gave me his IP address and permission. Once in, I was able to plant files, read the content of his files and copy them to my own PC. I'm not going to tell you how to do it, but--trust me--it's very easy. Fortunately, there are also easy ways to keep your machine from being invaded.

One method is to install software that creates a "firewall" around your machine. Symantec, which makes the popular Norton Utilities and Norton Anti-Virus software, publishes Norton Internet Security. This $59.95 program shields your PC from invaders by blocking unauthorized attempts to get into your system. After I installed it, Gibson's Shields Up Web page was unable to determine my name or anything else about me and neither his Web site nor the tricks he taught me were able to penetrate the program's defenses. In other words, it protected my privacy and the security of my files. The program also scans for viruses and can also be used to block advertising and protect your kids from sexually explicit and other inappropriate Web sites.

Black Ice from Network Ice (http://www.networkice.com) is another product aimed at keeping hackers out of your computer. This $39.95 program, which works on Windows 95 and 98, scans all traffic between your PC and the Internet and blocks intruders. Both of these programs also have alert features that tell you if someone is trying to get in and they keep a log so you can find out if anyone tried to break in while you were away from your PC. Norton Internet Security alerts you in "real time" so you can detect a potential intrusion as it happens. A small icon near the bottom of your screen flashes when it detects a potential problem. Zone Labs' ZoneAlarm 2.0, which you can download for free at http://www.zonealarm.com, offers similar protection.

I'm running Black Ice on one machine and Norton Internet Security on another and, on several occasions during the last 48 hours, someone has "probed" each of my PCs. A probe doesn't mean that someone was peering into my files or planting a program on my hard drive, but it does mean that an effort was made to identify my machine and possibly to look for security holes. The scary thing about this is that users might not even know this is going on. It's possible for a hacker to plant software on your machine that can later be triggered to violate your privacy or use your machine as an unwitting "zombie" to attack other machines.

In addition to these programs, there are also some free and relatively simple precautions you can take to protect yourself. One of Gibson's Web pages (http://grc.com/su-fixit.htm) describes how Windows users can disable the Microsoft file and printer sharing from their Internet connection without affecting their ability to access files via a local area network. Gibson also advises users to choose "uncrackable passwords" and to avoid installing other "backdoors" that hackers can use to gain access to your machine. None of these techniques are absolutely foolproof, but they offer a reasonable level of security for most users. If you're in a particularly high-risk situation, you should seek advice from a computer security consultant.

Of course, there are also some obvious things you can do, regardless of whether you have a cable or DSL modem or just log on via a regular modem. Never give out any information to people or Web sites you don't know or trust and be careful about downloading programs from unreliable sources. Be especially careful with passwords. Change them occasionally, and don't use the same password for every Web site and service you use. Also, don't open any programs, Word files or Excel files that arrive via e-mail unless they're from a trusted source. Finally, take a deep breath and relax. Sure there are some risks associated with being on the Net, but just about everything worth doing has its risks. Proceed cautiously but definitely proceed. To me, the risk of not using the Net is far greater than the risks of using it.

http://www.ukhackers.com/1502007.htm

-- Carl Jenkins (Somewherepress@aol.com), February 15, 2000

Answers

It is a fact of life that "probes" occur often in major metro areas or for high interest target installations (military, Dept. of Energy, IRS, etc.) Some of us keep a system set up to tie up a "attacker" by letting him/her attempt to log on...but no logon ID/password combination will work...

If you are on the internet all of the time, use a good firewall (as a start...).

-- Mad Monk (madmonk@hawaiian.net), February 15, 2000.

Why don't y'all get a REAL operating system , and learn how to use its security features. Linux is many many times more secure than ANYTHING microsoft has ever spewed out onto the market (provided that you set it up with tight security policies).

-- XOR (drwizzard@usa.net), February 15, 2000.

Real os or not, people need something they can use. Most people can't even check the oil level in their cars. I have now got a good set of hardware under my win98 and it works fine. before I had secondrate stuff and was always having bluescreens and gpfs.

I have been using nukenabber for a few months and have never been hit yet. The Gibson site says I'm basicaly invisable on the inet except for my ip address. Its not a firewall but if they can't get in who cares if they can get the address.

Maybe I'm just lucky because I live out in the country, but I don't run antivirus software except when I suspect something and I've never been infected with anything. I avoid macro viruses by having WordPerfect instead of Microsoft word and my e-mail program is another freebee called Pegasus and not another Microsoft target like outlook express. I do however use IE5 because I like it best so I'm not totally against Microsoft products.

-- Just passin through (nobody@nowhere.com), February 15, 2000.

NukeNabber Site

Pardon my mistakes but this should be a link to the site for NukeNabber. Its a Hacker type site with lots of good info if you want to keep others out of your computer. Just hit the link for software and follow directions.

-- Just passin through (nobody@nowhere.com), February 15, 2000.

Your's may be one of the most important posts ever for the folks on TB2000! There are some dandy firewalls available - full stealth mode, etc. - and you named several. With any one of them installed, the world of the great unwashed doesn't even know your computer is on line.

-- elskon (elskon@bigfoot.com), February 15, 2000.

Carl,

I've just installed on my PC a few days ago a new firewall called Zone Alarm. It's still free and in beta, but so far for me it's running very smoothly.

What makes Zone Alarm different from Black Ice and other such firewalls is that not only it blocks incoming unwanted probes etc, but also blocks out any activity from unothorized programs from within your computer , i.e., programs implanted on your computer without your knowledge, such as Trojans etc. Also, Zone Alarm is very simple to understand and configure, as opposed to other firewalls, which makes it ideal for average net users.

Here's ZoneAlarms' site if you want to learn more about it, and also I recommend highly to everyone Steve Gibson's site for net security. If you scroll down to the bottom of that page to "Concluding Comments", Steve comments on ZoneAlarm and other firewalls.

-- Chris (Catsy@pond.com), February 15, 2000.

I second the mention of Zone Labs' ZoneAlert. I'm testing it out in Windows 2000 Advanced Server (release build - gotta love having an MSDN subscription and being able to get this stuff before the release date!)

So far it's holding up and has detected and refused a portscan this morning. I also run Conseal's PC Firewall on my 98 SE install (one of eight OS versions I have installed) and will test it against Conseal's results later today when I get the other NIC installed.

Do not be misled: even if you're on dialup your machine WILL be probed sooner or later, and if you're running a straightforward machine with no security enhancements, you're at risk of a hack. Better do something about it a.s.a.p.

O d d O n e, who found and deflected an attempt to plant a distributed-DoS file on his box (can you say "zombie"?)

-- OddOne (mocklamer_1999@yahoo.com), February 16, 2000.