/pcq/media/agency_attachments/L8pkS8gpnodJThOdAfv1.jpg)
Follow UsYes, the Internet is happening, and everybody’s riding the wave. Everybody
includes everyone from completely novice users to experts. If you fall in the
second category, you may not have much to worry about. However, if you are
amongst the novice users, surfing the Web for a good time or official work, then
you may have something to think about.
How do you know that while you’re surfing, somebody on the
Internet isn’t actually accessing your system and doing all sorts of things to
it? This can be anything from stealing important files, to deleting crucial
documents, or if somebody’s really malicious, corrupting the applications on
your system, thus leaving them useless. The recent onslaught of e-mail worms is
the finest example. When it comes to security threats, your desktop is actually
like a sponge. Given this situation, you can’t ever feel 100 percent safe.
That’s why it’s time to understand where the security gaps exist on your
desktop, and how to go about plugging them.
Threats from the browser
The other day, while surfing the Web, I came across an
interesting security Website. It was well designed and contained interesting
links on how to protect your desktop from attacks, etc. I clicked on one such
link and soon realized that it was a trap. My system went haywire, my e-mail
client automatically opened and started opening my mail, applications started
opening on their own, etc.
All this happened within a matter of a few seconds, and since
I wasn’t really anxious to see what would happen next, I quickly turned off my
PC, and turned it on only after pulling out the network cable. I backed up all
my data and installed a personal firewall software to monitor all ports on my
machine for any ‘unwanted’ activity. Since I had the software handy, and had
an idea of what was happening, I managed to save my system.
However, you may not be so lucky. The Web browser is an easy
way for somebody to get into your system. Most Web browsers have configurable
security settings. So if you have a feeling that somebody is using your Web
browser to access your system, then push up the security settings of your Web
browser. Set it to prompt you whenever a script requests to be executed. You’d
be surprised at the number of scripts used by most Websites today. This way, you
can control the scripts you’d like to run on your system.
Threats from e-mail
Spamming and mail bombing are old hat. Though they can still
happen and cause problems, they happen upfront, so you can take preventive
measures against them. You can set up filters to delete mail off the server
without downloading it, or use IMAP4 instead of POP3 for downloading your
e-mail, which downloads just your mail headers and not the entire message. Check
with your e-mail administrator for IMAP support on your mail server. It’s
quicker, and since you can see all mail that’s coming to your account, you can
delete the unsolicited ones.
However, what if you get an e-mail with an attachment from
somebody you know? It can be an invitation to a party from a friend, or a mail
from your boss asking you to check out a file. It’s a tough situation. If it’s
actually sent by them, and you don’t open it, you might get into trouble with
them later. If it went from their mailbox unknowingly, then the attached worm
would wriggle through your desktop taking its toll. So what should you do?
Almost everybody recommends using a good anti-virus package with the latest
update. But do you realize that it’s the worms and viruses that come first,
before the antidote is released. There are umpteen examples of worms that have
caused havoc, so we’ll not get into that debate. Instead, let’s see what all
can be done.
The first thing to do is to check the date of the e-mail you
received with the attachment. Some worms use your address book, and randomly
pick an old message from your inbox and send it out to others. So if it’s a
predated message, then it’s likely to be a worm. You can confirm this by
looking at the extension of the attachment. If it’s an odd looking extension
you’ve never seen, or an EXE, then it’s likely to be a virus. Kak.hta and
navidad.exe are the most recent examples. If it’s some sort of document, then
check whether the sender is reachable over phone and simply call up to find out.
In fact, that’s the most convenient way to protect your desktop.
Threats from chat
Though chat clients have been around for a long time, it was
with instant messengers like ICQ that chatting became popular. It’s the most
commonly used software you’ll find on any desktop. However, did you know that
chat clients are one of the biggest threats to security? Apart from the regular
instant messaging clients, there are several malicious clients like ICQ Attack.
These can get into any machine that has the ICQ client installed, and do
anything. That’s why it’s better to check the security settings in your
client and configure it so that it doesn’t remain online all the time, but
only when you want it to. Nowadays, anti-virus programs are available just for
ICQ.
Threats to your data
In this entire hustle and bustle to protect your system, the
most basic entry point is often missed out. That’s the floppy drive. Anybody
can walk up to your seat, place a floppy in your machine and implant a trojan.
Or worst still, suppose the hacker doesn’t implant a trojan, but simply
searches for all documents on your system, and copies the important ones on to a
floppy and walks off. The most convenient protection against this is the
screensaver password, which can ward off most people. However, such passwords
are not very difficult to crack when it comes to a seasoned hacker. In fact,
somebody can also enter your system through the network if you have any shared
directories. So check to make sure that only the directories you want are
shared, and not the entire drive. You can also password protect them.
Another solution that’s gaining popularity is file and
directory encryption. Programs are available that let you encrypt any file lying
on your desktop using the most robust encryption techniques. Wondercrypt from
Wonder Software Technologies is one such software (www.wondercrypt.com).
It creates a public-private key pair for you, and stores your private key on a
USB-based hardware storage device called the iKey. You can also encrypt any file
with your public key and decrypt it using your private key. This is very secure
as the private key doesn’t stay in your system, but remains with you safely
inside the iKey. So even if a person does get hold of crucial files, he can’t
read them because they’re encrypted. Another similar software is eLock, which
can lock any files you want to protect. If encryption isn’t exactly your cup
of tea, then there are special hardware locks available that can lock up various
parts of your PC like floppy drives, zip drives, printers, etc.
So, ultimately, your desktop’s security is really up to
you. If you leave everything wide open, anybody can come and take your data.
Hackers don’t always have to attack servers and Websites. Therefore, it’s
better to be cautious and analyze all the loopholes in your desktop and do
something about them.
Anil Chopra