Securing your workstation!
Batten down the hatches! we show you how to fend off and protect yourself against pc attacks!

By Robert Laurie
5 May 2002

The most important point of this article is first: there is no simple solution

    ...new virses, trojans and exploits are being developed on a daily basis, you need to use two techniques to prevent breaches in your system securty.

Keep you security up to date
You must keep up to date with developments in the relms of viri, if you're not sure what a virus can do and what it looks like you won't know what to look for and possible miss vital symtoms etc..

Be eternally vigilant
The best virus scanner is a vigilant human. Always be on the lookout for files that don't come from your computer, ie files and programs that were emailed or downloaded to your computer. 

With that said, lets don our general's cap and tour the various theatres and front lines that make up our  PC's defences. 

SERVICE PACKS
Yes, It's a fact. Most operating systems have security holes and other bugs. Microsoft regularly release updates to their operating systems called service packs. service packs include a range of 'fixes' for known problems in the operating system. Make sure you install the latest service pack update on your computer.

MALICIOUS WEB SITES
The first step is to patch your browser. This will stop users downloading and executing programs on your computer through malicious web sites. 

Microsoft Internet Explorer has a number of security holes that allow execution of programs on your computer from a remote web site. This means that a web site operator can download any trojan or virus to your computer and execute it without even so much as a dialogue box.

Firewalls like ZoneAlarm will not stop this form of attack - the hole is in Internet Explorer -  not in Windows thus any sophisticated firewall will not 'see' this happen and will be unable to prevent this occurring unless you completely disable all web browsing!

For demonstration purposes we have included a link here to show the extent of the problem.

Click here to test your browser 
(this .exe is safe and is only used only as a demonstration - on an un-patched browser this will be executed with no confirmation)

Microsoft call it the "Incorrect Content Disposition Handling Can Cause IE to Execute Code Automatically" issue and I call it big trouble.

Microsoft have made a specific hot fix available to cure the problem but we recommend that you download the New IE Service Pack 1, which includes this update and more...

This problem is found in 
Internet Explorer 6 (all versions)
Internet Explorer 5.5 Service Pack 2 
Internet Explorer 5.5 Service Pack 1 
Internet Explorer 5.01 Service Pack 2 for Windows 2000 and NT

Once again, we'd like to stress that no matter how many patches and hotfixes you install your system is still open to attack. You should always be vigilant when opening any progams that you have downloaded from the internet. 

Microsoft's most recent patch was released on March 28, 2002 ...so if you haven't patched your browser since then you may be open to attack!

VIRUS SCANNING
Always run a virus scanner and make sure it's updated. Viruses are written on a daily basis. If you don't update your virus scanner, it will not detect any new viruses and will be useless. If you use the internet a lot then update your scanner on a daily basis!

A virus scanner is only as good as it's most recent update and remember that a virus scanner is only one part of running a secure system.

FIREWALLS, PROXIES & NIDS
We will just briefly cover firewall and Proxies as personal firewalls are becoming a necessity.

If you have more than one computer and you share a modem/DSL/Cable between computers then you're using a proxy server.

Add security and packet filtering and you're using a proxy firewall.

Proxy services usually work in two different flavours. The HTTP proxy which is very secure and only allow HTTP traffic and the bane of every network administrator, Network address translation, or NAT for short. NAT is inherently unsafe and if you're using Microsoft Windows 98/2000 Connection sharing then you're open to NAT attacks. There are some rudimentary port blocking facilities under 2000, but you're best bet is to get a proxy firewall  that supports packet scanning such as Microsoft's rebranded proxy server the Microsoft Internet Security & Acceleration Server

If you're using a personal firewall system like he BlackICE Defender or ZoneAlarm then you probably know all about spyware. Spyware is a range of programs that report usage information back to a web sites that collects data on users. While this is not strictly a security threat it is a privacy issue. Visit this site for more information about spyware or you may care to download a program that monitors which programs you run access the internet to do just this.

If you're a techie like me then you'll want the hard-core version TCP/UDPmonitor and maybe PORTmonitor from Sysinternals

Or if you want to be super-secure and scan all outgoing requests from your computer then get ZoneAlarm or BackICE Defender, which will require some setup initially but will allow you to block many programs from using the internet at all.

REFERENCES:

Microsoft Security
http://www.microsoft.com/security

Adware, Spyware and other unwanted "malware" - and how to remove them
http://cexx.org/adware.htm

ZoneAlarm
http://www.zonealarm.com

BlackICE Defender
http://www.iss.net/

SysInternals
http://www.sysinternals.com

News Directory