Sarasota PC Monitor
Tech Talk (5/00)
More computer security
by Brian K. Lewis, Ph.D.*
Member of the Sarasota Personal Computer Users Group, Inc.So far just this year we have had several articles on protecting your computer, in Tech Talk as well as others.
By now I would hope that all cable and DSL modem users would be aware of the problems they can encounter because of their fixed IP address. At least in our area, the cable ISP does not use dynamic IP addressing, which would change your address whenever you restart your computer. Because your IP address doesn't change, and because your computer is connected to the Internet whenever it is turned on, it can be found by anyone with the proper search software. Did you realize that Comcast, your cable service provider, uses this connection to check your computer several times every day? They say they are simply checking the network integrity. However, if they can read your connection, so can anyone else.
I know that dial-up modem users tend to believe that they aren't faced with this intrusion problem. However, the software used by hackers can scan tens of thousands of IP addresses per hour! So, if you surf the net for an hour or two, you have a very high probability of being scanned and attacked. My dial-up connection gets attacked on an infrequent basis, but it does happen. I am very glad I have a firewall set up.
As I mentioned to the attendees at the last Tech Forum, although I paid for and downloaded the BlackIce firewall software, that is not my current firewall. I have since installed ZoneLabs "ZoneAlarm", version 2.1.3. This firewall not only blocks incoming intrusions, it will also block outgoing connections. You can configure it to permit Internet connections from your browser or your e-mail program. I also configured it to work with my Web server updates and to maintain a log of intrusions. I had to remove BlackIce completely to do my Website updates. This is no problem with ZoneAlarm. Consequently, ZoneAlarm is presently my firewall of choice.
If you still are not convinced that you need some sort of firewall protection, then I suggest you read the series of four articles published by Fred Langa on the WinMag Website (www.winmag.com). The series is titled "Secure Your PC Online". You'll find he tells you much the same as has been published in the Monitor. He does discuss his own personal setup and includes some thoughts on protecting a small network. His articles are very well worth reading. There are also references to many other sites where you can find help. For example, I used the smart Whois site (www.swhois.net) to track a recent intruder by using the IP address recorded by ZoneAlarm. To my surprise, it was located in Crete! I am also testing the IDcide software that shows who is tracking you over the Internet. Those results will be in a future article.
Another security item you must consider is the current state of your anti-virus software. If you bought and installed it more than two weeks ago, it is out of date! That doesn't mean you need to buy more. What it does mean is that you must update the virus definitions. This can usually be done by a free download from the manufacturer's Website. Symantec's Norton Anti-virus uses a live update feature to remind you to update the definitions every two weeks or oftener. If you don't keep your definitions up to date, you are not getting the protection you paid for.
If you didn't update your definitions recently, then you are definitely vulnerable to the "911" virus. Strictly speaking, this is a "worm" more than a "virus", since worms propagate and reproduce themselves without any sort of user involvement or action. In contrast, a virus requires some inadvertent action on the part of the user. The worm's activity is triggered on the 19th of the month, deleting files from crucial Windows system directories. (You want to be very sure that your system is not infected with it at that time!) It is not a "high tech" worm, since it was written in the Visual Basic Scripting language. But what's sad-and should be frightening-is that the creation of such a serious and quite damaging Internet threat has become so easy for the "script kiddies." This has been called the "911" worm because shortly before erasing the user's entire hard drive it uses the system's modem to dial 911, producing a large number of "false positive" emergency calls. You can find information on removing all the "911" files on either Symantec's or McAfee's Websites.
Another less recent virus that has reoccurred in the Sarasota area is the "Pretty Park" worm. Although this worm has been around for a long time, if your anti-virus isn't up to date, it can infect your computer. All it does is send itself to everyone in your e-mail address book. The recipients think you sent it, therefore it must be safe, right? Wrong! If you try to run the program either your anti-virus will stop you or the program will infect your computer and all you will see is the 3D pipes screen saver. Once you are infected, you can be certain that it will e-mail itself to your mailing list. There is a program you can download from Symantec (www.symantec.com/avcenter/index.html) to remove all traces of this worm. The file is "fixpark.zip" and is about 120 KB in size, so it is a quick download.
The security of your computer is something you really need to take seriously. All I can do is suggest you take every possible precaution before disaster hits. If we all practice "safe computing" then, just maybe, there will be less incentive for all the hackers.
*Dr. Lewis, a former university & medical school professor, is a computer consultant doing instruction, hardware/software services and system upgrades.
He is available to help you with your home or business computer problems. He does make house calls and can be reached via e-mail at bklew@worldnet.att.net or voice mail at 941/925-3047. :
_______________________________________________________________ Copyright 2000. This article is from the May 2000 issue of the Sarasota PC Monitor, the official monthly publication of the Sarasota Personal Computer Users Group, Inc., P.O. Box 15889, Sarasota, FL 34277-1889. Permission to reprint is granted only to other non-profit computer user groups, provided proper credit is given to the author and our publication. We would appreciate receiving a copy of the publication the reprint appears in, please send to above address, Attn: Editor. For further information about our group, email: admin@spcug.org/ Web: http://www.spcug.org/
The Sarasota Personal Computer Users Group, Inc. has 1,600+ members and was established in 1982. We are members of the Assoc. of PC User Groups (APCUG), the Florida Assoc. of PC Users Groups, Inc., and we are members of the America Online Ambassador Program.
See http://www.spcug.org for all reviews from the Sarasota PC Monitor, go to the Newsletter Section.