³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij +-+-+-+-+-+-+-+-+ ÛÛÛÛÛÛÛÛÛ²²²²²±±±±±°°°ð|O|u|t|b|r|e|a|k|ð°°°±±±±±²²²²²ÛÛÛÛÛÛÛ +-+-+-+-+-+-+-+-+ Issue #6 - Page 4 of 16 ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij Internet Security Myths by fwaggle | Oct 25 '00 (a bit outdated. but still good) http://www.fwaggle.net * note: epinions.com sucks because they owe me $40 -------------------------------------------------------- I can't stress some of the points I'm about to make enough, because surprisingly a lot of people panic when it comes to internet security. First of all, there are these evil people called "hackers" which are lurking around every little corner waiting to break into your computer. First things first, I find it somewhat offensive that people even use the term hacker any more. I mean, the term hacker in the 80s referred to a very small and elitist group of people. These were people who learnt entire computer systems, and how to program them, and exploit security features... Without any documentation or help files... Simply from dialling into a stolen dial-up, and experimenting. A very talented group of individuals... Nowadays, you have any 12 year old geek with some of the latest "toolz" is now a "hacker". Would you appreciate spending a decade of your life learning and improving yourself, only to see in another decade, a stupid 12 year old hot-shot categorized in the same place as you? It may be the same outcome - someone's computer getting invaded in some way, but it still kind of ticks me off. Which brings us back to people's fear. All you need is some technical knowledge (not a lot, just a basic grasp of a few concepts), and some common sense, and you can be reasonably safe without spending a cent on software. Firstly understand that to break into a computer, it must have a service which you can exploit. Windows machines (the kind you're probably using to connect to the internet now) usually have one service nad one service only. This is called NetBIOS. NetBIOS can be exploited with what's called an OOB Nuke. This is old hat, anything over Windows 98a is immune to this. There are ways to prevent your computer from even listening to NetBIOS on the internet. If you read up on how to do this (and have a friend port-scan you and it shows up empty), then there is no concievable way you could be "hacked". Unless, with the lack of services some pimply geek decides to create a service of his own. This is what's known as a "trojan horse". Well known trojan horses are (you may have heard of these): Back Orifice NetBus SubSeven Master's Paradise How do these get onto your computer? Exactly like a virus. You have to run a program which contains one. Which brings us to common sense. NEVER run programs from sources you don't trust. You can set up email filters to block files which end in .exe and so on. Remember things like file extensions. Pictures end in .bmp, .gif, .jpg, and that's about it. If it ENDS in anything else, don't download it. If you run an email client such as Outlook Express, then disable Javascript in Email. You don't need it, and it can be used for malicious purposes. If you use Outlook, get the patches or disable Word Macros to prevent viruses such as Melissa from entering your system. As you can see, with a little common sense there really isn't much to be worried about. If you can get a shell account who will give you permission to run a port scanner, investigate the possibility of doing so (do it quick before the stupid government makes it illegal). If nothing shows up on the port scans, then there are no security holes. Therefore, no need for Firewalls. If you don't accept files from other people, then there is no way for a virus to enter your machine. Therefore, no real need for anti-virus software (although it's probably a good idea anyway). In my opinion, it's probably better to clean up your system yourself, armed with some technical knowledge, rather than paying money from security software which is only as good as the person who installs it anyway. One final note, it's of great importance that if you have children, you educate them in the dangers of accepting files from other people (even their friends, you never know when one of their friends will experiment, leaving you open to attacks from more experienced losers). If in doubt, set programs such as ICQ to ignore file transfer requests (you can do this in the preferances under events), and Email programs to automatically dump attachments with programs in them. Thanks for listening. - fwaggle