Securing Your Home Computer – The Basics
By Kumar Gaurav,B.Tech(E.C.E),New Delhi.
We're going to discuss a topic that is far more important than most people realize – securing your home computer. This is a very involved topic so we are going to deal with it in several articles. This first article is meant to give you a basic foundation.
Years ago, before the Internet was widely available to the public, probably 95% of the computers out there were stand alone computers, meaning they were not connected to any computer networks. The only means of sharing information that you had was through disks. While computer viruses (virii) existed, the amount of damage that they could do and how far they could spread was limited.
The advent of the Internet has changed all of this. Now millions of computers around the world can be hit by a virus in a matter of hours. The types of malware that are out there and the damage that can be done have greatly increased. If you connect a poorly protected computer to the Internet it can be infected in under 4 minutes and the infection can be severe enough to totally disable your computer.
I'm now going to explain two of the three main ways that computers get infected with malware.
Running malicious files – Computers can be infected when malicious files are run or viewed. These files can be received though removable media, such as floppy disks, CDs, DVDs or flash drives. Malicious files can also be received via Instant Messenger file transfers or files attached in an email.
Now, you may say to yourself “I only have to worry about executable programs – EXE files.” Years ago it used to be this way. However, this is no longer the case. There are many types offiles to worry about and the list is growing every day.
Malicious Websites – This is the newest and most prevalent method of spreading malware. A website is altered to contain scripts – small programs, that are designed to force your computer to download and run malware. Often when this type of malware attack occurs the user does not realize it until the computer has been infected. It is also very common for malware that is spread in this manner to instantly cripple your computer.
In part two we will discuss the third method of infection and a few of the things that modern day malware can do to your computer.
How to protect your computer by viewing file extensions --->>
Here you'll learn how to protect yourself from what I think is one of the worst security flaws in Window, a flaw that can wreak havocbut takes just two seconds to fix -- and, it's easy to do. This vulnerability is hidden file extensions.
All files consist of the filename followed by a period followed by a 3 character extension (setup.exe for example). Windows hides the file extension by default. This means that if you are in Windows Explorer and you are looking at the file setup.exe all you will actually see is the file's icon and the word setup. This is bad news because it allows a malicious attacker to disguise a nasty file as a file that will appear to be safe and you won't know there's a problem until you open it. This is done using what I call the “double file extension” trick. Here is how it works:
Let's say you have an executable for a backdoor trojan that you want to disguise as some porn so your victim will open it up and the file is named porn.exe. All you need to do is rename the file to porn.jpg.exe. Notice what I did here. The file appears to have twoextensions now but the last one (the .exe) is the one that counts. If you have your file extensions hidden what you will see isporn.jpg, think the file is harmless, and open it up. Congratulations, you just got owned. If file extensions are set to be viewed you will seeporn.jpg.exe and hopefully realize right away that something is amiss and delete that file. Here is how you set Windows to show file extensions:
For Windows XP
- Go to Start --------> Accessories ---------> Windows Explorer
- Go to Tools ---------> Folder Options
- Click the View tab
- Clear the check in the “Hide Extensions for known file types” box
- Hit OK
- Go to Start ----------> Control Panel
- Click Appearance and Personalization
- Click Folder Options
- Click the View tab
- Clear the check in the “Hide Extensions for known file types” box
- Hit OK
YOU CAN GO TO JAIL WARNING: Yes, you can use the information in this article to help you commit computer crime. However, doing so can get you a long vacation at Club Fed with Bubba as your cellmate. Even if you don't get a vacation, Carolyn and I hate computer crime and we may have to track you down and punch you in the nose :).
0 comments