Alternative O/S
If you've been a victim of the myriads of viruses, spyware, or malware out there you're probably wondering if there's any sure-fire way to keep them at bay.
There is, and it's easier then you may think:
LinuxYou've heard about it, you may not know exactly what it is, but if you're really concerned about security, you may want to explore this very good alternative to Windows.
Linux can be obtained in a variety of ways, and where it's fundamentally free, there are some distributions that charge you for support of their product. You're not actually paying for the software, but you're paying for the ability to call someone if/when there's a problem.
Linux is a GUI (graphical user interface) just like Windows. You have icons, windows, programs, folders, all elements that should be familiar to anyone who has used a computer before - PC or Mac.
On the system level the dissimilarities come in to play. Commands in Linux are similar, as is the file system (FAT32, EXT2, EXT3), but start looking at the locations of system files and programs and you'll realize it's a whole new world. However, with many of the new distributions you never see the nitty gritty details that makes Linux inherently different.
That's why you shouldn't be afraid of Linux, and the reasons why you want it?
All the software included with, and created for Linux is Open Source.(minus a few choice commercial applications) That means that you can download a copy for free, you can give a copy to your friends, they can give copies to their friends, and if their friends know how to program, they can customize the program and re-release it Open Source for others!
Essentially it's freedom to use, freedom to share, and freedom from having to worry about some snot-nosed kid downloading a windows script and creating a
variant of a very malicious virus that'll erase your work from the past year.
So that's the theory behind it, the actual practicality of it is that it comes with an "Office Suite" - Fedora comes with
OpenOffice which is fully compatible with Microsoft. You have an office suite with word processor, spreadsheet, database, and the ability to make a presentation just as easy as M$ without all the extra fluff. There's
Gimp an image manipulation program that can use Adobe Photoshop filters, read/write PSD, PNG, and EPS files, and supports layers, transparency, and color profiles as well.
Also included are a multitude of games, carbon copies of many of your favorites from pinball to Space Invaders, Civilization, Astroids, and Breakout just to name a few. Speaking of games, you may be wondering about new games? How about Unreal Tournament 2004, Doom 3, Half-Life 2 -- all have Linux executables and installs.
If you're looking to play games, you'll need support for the latest hardware, 3D accelerators, soundcards, RAID, and gigabit Ethernet adapters, right? Well, they're all here, as well as an x64 version for those of you with an AMD64 system. 64-bit is a major push as we get further down the road with the technology getting cheaper and cheaper. Considering that WinXP-64 is still quite beta, if you're looking for something to test your processor's potential, Linux is about your only option (though there is an evaluation version of WinXP-64 available
here). Most of the major companies - ASUS, Creative, nVidia, RealTek, have all released various drivers and hardware information for configuration under Linux. They're for all the major packages, but you may want to check out your hardware manufacturers support site to see what packages they have drivers for.
Unfortunately Linux is not standard enough for these companies to support the Linux drivers and distributions, they release them because people asked, and they figure you know enough to be able to install them or at the very least suck it up when it doesn't quite work the way it's supposed to. Linux is organic, it's growing, and the more acceptance it receives, the more people that use it -- the better chance it has of becoming mainstream. That may not be a good thing for clothing or music, but for computers - it's Shangri-La.
Until you're comfortable enough with Linux to do away with M$ and their security holes all-together, you may want to consider setting up Linux on a secondary machine, or at least a secondary hard drive. If you're looking to set up a dual-boot system, the easiest way is to install Linux first, then Windows, which automatically creates a boot menu with the OS choices for your machine.
Keep in mind that you'll need to format whatever hard drive you're working with. Of course, the newer versions do everything for you, but the basic premise is that you need a boot partition, a swap partition, and your normal data partition. The boot partition holds all your bootup files, and information needed to load the operating system. You should plan on using 200-500mb. The swap partition should be equal or slightly larger then the amount of RAM in the system, and the data partition is normally the rest of the drive. You may also want to create a FAT32 partition so you have an area to store files readable by both Linux and WinXP as Windows won't read EXT3 & Linux won't (isn't supposed to -- but can) read NTFS.
Finally, the easiest way to install Linux is to burn an ISO image. This is an exact image of the install CD or DVD, the biggest difference between the two being the amount of install discs and of course, needing to have a DVD Burner to burn the DVD ISO. With ISO files you can download them, burn them with your favorite program, then restart and boot right from the CD/DVD, making it as painless as possible. You'll find both CD & DVD ISO files for the newest distributions here:
Fedora |
Screenshots- by the makers of Red Hat, one of the first Linux package distributions
FreeBSD- UNIX-based, not Linux, but along the same lines
GenToo- for the power user who likes to tweak
Debian |
Screenshots- another mainstream Linux distribution
Wireless Security: WEP vs WPA
Wi-Fi Protected Access (WPA), the latest security standard for wireless networking, increases the level of data protection and access control for wireless networks over WEP. Various companies and associations have collaborated to develop the WPA standard, which is forward compatible with the upcoming IEEE 802.11i standard.
WPA provides several benefits to enhance security over previous models. It keeps out unwanted users by checking for the proper permission and password before allowing network access. It is also more robust than the security standard it is replacing, Wired Equivalent Privacy (WEP), which provides basic protection for home networks and limited protection on public networks. WPA improves data encryption so attackers will not be able to view or alter any data traveling to or from your wireless network.
How WPA Uses Encryption Keys
WEP uses 64- or 128-bit encryption keys, but WPA offers up to 256-bit encryption keys, which are exponentially harder to decode.
With WEP it was possible for an attacker to "sniff" packets and by comparing each with the one before it, eventually crack the security code. Even with 128bit encryption, this would only take 2-3 hours if there was moderate web surfing over the wireless link. However, since WEP never changes, an attacker could discover it on their lunch hour over a couple of days! With WPA it changes as often as you want it to (50 min is sufficient), so by the time they can decode your old WPA key, your network has already switched to a new WPA key, so WPA is significantly better than WEP, which uses the same WEP key repeatedly.
Even if you don't have WPA on your particular wireless device, it's still advisable to use WEP with 128bit encryption, as some protection is better then none. Linksys even includes a small utility that translates a "password" or "secret phrase" into a 128bit character code, so you don't have to enter the 32 character long string by hand.
Web & Wireless Security Tips
Web
Use unique passwords that you can remember. Use at least eight characters and include capital letters, numbers and symbols in passwords. For example: "h4dW4re" is easy to remember, contains both numbers and a capital W. Don't use obvious passwords such as your husband/wife, children, or pet's names.
Create a "web birthday" that's close to your real birthday, and provide fake/vague address information (unless required to by law). If someone does obtain this information, it will turn up bunk when they attempt to cross-reference it.
Download programs and files only from trusted sources.
Turn on your browser's built-in security features. Make sure you are prompted before any file is downloaded. Also verify your Active X controls are set to "prompt" in your browser's security settings. Many malware and spyware programs are launched by ActiveX controls.
Movie files (AVI, WMV), screensavers (SCR) and more recently picture files (BMP, JPG) can contain hidden code too. Other file types to avoid downloading/running are .exe, .com, .bat, or .vbs -- all can contain malicious code.
Don't click on links in popup windows, at the very least use a pop-up blocking toolbar such as google toolbar. Pay close attention to the information you allow them to collect when you download it.
Consider using an alternative Web browser like Firefox or Opera, because hackers often target popular browsers, like Microsoft's Internet Explorer.
Read the terms of service. The 5-10 minutes it may take will be worth loads of aggravation down the line.
Use a web-based email address for surveys, contests, or forums you may sign up for. Treat this as your "junk-mail" address, as the more you sign up for, the more spam you will receive.
Wireless
Change your default network name (SSID) to something unique.
Change the default password needed to access a wireless device. For wireless products such as access points and routers, you will be asked for a password when you want to change their settings. These devices have a default password set by the factory. (ie: The Linksys default username is blank, password is admin.) Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device's password so it will be hard to guess.
Enable MAC address filtering so that you specify only computers that are allowed to connect to your network, you can find the MAC address via Start=>Run=>CMD then hit OK. Type IPCONFIG /all to get the applicable information on each machine's unique MAC identifier.
Disable SSID broadcast so that most scanners won't "see" your network. Otherwise anyone with a detector will pick up the signal and be able to see your access point/router's SSID. From there it's only a matter of getting the 'secret code' and your router could be hijacked.
Enable WEP or WPA encryption. Most wireless equipment comes with encryption technology -- be sure to activate it before using. If you have a wireless router and won't be actively using the wireless feature, be sure it's off. You can always reactivate it when you need it.
Suspect a Virus?
Where to begin?
Not every system oddity is due to a virus, worm, or bot. Your system may be running sluggish, your hard drive filling unusually quick (not including all that downloading). Do programs crash with no warning? These symptoms could be typical windows, possible conflicting hardware, or incompatibility of certain software that you have installed (shareware, low-budget software -- freeware is normally open source so if there's a bug, somebody's usually fixing it through some means).
Anything obvious is probably not malware. After all, people who write malware want to hide their program's presence. People who write commercial software put icons all over your desktop. Who's going to work harder to go unnoticed?
Other indicators that may, in fact, indicate that there's nothing that you need to worry about, include:
An automated e-mail telling you that you're sending out infected mail. E-mail viruses and worms typically come from faked addresses. Your email address is probably already in a gigantic database if you've been on the internet for more then a month. Appearances in chat rooms, a personal web site, or a forum conversation is all it takes to have your address nicked from the net. Spammers normally pull from these databases at random, so every once in a while you may get such an email "returned" to you.
A frantic note from a friend saying they've been infected, and therefore so have you. This is likely a hoax. It's especially suspicious if the note tells you the virus can't be detected but you can get rid of it by deleting one simple file. Don't be fooled--and don't delete that file. The "Teddy-Bear" Virus is a good example of this. The email wants you to delete a file in your system32 directory. It matches the description, and seems out of place with a little teddy bear for an icon, but it is in fact a very important windows program that is Microsoft Certified.
I'm not saying that you should ignore such warnings. Copy the subject line or a snippet from the body of the e-mail and plug it into your favorite search engine to see if other people have received the same note. A security site may have already pegged it as a hoax.
If you're truly worried about it, you can forward the message to your ISP (usually abuse@yourisp.com, spam@yourisp.com). Make sure to include the header by choosing "view headers" in your email program, then copy and paste it in with the forwarded message. The header shows who sent the message, when they sent it, what server it originated at, and what courier servers touched it along the way through cyberspace.
Sniffing Out an Infection
There are signs that indicate that your PC is actually infected. A lot of network activity coming from your system (when you're not actually using Internet) can be a good indicator that something is amiss. A good software firewall, such as ZoneAlarm, will ask your permission before letting anything leave your PC, and will give you enough information to help you judge if the outgoing data is legitimate. BlackIce is another, but it's a commercial application and may be require a bit more configuration. There is a firewall that comes with Windows, even an improved version in XP Service Pack 2, but lacks the packet inspection. It blocks ports coming in, but it doesn't actually verify if what's going out on the commonly used ports (80, 21, etc)
To put a network status light in your system tray, follow these steps: In Windows XP, choose Start, Control Panel, Network Connections, right-click the network connection you want to monitor, choose Properties, check "Show icon in notification area when connected," and click OK.
If you're interested in what's really going on behind the scenes, you can sniff around further in the Task Manager. Hitting CTRL-SHIFT-ESC in Windows will bring up the Task Manager, which will show you the various processes your system is running. Most, if not all, are legit, but if you see a file name that looks suspicious, type it into a search engine and find out what it is. 30 is normal, 35 is ok, 40 is RIGHT OUT! Well, sometimes... it all depends on how many side processes you have running, system tray icons, etc. The name of the items are the important thing, have a question? Search for the filename in google and you should get multiple sites with the vendor, purpose, and validity of the program.
Want another place to look? In Windows XP, click Start, Run, type "services.msc" in the box, and press Enter. You'll see detailed descriptions of the services Windows is running. Something look weird? Search for it.
Finally, you can delve even deeper by selecting Start, Run, and typing "msconfig" in the box. With this tool you not only see the services running, but also the programs that your system is launching at startup. Again, check for anything weird. (ie runndll.exe /s ePFJKSx1R2.dll)
If any of these tools won't run -- or if your security software won't run -- that in itself is a good sign your computer is infected. Some viruses intentionally disable such programs as a way to protect themselves.
What to Do Next
Once you're fairly sure your system is infected, don't panic. There are steps you can take to assess the damage, depending on your current level of protection.
If it's malware, I recommend Lavasoft: Ad Aware, beware of http://adaware.com => it'll infect you with spyware. The true home of this wonderful tool is at http://lavasoft.com. It's best when used with SpyBot, they complement each other in that they catch what the other may occasionally miss. SpyBot also checks a bit deeper for modified extensions and other not-so-obvious signs of possible malware modification. Again, don't look for it at http://spybot.com -- where it won't infect you with anything (or at least doesn't appear to) it's better to go to the source at http://www.safer-networking.org/en/index.html.
If you don't have any antivirus software on your system (you're just asking for this, aren't you?), or if the software has stopped working, stay online and go for a free scan at one of several Web sites. There's McAfee FreeScan, Symantec Security Check, and Trend Micro's HouseCall. If one doesn't find anything, try two. In fact, running a free online virus scan is a good way to double-check the work of your own local antivirus program. When you're done, buy or download a real antivirus program.
If you have antivirus software, but it isn't active, get offline, unplug wires-- whatever it takes to stop your computer from communicating via the Internet. Then, promptly perform a scan with the installed software.
If nothing seems to be working, do more research on the Web. There are several online virus libraries where you can find out about known viruses. These sites often provide instructions for removing viruses--if manual removal is possible--or a free removal tool if it isn't. Check out GriSOFT's Virus Encyclopedia, Eset's Virus Descriptions, McAffee's Virus Glossary, Symantec's Virus Encyclopedia, or Trend Micro's Virus Encyclopedia.
A Microgram of Prevention
Assuming your system is now clean, you need to make sure it stays that way. Preventing a breach of your computer's security is far more effective than cleaning up the mess afterwards. Start with a good security program, such Trend Micro's PC-Cillin, which you can buy for $50.
Don't want to shell out any money? You can cobble together security through free downloads, such as AVG Anti-Virus Free Edition, ZoneAlarm (a personal firewall), and Ad-Aware SE.
Just make sure you keep all security software up to date. The bad guys constantly try out new ways to fool security programs. Any security tool without regular, easy (if not automatic) updates isn't worth your money or your time.
Speaking of updating, the same goes for Windows. Use Windows Update (it's right there on your Start Menu) to make sure you're getting all of the high priority updates. If you run Windows XP, make sure to get the Service Pack 2 update. To find out if you already have it, right-click My Computer, and select Properties. Under the General tab, under System, it should say "Service Pack 2." Many of the security vulnerabilities that go unpatched are a backdoor for infection by even the simplest devices, the most feared being malicious web sites. They contain scripts which will attempt to install (and often succeed on unpatched systems) a plethora of malware, viruses, and assorted baddies.
Here are a few more pointers for a virus-free life:
Be careful with e-mail. Set your e-mail software security settings to high. Don't open messages with generic-sounding subjects that don't apply specifically to you from people you don't know. Don't open an attachment unless you're expecting it.
If you have broadband Internet access, such as DSL or cable, get a router, even if you only have one PC. A router adds an extra layer of protection because your PC is not connecting directly with the Internet.
Check your Internet ports. These doorways between your computer and the Internet can be open, in which case your PC is very vulnerable; closed, but still somewhat vulnerable; or stealthed (or hidden), which is safest. Visit Gibson Research's Web site and run the free ShieldsUP test to see your ports' status. If some ports show up as closed--or worse yet, open--check your router's documentation to find out how to hide them.
How effective are these precautions? Remember that nothing is impossible. It's always plausible that someone somewhere will be a step ahead of any updates you may have installed, but say on the good side of the tracks, the light side of the internet and you should be fine.
Promises of free games, applications, MP3s, and movies (especially... *ahem*) are a quick trip to a possible electronic hijacking, bringing your computer to the dark side.
