I. INTRODUCTION

As the industry has advanced, computers have become increasingly user-friendly. Setting up and running a computer is often as easy as plugging it in and flipping the switch. Off they go into the wonderful land of bits and bytes, but wait a second. What’s a bit? What’s a byte? Who cares? Someone else figured out how to make it work. Home users don’t need to know what’s going on, as long as they can e-mail their girlfriend, buy the best makeup, and download their favorite music. One can have very little insight into what is going on under the hood and still get a lot done.

On the other hand, there are those that revel in the idea of understanding as much as they can about their computer. They’re not interested in what their computer can do for them but what they can do for their computer. A fun Saturday night involves reading a book on OS tweaks and configuring their system to run twice as fast.

What do these to groups have in common? Both have computers that are vulnerable. Hackers love to take control of your computer and steal all of your information. Natural disasters love to turn your computer into a pile of ruble. Hard disks don’t necessarily love to fail, but do anyway. An ignorant user might see this as someone else’s problem, since someone else put it together. Someone else can make sure everything is secure. On the contrary, the knowledgeable user might understand that their computer is insecure, but think that security breaches only happen to those other people that don’t know any better.

The point is that no matter who you are or how well you know your computer; there are always people that know more about it than you do and would love to break into it. The problem is that computers don’t usually come with the proper security tools required for an Internet connection. Buying a computer is a lot like purchasing a house that has no locks on the doors and is located in the bad part of town. The house could even have sign on it saying, “We have no locks on our doors!” Most people would immediately put in locks, an alarm system and even security cameras.

The difference between a house and a computer is that there is no good area of the Internet. Anyone connected, around the world, has the potential to directly effect any other connected computer. There are things that can be done in order to protect computers that are similar to the locks, alarm systems, and security cameras used in securing homes. It doesn’t take a computer genius to apply them, but it may require computer users to take a little time and money to understand the risks involved and deal with them accordingly. This paper provides general information on the major security risks that home users face and suggests ways to minimize the likelihood of becoming a victim.

II. ATTACKS AND OTHER RISKS

Denial of Service

A Denial of Service or DOS attack is an attempt by an attacker to tie up the computing resources of your system in order to slow it down or even lock it up. This form of attack is more common on server systems, because of the negative impact it can have on each of the users connected to that system. The attacks can also be directed towards a non-server machine, like those used by most home users.

In addition to slowing down service, attackers can use a DOS attack to divert attention from more serious intrusions, allowing them to steal information and do some real damage with other techniques. While the victim is trying to fix what they think is the real problem, the hackers can easily slip in and out unnoticed.

An especially effective tactic makes use of multiple compromised computers, found elsewhere on the Internet, to propagate the DOS attacks. First the attacker gathers an army of zombies that will be used to perform the attack. This can be done by creating a Trojan Horse that, when opened, installs special software on the computer that will be used to attack a site. After the army of innocent computers has been assembled, the attacker chooses a site to attack (usually an E-commerce site) and signals the army to begin sending packets. The malformed packets are sent in such a way that the site soon becomes very slow, if not totally locked up.

Trojan Horses

A Trojan Horse is program that appears to do one thing, when, in the background, it is actually doing something very different. The goal of the attacker is to fool someone into downloading their program, thinking that they are getting a wonderful, free program that will meet all of their computing needs. The poor user obtains the program and runs it, without ever suspecting that it might be malicious code. Sometimes the user might be immediately aware that something is wrong, but other times the bad code may be hidden behind a perfectly working program.

Once a Trojan Horse has been executed, it may be hard to figure out what it has done. Every hacker could have a different motive. The Trojan could be a program designed to vandalize your software and data or it could create a back door. It also has the ability to send information on your computer back to the attacker or let the creator assume the identity of your computer.

Back Door Attacks

Back Door attacks involve the attacker installing software on a victim’s computer, which allows them to gain control over many aspects of their operating system.

The software can enable an attacker to get passwords just by capturing key strokes, view the screen of the victim, and even listen to what is going on at the remote computer by recording sound from its microphone. The attacker also has the capability of downloading, deleting, or uploading files that they want. They also provide the ability to run any programs at the remote site or gain control of the mouse and keyboard.

This ability was once only available to highly skilled hackers. Now, there are multiple programs available, all over the Internet, that provide this capability to almost anyone.

Open Shares

Ever since Napster hit the web, Internet users have been opening up their computers to the rest of the world. When a user takes part in one of those data sharing networks, they intentionally make a portion of their computer available to everyone on the network. They usually do so, knowing that they are at higher risk of attack. This file sharing capability is very useful, but can also serve as a door for an attacker, especially when the victim my have no idea that they have a shared area.

A tool called ShareSniffer allows a user to scan a block of IP addresses and find out if there are any unprotected shares available. Once the software has the list of shares, it is posted to a message board, notifying other users that these computers are vulnerable. At that point, the information within the share is immediately available to anyone that visits the newsgroup. A user without knowledge of these sharing capabilities could easily put their system at risk.

Mobile Code

Mobile Code is program code that is downloaded to a user’s computer from an Internet site, and is executed by their browser. This obviously poses a security threat, especially when considering that the code can possibly have access to the file system of the client’s machine. Malicious code could be used to delete files, gather information, or even install viruses. The most common types of Mobile Code are Java, JavaScript, and ActiveX. ActiveX security depends on whether the user allows malicious code to be executed on their computer. The browser can be set up to ask the user if they want to download and run the code.

Java, on the other hand, has a complex system in place, to control the actions of the code and make sure nothing bad can happen. The complexity of the system, however, leads to holes that dedicated hackers are able to locate and utilize.

Cross-Site Scripting

Cross-Site Scripting involves the attacker attaching malicious code to a website, usually as a link or an element in a form. When the victim clicks on the evil link, the malicious code is transferred to the new site, and then down to the victim’s browser, where it is executed. Simply visiting an unknown link, using interactive forms on an unknown website or viewing online forums can expose a web browser to the scripts.

Email Spoofing

Email Spoofing is when an email is sent with a source address different from that of who actually sent the message. Spoofing ranges from pranks to serious security issues. Often it is used to obtain information that would normally not be revealed by the victim. AOL users are explicitly told that they will never be asked by AOL for their password. This policy is in place as a result of email spoofers, posing as AOL administrators.

Hidden File Extensions

By default, the Windows operating system hides file extensions. It is assumed that a user will know what kind of file they are looking at by looking at the icon above the filename. Hackers have taken this feature and used it as a way to hide the true extension of a file from the user. The victim downloads the file as an email attachment and believes that it is harmless because it appears to be a jpg file. This is what they see as a file name:

Hello.jpg

In reality, the full file name is really:

Hello.jpg.exe

When the user clicks on the “harmless” file, the executable begins doing what it pleases.

Chat Programs

Chat clients allow computers on the Internet to exchange data. They allow users to exchange text, files, urls and other data. Like any other exchange on the Internet, they create security threats. Software flaws within the chat clients can create vulnerabilities that hackers can take advantage of. This may allow an attacker to execute code on a computer that is using the chat client software. The Chat software could also be used to initiate social engineering attacks where the attacker obtains sensitive information from gullible chatters. In addition clear text may be sent over the internet, making private discussions not so private.

Packet Sniffing

When your computer is on the Internet, it is constantly sending and receiving packets of information. This is how data is transferred between computers on a network. Each data packet contains a header and the data being sent. The header contains information about the packet, such as its destination and origin. The data section of the packet contains the chunk of information that is meant for the destination computer. As the packet travels through a network, it bounces from computer to computer, until it reaches its final destination.

Packet Sniffing involves grabbing the packets that are passing by your computer to a different destination, and taking a look at them. If the packets are un-encrypted, they can easily be viewed and the information within is visible. For instance: If a user entered a password into an html form and sent it over the internet, un-encrypted, then someone sniffing packets could grab the password as it passed by.

III. PROTECTING YOUR COMPUTER

Anti-Virus programs

If a home user only used one form of defense, an Anti-Virus program would be the most effective choice. Most successful attacks on home computers use viruses and worms as means for perpetuation. Anti-Virus programs contain databases of virus signatures, which need to be regularly updated. As they scan files, they search for the virus signatures within them. When a virus is found, the program provides different ways for removing the virus, depending on the particular signature found.

Possibilities for removal include removing the pattern from the file, deleting the file, or putting the file into quarantine. Many Anti-Virus programs provide automatic cleaning capabilities that can successfully remove the virus without user involvement. Sometimes, however, the user must manually remove the virus and fix the damage that it may have caused.

Viruses can be introduced to a system in a variety of ways. CDs, floppies, web sites, email, and downloaded files are all potentially infected and should be scanned before each use. Anti-Virus programs can be set to automatically scan each of these threats before the file is used. The programs can also be set to run full system scans regularly, to ensure that no known viruses exist anywhere on the system.

The problem with Anti-Virus programs is that they generally can only find viruses that have been discovered and entered into the signature database. When a new virus hits the Internet, it takes some time for the Anti-Virus companies to get a hold of the virus and add its signature to the database. Some sophisticated programs have the ability to search for potential viruses, by looking for attributes common to viruses. This approach is much slower than simple scanning, and still does not provide complete protection against viruses.

Patches

Vulnerabilities in software products often make it to the end customer, with or without the knowledge of the software vendor. While the vendor may take responsibility in providing patches for these vulnerabilities, it is the customer’s job to make sure the patches are installed. Vendors often provide automated systems that automatically update the program, over the Internet. Other vendor’s leave it to the customers to visit their website in search for the latest patches.

It is important to make sure that every security related patch is applied to your system. Once a patch is available, it can be assumed that the problem it fixes is well known to many people. It is much easier for an attacker to look for vulnerabilities on the product update web site, than by digging apart the code. Once the attackers are aware of a vulnerability, they have an easier time figuring out how to exploit it. They can then search for systems that have not yet been patched, and attack them.

One problem with patches is that they usually come out after it is too late. Malicious hackers, rather than the software vendor, discover the vulnerability. Many systems can be taken advantage of before the software vendor is aware that the problem exists. Another problem with patches is that they fix one problem while causing another. Complex systems can be very hard to test and validate, and the release of patches is usually hard pressed.

Email Attachments

Anyone who has an e-mail account has probably received a good amount of unsolicited messages, commonly known as spam. These messages claim to provide anything from reduced mortgages to enlarged body parts. Often they don’t seem to make any sense at all. Unfortunately, someone makes a fair amount of money spraying the messages across the Internet.

In addition to being a nuisance, these messages can also be a security threat. The attackers use social engineering to get users to do what they want them to do. This might include clicking on the file attachment or responding with their username and account number. They may achieve this by spoofing the return address or making the attachment seem really interesting.

It is important to be very selective in deciding which emails to read and which to get rid of. Be especially careful when working with email attachments, which commonly carry viruses. Very clever attackers are able to fool anyone to read their messages and open their attachments. If they can get a hold of correspondence between two people, they can easily mask themselves as one of them and get the other to open a file.

Firewalls

Installing a firewall is an important step in protecting a home system, especially when it is constantly connected to the Internet. They are available as software that can be installed directly on a computer and as hardware devices that can be connected to a computer. A firewall sits between a user’s computer and the Internet and inspects each of the messages being sent through it. It uses rules to decide if a message is allowed to pass through it. If the firewall notices anything about the information that violates the rules, it blocks them.

To achieve this, the firewall must take a look at every piece or packet of information that attempts to enter or leave the computer. The packets are labeled with where they came from and where their destination is. The firewall uses this and other information to decide if the packet is allowed to continue. It also may keep a history of all of the packets that have passed through it, allowing it to make decisions based on earlier packets.

While firewalls are a great way to add security to your system, defining the rules for its operation may be difficult for some users. The easiest way to go is to block nothing, but then there would be no reason to have a firewall. When setting up a firewall, it becomes important to have more knowledge about the system and what it will be used for. Even if a firewall is configured correctly, they can still contain vulnerabilities that can be used by attackers.

Backups

Computers may make many tasks easier to accomplish, but they also make it much easier to destroy the results. With so many threats to the data on a computer, it is always a good idea to back up valuable files. Whether the backups are made on CD or tape, make sure they are located in a safe place. Fire, theft, disk failure or even clumsiness can easily destroy the safety they provide.

Passwords

For each online service you use, you should have a separate, strong password. Each password should have no relation to any other password and they shouldn’t be written down. If you have many passwords they may be hard to remember. If you do have to write a password down, make sure it is in a safe place. Be sure not to tell anyone else what your password is.

Passwords are many times the weakest point of a security plan. Someone can go through extensive measures to ensure security and blow it all with a weak password or bad password habits. Once the bad guy has the password, all of the extra security is worth nothing.

What is a strong password? A sufficient password will not be made up of only dictionary words, but also include extra symbols. The best passwords are those that are random and contain no words at all. These type of passwords my be hard to remember, so generally, words separated by random symbols are sufficient. Password length is another important factor in determining strength. An attacker will most likely use a brute force attack, to discover valid passwords. This involves bombarding a system with many passwords until the correct one is supplied. Longer passwords increase the number of distinct passwords available. This makes the attackers job harder since he has more passwords to try out.

Turning off Extension Hiding

Avoid the viruses that take advantage of windows file extension hiding by turning this feature off. This can be done by doing the following:

Double-click my computer and wait for the window to show up. Click tools on the menu and choose folder_options. Next click view on the tab control. Find the entry that says “Hide extensions for known file types” and uncheck the box next to it.

Even if you set explorer to show you the file extensions, some extensions may still be hidden. If you are comfortable with editing the registry, run regedit.exe and search for “NeverShowExt” anywhere in the registry.

In order to remove the “NeverShowExt,” rename it to something else, so that it can easily be turned back on.

Use of Java, JavaScript, and Active X

Be very exclusive about the code you allow to run in your browser. Set the Browser to prompt you before downloading unsigned code or code from a mistrusted site. Try to visit only those sites that you can trust.

Encryption

Encryption is important if data needs to be kept secret. Encryption is the process of scrambling up data into something completely different, so that others cannot view the original plain text. The data can then be unscrambled by decrypting the encrypted data with a key.

An effective encryption program is able to encrypt data in such a way, that it is extremely difficult or impossible to decrypt the data without possession of the correct key. This allows files to be transmitted securely over the Internet, where they are easily sniffed. The anticipated recipient has the key, so they are the only one that has the ability to derive the original file.

Most browsers have encryption technology called SSL (Secure Socket Layer) already installed and working. When a secure site is visited, the browser begins using encryption protocols that allow your computer to communicate securely with the server. The passwords and credit card numbers that you enter are encrypted and sent to the server, where they are decrypted.

Access Control Lists

Access Control Lists provide a way to lock files behind protective barriers that require passwords for entry. They define who can perform certain actions on a file. Some operating systems provide very robust ACL systems, while others are very simple. Make sure you understand how to use the ACL on your system, since it can provide great protection for your important files. Many systems ship with ACLs that, by default, allow too much. Make sure that you review the settings and lock it down. For very sensitive files, don’t rely completely on an ACL. Use a file encryption program to ensure that would be very difficult for others to view the file, even if they get their hands on it.

Registry Guards

Registry Guards are used to protect your registry, startup directories, and startup files from malicious programs. Often, viruses can enter your system undetected, even while using Anti-Virus software. These viruses may set your computer up to run some nasty code when it is restarted. A rearguard will let you know about the changes, before the code is executed.

Secure Deletion

Users interested in concealing highly sensitive information should be aware that deleting a file is often not enough to get rid of it. On Windows, a file can still be retrieved from a hard disk even after it has been deleted and emptied from the recycle bin. When a file is deleted its memory area is flagged so that the operating system can reuse the memory when it needs to. If little writing to the disk occurs after deletion, the original data from the deleted file could be retrievable for quite some time. Several programs are available that will clean the deleted files up by overwriting those areas on the disk. The use of these programs is highly recommended in situations where highly sensitive material needs to be removed from a computer.