CATCHING MALICIOUS FILES

Every time you copy and share files, you risk infecting your computer, and if you copy files from several sources, you will undoubtedly run into a nasty file at some point.

To fully protect your computer, you need all of the following programs:

• An antivirus program

• A firewall

• An anti–Trojan horse program

• An anti-spyware program

STOPPING A VIRUS

Viruses act like parasites that attach themselves to otherwise harmless files, so that when you copy the infected file to your hard disk, the virus starts infecting your computer. Once a virus has infected your computer, it may display an annoying message, interfere with the normal use of your computer (such as fouling up the mouse or stopping the keyboard from working), or delete files— it could even wipe out your entire hard disk. While not all viruses will threaten your files, all viruses are unwanted.

To protect yourself against viruses, use an antivirus program that can detect and remove viruses before they can cause any problems. But don’t rush out and buy a commercial antivirus program like Norton or McAfee; use one of the free ones instead. Try one of these:

AVG Anti-Virus http://www.grisoft.com

avast http://www.avast.com

AntiVir http://www.free-av.com

These companies can’t compete against Norton or McAfee for shelf space in the stores, so they give away their antivirus programs to get more people to use them free for noncommercial home use. The more people who use their products, the more likely it is that some of them will eventually decide to purchase the commercial version for their businesses or workplace.

Once you install an antivirus program, the program constantly checks every file that you send or receive. If the antivirus program detects a virus stored in a file, it gives you the option of erasing the file and killing the file transfer.

(See the help information that comes with your particular program for details on setting it up properly.) Always use your antivirus program to scan files that you download before you open them.

As an alternative to buying an antivirus program, you can also use a free online antivirus scanner, like one of these:

Trend Micro http://housecall.trendmicro.com

BitDefender http://www.bitdefender.com/scan/licence.php

RAV AntiVirus http://www.ravantivirus.com/scan

STOPPING A WORM

Unlike viruses, worms can travel on their own without attaching themselves to another file, so it’s entirely possible that your computer could get infected with a worm if you just connect to the Internet. While many antivirus programs can detect and remove worms after they infect your computer, you still need a firewall to keep worms from slipping into your computer in the first place.

Every computer connects to the Internet through a physical connection, such as a telephone line, a cable connection, or a DSL (Digital Subscriber Line) connection. But once you’re connected to the Internet, you may want to perform several tasks at the same time, such as sending and receiving email while you browse websites and chat with friends through an instant messaging program. To sort all this data out, every computer divides its Internet connection into ports, which act like doorways into your computer, and every port serves a specific function, such as retrieving web pages or sending and receiving email.

When your computer receives data from the Internet, it has no idea what that data might be, so to avoid confusing each other, computers agree to send only specific data to certain ports. That way when a computer receives data in port 80, it knows that data will always be a web page sent from another computer.

The more ports that are open on your computer, the more ways there are for a worm to sneak in and infect your computer. To protect your computer, a firewall simply shuts down any open ports that you don’t need at the moment, effectively blocking worms from infecting your computer. Because every computer needs to open some ports just to connect to the Internet, a firewall also screens data coming and going through open ports, to make sure that none of the data is malicious.

If you’re running Windows XP, you have a free, but limited, firewall. To turn it on, follow these steps:

1. Click the Start button, and click Control Panel. A Control Panel window appears.

2. Click Network, and Internet Connections. Another Control Panel window appears.

3. Click Network Connections.

4. Click the dial-up, LAN, or high-speed Internet connection that you want to protect, and then, in the Network Tasks pane, click the Change Settings of This Connection option. A Connection Properties dialog box appears.

5. Click the Advanced tab, and under Internet Connection Firewall, click the Help Protect My Computer and Network by Limiting or Preventing Access to This Computer from the Internet check box. If a check mark appears, the firewall is turned on. If a check mark does not appear, the firewall is turned off.

The Windows XP firewall is better than nothing (and Windows XP’s Service Pack 2 beefs it up considerably), but for a more comprehensive firewall that can block incoming hacker attacks and prevent any spyware or Trojan horses on your computer from communicating to the outside world, you need a full-featured firewall that lets you control every possible port leading in and out of your computer. Rather than buy a firewall program, though, try a free firewall program first.

To get as many people to use their products as possible, many firewall companies give away free versions for home use in hopes that people will like their products so much that they’ll either purchase the commercial version that offers more features, or recommend that particular firewall for use at work. Here are some of the free firewalls available:

Outpost Firewall http://www.agnitum.com

Sygate Personal Firewall http://soho.sygate.com

Kerio Personal Firewall http://www.kerio.com

Look ‘n’ Stop http://www.looknstop.com

ZoneAlarm http://www.zonelabs.com

STOPPING A TROJAN HORSE

A Trojan horse masquerades as one program but really contains a secret payload. Sometimes this secret payload can be a message, a silly picture, or more commonly, a hidden program known as a remote access Trojan (RAT).

Once a RAT sneaks onto your computer, it can open a port and allow someone anywhere in the world to access your computer and control it. While many antivirus programs can detect and remove Trojan horses, you might want to use a dedicated anti–Trojan horse program in addition to any antivirus programs you may be using.

Dedicated anti–Trojan horse programs can detect and remove a wider variety of Trojan horse programs than most antivirus programs. Most anti–Trojan horse programs also include a real-time scanner that can prevent a Trojan horse from doing anything as soon as it tries to run.

Two popular anti–Trojan horse programs are TDS-3 (http://www. diamondcs.com.au) and TrojanHunter (http://www.misec.net). While neither program is free, they do offer a trial version to evaluate before you have to pay. For a free anti–Trojan horse program, grab a copy of a2 (http://www.emsisoft. com/en). If you like the free, but limited, version, you may want to pay for the more advanced version.

In addition to an anti–Trojan horse program, you can also use your firewall to block certain ports that RATs use. By blocking these ports, you can keep a RAT from transmitting any data from your computer to the Internet, which effectively stops it from doing anything at all. Figure 7-1 shows a typical dialog box for configuring a firewall to block certain ports on your computer.

Figure 7-1: McAfee Personal Firewall lets you specify which ports to keep open and which ports to keep closed unless they are explicitly opened by a trusted program.

STOPPING SPYWARE/ADWARE

Unlike viruses that can attach themselves to a file, spyware (which is related to the less malicious, but similar type of program dubbed “adware”) is something that is deliberately inserted into a file.

Why should you care about spyware/adware when file sharing? Because when you install many shareware or freeware programs, such as file sharing programs, you may see a cryptic licensing agreement in small print that explains how third-party programs may subject your computer to ceaseless bombardments of pop-up advertising (although they don’t put it in quite those terms).

Because reading the fine print licensing agreements in a tiny dialog box on your computer screen may be less than inviting (a fact that most corporations count on), here’s part of the licensing agreement displayed when you try to install the Blubster file sharing program.

PLEASE READ THE GATOR CORPORATION PRIVACY STATEMENT AND END USER LICENSE AGREEMENT (COLLECTIVELY “Terms and Conditions”) CAREFULLY AND MAKE SURE YOU UNDERSTAND THEM. THEY CONTAIN IMPORTANT INFORMATION THAT YOU SHOULD KNOW BEFORE ACCEPTING ANY GAIN-Supported Software (DEFINED BELOW).

THESE Terms and Conditions MAY BE TERMINATED AT ANY TIME BY REMOVING ALL GAIN-Supported Software FROM THE COMPUTER ON WHICH THEY RESIDE USING THE ADD/REMOVE PROGRAMS MENU IN THE MICROSOFT(r) WINDOWS(r) CONTROL PANEL, AND DESTROYING ANY OTHER COPIES OF GAIN-Supported Software THAT MAY HAVE BEEN MADE. SOON AFTER ALL GAIN-Supported Software HAS BEEN REMOVED THE GAIN AdServer WILL REMOVE ITSELF AUTOMATICALLY. http://webpdp.gator.com/gain/32/about-gain-01.html, INCORPORATED HEREIN BY REFERENCE, GENERATES A LIST OF GAIN-Supported Software THAT RESIDES ON THE COMPUTER THAT IS USED TO ACCESS THE LINK.

The Gator Corporation

Privacy Statement and End User License Agreement

(“Terms and Conditions”)

The Gator Corporation (“TGC”) provides personal computer users with a winning proposition: the ability to get advertisingsupported versions of popular software applications (often valued at up to $30) free-of-charge or at a reduced cost. Downloading or installing these ad-supported software applications requires acceptance of these Terms and Conditions which allows TGC to download and install the “GAIN AdServer” software, which delivers advertising, software, and various informational messages to computer screens (“GAIN Ads”).

The whole idea behind spyware/adware is to monitor what type of information may be stored on a hard disk, such as cookies from a shopping website that identifies the types of books recently ordered, or the cached list of websites recently visited. Based on this information, spyware/adware sends a message to another computer, which uses this retrieved information to determine what types of advertisements to display on your computer through a multitude of additional browser windows known as pop-up ads (which are discussed in the following section).

Even if you delete the program that included the spyware, you may not end up removing the spyware itself. To remove spyware, you must use a special anti-spyware program that will scan your hard disk for traces of known spyware and, once it finds a spyware program, give you the option of wiping it out (see Figure 7-2).

Figure 7-2: An anti-spyware program, such as Spybot, can identify all the spyware programs currently stored on a hard disk and give you the option of removing them.

Here are some popular anti-spyware programs:

Pest Patrol http://www.pestpatrol.com

AntiSpyware http://www.mcafee.com

Spyware Eliminator http://www.aluriasoftware.com

Spy Sweeper http://www.webroot.com

Two popular (and free) spyware-removal programs:

Ad-Aware http://www.lavasoft.nu

Spybot http://www.safer-networking.org

STOPPING POP-UP ADS

The moment you install a peer-to-peer program on your computer, get ready to start seeing strange things happen. Many peer-to-peer programs offer two versions: a free one that includes built-in advertising (known as adware), or a commercial one that costs money but does not include any advertising.

If you choose the free version of a peer-to-peer program, such as Kazaa, you may suddenly start noticing ads popping up in separate windows every time you connect to the Internet. Shutting down each window individually will prove troublesome, so you have two choices: buy a program to block pop-up ads, or switch to a browser that includes a feature to block pop-up ads. (Unfortunately, if you switch to a different browser while running Microsoft Windows, many popup ads will just load Internet Explorer to create pop-up ads all over your screen anyway.)

Windows XP’s second Service Pack adds a pop-up ad blocker and automatically turns it on. Once you’ve installed Service Pack 2 through Windows Update, make sure the blocker’s turned on: choose Pop-up Blocker from Internet Explorer’s Tools menu, and make sure there’s no check mark next to Turn Off Pop-Up Blocker.

To shut off pop-up ads in Mozilla, a free browser available for Windows, Linux, and Mac OS, follow these steps:

1. Select Edit > Preferences to display the Preferences dialog box.

2. Click the plus sign that appears to the left of the Privacy & Security category, and then click Popup Windows.

3. Click in the check box next to Block Unrequested Popup Windows, and then click OK, as shown in Figure 7-3.

   
   Figure 7-3: Mozilla allows you to block pop-up ads from appearing. Unfortunately, pop-up ads can still appear on your Windows computer if they use Internet Explorer (before you install Service Pack 2), even if you make Mozilla your default browser.

To shut off pop-up ads in Safari, the browser that comes with Mac OS X, click Safari > Block Pop-Up Windows, or press COMMAND-K.

You can also buy pop-up ad blocking programs such as the following:

STOPzilla http://www.stopzilla.com

Ad Blocker Pro http://www.3bsoftware.com

Pop-Up Stopper http://www.panicware.com

Guidescope http://www.guidescope.com

12Ghosts Popup-Killer http://www.12ghosts.com

Muffin http://muffin.doit.org

Many firewalls, such as the paid version of ZoneAlarm, can also block pop-up ads. Too, both Yahoo! and Google offer free pop-up blockers if you install their toolbars in your browser.