BOOT CAMP 473 (24/04/07)
Paranoia and Privacy pt 2
With almost daily reports in the media of
identity theft and hackers breaking into computers it is easy to get paranoid
but for the vast majority of PC owners, who take commonsense precautions and
keep their computer and network’s security features enabled and updated, the
risks are actually very low.
Most identity theft does not involve on-line
interception or retrieval of data from personal computers. It occurs through
carelessness, discarding documents containing personal information, not looking
after credit and debit cards and PIN numbers, or, most worryingly, through
Unfortunately there’s not much you can do about
security lapses in the organisations and financial institutions that we trust
to store our information, but you can ensure the data stored on your computer
is safe, but how do you know?
One way is to put your PC’s defences to the
test by subjecting it to a simulated hacking attempt and I thoroughly recommend
‘Shields Up’, which you can find on the Gibson Research Corporation website at www.grc.com.
Steve Gibson, who created the site, is one of
the world’s leading security experts and he has devised a series of free
on-line checks that probe your computer, seeking out any weaknesses that might
allow a hacker to gain access to your files.
All of the tests are safe. Any information
retrieved from your machine will not be retained and it won’t interfere with
its configuration, but before you make a start, if the computer you are testing
is not your own, make sure you have the appropriate rights or permissions to
carry out these tests.
To begin go to the Sheilds Up home page and take
a look at the box showing your PC’s IP Address. This is the unique identity
assigned to your computer by your ISP. It should be a fairly meaningless string
of characters and is no cause for concern but it does tell anyone who might be
interested the name of your ISP. As the explanatory note points out, it almost
certainly changes every time you renew your connection, though if you are using
broadband and leave your modem switched on all the time this probably doesn’t
happen very often.
Click the Proceed button and you will see the
Shields Up Service panel. Click the File Sharing button and your current
numerical IP Address is shown; this is followed by a series of basic checks on
your PC’s main Internet ports and NetBIOS network protocol, which could reveal
details about your computer. Ideally Shields Up will report back that your PC
has refused the connection and no information can be obtained. Any other
response suggests that you do not have a working firewall installed on your PC
and you should put that right immediately; see this week’s Top Tip.
Scroll down the page to the Shields Up panel
and click the Common Ports button. This takes a few seconds after which you
will see a Pass or Fail notice, then a detailed list of port vulnerabilities.
If your PC’s security features are doing their job the report should show
nothing but green ‘Stealth’ indicators. Any red ‘Open’ or blue ‘Closed’ icons
may be a cause for concern and you should click the link for a more detailed
analysis, and what you can do about it.
Move down the page to the main panel again and
this time click the Service Ports button. This test can take a minutes or two
as Shields Up scans your PC’s first 1056 ports. Once again the aim is for a
‘Pass’ and for them all to be labelled green ‘Stealth’ mode. Read the
accompanying notes for an explanation of any reports of Open or Closed ports.
If you have been getting all green Stealth and
Pass results up until now you can be pretty sure your PC is safe, but there’s a
couple of extra checks you should carry out, for complete peace of mind. The
first one is to get Sheilds Up to send you a Messenger Spam message. On all
recent versions of XP Windows Messenger is switched off by default but if it
not, when you click the ‘Spam Me’ button a pop up message appears on your
screen you should follow the instructions to switch it off.
The final check is ‘Browser Headers’ and this
displays the information your browser sends out when it is queried by a
website. This can be very revealing, and may include details of web sites
you’ve visited recently, stored in ‘cookies’. Further down the page there’s a
facility to create a custom cookie, so you can see if this if stored on your
PC, and revealed during the browser header check.
In amongst the return from the browser request
you may see the name and version number of your web browser, your operating
system, even things like your monitor screen resolution and colour depth. None
of this is especially important or poses a security threat, but it just goes to
show how easy it is for information to be sent from your PC without your
knowledge or permission.
Next Week – Shareware and Freeware Top Tens
Network Basic Input/Output System – a communications system that
allows computers to communicate with one another over networks and the Internet
A connection, though not in the physical sense, created in by
communications software to exchange information with other computers and
Internal network communications system installed as standard in
Windows XP (not to be confused with MSN Messenger or Windows Live Messenger)
TIP OF THE WEEK
If your PC fails at the first hurdle you should make sure that
your machine is protected by a Firewall. Windows XP has a basic one built in
and this can be found by going to Start > Control Panel > Security Centre
and click the On button. Better still, install a third-party firewall, most of
which provide even greater protection and Zone
Alarm, which is free, works as well, if not better than many of its
© R. Maybury 2007, 1804