Crowe Computer Support CAW! CAW!
 Home   Projects   Experience   Contacts 
Professional, Experienced Service
Member of PartnerWorld for Developers
 
 
 
 
 
 
 
 
© 2004 Crowe Computer Support, Inc
Home Computer Security
This page is intended to alert the reader to the continuing threats to home computer users from malicious "hackers" and viruses. The CERT organization, a part of the Networked System Survivability Program located at the Software Engineering Institute (a federally funded research and development center operated by Carnegie Mellon University), are encouraging technical readers of their mailing list to reach out to relatives and friends who might not be as technically oriented. This webpage is my contribution.

This document will only highlight home computer security risks, and make a few suggestions as to what you can do about them. If you would prefer a more detailed reading on the problem, I recommend CERT's page on the subject.

Before continuing, I would like to differentiate between the terms "hacker" and "cracker". I prefer to use hacker in it's traditional, historic definition, i.e., a computer enthusiast; a person who enjoys learning programming languages and computer systems and can often be considered an expert on the subject. Unfortunately, the word has developed an increasingly unfavorable association. The derogatory sense of hacker has become more well-known largely because the media has employed the term to refer to individuals who gain unauthorized access to computer systems for malicious purposes. As a long-time hacker, I recommend that the proper term for such individuals is "cracker." While it is true that some crackers are also hackers, this is not always the case. An increasing number of crackers, so-called "script-kiddies", are not very good programmers, and really don't understand the technology underneath the systems they use. A good car thief is not necessarily a good mechanic.


A Few Myths about Home Computer Security
Myth #1: "The stuff on my computer is pretty boring. I don't consider any of the information 'top secret.' Nobody would want to break into my computer system."

Fact: Most computer break-ins do not occur because the cracker wants your information. Crackers attack home computer systems in order to have anonymous platforms from which to launch attacks on more interesting targets. In short, when a cracker uses your system to attack other computers, it will look like YOU are the person responsible. As for your personal information: some crackers will certainly be on the lookout for credit card numbers. You may unwittingly have copies of card numbers on your system. A cracker may not use the number himself, but he can sell it.


Myth #2: "I have a dial-up line, so I should be totally safe from crackers."

Fact: Dial-up lines are safer than DSL or cable modem connections, but they are not totally secure. This is especially true if you stay online for long periods. If a cracker can get into your computer once, he can install a tiny program to report your configuration to him whenever you go online, or one that will leave a connection open. These are called "back door" programs. Once the back door is in place, a cracker can access your computer every time you go online.


Myth #2b: "I have a DSL line, which is a direct connection to the internet, and therefore safe."

Fact: Many DSL companies have been telling their customers that a DSL connection is a "direct" internet connection. I hate to pop your balloon, but the truth is, your little PC is not tapped directly into the internet backbone. What has been said about dial up lines also can be said about DSL, only more so. DSL connections still end up in the phone company's network. Traditionally, these networks are pretty safe, but they can still be compromised from the outside, and the threat of "back doors" finding their way on your system is still there.


Myth #2c: "My (DSL; cable; whatever) connection uses DHCP. That makes it safe from crackers, right?"

Fact: Wrong. A DHCP (Dynamic Host Configuration Protocol) connection does not guarantee different settings each time you log on. ISP's use DHCP connections because they are easier for users to configure, and because there are not enough individual internet addresses to let every customer have his own. Because DHCP settings change from time to time, they can make your connection more anonymous. However, in reality, DHCP connections don't always change that often. Some will change every two weeks or so. Others will change every month or so. I have a DHCP connection, and my settings haven't changed in four years!


Myth #3: "I have antivirus software. This will protect me."

Fact: Antivirus software is your only your first defense against crackers who distribute their back-door programs via email. But antivirus software is only one piece of the computer security puzzle. Antivirus software does nothing to protect you from crackers who are actively trying to compromise your computer. It also is important to keep your antivirus software up to date.


Things to do to protect yourself

  • Install antivirus software. There are several good ones to choose from. The two most well-known are McAfee and Norton. You may already have one of these since they are often shipped with a new computer. Otherwise, they usually retail for about $30. Grisoft offers their AVG Antivirus software in a free edition. It seems adequate, but novice users need to know that Grisoft offers no support for this product.

    Once the software has been installed, be sure to keep it up to date. Both McAfee and Norton have streamlined their update processes and have made them very easy to use. Antivirus software will help to protect against back door programs as well as viruses.

  • Get a Firewall. Firewalls protect computers from crackers who scan your system for vulnerabilities. McAfee Personal Firewall , Norton Personal Firewall , and Zonealarm are some well-known packages. Prices range from $35 to $50. Like the antivirus software, these packages must be kept up to date.

  • Beware of Greeks bearing gifts. In their day, the Trojans were probably a well-respected nation, but they are now remembered as possibly the biggest bunch of boobs in history, due to one little incident involving a hollow wooden horse. Most crackers gain entrance to your computer using a "trojan horse" program. A trojan horse is a program which masquerades as a useful program, but which contains hidden instructions that compromise your security. CERT claims that this is the number one way that home computers are broken into. Trojan horses are also used to spread viruses.

Even if you have antivirus software and a firewall, it is still possible to "leave the door open" by sharing software. You may say you never download software, but everyone shares electronic birthday cards and joke programs. Chat programs (like AOL Instant Messenger) can also transport malevolent code. Know what you are getting and who you are dealing with.


I hope this page has been useful. It is not my intention to scare the dickens out of anyone over computer viruses, however it is important to be aware of home computer security. With more people going online, the proliferation of high speed connections, and as users become more interconnected, this problem will get worse before it gets better.