PC Special Feature:
The
PC Survival Kit
by Simon Edwards
Whether it's a hacker, a virus or a super-spy, the last thing you want is for one of this lot to get hold of your PC. Fear not, though - we provide the know-how and the software to stop them in their tracks.
Your PC is valuable. Not only did it cost a bomb to buy, but you've probably also splashed out on software and maybe even updated versions of Windows. You'll have spent hours installing and configuring this software so that it does just what you want it to. And you'll have toiled over all the work and personal documents stored safely on your hard disk.
But all this invested time and money is at risk. Hackers would like to take your PC over and add it to their list of Internet-connected playthings. Computer viruses are determined to demolish files on your hard disk. Spies would like to steal your PC's secrets - particularly if you run a business. Your PC is even at risk from your friends and family. Perhaps your well-intentioned children like to 'optimise' your PC, but only ever end up making it crash. Or maybe you have a work colleague who wants to try a new bit of software, but would rather use your machine as a testbed than his own.
If the very worst happens and your PC is stolen, you'll not only lose your expensive hardware, you'll also be parted from your valuable work files and lovingly optimised Windows setup. You'll almost certainly mourn your data loss more than the disappearance of your electronics.
But don't despair. Armed with the information in this feature, and the Survival Kit software on this month's cover CD, you can protect your PC against hackers, viruses, spies, thieves and fools. You'll learn how to encrypt and hide your data, create backup copies, install an Internet firewall, run antivirus software and monitor, control or completely block other people's use of your PC.
You'll also find hints and tips on safe, easy and free ways to secure your computer without the need to install any software or buy any gadgets.
Hackers
The threat: Hackers have made a sport of attacking high-profile businesses and government agencies, but they rarely do so directly from their own computers. This is why they systematically target other PCs in the hope of gaining access and using them as a jump-off point.
How they operate: The most common way to attack a Windows 98/Me system is to use a Trojan horse. This combines some bait, such as an amusing image or rude video file, with a hidden backdoor program that gives the hacker remote control of your computer. When the victim opens the attachment e-mailed to them they simultaneously infect their system with the backdoor program.
What you'll need: ZoneAlarm
You can use ZoneAlarm to block access to your PC from the outside world. Here's how it's done, and how you can check that it works!
STEP 1
First, we set up different security levels for internal and Internet
connections.
Install the ZoneAlarm firewall from the cover CD, then click on the Security tab and move the settings sliders to choose an appropriate level of safety.
Suitable options for most people who access the Web and use e-mail and other standard Internet services is the Medium setting for the Local zone and a High setting for the Internet zone.
STEP 2
Next, we grant access for our Internet applications to avoid confusion
later.
Connect to the Internet and run your usual selection of Web browsers, e-mail clients and FTP programs. Make each try to connect to the Internet by visiting a Web site, checking for mail or trying to download a file from an FTP site. ZoneAlarm will ask if each should to be able to access the Internet. Agree in each case. Doing this for all legitimate programs straight away saves time and makes it more obvious should a Trojan try to connect later.
STEP 3
Oops! Tests reveal that our unfinished Web site is visible from the
Internet.
Next we need to test our Firewall. A Web site like HackerWhacker will run a scan on your computer over the Internet, which is precisely what a hacker would normally do. Enter your e-mail address and wait until the site sends you a Web link and passcode. Visit this link and follow the instructions for running a test scan. Register properly to order a $9.99 full scan.
Alternatively, visit GRC for a free, but more limited, service. Our report shows a chink in our armour - a Web site under development on our network is visible to the outside world. We must have got a setting wrong!
STEP 4
We tighten up the settings to prevent our servers being accessible from
the Net.
To hide the Web server from the Internet at large, but not from the local PC or network, go back to ZoneAlarm's Security settings and tick the Block Internet servers box (while leaving Block local servers unticked). Not only will this stop people outside seeing our half-built Web site, but should a Trojan make it onto our system, hackers will still be unable to connect to it.
Trojans are now totally defeated - ZoneAlarm preventing both the Trojan sending stuff out to the hacker and the hacker sending instructions in to the Trojan.
STEP 5
SuperScan
cannot detect any open ports on our system now.
Time for another visit to HackerWhacker or GRC to test our new settings. You should do this each time you change ZoneAlarm's configuration, just in case you make a mistake and create a hole.
If you have a friend with a connected PC you could try to scan from there, but be aware that you're probably contravening his ISP's rules. Download SuperScan from Foundstone or another scanner from the wide choice at Cotse.com.
TIP
Open an MS-DOS Prompt and type netstat -a to list network services that are waiting for someone to connect. Entries look something like: TCP 0.0.0.0:666 0.0.0.0:0 LISTENING.
The port number (here, 666) could be anything up to 65536, and may indicate a Trojan waiting for its master to take control. Common Trojan ports are listed at Doshelp.com.
Viruses
The threat: Viruses vary in how dangerous they are, but many will destroy your data, render Windows useless and even copy potentially sensitive files to other victims. Sometimes a mischievous virus may have been corrupting data for months before discovery.
How they operate: Viruses can spread via floppy disks, through e-mail messages and from Web pages. The most common types are boot sector viruses, e-mail worms and Web worms. Boot sector viruses copy themselves to and from the parts of hard and floppy disks usually reserved for essential system files. E-mail worms push themselves around using infected e-mail messages, while Web worms jump between Web site server systems as well as infecting their visitors.
What You'll Need: NetCommander, AVG
Our total protection from viruses involves more than just antivirus software. We also need to visit some security Web sites and load up a free Microsoft utility.
STEP 1
Activate
the Virus-Guard module to protect against computer viruses.
Install the all-round Internet security package NetCommander from the cover CD, run it and click on the Virus-Guard button to activate the anti-Trojan engine. Use the System-Guard option to detect changes to your important system files. NetCommander should now guard your system against viruses, Trojans and Spyware (see Spies on page 136).
Go to Options and check the boxes there to ensure NetCommander loads every time you run Windows. Enter a password and you can even lock your PC against local intruders!
STEP 2
Who's
knocking at the door? This time it's only me, but it could have been a hacker.
NetCommander also has a firewall module called Net-Guard, which can repel hackers and pick up on Trojans that antivirus scanners may miss. Both Net-Guard and ZoneAlarm will show you the Internet address, or IP address, of any attacker trying to connect.
The ISP-Lookup tool can be used to find out who has been attacking you. Enter their IP address, as reported by your firewall, and choose a lookup server. Try your own IP address - you could be surprised to see your actual name listed!
STEP 3
Test
your entire system regularly to keep ot clean of viruses.
Ensure that nasty virus-infected files aren't hidden away in the dark corners of your hard disk by running a full antivirus system scan. Install and run AVG from the PC Survival Kit, and select the Run Complete Test option to give your hard disk a thorough check. Then insert any removable disks, such as Zips and floppies, and click Run Removable Media Test to ensure that you won't re-infect yourself!
STEP 4
Download
the latest security fixes and a useful notification utility.
For maximum security you should regularly check for bug-fixes for Windows and other applications such as Internet Explorer and Outlook Express. These are known as 'patches'.
Visit Microsoft's Windows Update site regularly to download the latest security patches. Even better, download the optional Critical Notification utility which will let you know when a really crucial patch is available, as opposed to less important updates such as extra fonts or a new version of DirectX.
STEP 5
Get
the latest news about software vulnerabilities from the Web.
Monitor security sites such as SecurityFocus to find out when new security holes become known. Generally, problems with Windows and other Microsoft software are announced here shortly before anyone else hears about them, so you'll be getting the news as soon as the hackers and virus-writers do!
While there may not be an immediate fix to prevent the next new wave of viruses running riot through your system, at least you'll be aware of what could happen and what to look out for.
Don't trust just one antivirus program. Security professionals always use at least two different programs to increase the chances of finding rogue viruses. Buy one commercial product and install it as well as AVG to provide a high level of protection. McAfee VirusScan 6 and Norton AntiVirus 2002 are reliable choices.
Spies
The threat: Any knowledgeable person with access to your PC can find out what you've been using it for and read all your important files. What's more, they might not need to get anywhere near your PC to successfully spy on you.
How they operate: Windows offers very little in the way of security to stop people browsing through your personal folders such as My Documents. They can also use Internet Explorer to provide a list of sites you've visited recently and possibly crack your Internet passwords. Some software you've installed may even secretly monitor what you do, reporting the results back to its maker for marketing purposes!
What You'll Need: Steganos Security Suite, STARR PC & Internet Monitor
Even if spies break into your home they'll never know your secrets if you use the file hiding and wiping software in our survival kit.
STEP 1
Choose
how much information about yourself will stay on the PC.
Remove evidence of which Web sites you've been visiting, which files you have accessed recently and 'deleted' files that are still occupying the Recycle Bin by running Steganos from the cover CD and choosing the Internet Trace Destructor option.
This program can also delete your Favorites and cookies, which will certainly protect your privacy but may also cause you some inconvenience. A useful halfway house is the option to move these files to a removable disk for later use.
STEP 2
Choose
an innocent-looking image in which to hide your secrets.
Sometimes you need to keep important files on your computer, but don't want anyone to see them. Steganos' File Manager can encrypt files and, even better, hide them within other files. Drag the files you wish to hide into the File Manager window and click the Close and secure button. When prompted, ask to hide the files. Choose a carrier file to contain your secret documents by choosing 'select an existing carrier file'. Suitable files are .bmp images or .wav sound files.
STEP 3
Even
if snoopers find where your files are hidden, your password will keep them out.
When you want to uncover your hidden file stash, simply run Steganos' File Manager again and choose Open and browse to the carrier file used in Step 2. Once selected you'll be asked to enter your password, after which Steganos will extract the hidden files. You are now free to read (and to re-hide) your sensitive material.
You'll want to delete the original files for extra security. Windows doesn't truly delete files, leaving remains that can often be recovered, so use Steganos' Shredder instead.
STEP 4
Choose
how much information you want STARR PC to collect about your users.
Install STARR PC & Internet Monitor to check if others have been snooping around on your computer. Go to the Visual Monitoring tab and allow the software to take a screenshot every few minutes. You can also create a log file that will record what programs people run, as well as their usernames and passwords. Clearly there is potential for abuse of this feature, so always warn friends who use your computer that they are being watched.
STEP 5
STARR
can keep a close eye on how people are using or abusing your Internet account.
If you want to know which Web sites people are visiting, or what they're saying about you during online chat sessions, turn on the settings in PC and Internet Monitor that relate to WEB, CHAT conversation and AOL. Your log file will then be furnished with full details of what others have been using your Internet connection for. This can be useful when keeping track of youngsters' online behaviour, without causing a scene. We still recommend adult supervision when using Internet chat services, however.
STEP 6
Watch
out: often, well-known software has some lesser-known snooping features.
Even large software companies are not averse to spying on you and gathering information about how you use the Internet. If you disagree with this practice of gathering marketing information, make sure you don't use products identified as Spyware. Your firewall will identify any Spyware built into non-Internet software. If in any doubt, check the Spyware database at www.spychecker.com to find out if you are leaking information to companies and other organisations.
If you think this is not a real problem, be aware that Netscape's SmartDownload software gathers data about what you download and sends it back to Netscape.
Fools
The threat: The threat comes from friends who think they know more than they do about computers, enthusiastic but careless children and anyone who thinks they can operate a computer when drunk.
How they operate: Usually in an effort to help, an incompetent user will delve into your system settings, reconfiguring the Registry with barely a thought - but they never make a backup first. They turn off the computer without shutting down Windows, delete program files without properly uninstalling them and install unstable shareware downloaded from unreliable Internet sites. They can't help it, but they're still dangerous.
What You'll Need: System Security 2001
Your PC probably already has ways of keeping inexperienced users from messing it up. If it doesn't, it can enlist the help of System Security 2001.
STEP 1
Users
who have the User but not the System password can't access the BIOS.
The easiest way to prevent unauthorised meddlers accessing and breaking your computer is to use the password feature built into the computer's own hardware. Access the PC's BIOS by booting and watching for a prompt that reads something like, 'Press Del to enter setup'. Press the Delete key, or whichever one is suggested, and go to the security page of your BIOS. Set a System password to stop people messing up your basic hardware settings and a User password to prevent people booting the PC at all.
STEP 2
Screensavers
won't keep out the SAS, but you're safe from colleagues during lunch.
A simple way to keep meddling hands off your work and settings is to use Windows' own screensavers, which can be password-protected. Right-click the desktop and choose Properties, followed by Screen Saver. Choose any available screensaver and tick the 'Password protected' button, followed by the Change button to set the password you want. Find the screensaver file in the Windows directory and create a shortcut to it on the desktop. Click it every time you leave your desk and it will be safe from casual intruders.
STEP 3
When
you get back from the shops your system will be just as you left it.
As a stronger alternative to the screensaver method above, use System Security 2001's password feature to lock your system while you disappear for a coffee break.
Run the program and press the Protection Modes button. Choose the first option, Normal, to lock your computer immediately. Only those who know the user or admin password may unlock the PC. Go to Options to change the background wallpaper displayed when the system is locked.
STEP 4
System
Security prevents even the most 'helpful' friend messing up your PC.
Windows 98 and Me don't have a built-in security system, so anyone who can boot Windows can change any setting and access any file on the PC. Windows XP (see below) is quite different, and we can emulate its improved security with System Security 2001.
Run the program and go to System Policies. There you'll be able to lock people away from, for example, the Control Panel, the Run command and even the Shutdown menu.
STEP 5
In
XP, deciding which users can alter PC settings is a simple point-and-click job.
Why not go the whole hog and upgrade to Windows XP? It certainly makes sense from a security point of view, as you'll benefit from integrated password protection, in-built file and folder encryption, a basic firewall and options that permit or deny individuals or groups of users the ability to change system settings. You can even lock out accounts after a set number of failed log-in attempts have been made.
STEP 6
With
'Switch User' enabled, your PC keeps working securely while you're away.
Windows XP supports a cool feature that allows you to log off, but still run programs. When you've finished working you can choose to Log Off or Switch User. Logging off closes your programs whereas Switching keeps everything running in the background but makes the PC available for other users. They can't touch your files, settings or running software, however.
So if want to allow other people to use your PC when you take a break, the best solution is to upgrade to Windows XP.
Thieves
The threat: Thieves aren't just after your car or TV. Your new Pentium 4 will keep them in stripey jumpers for months. You can't always prevent a house robbery, but you can at least make sure your data is safe.
How they operate: There are two types of theft we will try to counter here - house robbers and desk thieves. The latter are the scum who steal your stapler from your desk, 'borrow' from your small stash of Zip disks and maybe even go through your drawers. House robbers are not going to waste time going through your CD collection; they'll just unplug the computer and have away with it.
What You'll Need: SupervisionCam, Steganos Security Suite 3
As well as using Windows' own file backup software to secure your vital documents, we'll use a Web camera to catch thieves red-handed.
STEP 1
Select
your important files from the list on the left to back them up in Windows.
Find the Backup program that comes with Windows Ð it's in the System Tools section of the Accessories folder (and may need to be installed first using the Windows Setup tab of Control Panel's Add/Remove Programs). First time you run it, you'll be asked if you want to create a new backup job. Click OK and choose 'Back up selected files' from the next prompt. Tick the folders you want to save and choose where to store the backup - on a Zip drive, another hard disk or a CD-R/W drive. If you want to work with a CD-R or CD-R/W ensure you have installed packet-writing software such as DirectCD.
STEP 2
Keep
your critical files portable and safe with a memory pen.
A thief might want to steal files from your PC. If you store your credit card details, password lists and encryption keys on your hard disk consider moving them to a more portable form of storage that you can keep with you all the time. Zip disks aren't very convenient to carry around, but memory cards and USB memory 'pens' are. A tiny 64Mb USB drive costs around £39 (£46) and 64Mb Compact Flash memory unit costs £26 (£30).
STEP 3
Take
some time tweaking SupervisionCam's settings to get the best results.
To create your own PC CCTV system install SupervisionCam from the PC Survival Kit on the cover CD and connect a webcam. Once the camera is installed you're ready to calibrate SupervisionCam's motion detector. Go to the File, Settings page and adjust the Dynamic trigger figure so that the red line only appears when you move in front of the camera. When nothing is moving it should be green. Click OK and click on the blue eye icon to start monitoring.
STEP 4
Caught
in the act, this thief's activities have been caught on camera.
When the thief sits down in front of the computer, the camera starts taking pictures, which you can play back later by clicking on the Play button in the bottom left part of the screen. If you have a network you can display the images on another machine, allowing you to monitor your home PC from work. Go to Tools, Program Settings then click on HTTP server settings. Enable the HTTP server and you can log onto the PC and view things as they happen from another room!
STEP 5
Fill
the Steganos Safe with files you don't want others to access.
Steganos, on this month's cover CD, has a virtual 'file safe' that looks like a normal hard disk from within Windows, but actually takes any file placed into it and encrypts it to a single file. Run Steganos and click on Open Safe. Enter the password you gave when installing the software and you can now access drive X:\ as any other. When you're done, return to Steganos and Close Safe.
STEP 6
No
more forgetting essential passwords - they're all on an (encrypted) record now.
Passwords are easy to remember if you choose weak ones, but strong, complicated passwords are no good if you cannot recall them. Better to use a password manager, such as Steganos' Password Manager. Click Add to create a new record and either type in your details or press the Generate password button to create a new password. Type in any other details you want to remember - the whole file will be encrypted when you're done.
First Published in Computer Buyer, issue 133, June 2002.
The above article is © Dennis Publishing Limited 2002. UK property of Dennis Publishing Ltd. This article may not be reproduced or transmitted in any form in whole or in part without the written consent of the publishers.