Internet Hygiene: Securing Your Windows PC ========================================== Sverre H. Huseby shh@thathost.com 2000-12-12 Are you brave enough to connect your computer to the Internet? If you surf the web and read E-mail, I guess you are. Are you aware of all the threats out there? Have you guarded yourself against losing your files and your privacy? Most people live in some kind of a neighborhood. We know there may be dishonest people out there. Instinctively, we lock our doors at night and when we leave the house. We put fences around our gardens. And we pull the curtains tight before undressing in the bedroom. It has been that way for ages. We've been raised that way, like our parents. With the Internet, a new neighborhood is emerging. A neighborhood of which we have no deeply buried instincts. We see the Net through our computers, those personal machines that we years ago brought into our homes and offices. How do we protect our computers, and whatever secrets we put on them, from the dishonest people in the new neighborhood? I can assure you: Locking the door of your house will not keep the bad guys out of your PC. One important thing separates the physical neighborhood from the one on the Net: Your physical neighborhood is one of millions of neighborhoods out there. Each neighborhood may contain a few dishonest people. The Internet, on the other hand, is one single, enormous neighborhood. All the bad guys from all the physical neighborhoods may be there. And they all know the address of your "house" -- your computer. I guess you may live in your real home an entire life, without anyone walking up your yard at night to check if your door is open. On the Internet, however, you're lucky if your computer is untouched after a couple of days online. This small document contains some advice on how to make your PC more secure. Be aware that the complete security story, if there is such a thing, would probably span several books. I guess you have better things to do than read a bunch of techie books, and that is why I prepared this rather short text. Some understanding of security is, after all, far better than no understanding at all, so please read on. Update the OS Regularly ----------------------- There's no such thing as bug free software. Even your operating system contains mistakes that make it vulnerable to some kind of attack. Buying from the world's largest software vendor is no guarantee of quality. Programmers are people, and people make mistakes. All the time. Some bugs make irritating error messages pop up. Others make your machine crash. And yet others make your computer more or less available to anyone on the Internet. Without your knowledge. The latter category of bugs is known as "security holes". Security holes in programs are discovered every single day. Did you know that? Every single day! There are mailing lists on the Net where advanced users and software developers participate. A typical session in such a mailing list goes like this: A user reports "I've found that doing so-and-so opens my computer to damage from anyone on the Internet." Or maybe "I was able to crash all the computers where I work by sending so-and-so message on the network." A few days, or even weeks passes, and then the program developers reply "Ok, we have investigated your problem, and made a small patch that fixes the bug. The patch is available here-and-here." A patch is a small piece of program that eliminates the bug, thus tightening the security hole. Do you read such mailing lists? Do you download and install the patches that become available? Probably not. But one thing is sure: The bad guys read the mailing lists. And they develop programs that exploit the holes that are reported, well aware that most people never tighten the holes. The programs are distributed among less advanced bad guys, the "script kiddies", who just run them and do whatever damage they may to any computer they come across. These are the "taggers" of the Net. Spray any wall you can, or ruin any computer you can. No difference. Microsoft must have understood that few people monitor the security mailing lists. They understand that most Windows users are unable to apply patches as they show up. They thus invented the Windowsupdate service, which is available for free: http://windowsupdate.microsoft.com/ When you visit that service using Internet Explorer an follow the link to "Product Updates", a small program will discover what Microsoft programs you have installed. The program will check if there are new versions of the programs, if there are patches available, and if there are any new programs that may be of interest to you. The program guarantees that no information is passed back to Microsoft, so I guess software pirates may run it too. If you see some "Important updates" on top of the list of suggestions made by the program, you should download and install them. These are the most important security patches made by Microsoft. Installation is not difficult. Just spend some time reading the text on the page, and follow the instructions. If installing software just give you the creeps, you should ask someone to help you. These fixes may stop people from crashing your PC, hijacking the session you have with your online bank, getting access to your files, or whatever nightmare you may come up with. Featuring your computer, of course. If you want to go all the way on software updates, you should skim the Windowsupdate page for what Microsoft calls "Service Packs". Service packs are collections of bug fixes and enhancements, released on scheduled intervals. They typically fix more security problems than the Important update patches do. While you're at it, check for upgrades to your Internet software, such as your E-mail program and your browser. Microsoft is focusing more on security now than they did just a year ago. New versions of the Internet programs may contain important security features. I suggest you add the Windowsupdate service to your favorites, and visit it at least once a month. Remember, you lock your door every night. Visiting a web site once a month isn't such a big deal. Use an Anti-Virus Program ------------------------- Virus programs. Trojan horses. Worms. The media have taught us to fear these words since at least the second half of the eighties. Few people know the difference between viruses, Trojans and worms, and use the terms randomly. The difference doesn't matter. What matters is that we are aware that someone out there writes vicious programs that may mess up our computers. Before you want to tell me why you think you're safe, for instance that you never run programs you get from strangers, or that you never double click on those .EXE-files you receive in mails, let's have a look at a common scenario. Let's say you receive a mail from your best friend, or from a colleague, or another person you regularly exchange mails with. The subject of the mail reads "Good joke!", or maybe "More info", or even "Re: " followed by the subject of the last mail you sent to that person. The text of the mail looks innocent, and the attached Word document doesn't look too bad either. So you open it, and read the joke or whatever useless information it contains, and move on to the next mail in your Inbox. Unfortunately, you fail to notice that this particular Word document contains a malicious macro virus that now performs its deeds behind the scenes. In case you didn't know, Microsoft's Office programs have a built in programming language that lets you write "macros"; small pieces of code that extend the built in capabilities of the Office programs. Unfortunately, this macro language is just as powerful as any other programming language. While you read your next mails, the rude virus reads your address book. It picks some or all of your contacts, and mails copies of itself to them. Seconds later your contacts will receive a mail from you. The mail is sent from your computer, has your name on it, and looks just as innocent to your friends as it did to you. The worm is crawling across the Net. But that's not all. Worms and viruses usually do more than just spread. On the next Friday 13th, or the next time you boot your computer, or on any other trigger event that the evil virus writer invented, your files will be deleted. Alternatively, the worm installs a back door on your computer and just sits there waiting for commands to be sent from someone on the Internet. Commands that will make it steal your passwords, or that will make it attack other computers on the Net. "Wait a second", you say. "I never view Word documents, as I know about this macro stuff. I always ask people to use the RTF format, as it doesn't contain any macros." You're right about that. But try this small experiment: Take a Word document that contains macros, and rename it into an .RTF document. That is: rename the file, don't "Save as" or something. Now double click it. What happens? Word starts up, examines the document, and finds that it contains a "real" Word document, despite its name. Word then happily executes all the macros. Experiment conclusion: Never trust an .RTF filename extension. "This scares me. I'll never open an attachment again", I hear you say. Unfortunately, I have to scare you even more. There have been several bugs in popular mail software that make it possible to execute misbehaving programs even without opening any attachments. The same kind of bugs make it possible to trick your computer into running programs just by visiting a web page. There is no reason to believe that bugs like that will not show up again. If you want to live your life on the Internet, you'll have to live with the threats of viruses, worms and Trojan horses. Please don't pull your hair out in despair. Even if there are threats out there, you may greatly limit the risks of being hit by a vicious program. First of all, you should be suspicious to every attachment you receive, even if they come from people you know. Second, you should install and maintain an anti-virus program. Anti-virus programs work closely with Windows. Whenever a program attempts to open a file, including attachments and ActiveX objects, the anti-virus program will step in and scan the file for known viruses. If something suspicious is found, the anti-virus program will refuse the operation. There is, however, one problem with most virus protection software: They work by looking for extracts of known destructive programs. New destructive programs are discovered every day, so it won't be long before your protection is "worn out". Serious vendors of anti-virus software update their virus signature files often. You should try to keep up with them. Learn how to update your virus protection. Update it regularly, and update it often, at least once every two weeks. In doing that, you'll be as safe as anyone can be against malicious programs without sacrificing your entire Internet connection. Hide Behind a Firewall ---------------------- A firewall on your personal computer? That really sounds like overkill. But please read on, you may be amazed! Firewalls are typically associated with expensive hardware and software used on large corporate networks. They're built to protect business secrets from the preying eyes of advanced techno-spies by filtering unwanted network traffic. Nowadays companies are actually selling and giving away small firewall programs for personal use. Why? Remember the Trojan horses I told you about? The programs that make it possible to remote control your computer? Well, if you're infected with one of those programs, someone will want to open a network connection to your computer in order to be able to control it. That connection may very well be categorized as unwanted network traffic, and is thus a job for a firewall. What most people fail to understand, is why their particular computer is a target for remote control Trojan horses. After all, the computer contains nothing but boring programs and a few personal mails and documents. And you're right. The bad guys seldom care about your personal mails. What they normally want is your network connection. If someone wants to break into a highly guarded computer system, they normally do not want to do it from their own computer. Finding the direct source of a break in attempt is rather easy. What they normally do, is cracking a series of computers, and creating a chain of controlled hosts. The last one in the chain is used for the break in. Such a chain is almost impossible to track, at least if it involves computers in several countries. Obtaining necessary log files typically requires the cooperation of local authorities. Establishing that kind of cooperation across national borders normally involves lots of resources. The crack chain is one reason somebody wants your network connection. Remember how someone took down Amazon and Yahoo! early in the year 2000? The large scale web sites were flooded with requests in what is known as a DDoS, a distributed denial of service attack. Presented with an enormous amount of fake requests, the servers were overloaded, and thus unable to handle legitimate users. Taking down the world's largest web sites requires far more computer and bandwidth power than a single home computer offers. The attacker needs to be able to control a number of networked hosts, and order them all to attack at once, hence the term "distributed". A few hundred home computers will do, including yours. DDoS is a second reason somebody wants your network connection. A third reason involves a bunch of simple minded people who just get the kicks of being able to control several computers. Their pleasure increases proportionally with the number of computers they "own" without the knowledge of the owner. Enough talk. What can you expect to find once you install one of those firewall programs? If you're constantly connected to the net, for instance using a cable modem, the firewall will report several break in attempts each day! Your computer may be totally anonymous, but as long as it has an address, which it has when on-line, someone will find it while scanning the address range of your ISP. Even if you just connect for short periods, you will be probed. The firewall will protect your computer from remote break in attempts. And it will also serve another purpose: The log will help you remember that a large number of people in this world wide neighborhood is constantly looking for someone to exploit. As long as you remember, you won't be their victim. Back Up Your Work ----------------- I guess you've heard about backups. I also guess you don't have any. Few of my computer literate friends have backup of their hard disks. Some of them think they don't have anything valuable on their computers. Others plan to make backups "later". What they have in common, is that they all weep when they have a disk crash. Or an attack of a malicious virus. They never imagined how long it would take to recollect all the games, all the programs, all the music, and whatnot they had on their PCs. They never thought about their digital holiday photos, their E-mail, their financial data, their home grown programs, their secret diary, their phone directory, their student projects, and whatever they learn to value once it is gone. Some files are time consuming to recreate, others are just impossible. You may think that backing up your disks is expensive. And it may be. You need a tape drive, a CD recorder, a Zip-drive, or any other gadget that lets you store your stuff away from your PC. Read some catalog and find the price of that equipment. Then skim through your hard drive and try to put a price on every directory and file, particularly those you created yourself. I'm sure the result of the comparison is quite convincing, at least if you are old enough to realize that time is, in fact, money. Ok, let's assume you are convinced. You want to start making backups of your files. The next advice then, is: Keep your backups for a long time! You don't need to keep all your backups for a long time, but once in a while you stove your backup media away, and don't overwrite it for a couple of years. How often once in a while is, depends on how much you use your computer. There is one single reason for keeping old backups: Virus. A virus program will, by definition, modify your executable files, including documents containing macros. Other malicious programs may slowly ruin your files by changing random bytes from time to time. The longer the naughty program runs undetected, the more files will be ruined. Of course your backups will be ruined too, as they just contain copies of all the damaged files. At that time, an old backup may save you a lot of work. Another advice is: Test your backups. A backup is of no good if you, when you suddenly need it, discover that all backed up files are empty. Verify that you are able to extract files from your backup media. What separates making backups from the other advice in this text, is that backups not only protect against dishonest neighbors. They protect against failing hardware and software too. All hardware fails sooner or later. Software contain bugs that may delete files. Even you may inadvertently delete some files. In those cases, backups may be life savers. Sort of. If you choose to pick just a single advice from this text, choose backups. Summary ------- We all known that our home needs some housekeeping. It needs to be painted once in a while. It needs to be cleaned quite often. Someone will have to do the dishing. The refrigerator doesn't fill itself up. In general, we need to look after things. Of course, it goes without saying: We easily spot decay and floating fluff, and our stomaches are quick to complain when there's no food around. After reading this text, you hopefully understand that your computer needs the same kind of nursing to remain healthy and usable. We are the pioneers of a before this unseen society. To survive, or at least to keep our privacy, we need to update our instincts. We need to establish some new routines. Make it a habit to look after your computer. Upgrade your software. Update your virus protection. Keep an eye on your firewall. And make sure those backups are taken care of. If you do, you will be in control. You will keep your integrity and your privacy. See you in our neighborhood! Links ----- Do you want to know more? Take a look at the following sources of computer security related information. Securityportal gives you security news, tests of security software and more. http://www.securityportal.com/ Test of personal firewalls http://www.securityportal.com/articles/pf_main20001023.html Microsoft's entry point for security information. http://www.microsoft.com/technet/security/ How to increase security in Outlook and Internet Explorer http://www.microsoft.com/TechNet/security/crsstqs.asp Securityfocus gives you news and headlines, as well as a searchable database of vulnerabilities. It is also the home of the Bugtraq mailing list, where many security problems are published. http://www.securityfocus.com/ A cult book on computer crime. Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage Clifford Stoll, ISBN: 0743411463 About the Author ---------------- Sverre H. Huseby holds a Master degree in Computer Science from the University of Oslo. After spending some time as the "Security Process Owner" of a medium sized software company in Norway, he is now trying to earn his living by teaching computer security. Sverre may be reached at shh@thathost.com --------------------------------------------------------------------- Article published by SecurityPortal February 2001. http://securityportal.com/articles/hygiene20010201.html