The War for Your Computer

There is a war for and over your computer. You don’t own it — you’re merely renting it to those who have a self-proclaimed mission of using it for themselves without your permission.

The attacks on you for the use of your computer are well documented. The cure is creating an environment hostile to the hackers and crackers making the attacks.

Viruses are released into the wild by script kiddies hoping to “claim” a large number of captures.

Trojan Horses and Worms are set up to take over functions of your machine and are designed to act at the will of the perpetrator.

To illustrate the seriousness of the situation, the mechanics of the Denial of Service (DOS) attacks are most instructive.

DOS attacks depend on the fact that about 60% of the computers out in the user environment, are being used precisely as they came from the factory. They have never been brought current or updated. In other words, the openness of the computers is as the user bought the computer from the vendor. No vendor has installed any software, in general, that would take care of the problem and provide a total means to make any machine secure.

Now that we have said that there is a problem, it is best to understand the depth of this particular problem by studying how a DOS attack works.

The first thing that happens is that computers are located by a series of PINGs out on the internet (whether dialup or otherwise). This is pretty much arbitrary and is often achieved by issuing PINGs to successive IP addresses. Furthermore, the sequence is repeated until all machines in the range have been identified. Dialup is as vulnerable as broadband is — it is the time, not the speed, that counts.

So now that we have identified machines that are vulnerable, then a worm or Trojan Horse is sent out to the identified machines; say 10,000. Now that 10,000 machines have the payload of a program of the perpetrator’s choice, what happens next depends on the desires of that person. Some of the scenarios are that at a specific time, messages are all sent, continuously, to an address predetermined to cause havoc or to swamp a specific server such as the White House or Gibson Research. Go to www.grc.com for a further education on DOS attacks.

The point of the above narration is to expose you to the realities of just what activities are being promulgated on unprotected and unsuspecting computer users.

Just how does one protect oneself from a DOS attack? Basically you can’t, other than disappearing behind a firewall in the first place — but this is not entirely practical. If you are running a server that is open to the public such as the White House, disappearing from the net is not an option.

Further, the 10,000 machines that have the worms on them are really quite vulnerable as the resident program can do benign things like display taunting messages on the screen or attack the White House or even delete all files on the hard drive of all 10,000 machines. The machine is totally at the mercy of the worm’s author.

How do you protect your machine from worms? In a word: Zone Alarm.

Zone Alarm can only be downloaded from the Web. It comes in two forms — free and $29.

The free version is a good place to start as it provides to all users the capability of putting all traffic to your machine under your control.

When first installed, Zone Alarm will ask if a particular function on your machine should be allowed to have access either in or out of your machine. Even things like Internet Explorer are blocked until you give your blessing. The effort is minor and you know what is going on with your machine. Within a very short time, most of the queries will be satisfied and you will begin to forget that there is such a thing as Zone Alarm operating on your computer — with one exception: PINGs from other computers.

Each time you are PINGed by another computer, you will see a pop up informing you of the fact. You will be astounded just how much intrusion activity is directed at your computer. In case of several PINGs without your being there to acknowledge them, a counter will be set up in the pop up along with controls that will permit you to inquire about each one if you so choose.

It is at this point that the difference between the free Zone Alarm and the $29 Zone Alarm is most evident — the $29 Zone Alarm will tell you who and where the PING originated and the administrator of the server through which the PING was originated.

For instance, I found that I was routinely being PINGed by a North Korean university, a university in Omaha, Nebraska, a site in Japan, and a site in Scandinavia are just a sample. Just what business does any site mentioned above have with my machine? The answer obviously, is NONE!

Activation of Zone Alarm was also an enlightenment.

In my case I went to the Zone Alarm site using a just-loaded pristine machine and downloaded a copy of Zone Alarm. The machine was on the Internet for possibly three minutes. As soon as I completed the download of Zone Alarm, I disconnected from the Internet and set up Zone Alarm to my liking. A few minutes later I reconnected to the Internet and was immediately hit with 142 PINGs from around the world in a period of five minutes. There are two explanations for this. First, that the Internet was full of persons waiting for any new, unprotected, machine to appear on the Internet. The second is that bots were waiting in and around the Zone Alarm site because unprotected machines, ipso facto, arrive at the Zone Alarm site. It is for this reason that the SPAUG CD has a copy of Zone Alarm on it so that you do not have to go out on the net in order to load a copy onto your own machine.

In the above manner, you will control who gets access to your machine and assure that you do not have any unwanted accesses or Trojan Horses or worms on your machine.

But that leaves viruses. Viruses are attachments or inclusion in e-mail designed to activate an action on your machine at the will of an outside person. The most effective deterrent to viruses is a copy of Symantec’s Norton Anti-Virus 2002. Yes, I know there are lots of anti-virus programs out there, but the Norton seems to be the most aggressive and have the best explanations on their website when there are viruses to be removed. The McAfee site seems to be too lazy to make clear explanations of how to clear viruses and their sign up procedure is Byzantine.

One problem with the Norton Anti-Virus is that, out of the box, the virus updates are updated only once a week, an interval that is entirely too infrequent. One needs to go to the scheduler and reset the interval to daily to assure that fast-moving viruses are not missed in the interim.

One additional reason that the Norton Anti-Virus should be employed is because the product also checks the e-mail upon output (sending) which is essential to assure that you are not unknowingly harboring a virus.

One negative to any anti virus program is the fact that there is a speed overhead that must be paid to utilize the program. In the case of Norton, it is about 18% but that is a small price to pay for non-corruption of data by a virus. This is a good reason to have a fast CPU.

Just what is the effect of not doing anti-virus checking? At the Saturday morning clinics, more than one operating system has been effectively destroyed by the damage done by viruses and the only practical course is to wipe the disk clean and reinstall everything from the beginning. If no backups, too bad.

So now that your have the worms and viruses under control, you need to turn your attention to SPAM control.

SPAM is nothing more than Unsolicited Commercial E-mail (UCE). Many accounts have had their usefulness destroyed by spammers because of the constant junk and because of the sheer volume of each message has precluded easy use of the e-mail capabilities. Further, many users don’t seem to realize that SPAM leaves lots of files in the form of GIFs and other materials that were downloaded and left on the machine. Deleting the e-mail offender does not delete the pictures and other graphics. The time you spend downloading is an indication of the extent of junk that is left on your machine. It is to your advantage to spend the time to figure out what directory receives the data and to delete it. In Eudora it is: C:\Program Files\Qualcomm\Eudora\Attach. Equivalents exist on all e-mail programs.

So how to your control SPAM pollution?

First, you go with an ISP that is rabidly hostile to SPAMers such as Earthlink who, if you turn it on, will unleash SPAMINATOR onto your incoming e-mail. SPAMINATOR will filter your e-mail for you and will present to your incoming e-mail all e-mail that is not SPAM. Periodically, you may choose to see the-mail that is being held for you, but I do not bother much as the SPAMINATOR program has never blocked anything that wasn’t SPAM. After three weeks in limbo, the SPAM is flushed if you don’t do it manually. That is your first line of defense.

Your second line of e-mail defense is to use a program such as Mail Washer (free/voluntary donation) which does a number of things on your behalf:

Mail Washer does not download your e-mail from the server but does download the header information. This means that any SPAM or VIRUSES that it might encounter are nottransmitted onto your machine.

Mail Washer presents you with DELETE and BOUNCE boxes for each e-mail, with the checks filled in for the Mail Washer determination that the e-mail is really SPAM or a Virus. The determinations are remarkably accurate. The program is on the SPAUG CD.

Since I have SPAMINATOR, much of the SPAM never gets to Mail Washer; but some does and thus Mail Washer cuts my involvement even further.

One key action that Mail Washer takes is that if I have some SPAM and I agree that it is SPAM, then Mail Washer will return a message to the sending server that says that my account is not a valid address in an attempt to have the SPAMMER remove me from their list. It does seem to work. In fact, Mail Washer is so effective and easy to use that I have been using it in preference to the SpamCop product.

SpamCop is another approach to the control of SPAM. It works only after the SPAM has successfully worked its way onto your machine and you really want to assure that you don’t see it again. SpamCop assists you greatly by scanning the SPAM in great detail and, in an automated manner, creating a message to the majordomo of the offending ISP that is hosting the SPAMer with specific information appropriate to the majordomo’s deleting the offending account. I have received a number of responses from ISPs thanking for the input and informing me that the account has been deleted.

One additional feature of the use of SpamCop is that the offender goes onto the embargo list and the offender stays there for quite a while. Many other organizations use the list as a means of filtering SPAM and I would not be surprised if the Earthlink Spaminator were a user of the filtering input.

Always, after sending information through SpamCop, the offending message is sent to junkmail@earthlink.net so that Spaminator can be updated — so I hit ’em twice if the SPAM makes it through the two screens.

A third aid to control your environment on the computer is Pest Patrol which looks for bots (short for robots) that are placed onto your machine for the purpose of providing advertising and demographic information to the people who create websites you might visit. They are gathering information about you and your buying habits and are passing them on to the website owners where they might even further be sold to spammers and other undesirables including more website hosts.

Pest Patrol is not free ($29) but can be bundled with Zone Alarm and is the most effective anti-hacker utility that precludes your being a party to a DOS attack and other malevolent programs. It can be downloaded from www.sunbelt-software.com.

The fourth item to have on your machine for your viewing pleasure is Popup Killer, which stops most of the pop-up advertising and the in-your-face banners and other such junk. The product needs to be updated periodically (let’s say once a month) or whenever the pop-ups begin to get to you.

And finally, you need to assure that you have a “dump” account that is used whenever you do business with anyone so that the releasing of your e-mail is of no consequence as you can merely start up another account and delete the original account. I have a $5 per month account with AOL to which I direct all on-line purchases. Because AOL does no SPAM filtering, it is really a pretty much worthless account, but the acknowledgement of purchase orders on line is a useful function of the account. You can have the same functionality for free by signing up for a Yahoo account.

So there you have it – a means to control your environment, to “go black” (disappear from view). These procedures and programs also thwart the attempts at intrusion and invasive efforts of those who want to control your computer because you are connected to the net.

It is to your advantage to install all of the programs reviewed in order to control the environment in which your computer is expected to operate.

 

Leave a Reply

Your email address will not be published. Required fields are marked *