In Which Tuxy Rants on Machine Security August 7th, 2004 - - - - - Okay. As I write this, I've just finished watching the last episode of my Sailormoon S DVD boxset, so I've seen nearly every episopde of Sailormoon ever made. This makes me happy. However, it doesn't counterbalance my righteous anger about the fact that most people don't give a damn about their computer and its security and cleanliness. It's not freaking rocket science, people. My view is this: the Internet is a _global_ resource. What you do on the 'Net affects _everyone_ who uses it. If you download something, it takes up some of the bandwidth for the backbone you're on. If you do a lot of downloading, you affect the pipeline a lot more. Then there's the whole DDoS zombie botnet thing. People who don't get their machines secured screw over the rest of us by letting their machines get turned into zombies to propagate worms and spam. As I sit here writing this, I have my log viewer up on my Linux firewall PC, and I'm watching literally page after page of pings on ports like 445, 137, and 1025 scroll by. Those ports are only used by viruses and MS services that are _NOT_ accessible from outside a firewall. In short, I'm getting attacked by literally hundreds of worm-infected machines every minute. My connection is getting clogged by attacks because people don't know enough or don't care enough to prevent such attacks. Jesus. Fortunately, because I use a Linux machine as my house's proxy, I'm pretty much safe from that. No Windows virus or worm can hit my network, because I locked it up nice and tight. It can still come in from the inside, but that's not likely, for a multitude of reasons which I'll go into in a bit. Okay, the way I see it, we have three kinds of users: those who don't know, those who don't care, and those who get the job done and done right. Obviously, I want more of the last group. - - - - - Firewall If you don't know what a firewall is, it's a program that controls network access. If you don't approve the program to have network/Internet access, it doesn't happen. It's that simple. Competent firewalls block both incoming and outgoing traffic, and as such, block incoming worm/virus/hacker attacks as well as outgoing spyware/crapware connections. Yes, XP includes a firewall. Wow. However, it's turned off by default, and it only blocks incoming connections. In SP2, this is supposed to change, but from what I've heard, it's going to be centrally configurable, and it'll accept commands from other programs, so I wouldn't trust MS with my firewall, especially given their security record. If you want simple and free, try Kerio or ZoneAlarm. Both are free personal software firewalls for Windows-running PCs. Personally, I use ZoneAlarm on my laptop, just because I've been using that for years, and I'm too used to it to change. ZoneAlarm is a simple firewall. When it's running, it'll pop up a dialog box when a program asks for Internet access. You can either allow it, deny it, or make it remember that action permanently. Very simple to use, very nice and clean. Builds newer than version 2 are not recommended; they're bloated. I've not used Kerio. However, it's _highly_ recommended over at SpywareInfo, where the gods of anti-malware work reside. It's apparently a rules-based firewall, which is a heck of a lot more complicated than ZoneAlarm, but very much more customizable. Once again, versions over 2.1.5 are not recommended. If you're on broadband Internet (xDSL/cable), you have no excuse not to get yourself a router. I'm not kidding. A router plugs into your cable/DSL modem and blocks incoming connections while constantly maintaining your broadband connection. They're cheap - a lot of the decent ones, especially the Linksys BEFSR41 - run for about fifty bucks, and they'll let you hook up multiple PCs to one Internet connection. If you've got the cash to blow and you want something interesting and highly configurable, get yourself a Red Hat Linux machine and use that as your house's firewall. It's expensive as hell to make one of these, but I can guarantee that with a competent firewall admin (or heck, nearly even incompetent), you'll be incredibly safe. My point is this - get a firewall, you'll never get anything like Blaster or Nachi or some crappy thing that propagates via random IP attacks, and you ensure that your machine isn't used in some damn botnet used to take down sites like SpywareInfo. - - - - - Antivirus Wow. So you got a new PC, eh? Good. You better use the antivirus software on there. What? You do? Automated scans? Good! Do you keep it up to date with definition updates? No? Uh-oh. Well, there's a problem. You'll get Norton or McAfee free with new PCs, mostly - if it's a small shop-built PC, you won't get jack. What you don't know is that you only get a limited time for free virus definition updates, so after a short time (in Norton's case, 90 days, I believe), you're _screwed_ unless you pay for them. So what else is there? Grisoft AVG is truly wonderful. It's permanently free - updates, engine updates, the program itself - everything. It's for home use only, so you're out of luck if you want it in a business. It's small, uses very little resources, and leaves virtually no footprint on your system. I use it on all my Windows boxes, and I've never had problem one. Of course, I don't open everything that arrives in my mail... - - - - - Anti-Spyware Geez. This is the big one these days. This stuff ranges from the bastards at CWS's affiliates spreading browser hijackers to stuff like Xupiter and Lop to the Peper Trojan to WinTools. Everyone wants to profile you for your data, which seems to be valuable to them. Get Ad-Aware. Update the definitions and scan with it _DAILY_. I cannot stress this enough. This is right up on top of the list of things to do next to "pay bills" and "eat food." That will help in the battle against crapware. If you're in the mind to, get HijackThis and learn to read the logs it puts out. DON'T USE THIS TO REMOVE STUFF UNLESS YOU KNOW WHAT YOU'RE DOING OR HAVE DIRECTIONS FROM AN EXPERT. I'M SERIOUS. YOU _WILL_ BREAK YOUR PC. If worse comes to worse, post a HijackThis log in the Malware Removal forum of Spywareinfo.com. People there will be more than glad to help out. - - - - - Extra Tips Make a new account the minute you get into Windows and give it limited user permissions. DO NOT USE AN ACCOUNT WITH ROOT PRIVILIGES! If you don't have root, you can do far less damage to your PC than if you _do_ have total control. Consider switching to Linux. It's generally free, and the desktop environment is very similar to Windows. The stability is better, the apps are better-coded, and the security is unbelievable. I stuck a box running a default install of Red Hat Linux outside my firewall, and it sat there for a month, with no hacks or anything getting through. That box, by the way, is now my firewall, but it's running Debian, and I'm considering digging up my old Macs and making them run OpenBSD to make them my proxies/firewalls. That way, I can use the Linux machine as a work system. Learn what processes and programs are part of Windows and which aren't. That way, if something asks for Internet access and you know it's not part of Windows or what you just launched, you know it's a baddie. STOP USING INTERNET EXPLORER. Seriously. It's the biggest piece of crap MS ever made. It breaks standards, can't use FTP right, can't read URLs with port numbers in them without a full URL, can't use Gopher, and is the _ONLY_ browser in the world that screws with the Explorer shell, which is a very _BAD_ thing due to the level of control the shell has. Get Mozilla Firefox. It's free, safe, and you'll never have a browser hijack again, namely since Mozilla won't run or download anything without your explicit approval. Same thing goes for Outlook/Outlook Express. Use Thunderbird or Eudora instead. - - - - - I'm going to sum this up simply. Your actions involving the Internet affect every single user on it. If you don't protect yourself and your PC causes harm to someone, I hope your ISP cuts off your account until you clean your machine - or until you learn to undo what you did. If your machine sends spam, you not only deserve your account cut off, you need to learn to clean your machine on your own. I'm almost to the point where I think people should have licenses to use PCs and the Internet. Let's hope that never happens. If it does, I'll have my license firmly in hand and I'll be stamping the apps of people who know what they're doing, and I'll turn away those who don't. I'll deny them access. Call it a crazy dream, but I can't but hope.