G'day Guys :wavey:
In this day and age virus's are the least of your worries: hackers and spyware are by far the most virulent and cunning of all online security threats. Let me show you how to declare war on the enemy, by first diagnosing you and your PC's threat, taking the correct course of action and then implementing preventative measures to minimise the risk of it happening again. Online threats are no longer restricted to just bringing down your PC; cybercriminals are now capable of tracking your every move and targeting web sites, such as those of banks, where you log personal data. Understanding the basics of how hackers work , is the first step in arming yourself against your system being compromised.
No PC - and no PC user - is safe from assault. Faster, always on internet connections, make it quick and easy to send or receive information, but the downside of broadband is that it increases the potential for net crime. Larger companies with a healthy bank balance are an obvious target for high-tech criminals, but such denials of service involves banks of computers sending out bogus requests simultaneously. To do this, the hackers need control of multiple PC's and are therefore constantly on the lookout for suitable hosts.
As well as exploiting your PC'sweb connection for destructive acts, hackers may also find the data stored on your PC invaluable. Malware in the form of keystroke-logging software hides itself within your PC and reports everything you type to the person that planted it there. If a hacker takes over your computer, they can have a rummage around for themselves, investigating any unencrypted files or folders, uncovering financial details and any personal data.
Most recently, there have been numerous scams to get you to reveal bank or credit card details (commonly known as 'phishing'). Data searches to find unencrypted passwords are very common too. In the wrong hands, such personal details can be used to 'impersonate' you, take out loans using your good credit rating and so on. There is, however, a number of ways you can protect your computer from virus's, scams and hackers. Lets look at the tools to help you clean up and protect your PC from trojans and other attacks designed to compromise your system.
How to diagnose if you've been hacked
If the icon for modem or network connections shows constant activity even when you are not actively using the internet, you are not necessarily being hacked: automatic updates for Windows and other programs often occur whenever you go online. However, updates that occur constantly are unlikely and, in such cases, your PC may be part of a DDoS. There are sveral ways to tell if you have been hacked.
1. Keep abreast of when you're online: to display modem/network connection details go to My Network Places and right click on the icons for Dial-up or LAN settings under View Network Connections. Select Properties and tick the box beside "Show icon in the notification area when connected".
2. High CPU activity or services: a sluggish computer could be a sign that background applications or services are running, some of which may be malware. To check performance, hit Ctrl-Alt-Del and click the Performance tab in Task Manager. When applications are running, the graph for CPU usage will peak quite regularly (mine is at 100%, due to my F@H programs running in the background). Leave the performance monitor on when nothings running. If CPU usage remains high, check under the Processes tab to see which services are running in the background. www.theeldergeek.com/services_guide.htm lists those that should be on your PC.
3. Performance logging and alerts: use Windows XP's more advanced tools to monitor your system. Go to Start-Settings-Control Panel, double click Administrative Tools and select Performance to load the appropriate Management Console. Click Performance Logs and Alert-Alerts, then right click in the empty pane and select New Alert Settings. Give your alert a name and, under the General tab, click Add to include a counter. In the dialogue box that is displayed, select RAS (Remote Access Services) Total and Bytes Transmitted and then, under General, set an alert when the value exceeds the amount you specify. Alerts will now be logged and you can see them by going to the Performance Management Console to view suspicious activity.
Closing the Gaps
Large companies should implement an IDS (Intrusion Detection System) - a line of defence that detects hostile activity on a network. While such systems are expensive, and sometimes hard to use, you can create an ad hoc IDS by combining a firewall, anti-virus software and vulnerability assessment utilities. It's possible to scan for potential security gaps using two processes that are commonly employed by hackers themselves. Port scanning checks against the some 65,000-plus ports a PC can use to communicate across networks. Packet sniffing software analyses data as it travels across networks and is used legitimately by network administrators to monitor network traffic and identify bottlenecks. Unfortunately, unencrypted usernames and passwords are also often transmitted across networks; hackers can use packet sniffing software to detect such important data.
1. Microsoft's scanner:
Most security scanner software is aimed at large companies with price tags to match, but there are a few free applications including the Microsoft Baseline Security Analyser 1.2.1, although it is quite difficult to use.
www.microsoft.com/technet/security/tools/mbsahome.mspx
2. No holes with NeWT 2.1:
Of the free tools available, this is by far the simplest to use
www.tenablesecurity.com/newt.html
Languard Network Security Scanner www.gfi.com/lannetscan is another good free package. After installing NeWT, go to Start-Programs-Tenable Network Security-Tenable NeWT-NeWT Security Scanner. This will check through more than 4000 common security vulnerabilities. To do this, click New Scan Task.
The free version can only check a local network and, for standalone users, you will see the name Localhost listed on the drop-down menu. Select this and click Next, then choose "Enable all but dangerous plugins" before starting your scan. Note that the report generated by NeWT will only be useful if you have advanced knowledge of ports and network connections.
3. Symantec Security Check:
Symantec offers a free online service to check the levels of protection on your PC. Log onto http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym and select the links that appear on the SSC (Symantec Security Check) page to see if your PC has been compromised by hackers or viruses. After you click each link you will be expected to install the Security Check applet (choose Yes when prompted), then a page will appear with your IP address. Click the scan button at the bottom of the page to start the check. If your PC is insecure, the SSC will tell you how and why. Unsurprisingly, the solution is to buy Symantec's Security software lol
4. Open door policy:
A good firewall will protect you from inbound attacks, while also monitoring the applications running on your PC when they make outbound connections to remote systems. (Trojan horse programs, spyware and other malware that sneaks onto your PC often employ your internet link to connect clandestinely to remote servers.) Windows XP's firewall only monitors inbound connections, offering no protection from malware already on your PC. The latest versions of Sygate Personal Firewall or Zonealarm are effective. If you have a broadband internet connection, you may also wish to use a hardware based firewall in conjunction with a software version. Many cable and DSL modems and routers-wireless routers included-have a firewall that you can configure from your PC. Because these hardware firewalls are external to your system, they can't monitor which apps are opening outbound connections, so in reality they can't replace a software firewall running on your PC.
If you would like to see how well your firewall stands up against the nasties on the www, you can go and get yourself tested at some of the links below. Ultimately you need to have all ports blocked, stealthed or non-responsive to the tests:
Shields Up
Sygate security check
PC flank
You need to patch to protect
Most PC's become infected when files and apps sneak in via your web connection. To avoid future breaches, first ensure your browser abd email client are as secure as possible. Common techniques for compromising computers include spoofing a web address (passing off a dangerous site as one that is more respectable) or exploiting loopholes in Internet Explorer's security to pass protected information to sites that are not secure.
1. Detecting Trojans:
Install the latest Windows patches and fixes - that means SP2 if you're running XP. And remember, SP2 does not protect you from all future security flaws so you will still have to update your PC regularly with patches and security fixes. After you have installed SP2, go to Start-Windows Update to access the site: you will be prompted to download a new interface that, among other things, simplifies the process of installing critical security fixes.
2. Safer surfing:
Many loopholes in IE stem from the ActiveX applets the browser allows to run on your machine and, potentially, access your data. To make your surfing more secure, go to Tools-Internet Options and click on the Security tab. Next slide the security level up to High or click the Custom Level tab and disable the options next to various ActiveX controls. If you use Outlook Express, go to Tools-Options and, under the Security tab, check the options that do not allow OE to open possibly infected files via the preview pane or (with SP2) display images in HTML messages.
3. Firefox
IE's popularity along with it's security flaws means it's an obvious attack target, so I recommend you use FireFox instead. FF is fast, responsive and compatable with most pages that IE will display. Common plug-ins such as Flash and Quicktime are not part of the standard installation, however. Some pages need ActiveX controls to display properly - but I've already recommended disabling those applets to surf safely. You can get the latest version of FF here: SysXtreme downloads
along with the Thunderbird email client. If you require anything else for FF, for example plug-ins, they can be found at the browsers home page here FireFox home page
Beware of Trojans
Hackers usually try to take control of your PC by installing Trojans - files that load themselves as part of another innocent-looking program or Web page. Many powerful Trojans, such as SubSeven, are backdoor Trojans and their purpose is to allow a remote party to gain unauthorised access to a PC.
1. Detecting Trojans
Not all anti-virus software looks for Trojans. If such hacks are of concern, use a dedicated scanner such as TDS-3 , Trojan Hunter or (a)squared
Alternatively, scan your PC for Trojans with the online scanner at websecurity trojan scan. Simply go to the site and click "Scan my computer for Trojans".
2. Search and Destroy
Download and install a freeware version of (a) squared from www.emisoft.com/en/software/free then click the Scan button to check your computer for nasties. Of the anti-Trojan apps mentioned, Trojan Hunter and (a) squared are probably the easiest to use, while TDS-3 probably has the largest anti-Trojan database available to any program. It's interface and complexity will be intimidating to new users, but I can highly recommend it for experts who want complete control over Trojans and malware.
If you require more info on other net nasties and how to prevent them, you can read my guide How to remove Browser Hijacks, viruses and spyware with an 'Hijack this' inclusion.
Well I hope this has given you a little more knowledge, if anything, I have tried to keep it as simple as possible. Finally, if there is anything else you want included, pls don't hesitate to ask.
PV :wavey:
In this day and age virus's are the least of your worries: hackers and spyware are by far the most virulent and cunning of all online security threats. Let me show you how to declare war on the enemy, by first diagnosing you and your PC's threat, taking the correct course of action and then implementing preventative measures to minimise the risk of it happening again. Online threats are no longer restricted to just bringing down your PC; cybercriminals are now capable of tracking your every move and targeting web sites, such as those of banks, where you log personal data. Understanding the basics of how hackers work , is the first step in arming yourself against your system being compromised.
No PC - and no PC user - is safe from assault. Faster, always on internet connections, make it quick and easy to send or receive information, but the downside of broadband is that it increases the potential for net crime. Larger companies with a healthy bank balance are an obvious target for high-tech criminals, but such denials of service involves banks of computers sending out bogus requests simultaneously. To do this, the hackers need control of multiple PC's and are therefore constantly on the lookout for suitable hosts.
As well as exploiting your PC'sweb connection for destructive acts, hackers may also find the data stored on your PC invaluable. Malware in the form of keystroke-logging software hides itself within your PC and reports everything you type to the person that planted it there. If a hacker takes over your computer, they can have a rummage around for themselves, investigating any unencrypted files or folders, uncovering financial details and any personal data.
Most recently, there have been numerous scams to get you to reveal bank or credit card details (commonly known as 'phishing'). Data searches to find unencrypted passwords are very common too. In the wrong hands, such personal details can be used to 'impersonate' you, take out loans using your good credit rating and so on. There is, however, a number of ways you can protect your computer from virus's, scams and hackers. Lets look at the tools to help you clean up and protect your PC from trojans and other attacks designed to compromise your system.
How to diagnose if you've been hacked
If the icon for modem or network connections shows constant activity even when you are not actively using the internet, you are not necessarily being hacked: automatic updates for Windows and other programs often occur whenever you go online. However, updates that occur constantly are unlikely and, in such cases, your PC may be part of a DDoS. There are sveral ways to tell if you have been hacked.
1. Keep abreast of when you're online: to display modem/network connection details go to My Network Places and right click on the icons for Dial-up or LAN settings under View Network Connections. Select Properties and tick the box beside "Show icon in the notification area when connected".
2. High CPU activity or services: a sluggish computer could be a sign that background applications or services are running, some of which may be malware. To check performance, hit Ctrl-Alt-Del and click the Performance tab in Task Manager. When applications are running, the graph for CPU usage will peak quite regularly (mine is at 100%, due to my F@H programs running in the background). Leave the performance monitor on when nothings running. If CPU usage remains high, check under the Processes tab to see which services are running in the background. www.theeldergeek.com/services_guide.htm lists those that should be on your PC.
3. Performance logging and alerts: use Windows XP's more advanced tools to monitor your system. Go to Start-Settings-Control Panel, double click Administrative Tools and select Performance to load the appropriate Management Console. Click Performance Logs and Alert-Alerts, then right click in the empty pane and select New Alert Settings. Give your alert a name and, under the General tab, click Add to include a counter. In the dialogue box that is displayed, select RAS (Remote Access Services) Total and Bytes Transmitted and then, under General, set an alert when the value exceeds the amount you specify. Alerts will now be logged and you can see them by going to the Performance Management Console to view suspicious activity.
Closing the Gaps
Large companies should implement an IDS (Intrusion Detection System) - a line of defence that detects hostile activity on a network. While such systems are expensive, and sometimes hard to use, you can create an ad hoc IDS by combining a firewall, anti-virus software and vulnerability assessment utilities. It's possible to scan for potential security gaps using two processes that are commonly employed by hackers themselves. Port scanning checks against the some 65,000-plus ports a PC can use to communicate across networks. Packet sniffing software analyses data as it travels across networks and is used legitimately by network administrators to monitor network traffic and identify bottlenecks. Unfortunately, unencrypted usernames and passwords are also often transmitted across networks; hackers can use packet sniffing software to detect such important data.
1. Microsoft's scanner:
Most security scanner software is aimed at large companies with price tags to match, but there are a few free applications including the Microsoft Baseline Security Analyser 1.2.1, although it is quite difficult to use.
www.microsoft.com/technet/security/tools/mbsahome.mspx
2. No holes with NeWT 2.1:
Of the free tools available, this is by far the simplest to use
www.tenablesecurity.com/newt.html
Languard Network Security Scanner www.gfi.com/lannetscan is another good free package. After installing NeWT, go to Start-Programs-Tenable Network Security-Tenable NeWT-NeWT Security Scanner. This will check through more than 4000 common security vulnerabilities. To do this, click New Scan Task.
The free version can only check a local network and, for standalone users, you will see the name Localhost listed on the drop-down menu. Select this and click Next, then choose "Enable all but dangerous plugins" before starting your scan. Note that the report generated by NeWT will only be useful if you have advanced knowledge of ports and network connections.
3. Symantec Security Check:
Symantec offers a free online service to check the levels of protection on your PC. Log onto http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym and select the links that appear on the SSC (Symantec Security Check) page to see if your PC has been compromised by hackers or viruses. After you click each link you will be expected to install the Security Check applet (choose Yes when prompted), then a page will appear with your IP address. Click the scan button at the bottom of the page to start the check. If your PC is insecure, the SSC will tell you how and why. Unsurprisingly, the solution is to buy Symantec's Security software lol
4. Open door policy:
A good firewall will protect you from inbound attacks, while also monitoring the applications running on your PC when they make outbound connections to remote systems. (Trojan horse programs, spyware and other malware that sneaks onto your PC often employ your internet link to connect clandestinely to remote servers.) Windows XP's firewall only monitors inbound connections, offering no protection from malware already on your PC. The latest versions of Sygate Personal Firewall or Zonealarm are effective. If you have a broadband internet connection, you may also wish to use a hardware based firewall in conjunction with a software version. Many cable and DSL modems and routers-wireless routers included-have a firewall that you can configure from your PC. Because these hardware firewalls are external to your system, they can't monitor which apps are opening outbound connections, so in reality they can't replace a software firewall running on your PC.
If you would like to see how well your firewall stands up against the nasties on the www, you can go and get yourself tested at some of the links below. Ultimately you need to have all ports blocked, stealthed or non-responsive to the tests:
Shields Up
Sygate security check
PC flank
You need to patch to protect
Most PC's become infected when files and apps sneak in via your web connection. To avoid future breaches, first ensure your browser abd email client are as secure as possible. Common techniques for compromising computers include spoofing a web address (passing off a dangerous site as one that is more respectable) or exploiting loopholes in Internet Explorer's security to pass protected information to sites that are not secure.
1. Detecting Trojans:
Install the latest Windows patches and fixes - that means SP2 if you're running XP. And remember, SP2 does not protect you from all future security flaws so you will still have to update your PC regularly with patches and security fixes. After you have installed SP2, go to Start-Windows Update to access the site: you will be prompted to download a new interface that, among other things, simplifies the process of installing critical security fixes.
2. Safer surfing:
Many loopholes in IE stem from the ActiveX applets the browser allows to run on your machine and, potentially, access your data. To make your surfing more secure, go to Tools-Internet Options and click on the Security tab. Next slide the security level up to High or click the Custom Level tab and disable the options next to various ActiveX controls. If you use Outlook Express, go to Tools-Options and, under the Security tab, check the options that do not allow OE to open possibly infected files via the preview pane or (with SP2) display images in HTML messages.
3. Firefox
IE's popularity along with it's security flaws means it's an obvious attack target, so I recommend you use FireFox instead. FF is fast, responsive and compatable with most pages that IE will display. Common plug-ins such as Flash and Quicktime are not part of the standard installation, however. Some pages need ActiveX controls to display properly - but I've already recommended disabling those applets to surf safely. You can get the latest version of FF here: SysXtreme downloads
along with the Thunderbird email client. If you require anything else for FF, for example plug-ins, they can be found at the browsers home page here FireFox home page
Beware of Trojans
Hackers usually try to take control of your PC by installing Trojans - files that load themselves as part of another innocent-looking program or Web page. Many powerful Trojans, such as SubSeven, are backdoor Trojans and their purpose is to allow a remote party to gain unauthorised access to a PC.
1. Detecting Trojans
Not all anti-virus software looks for Trojans. If such hacks are of concern, use a dedicated scanner such as TDS-3 , Trojan Hunter or (a)squared
Alternatively, scan your PC for Trojans with the online scanner at websecurity trojan scan. Simply go to the site and click "Scan my computer for Trojans".
2. Search and Destroy
Download and install a freeware version of (a) squared from www.emisoft.com/en/software/free then click the Scan button to check your computer for nasties. Of the anti-Trojan apps mentioned, Trojan Hunter and (a) squared are probably the easiest to use, while TDS-3 probably has the largest anti-Trojan database available to any program. It's interface and complexity will be intimidating to new users, but I can highly recommend it for experts who want complete control over Trojans and malware.
If you require more info on other net nasties and how to prevent them, you can read my guide How to remove Browser Hijacks, viruses and spyware with an 'Hijack this' inclusion.
Well I hope this has given you a little more knowledge, if anything, I have tried to keep it as simple as possible. Finally, if there is anything else you want included, pls don't hesitate to ask.
PV :wavey:
Thank you guys, it's finished....I think lol
