Our Opinion April 2002

Our Opinion Page for April 2002

Securing your Windows PC

Many of you will know that Windows is horrible when it comes to security. After years of constant bugs and vulnerabilities due to bad coding, many people have grown to dislike Microsoft and its wee Windows operating system. So this months opinion page will be on the subject of securing your Windows box in an attempt to help you feel more at ease when using the buggy Microsoft product. You will learn how to secure your system from the most common local exploitations. In no way am I saying you should follow every one of these methods, just the ones that you feel would be accustomed to your needs. I will try not to get to technical with this so if I leave something out chances are I did it on purpose. With the different subtopics, it would be easy to go into great detail on either one of them but I will try and just stick with the basics. This months page is part 1: “Privacy and Local Security” next months (part 2) will be about “Remote Security”.

User Mentality

In my opinion, the most important form of security is you. You have to understand that no matter how much software or hardware you add to your computer or how many tweaks you apply to your system, you will never be 100% secure. The next best thing to do is to see how close you can get to that 100% comfort zone of security. So I say it all starts with you, the user. If you don’t have the mentality or mind set to secure or update your system, then that can be one of the most dangerous types of vulnerabilities there is.

Also, never let someone else use your computer if you don’t fully trust him or her. If you don’t really trust the person and they want to use your computer, make sure you watch them closely while they are on it. You don’t want someone searching for, copying, deleting, or installing something on to your hard drive.

Cookies

A cookie, in computer terms, is a small text file placed on your computer by a web server to tell that web server that you have returned to that particular web page and sometimes they can be used to track your movement not only when you return to the site, but when you surf, or exit that particular website and only that website as well. It is like your personal identification card that can only be read by the web server that gave it to you. They are normally kept in a file called “Cookies” in your Windows directory.

Cookies are basically harmless but can be used by a site to get a certain profile about your web surfing habits and interests. They can also be used by sites to remember information such as your e-mail, phone numbers, and home addresses if you had filled out any online registration or order forms on that particular site before. That information can also be given to affiliates of that site so that other sites would know your surfing habits and your personal interests in certain subjects. Now, this isn’t really a security issue but it is a privacy issue that most paranoid people might not want to deal with.

Spyware

Spyware, also known as “adware”, is a program that is downloaded without the user’s knowledge when he/she downloads certain types of free programs from the Internet. The spyware application runs in the background of the user’s computer without the user ever knowing it has been downloaded. Spyware applications are created by the software authors to make money from the product you downloaded through advertisements. Spyware contacts its server constantly while you are on the Internet, literally turning your computer into a small server, sending its own server information about you which can be anything from the sites you search, to information about your computer, to personal information such as your e-mail addresses, home addresses, phone numbers, or possibly your credit card numbers. Sounds illegal doesn’t it? Well, its not. To many privacy advocates out there, it should be. Hopefully, the debate over spyware will end with it being illegal but until then, be careful what you download.

Now, let’s not panic. Spyware isn’t in all freeware programs you download, just certain ones, so don’t say you won’t download anything free ever again just yet. I was going to name some popular programs that contain spyware in them at the end of this page, however, there are anti-spyware programs for you to download that will find and remove spyware programs from your computer. One of the best spyware removal programs is called Ad-aware, which can be found at http://www.lavasoftusa.com/. If you want, you can run a search for other spyware removal programs located at http://download.cnet.com/.

Passwords

Passwords are used by millions of people everyday when dealing with computers or Internet related security for some type of user account login. Unfortunately for some, a lot of people tend to use fairly weak or easily cracked passwords when they are asked to enter one for security reasons.

A strong password, on the other hand, would give the person who is attempting to crack your password a much harder time in doing so. The cracker might spend long amounts of time or maybe not even get the password cracked at all due to factors such as the password cracker’s limited amount of word possibilities in the dictionary list, limited amount of techniques the password cracker has to cracking the password, or the amount of patience the cracker has.

A much more informative look at Windows password security can be found at here.

If you followed the above link, we now all know what and what not to do when we create strong passwords but where does Windows store those passwords whenever you make a saved user account or tell the computer to save a password so you won’t have to retype it? Well, in Windows 9x, your usernames and passwords are stored in .pwl files (password list) while in Windows NT/2000, your usernames and passwords are stored in a SAM (System Account Manager) database file.

Pwl File - Normally found in the directory C:\Windows, a .pwl file is where Windows 95/98 stores all of its cached (hidden) password information. This serves useful for the user of the computer in that he/she doesn’t have to retype a password each time they access a passworded resource. The problem with .pwl files is that they are not secure and are vulnerable to local .pwl file cracking attacks. Windows 9x computers were not built with security in mind so anyone who has local access to someone else’s Windows 9x computer can easily crack or decrypt the pwl file and gain access to the passwords while the computer is unattended.

SAM File – Normally found in the directory C:\Winnt\System32\Config\Sam, the SAM database
serves the same purpose as the .pwl file on Windows 9x distros in that it holds all of the usernames and passwords in encrypted form. The SAM database is much more secure than the pwl files in that it uses a one-way encryption algorithm or hash to secure its information. This means that while Windows NT/2000 is running, a user can’t access the SAM file from Windows Explorer because it is locked. Not a bad security feature actually. Only problem is the SAM file is still vulnerable in a couple of ways such as booting from a DOS floppy to copy the SAM contents and crack them on another computer, or to use popular tools such as L0phtCrack, NTCrack, or Pwdump to extract the hashes from the registry. To secure your SAM file and greatly reduce the success rate of these tools you can use a tool that was first produced for Windows NT in its Service Pack 3 called SYSKEY. SYSKEY was created to protect the user account data contained in the SAM registry database with a 128-bit encryption key. SYSKEY is optional with Windows NT but with Windows 2000 it comes already turned on. To activate it on NT systems go to Start, Run, and type in…

C:\WINNT\system32\Syskey.exe

Before you do you should read a little more about it since it can’t be deactivated. For more
information on SYSKEY go to http://www.cert.org/security-improvement/implementations/i028.02.html.

On a side note, most instant messenger programs and email accounts (most accounts in general for that matter) have an option to save your passwords on them so you won’t have to retype them or forget them next time you sign on. Never use this option when you are on a computer that is open to the public or other users. The passwords can easily be retrieved from the pwl or SAM files in Windows. There are also tools that let you view Windows passwords (including instant messengers) by viewing the passwords when they are present as only (*****) asterisks. So be cautious when using the save password feature.

Windows login

This is a login I’m sure many of you have seen before in libraries or on school computers. It’s the login that pops up whenever you start up your computer and it asks for a username and password. This is a useful little feature that can prevent the average human being from entering your desktop. To set the Windows login feature, view the following…

Enabling Windows Login in Windows 9x:

1. Go to Start, then Settings, then press Control Panel.
2. Double click the Passwords icon.
3. Press Change Windows Password in the password properties window.
4. Type in your new password and confirm it by typing it in again.
5. Press OK, then press OK again, and then reboot the computer.

Enabling Windows Login in Windows NT:

1. Press Ctrl + Alt + Delete and then click Change Password.
2. Type in your new password and confirm it by typing it again.
3. Press OK, and then press OK again.
4. Once you are back to the Windows NT Security dialogue box, hit the ESC key, which will take you back to the Windows NT desktop.
5. Reboot the computer.

On Windows 9x machines, the login can easily be bypassed by pressing ESC when it comes up. You will then be taken to the desktop. Not really a good form of security but it could keep someone who isn’t familiar with Windows security from accessing the desktop.

Screen Saver Passwords

The screen saver password can be a useful security measure if you happen to leave your desk/office at work or even at your home (depending if you have a nosey family or your just real paranoid). When you leave the computer unattended too, your screen saver may pop up during a set amount of time. To get back to the desktop you would have to enter a password. This can be useful for discouraging unauthorised snoopers while you are away from your computer unless they reboot your system, which will take you back to the desktop if no Windows login is present. So you’re saying to yourself, “Well what kind of security is that? All they have to do is restart the stupid computer.” True, but remember, this is Windows we are talking about and security isn’t what they are known for. Also, if you are snooping on someone else’s computer, you want to get on and get off as fast as you can. The intruder would have to take into affect how much time it would take for the owner of the computer to get back to the desk, the allotted time it takes to restart the computer, if the computer has a login (assuming he/she doesn’t know about the ESC bypass on Windows 9x distros), and the suspicion, by the owner, of the closed applications or programs that were left running on the desktop (if any). All of that, combined with some nervousness, would add to the security part of the screen saver password in my opinion.

File and Print sharing

File and print sharing is an option that is part of the windows networking which enables a user to share files and printers with any person over a network or over the Internet. When this option is turned on, the port 139 opens on your computer (I’ll get more into ports next month). This is the port in which file and print sharing takes place on. Though this port serves a valuable purpose, it is also one of the most dangerous ports there is and the port that most hacks occur on.

Malicious hackers love this port because it is very easy to gain entry to another person’s Windows computer when the file and print sharing option is activated without a password protecting it. If you are not using file and print sharing for anything then I strongly urge you to make sure it is disabled in the networking options. If you are on a connection that is online 24/7, such as cable or DSL, and file and print sharing is enabled without your knowledge and your system has no firewall, then sooner or later you will be hacked.

File security

Ever had some files on your computer that were very important and you just wanted to keep them safe or out of reach from your curious family members? Did you ever have a file that you wanted to make sure was practically unrecoverable from your computer? Well, securing your data can be very useful when you are on a computer that someone else has or could have access to. You don’t want some stranger roaming through or editing your files while your gone. Providing yourself with this type of file protection can be done in a few ways.

Every Windows file has certain attributes that give the operating system or software information on how the file is to be used. These attributes themselves can give the files their own type of security. When you right click on a file and go to “properties” you will notice at the bottom that the file has certain attributes named Read-only, Archive, Hidden, and System. When selected, these options perform the following functions:

Read-only- when this option is checked, the file will be readable but unable to be modified.
Archive- this option indicates that the file has been changed or edited since it was last backed up.
Hidden- this option means the file is hidden from normal directory searching.
System- system files are normally used by the OS. Do not edit or delete them unless you are advanced.

Out of these four options a person would most likely use “read-only” and “hidden” to secure their files. If you set a file as read-only, it would remind a user who is attempting to edit the file that the file isn’t meant to be changed. Now I know this isn’t a type of maximum security, unless you are computer illiterate and don’t know how to turn the read-only option off, but it would help in reminding a non-mischievous person to “do not touch”. The “hidden” option can be more useful in that it can be used to hide your entire file from anyone doing a file search on Windows Explorer (not Internet Explorer) or DOS “dir” search. Once your file is hidden, you can access it by going into the directory that you placed it in by using the Windows Explorer address bar. Then type the path name of the hidden file (i.e. C:\Windows\Hidden_File). Another way is to go into the Tools options at the top of Windows Explorer, then down to Folder Options, then click on the View tab, then look in the Advanced Settings box, then check Show All Files, then press OK. You can set the option back to Do Not Show Hidden or System Files when you have found your file. In DOS, to show hidden files all you have to do is type the command “dir /A”.

Another way to secure your files is to encrypt or password protect your files. The files themselves do not come with a pass-wording function but you can secure your files by pass wording Windows like shown before or you can do it with the help of third-party software such as WinZip. I think the vast majority of Windows users use the program WinZip so I will use this as an example and give the names of other potential pass wording programs as well as file encryption programs afterward.

To protect your files using WinZip you first have to zip it. Simple enough. What a zip file does is take multiple files (or one single) and compresses them into one single zip file ending in the extension “.zip”. Let’s say you have a file that you want to keep private by pass wording it with WinZip.

File security doesn’t have to be limited to just password protecting, encrypting, or storing your files, it can also deal with making sure your files are never retrieved after you have deleted them. Yes, that’s right, retrieval of files that have already been deleted or shall I say, “deleted”. To those of you who don’t know, once you delete a file, Windows sends that file to the recycle bin, and after you empty it from the recycling bin its still not quite gone from your system, which means important or private data that you didn’t want anyone to see can still be recovered.

In Windows, there is a (FAT), or File Allocation Table. This table keeps track of where the files are on your hard drive. When a file is written, it is stored in different clusters that may be scattered all over your hard drive. What the FAT does is keep track of the order each cluster is in and where it is located. Windows will then reassemble the clusters into a complete file and places it wherever you want it to be read. So when a person deletes a file from the recycle bin, they are only deleting its entry from the FAT. The file itself still stays on the hard drive until it is overwritten by new data. Anyone who knows where to look can find this supposedly deleted data by using certain data recovery programs such as here

This final section on file security is for the utterly paranoid or anyone who wishes to sell his/her old computer, but wants to make sure the hard drive is free from any information that might be a threat to your personal privacy or your security. This section is on “disk wiping” (which is also sometimes called file shredding). Disk wiping is almost like file shredding except it has nothing to do with tearing up a file before it is deleted. It deals with overwriting all data on the hard drive itself and making sure old, deleted data cannot be recovered.

Disk wiping overwrites by layers. What this means is you have a surface of data clusters that still may contain file information until something overwrites it. When I say that 0’s and 1’s are used, I mean that a layer of 0’s (or nulls) are stacked onto the data area, then a layer of 1’s are stacked onto the 0’s, then a layer of 0’s are stacked onto the 1’s, and so on depending on how many passes you plan on making and what overwrite method you plan on using. After that, a layer of pseudo-random data is stacked on top of the 0’s and 1’s. Obviously, the more you overwrite data, the less likely it will be for anyone to recover it.

Windows Update

Every so often, Microsoft will find vulnerabilities in its Windows software and create patches or fixes for the problem. At the same time, they also will create upgrades and software components that can help your computer to run better. They make these components available to their consumers by adding them to a part of their website called Windows Update. It is recommended and sometimes necessary that all Windows users visit the Windows Update site on a regular basis. Most Windows users can find an icon link to the site by pressing Start, then scrolling your mouse pointer up to the top of the Start menu and looking for an icon that has “Windows Update” next to it. If you don’t have it then you can go visit the site by clicking here.

Until next month cya in cyberspace.