GENERAL SECURITY ANNOYANCES

GET FREE SECURITY CHECKUPS

The Annoyance:

I installed a firewall on my kid's PC, but being the paranoid parent that I am, I want to make sure I've locked out the bad guys. How can I give it a simple checkup?

The Fix:

For the most comprehensive check of your online security, head to Gibson Research (http://ww.grc.com) and perform the ShieldsUp test, which scans your PC for browser vulnerabilities, open network ports, and similar security flaws (see Figure 9-1). Also perform the Leak test, which checks your PC's vulnerability to Trojans. The Symantec web site (http://www.symantec.com) also offers a free online security test and a free online virus scanner. Click the Symantec Security Check link on the Downloads section of the main page to run their security scan. However, be wary when following the Security Check's adviceif it detects an older version of Norton AntiVirus on your system, for example, it will say you're at risk for getting a virus, even if your virus definitions are up-to-date.

Figure 9-1. ShieldsUp performs a comprehensive test of your online security. Here, it checks for open ports.

Microsoft's free security tool uses a different approach. The Microsoft Baseline Security Analyzer checks to see whether you've installed the most up-to-date Microsoft security patches and service packs, and looks for improperly configured security settings. To download it, go to http://www.microsoft.com/downloads and search for "Microsoft Baseline Security Analyzer."

BROWSE IN PERFECT ANONYMITY

The Annoyance:

Wherever I go online, I get the feeling someone is watching, tracking what I do and the pages I visit. The Attorney General is enough of a Big Brother; I don't want to have to worry about who's watching me on the Web as well.

The Fix:

You're right; web sites can gather an astonishing amount of information about you. They can track your online travels, tell what operating system and browser you're running, find out your machine name, peer into your clipboard, uncover the sites you've visited, examine your History list, and delve into your cache. They can also examine your IP address to learn basic information about you, such as your geographic location. To get a sense of the kind of information web sites can find out about you, head to the Anonymizer web site (http://www.anonymizer.com) and click the Free Privacy Test link. It will display your IP address, your current geographic location, the contents of your Windows Clipboard, and more (see Figure 9-2). It's pretty sobering stuff.

Figure 9-2. Go aheadscare yourself. Head to this site and see just how much of your personal information can be exposed.

The best way to make sure that web sites can't gather personal information about you and your computer is to surf anonymouslythat is, use an anonymous proxy server that sits between you and the web sites you visit. When you use an anonymous proxy server, your browser doesn't contact a web site directly. Instead, it tells a proxy server which web site you want to visit. The web site sees the IP address of the proxy server, not your PC's IP address. It can't read your cookies, see your History list, or examine your clipboard and cache because your PC is never in direct contact with it. You can surf anonymously, without a trace.

To use an anonymous proxy server in concert with your browser, follow these steps:

1. Find an anonymous proxy server. Hundreds of free, public proxy servers are available at http://www.atomintersoft.com/products/alive-proxy/proxy-list. The web site lists information about each server, including its uptime percentage and the last time the server was checked to see if it was online.

2. Find the server with the highest percentage of uptime. Write down the server's IP address and the port it uses. For example, in the listing 24.236.148.15:80, the IP address is 24.236.148.15 and the port number is 80.

3. In Internet Explorer, select Tools Internet Options, click the Connections tab, and click the LAN Settings button.

5. Click OK and then OK again to close the dialog boxes.

   Figure 9-3. Set up Internet Explorer to surf the Web anonymously.

   
   
   

Now when you surf the Web, the proxy server will protect your privacy. Keep in mind that proxy servers can make surfing the Web much slower,.

You may also want to use a web-based, anonymous surfing service. For example, Anonymizer, Inc. (http://www.anonymizer.com) offers free and fee-based services. Each service installs a toolbar within Internet Explorer, which you can use to turn on anonymous browsing. The fee-based service costs $29.95 per year and offers benefits beyond those of the free service. For example, it shields your IP address and lets you set custom anonymity levels for different web sites. It also lets you completely block certain web sites.

Another solution is to download software that will automatically configure your browser to use anonymous proxy servers. It will also automatically find the fastest one, without any setup on your part. For example, GhostSurf (http://www.tenebril.com/products/ghostsurf) uses multiple anonymous proxy servers and always checks for the fastest one. The software costs $29.95, but you can download a free 15-day trial version if you want to check it out.

BEWARE OF PHISHING EXPEDITIONS

The Annoyance:

I received an email from eBay the other day, asking me to validate my user ID and password. When I clicked the link, I was sent to what looked like the normal eBay web site and entered the information. A few days later, I found out that someone was using my eBay ID to scam people. This slimeball even got my credit card information! How can I prevent this from happening in the future?

The Fix:

You've been the victim of a so-called "phishing" expedition, in which an email is sent claiming to be from a legitimate web site or business (such as eBay, PayPal, or Citibank). In the body of the message, you're asked to click a link to a web site so you can verify your account information. The return address appears to be from the company (for example, accounts@eBay.com), and the web site looks legitimatethe design, layout, and even the address bar look like the real web site. But when you type in the information, it goes to the scam artist running the phishing expedition, and he's off to the races with your credit card or web site account information.

To make sure this never happens to you in the future, follow these tips:

• Never respond directly to an email message asking you for your username, password, or other information. Sites like eBay will never send out a request for this type of information.

• If you're not sure whether the email is legitimate, don't click any links within the body of the message. Instead, go directly to the web site from your browser, log in, and see if you have any messages. You can also contact or email the company directly and ask whether they requested any information from you.

• Forward potentially spoofed email to the business that supposedly sent it. They will attempt to track down the source of the spoofed email and cut down on future phishing expeditions. You can also forward the email to assorted groups that fight phishing, such as reportphishing@antiphishing.com and uce@ftc.gov.

• Keep Windows XP updated. Some phishing expeditions exploit browser vulnerabilities, and Microsoft constantly releases patches to fix those vulnerabilities. Use Windows Update or visit http://windowsupdate.microsoft.com to keep your system updated with the latest patches.

  ---

  Tip: According to the research firm Gartner, an estimated 57 million people have received email from phishers. Gartner estimates that identity theft fraud caused by phishing attacks cost U.S. banks and credit card companies $1.2 billion in 2003 alone. Despite these staggering statistics, officials rarely find and prosecute phishers.

  ---

GUARANTEED, FOOLPROOF WAY TO UNCOVER SPOOF SITES

The Annoyance:

Many companies use weird web addresses and URLs to hide their true identity. Is there a simple, foolproof way to reveal the real name of the site I'm visiting?

The Fix:

Go to the address bar of your browser, type in the following JavaScript command, and press Enter:

     javascript:alert("Actual URL address: " +     location.protocol + "//" + location.hostname +     "/");

A small window will pop up in the middle of your browser, telling you the actual web site you're visiting (see Figure 9-4). Check the URL to see if you're really visiting the site you think you're visiting. That way, you can always protect yourself against spoofs.

Microsoft has a useful knowledge base article that explains how to protect yourself against spoofed sites. To read it, go to http://support.microsoft.com and search for article 833786.

Figure 9-4. Yes, the site looks like eBay, but if you enter your personal information, your credit card details and identity will be stolen. The JavaScript command exposes this fake eBay web site as a phishing expedition.

BLOCK SNOOPING NEIGHBORS

The Annoyance:

A friend of mine used to easily spy on the hard drives of neighbors who, like him, had cable Internet access. Why was it so easy? And how can I make sure like-minded snoops can't get into my PC?

The Fix:

Cable setups are not unlike local area networks, and you and your neighbors are essentially "nodes" on that network. (It's one reason your access slows to a crawl when Johnny next door decides to download a movie.) If you have file sharing enabled on your PC, your cable-connected neighbors can spy on your PC. One way to solve the problem is to use a firewall, such as ZoneAlarm (http://www.zonealarm.com) or the built-in Windows Firewall. Both firewalls will stop outsiders from snooping on your PC.

To be absolutely safe, you can also turn off file sharing on your system for your cable connection:

1. Right-click My Network Places and choose Properties.

2. Right-click your cable Internet connection and choose Properties.

3. Uncheck the "File and Printer Sharing for Microsoft Networks" box and click OK.

4. Restart your computer. File sharing is now disabled.

MY KIDS KEEP DOWNLOADING MALWARE

The Annoyance:

My kids keep downloading some piece of malware that damages my PC. How can I make sure they can't connect to the Internet when I'm not around, short of locking the cable modemor themin a closet?

The Fix:

You can disable your Internet connection when you leave your PC. Right-click My Network Places and select Properties. Right-click the Local Area Connection for your network card and choose Disable. If you have a network icon running in the Notification area (or System Tray), you can also right-click the icon and select Disable. To re-establish the connection, right-click the Local Area Connection or network icon and choose Enable.

BEWARE OF SPOOFED EMAILS

The Annoyance:

I own my own domain, and I got an email the other day from someone claiming to be my domain's mail administrator. The message asked me to confirm my password and username. But I'm the domain administrator, and I didn't send the message to myself! Odder still, the email seems to have come from an address in my domain. What's going on here?

The Fix:

Your email has been spoofedsomeone has managed to forge the sender's address and make it appear as if the email came from you. If you respond to the email with your password and username, the message will go to the person who spoofed your email, and the sender will have complete access to your domainso don't do it! Email requests for your username and password details are sure to be spoofs, not legitimate requests. Exercise caution, and don't give that information away.

KILL THE WINDOWS MESSENGER SERVICE

The Annoyance:

I just got a pop-up spam that wasn't even in a browserin fact, my browser wasn't even open! What kind of magical, black art produces these pop-ups, and how can I stop them?

The Fix:

You're getting pop-up spam from Windows XP's Messenger Service, which was originally designed so that sysadmins could send notifications over internal local area networks. For example, a network administrator might notify network users when a server goes down, or a printer may notify you when a print job finishes.(The Messenger Service is not related to Windows Messenger and MSN Messenger, Microsoft's instant messaging programs.) Spammers are exploiting the technology more and more, blasting text pop-up messages to IP addresses across the Internet. It's not uncommon to get a string of them in just an hour.

To put a stop to these amazingly annoying pop-ups, disable the Messenger Service:

1. Type services.msc at a command prompt or in the Run box, and press Enter to display the Services Console.

2. Double-click the entry for Messenger, then choose Disabled from the "Startup type" drop-down menu and click OK (see Figure 9-5).

   Figure 9-5. Disable the Windows Messenger Service to quash annoying spam.

   
   
   

Pop-ups will no longer get through. If you're on a LAN, you won't be able to get network messages from administrators, either, but this shouldn't be a problem as network administrators are increasingly moving away from Windows Messenger Service for communications.

You can also kill these pop-ups with a personal firewall, such as ZoneAlarm, Norton Personal Firewall, or the built-in Windows XP Firewall, and if you have a home router you can block the port over which the messages are sent (UDP port 135). However, there is no guarantee that this will always work. Many ISPs block inbound traffic on UDP port 135, and spammers respond by sending the messages via UDP port 1026. Check your router's manual for instructions on blocking ports. The following steps use a Linksys router as an example:

1. Log into the router's setup screen, at http://192.168.1.1. Enter admin as the password, and leave the username blank (unless you have changed the defaults).

2. Choose Security Filter.

3. 
   

4. For the second entry, type 137 for the Start range and 138 for the End range. Choose UDP from the Protocol drop-down menu to block UDP ports 137 and 138.

5. Follow the above steps to block the following ports: TCP 139, TCP 445, and UDP and TCP 1026.

6. Click Save Settings. The ports will now be blocked.

INTERNET EXPLORER BLOCKS MY DOWNLOADS

The Annoyance:

Everyone told me to get Windows XP Service Pack 2, because it includes a lot of extra security features for Internet Explorer. But now I can't download any software. This is Microsoft's way of keeping me safe? Thanks, but no thanks.

The Fix:

By default, the version of Internet Explorer that comes with SP2 blocks files from being downloaded without your knowledge. When IE blocks a download, it displays an alert in the Information Bar (just below the Address Bar). To let the download through, simply click the Information Bar and choose "Allow this page to download files" (see Figure 9-7).

Figure 9-7. Allowing a download using Internet Explorer's download blocker.

When you click a link to download a file, you should be able to download normally. But if you get the "Your current security settings do not allow this file to be downloaded" error message, you'll have to change your download settings. Select Tools Internet Options and click the Security tab. Select Internet as the "Web content zone," and click the Custom Level button. Scroll to the Downloads section. Choose Enable for "File download," and click OK. Click Yes when you get a message asking if you want to change your security settings, and then click OK. From now on, when you try to download a file, it will be blocked, but the Information Bar will appear, allowing you to complete the download.

YIKESSOMEONE STOLE MY WEB SITE PASSWORD!

The Annoyance:

I found one of my daughter's friends logged into a web site using my account, with a password that I thought only I knew. When I asked her how she got in, she said that Internet Explorer remembered the password and logged her in. How can I stop this from happening in the future?

The Fix:

Microsoft inexplicably hid the setting to turn off its password memory in a place you'd never expect to lookthe Content tab of the Internet Options dialog box. In addition to passwords, Internet Explorer will also remember usernames and other words you type into web forms.

To stop Internet Explorer from remembering this information, follow these steps:

1. Select Tools Internet Options, click the Content tab, and click the AutoComplete button to display the AutoComplete Settings dialog box (see Figure 9-8).

2. Figure 9-8. Tell Internet Explorer to stop remembering your passwords.

   
   
   

3. To delete all of your existing passwords from IE's memory, click the Clear Passwords button.

4. To force IE to stop using AutoComplete for filling in web forms, uncheck the "Forms" box.

5. To delete all of your AutoComplete entries from IE's memory, click the Clear Forms button.

6. Click OK and then OK again to close the dialog boxes.