Is Your PC a Hacker Tool? How to Test Security
I don’t know who was responsible for last week’s attacks on Yahoo, EBay, E-Trade and other popular Web sites, but there is a remote possibility that I could have been an unwitting accomplice. That’s because I have a cable modem, which connects the PCs in my house to the Internet 24 hours a day. People with digital subscriber lines and businesses with high-speed dedicated lines could be in the same boat.
One possible explanation for the attacks is that an individual or a group of people used software to automatically plant malicious software on other people’s computers, which, in turn, bombarded those sites with millions of bytes of information per second. Because my machines are on all the time, this could happen while I am sleeping.
Being a potential unwitting cohort in crime is bad enough, but what’s more scary is that when you’re connected to the Internet, there is also the risk that someone might be able to access data on your computer or know more about you than you care to disclose.
Users who dial into the Internet with standard modems aren’t likely to pass on a hacker’s instructions, but their privacy could still be jeopardized.
To find out if you’re vulnerable, visit the Shields Up Web page at https://www.grc.com. Run by Steve Gibson, head of Gibson Research Corp., the site tests your machine to see if your privacy or data security is at risk.
I tested my Windows PCs on Gibson’s page and, until I installed some security software, they were “wide open.”
To begin with, Gibson’s Web page greeted me by name, which it inferred from information on my machine. So much for anonymity. If his Web site can figure out my name, so can any other site whose operator is determined to find out who is visiting. Next it told me that my printer, my hard drive and my floppy drive were accessible via the Internet.
I’m a bit of a cynic so I called Gibson to see just how much information he could really extract from my machine. I gave him my Internet protocol (IP) address and permission to hack and, less than a minute later, he told me what directories I have on my hard drive, the names of some of my files and then planted a text file on my hard drive. What’s even scarier, he taught me how to do the same using some simple commands with software that’s already on all Windows computers. In this case, I disclosed my IP address, but there are plenty of ways for hackers to get that information without your permission.
Minutes later, I was spying on a system myself. I couldn’t get into just any machine but I was able to penetrate a friend’s system after he gave me his IP address and permission. Once in, I was able to plant files, read the content of his files and copy them to my own PC. I’m not going to tell you how to do it, but--trust me--it’s very easy. Fortunately, there are also easy ways to keep your machine from being invaded.
One method is to install software that creates a “firewall” around your machine. Symantec, which makes the popular Norton Utilities and Norton Anti-Virus software, publishes Norton Internet Security. This $59.95 program shields your PC from invaders by blocking unauthorized attempts to get into your system. After I installed it, Gibson’s Shields Up Web page was unable to determine my name or anything else about me and neither his Web site nor the tricks he taught me were able to penetrate the program’s defenses. In other words, it protected my privacy and the security of my files. The program also scans for viruses and can also be used to block advertising and protect your kids from sexually explicit and other inappropriate Web sites.
Black Ice from Network Ice (https://www.networkice.com) is another product aimed at keeping hackers out of your computer. This $39.95 program, which works on Windows 95 and 98, scans all traffic between your PC and the Internet and blocks intruders. Both of these programs also have alert features that tell you if someone is trying to get in and they keep a log so you can find out if anyone tried to break in while you were away from your PC.
Norton Internet Security alerts you in “real time” so you can detect a potential intrusion as it happens. A small icon near the bottom of your screen flashes when it detects a potential problem. Zone Labs’ ZoneAlarm 2.0, which you can download for free at https://www.zonealarm.com, offers similar protection.
I’m running Black Ice on one machine and Norton Internet Security on another and, on several occasions during the last 48 hours, someone has “probed” each of my PCs. A probe doesn’t mean that someone was peering into my files or planting a program on my hard drive, but it does mean that an effort was made to identify my machine and possibly to look for security holes. The scary thing about this is that users might not even know this is going on. It’s possible for a hacker to plant software on your machine that can later be triggered to violate your privacy or use your machine as an unwitting “zombie” to attack other machines.
In addition to these programs, there are also some free and relatively simple precautions you can take to protect yourself. One of Gibson’s Web pages (https://grc.com/su-fixit.htm) describes how Windows users can disable the Microsoft file and printer sharing from their Internet connection without affecting their ability to access files via a local area network. Gibson also advises users to choose “uncrackable passwords” and to avoid installing other “backdoors” that hackers can use to gain access to your machine.
None of these techniques are absolutely foolproof, but they offer a reasonable level of security for most users. If you’re in a particularly high-risk situation, you should seek advice from a computer security consultant.
Of course, there are also some obvious things you can do, regardless of whether you have a cable or DSL modem or just log on via a regular modem. Never give out any information to people or Web sites you don’t know or trust and be careful about downloading programs from unreliable sources. Be especially careful with passwords. Change them occasionally, and don’t use the same password for every Web site and service you use. Also, don’t open any programs, Word files or Excel files that arrive via e-mail unless they’re from a trusted source.
Finally, take a deep breath and relax. Sure there are some risks associated with being on the Net, but just about everything worth doing has its risks. Proceed cautiously but definitely proceed. To me, the risk of not using the Net is far greater than the risks of using it.
*
Technology reports by Lawrence J. Magid can be heard between 2 and 3 p.m. weekdays on the KNX-AM (1070) Technology Hour. He can be reached by e-mail at larry.magid@latimes.com. His Web site is at https://www.larrysworld.com.
