Google
Web         Gaudiya Discussions
Gaudiya Discussions Archive » TECH ISSUES
PC problems, recommended software, tips and tricks, coding and so forth. Things that make your life in the cyberspace easier.

Securing Your Virtual Home - Tips on protecting your PC



Madhava - Fri, 28 May 2004 04:38:49 +0530

SECURING YOUR VIRTUAL HOME

- Tips on protecting your PC -

Mr. Joe Farnarkle lives in a small house on 210 West Main Street with his Caucasian dog and precious family belongings. Whenever he leaves the house, he considers it common sense to lock the door, lest villains would plunder his house.

Mr. Daivadarshi Das has a PC at the IP address 182.104.80.102 with his personal correspondence, digital photos and precious documents. Whether his PC is online or offline, he feels confident and safe, knowing that there could be nothing of interest on his PC for anyone; why would anyone then send him one of those computer viruses, or even try to break into his computer?

Sadly, Mr. Daivadarshi Das is eventually in for a heck of a surprise.

In this editorial, we will be covering the basics of keeping your doors locked and the very possible consequences of not doing the same. We will also review ways of keeping your inbox safe from the constantly growing flux of spam.


FOUR VARIETIES OF MALICIOUS OBJECTS

There are basically four categories of malicious objects one ought to keep an eye on: Viruses, worms, trojan horses and spyware. All four, either individually or by taking advantage of each other, can and most likely will bring about varieties of problems, such as stealing your passwords and other personal information, turning your PC into a spam relay station, corrupting or deleting your files, allowing someone to remotely take full control of your PC, or in the worst case scenario, even physically damaging your hardware.

1. A Virus

A virus is a malicious bit of code that attaches itself to a file or a computer program, often attempting to cover its tracks and to duplicate itself for example by e-mailing copies of itself to everyone in your address book. In the past, viruses would commonly travel from one PC to the next over infected floppy disks, but nowadays the most common medium of infection is e-mail attachments.

You have a reason to suspect a virus infection on your PC if your PC unexpectedly slows down, frequently crashes or restarts, or exhibits other varieties of unexpected or abnormal behavior. Note that some programs, and indeed the operating system itself, particularly with older version of Windows, sometimes become unstable independent of viruses. If problems occur with a single program, simply reinstalling the program will generally do the trick. Many viruses, however, will produce no immediate visible results.

Am I infected if a friend tells me that he received an e-mail with an attached, infected file from your address? Most likely you are not. Many viruses grab the address book of the infected PC and mail themselves out attached to e-mails with faked headers, where a random individual from the address book is forged as the sender of the mail. In most cases, it is your common friend that has been infected. Tech savvy humanitarians may want to look at the full headers of such mails to determine the originating IP-address of the infected mail to determine who among their friends is infected this time. This, of course, becomes a tedious task if you receive dozens of such mails on a daily basis.

When you receive an e-mail with an attached file, do not ever open it unless you are either expecting the attachment or the message is clearly directed to you and signed by the sender. E-mail attachments with unusual file extensions such as .scr, .pif and .bat are viruses in 99.5% of the cases. If you are uncertain of the nature of the attachment, it is best to write to your friend and ask whether he has sent you such a file. Corporations such as Microsoft or Symantec will never send updates or patches by e-mail to you, such mails are invariably viruses masquerading as security updates.

The best way to be aware of viruses (or preferably, the lack thereof) in your PC is to have an antivirus program installed. Some popular commercial antivirus programs are Norton Antivirus, McAfee VirusScan, F-Secure Antivirus, PC-Cillin and Panda Antivirus. A good free alternative is Antivir Personal. Remember that an antivirus program will not do much good if it is not kept up to date. Remember to update your virus definition files at least on a weekly basis to keep yourself protected against the latest threats. You can configure most programs to remind you to do the update if you are absend-minded by nature.

2. A Worm

A worm is in many ways similar to a virus, and is often thought of as a subcategory of viruses, with the exception that while viruses require a human being to do something to initiate the infection, worms spread and infect computers automatically. The most common modern worms exploit the various security vulnerabilities in operating systems, most notably in Microsoft Windows.

In addition to regularly updating your antivirus program, you should apply the latest patches from Microsoft. Be sure to visit http://www.windowsupdate.com/ on a weekly basis to apply the latest security patches. Recent versions of Windows, such as Windows 2000 and Windows XP, can also automatically handle the downloading and installation of updates for you (Control Panel > System > Automatic Updates). Unless you regularly install the patches offered, though you are keeping your door firmly closed it won't do much good security-wise with a two feet hole in the middle. Do not think that you can install such patches sometime later; many virus coders download and reverse-engineer the security patches Microsoft releases, coding a worm to exploit that very vulnerability. The sooner you patch your operating system, the better.

A common sign of being infected by a worm is the slowing down of your internet connection; less bandwidth is left over for you since the worm is busy crawling to thousands of other non-patched computers or releasing a coordinated DDOS (Distributed Denial of Service) attack against a major corporate website.

To control the traffic in and out of your PC, it is a good idea to have a firewall installed. A software firewall is a program that stops all attempts of a program to go online unless otherwise permitted; most common firewalls will alert you when a program is attempting to go online, asking you to give it your sanction, and if necessary, whether to remember the permission in the future. Sygate Personal Firewall, ZoneAlarm are two popular free firewalls. Most antivirus program vendors also have firewalls in their line of products, often bundled together with their antivirus program. Unlike antivirus programs, firewalls rarely need to be updated.

3. A Trojan Horse

A trojan horse is exactly what it sounds like: An invasion of your PC wrapped up in a neat, deceptive package. Trojan horses are commonly delivered in e-mail attachments or bundled together or inside with a free software offered for download on the internet. A trojan horse will allow someone to gain remote access to your computer, often alerting them to your presence over the internet and permitting them to do virtually whatever they please.

Antivirus programs will detect most common trojan horses, and a firewall is an effective means of stopping trojan horses when they activate, even if they are installed undetected on your PC.

4. Spyware and Adware

Spyware is commonly delivered together with, or embedded in free software products. When installed, a spyware program may keep track of the websites you visit, gather information from your PC, or otherwise sniff around without your explicit consent, broadcasting valuable information about your habits, or in a worst-case-scenario, your passwords, credit card details and other sensitive information to a third party.

Adware is another brand of undesired software, which will generally track the websites you visit, and based on your interests, feed you with advertisements, such as popup-windows that seem to show up without a relationship with the website you are viewing. Many add-on browser search-bars are examples of adware.

As annoying and fraudulent as it may sound, most of the time we actually agree to this as we hastily choose OK when prompted whether we accept the license agreement for the software we are installing! The morale of the story is to not click OK unless you are certain what you are saying, whether when installing software or otherwise.

If you suspect that an unwanted piece of software may be installed on your PC, you can start the Task Manager (in recent versions of Windows, right click on the Taskbar and select Task Manager) and look at the processes-subpage which lists all active applications in your system. Sort the processes by their CPU-usage and see what's active; if something out of the ordinary shows up, look it up in Google. For example, you would find out that while svchost.exe is a legitimate Windows process, scvhost.exe is actually a combined trojan horse and a network worm.

There are excellent free applications, such as Spybot and Ad-Aware, designed specifically for detecting and removing spyware and adware from your PC. If you ever install free software from the interent, It is a good idea to install such a detection program and run it after installing new software to ensure that nothing unwanted has taken a foothold at your PC.

In general, Google is your friend. Whenever something out of the ordinary comes up or you are about to do something you have not done before, chances are that you are not the first person in the world to do it. Before you do it, look it up at Google. Before you e-mail your friend to ask about it, look it up at Google.


AVOIDING SPAM

How do those pesky spammers get hold of my e-mail address? Well, actually in many ways. Here are some tips to keep your inbox clean.

1. Do not write your e-mail address in a discussion forum, newsgroup, web-page or any other place exactly as it is. In other words, never write Joe@Farnarkle.Com. Either replace the at-mark with something else, such as Joe{at}Farnarkle.Com or Joe-AT-Farnarkle.Com, or add something to it, such as Joe@SPAMREMOVEFarnarkle.Com. Spammers harvest e-mail addresses from all over the internet with automated spambots, and sooner or later your e-mail address will end up on someone's list.

2. Do not reply to spam. Messages encouraging you to opt-out if you do not wish to receive such mail in the future will merely confirm that there is someone receiving mails at your address. If your desire was not respected when you were opted in without your consent, good chances are your desire to opt out will not be respected either.

3. Do not click on links in spam. Such links may contain a tracking code which, when clicked, log your e-mail as active and let the spammer know that your address is worth spamming. Many e-mails are sent to randomly generated addresses, and the spammers seek to confirm them to have quality lists they can spam as well sell onwards to other spammers.

4. A trickier version of tracking valid e-mail addresses is the inclusion of tracking images. The spammer may include an image, which is loaded from a remote server, in the e-mail. The image is loaded from a unique address, which confirms that your e-mail address is worth spamming. To solve this, you need to turn off the viewing of remote images in your e-mails. With some e-mail clients, it may mean that you need to turn off the viewing of HTML-messages altogether. Many webmail-providers block the loading of remote images.

But then, what to do after the fact? Once your e-mail address has already ended up on someone's spamming list, how do you get it out? Well, sadly you don't. The best you can do is filter your mails. Many e-mail clients, such as Mozilla Thunderbird and Eudora have a trainable spam-filter engine built in. Many e-mail service providers also have server-end spam filters, which will either delete probable spam or mark it as such to help you sort it immediately upon receipt to where it belongs - the trash can.


THE CONCLUSION

Keep vigilant and protect both your privacy and your precious data. Nothing in this editorial should be too hard to assimilate once you give it a moment, and everything in it is essential to understand. A little bit of trouble pays off well in the long run as countless hours of spared headache.

If I missed anything important, please drop me a message to have the relevant information included.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Comments on this editorial should go here.