Intrusion Detection and Prevention
#1
In the spirit in which it was written, this is copy/pasted from a thread in the Off-Topic Forum at Diabloii.net,

I know that Lurkers tend to be more computer savvy than the average, but some aren't and any additions would be helpful for everyone.


FAQ on Intrusion Detection and Prevention
By Crogon c/o Diabloii.net


Let me pre-qualify this by saying that among other things, I am a systems administrator for various corporations around the Denver metro area. I have never had any system under my care successfully breached. Of course, one of the keys to securing a corporate network is to not draw attention to yourself in the first place. None the less, I believe that I am more than qualified to instruct the general populace on intrusion detection and prevention.

All right, there is no single solution that is going to catch everything. Let that soak in. You will never be 100% secure. With that in mind, you need to take steps BEFORE you jump off the beaten path and start downloading programs from off the wall places. Chances are, you have already done this without even knowing it, but we'll deal with that later. Note that if you are too lazy, or can't be bothered with following these steps, you have no right whining to anyone about how you got hacked. Also note that this information pertains to intrusion attempts in general, I am not condoning or supporting downloading hacks for battle.net. Most, if not all, of them will get you put on blizzards 'ban this guy in the near future' list, so you won't need to worry about hackers in the first place.
-------------------------------------------------------------------------

BEFORE you do anything, update your operating system, and anything else you can think of that might need updating. This next bit may sound ludicrous, but here's a scenario that'll run chills down your spine:

You see a free porn site or some other site advertised on battle.net. It's 3am and your bored anyway, so you alt + tab out of Diablo, open your browser and go to the site. Unknown to you, the web site has downloaded a tiny little Java or active, or who knows what kind of applet. Harmless enough, even if you knew it was doing it. Web sites do it all the time, no biggie. Now you're on the web site, and smack in the middle of it is a free video for your viewing pleasure, and it's even set up at different speeds, so that you can enjoy it on a modem connection. So you click on it, and it plays the video in windows media player or real player or what ever. But, the video was stupid, so you close the media player and your browser, and go back to diablo. Strangely, you are logged out of battle.net. You try to log back in, but are informed that your cd key is in use by Joe Hacker. WTH???? I'll tell you wth, when you opened the media player, the video you were watching had some code in it to breach some security flaws in the media player and access your system registry. Then it told the tiny applet the web site downloaded earlier to access the information pertaining to your diablo cd key, and forward it to Joe Hackers server, where he has a nice little server side applet set up on his web site to decode your cd-key and store it in a nice little database that only he has access to. Finally, Joe Hacker used a DOS (denial of service) attack to disconnect you from battle.net, so that he could log on using your cd-key. So you cuss out Joe Hacker, smartly delete all of the applets your browser has downloaded, erase everything in your browsers temp directory, and run to the store to fork out 30 bucks for a new set of cd keys. Unfortunately for you, by the time you get back home and uninstall and reinstall Diablo II and the expansion, all of your accounts have been banned due to hacking, because even though Joe Hacker didn't have access to your accounts, he used your cd keys to test out some new hacking methods, which didn't work out so well.

Why did this happen? Because you my friend have been too busy to be bothered with updating your operating system and programs for about 3 months, and Joe Hacker took advantage of some security breaches that have been documented for a couple of months now.

Ok, now almost everyone who is reading this right now is thinking 'Is this possible???' The answer to that is yes. Is it probable? No. Nothing even remotely like this will probably ever happen to you or anyone you know. The important bit is that it CAN happen. It CAN be done. And it doesn't need to be a porn site, or use a security flaw in a media player either. Such a scam could be designed to take advantage of security flaws in just about any popular software you can think of, from Microsoft Office to Kazaa. One of the most commonly used programs to breach security are chat programs, that is why you may notice that most of them are updated every week or so. If you have computers where you work, this is why you are probably banned from downloading chat programs. However, most places are relaxing this policy because chat programs can be very useful in the workplace, if they aren't taken advantage of.

The only exception to the rule of updating everything possible, is the driver downloads on the Windows Update web site. NEVER use those. You can call up a Microsoft technician and they will tell you the same thing. The vendors who submit those drivers do not check them to make sure that they don't update the wrong devices. Updating a device with the wrong driver could potentially cause a fatal error in windows, which could be bad enough that you would need to delete and re-install windows itself. This is not a windows specific problem either. Using the wrong device driver in any operating system, from Windows, to Mac, to Linux, can cause a fatal error in the operating system. When updating device drivers, you need to be 100% sure that the driver was designed for your specific brand, model number and version number of device. The second fastest way to turn a computer into an oversized paper weight is to update the system bios using the wrong bios update. I'll talk about the fastest way later.

Finally, auto-updating should take place when you're not using the computer. Try to set it up so that all auto-updating takes place when you never use the computer, such as when you are at work, or while you sleep. You should stagger auto-updates for different programs about every half hour or so, so that they don't all try to download updates at the same time. Even if you have the bandwidth to do this, you can still get into serious trouble if two programs are trying to update themselves at the same time. It is preferred to auto-update during the late night, because the general load of traffic on the internet if much lower. Between about 1am-5am local time would be the prime hours to schedule auto-updates, if possible. Most auto-updates default to try to update at midnight, and there are so many of them doing so, that they create a rather measurable surge of traffic on the internet at midnight. With this in mind, the earliest I would schedule an auto-update would be 12:30am. ALL programs should be closed while auto-updates are taking place. Especially e-mail programs. Most auto-update programs are smart enough not to try to update while you are using your computer. E-mail programs generally check for new e-mail every 5 minutes or so, which tricks most auto-update programs into thinking that you are using your computer every 5 minutes. So, if you leave your e-mail program open 24 hours a day, some auto-updates will NEVER take place.

So, let's start defining some steps to 'attempting' to protect yourself from getting hacked.

Step 1) Update everything on your computer that can be updated. Set up everything that you can to auto-update daily, and make a list of those things that you can't. Keep everything up to date.
-------------------------------------------------------------------------

Now then, let's briefly discuss the internets first problem child, IRC. You can include Mirc and any other IRC derivative into this. IRC is an incredible tool and can accomplish many many very cool things. It has also been around for many many years and is quite popular. It is also riddled with potential security breaches. With some of the earliest versions of IRC, people could hack into your computer quite easily and do, literally, ANYTHING they wanted to. A smart IRC script writer can still make all sorts of things happen even if you are using a current version. My advise is either gain a working knowledge of IRC and how it works and the basics of scripting in IRC, or don't use it. Ever. You can achieve a certain amount of security if you were to download the newest IRC version (or Mirc or whatever other derivative) from a known safe location, download your scripts from a safe location, and connect to a known safe server / IRC network. However, without a certain amount of research and knowledge of IRC, you don't know for a fact that you have done any of these things, now do you? It is not necessary to learn everything there is to know about IRC. In fact, doing so could probably earn you a Masters degree, there is so much to learn about it.

This next step may sound a bit harsh, but it is in fact a necessity.

Step 2) Either gain a working knowledge of IRC, or uninstall and delete everything related to IRC on your computer.
-------------------------------------------------------------------------

Now then, this step is about as close to foolproof as you can get, and it's quite simple. If you have two computers with an internet connection, use one to play Diablo on, and the other to 'test' out any web sites, IRC scripts, or downloads. If the site, or script or program has dishonorable intentions, you will more than likely receive an error at some point about 'Diablo II cd-key registry info not found' or some other error telling you that it was trying to do something that it wasn't supposed to be doing in the first place. Also be sure to check any logs that might pertain to this. The program or whatever may keep it's own logs which could give it away. Also, Windows itself keeps quite a few logs all on its own. Search the entire hard drive that your operating system is installed on for 'log' and '*.log', then open up and browse through any of them that look like they might pertain to what you're doing, and open up and browse through the ones that you have no clue what they pertain to. Also, try not to fall out of your chair when you discover that your operating system is keeping about 80 different logs of things that you do. Almost all log entries are time / date stamped, so this is not nearly as time intensive as you might think.

If you can find a free one, or have the resources to get your hands on, a program called a 'Sandbox' this is an even better solution than just using two different computers. A sandbox is a program that sets up a completely separate environment on your computer for things to run in. When you put something in a sandbox, it has absolutely NO access to what is really happening on your computer. It is similar in concept to the programs that are floating around today which allow you to run virtual operating systems on your computer. A sandbox is somewhat more advanced though, because it is designed to report to you everything that any of the programs playing in the sandbox try to do. If one of the 'kids' in the sandbox gets out of line, you'll hear about it. Unfortunately, most Sandboxes are used for testing programs, viruses or even operating systems, and are marketed for corporations which have MUCH deeper pockets than most people have. There were only a couple of sandboxes that I am aware of that didn't cost 1000s of dollars to get your hands on. Nonetheless, it's worth the effort to do a little internet research and try to come up with one.

Step 3) Make every attempt to use a separate computer to test questionable software, scripts and web sites on, or get your hands on a 'Sandbox' program.
-------------------------------------------------------------------------

The most obvious solution to the problem would be to monitor your entire internet connection, and stop any unauthorized data streams from getting through. This is done using something called a firewall. This method is not foolproof on it's own though, which is the only reason the rest of these steps are necessary in the first place. The CD-key scenario I outlined above would get through any firewall that wasn't told to SPECIFICALLY not allow the activities that the scam used. Unfortunately, not allowing those activities will prevent you from browsing about 80% of the internet. However, many firewalls monitor and prevent the vast majority of hacks and trojans from transmitting unauthorized data in the first place. Using a firewall, an anti-virus scanner, and keeping your operating system up to date are the three most recommended security steps that you can take, and will protect you from any commonly used, documented hacks. The only problem with this is that once the hackers realize that 'the jig is up', they move on and use methods that haven't been documented yet. Just remember that for every documented hack, virus and trojan, there is at least one guy out there that got hosed, and more than likely hundreds of guys. Don't be that guy. Also, many of the commonly used battle.net trojans will never make their way into the mainstream security tools, but we'll discuss this later.

Ok then, if you want the maximum firewall security possible, run down to your local computer store and pick up not one, but two 'hardware' firewalls. Furthermore, ask the guy for two separate brands of firewall, and which two are the best, or the most popular if he doesn't know which are best. When you get home you are going to have a bit of setup to do, but it's worth it. Note that hardware firewalls are useless if you intend to keep using a modem inside your computer to connect to the internet. However, firewalls can be purchased which have a built in modem, so you can still use your dial-up ISP if you get a firewall with a built in modem. Your ISP may have provided you with a DSL modem, or a cable modem which already has a built in firewall, so you may only need to buy one additional firewall. Call them up and ask about it, but if they tell you that it has NAT (natural address translation) which is just as good as a firewall, ask them if they have ever heard of TelNet? TelNet is commonly used on almost every network appliance on the planet (routers, switches, firewalls, ethernet cards, servers and even network printers). Anyone with a finite knowledge of telnet can use a simple brute force attack to hack the password on almost any internet appliance. This of course will allow the hacker to change NAT around, set up a back door into the network, or do just about anything they want to, which makes NAT by itself quite useless as a security deterrent. What you want to do is set everything up so that your computer (or computers) talks to the first firewall, then the first firewall talks to the second firewall, and the second firewall either has the built in modem (or DSL modem, or Cable modem) which talks to your ISP, OR the second firewall talks to your DSL modem or cable modem, and that talks to your ISP. What this does is set up something called a 'DMZ' (from the combat term de-militarized zone). The DMZ is a virtual 'area' that NOTHING that is not authorized to be in can get into or out of. Most corporations use this exact method as their first line of defense against all intrusion attempts. Note that if you have more than one computer, you probably already have a device called a hub to connect them together. Disconnect the hub and throw it in the trash. Now go back to the computer store and buy a switch. A hub allows any sort of communication to pass through to all devices attached to it. A switch only allows communications to pass through to where it was intended to go. A switch is much faster and more secure than a hub. Also, switches have gone WAY down in cost recently, so there is no excuse not to buy one. Be sure to manually check for updates for your hardware firewalls. 90% of them are unable to auto-update, so you will need to do it manually. While purchasing a firewall which CAN auto-update itself is a very nice bonus feature, do NOT pass up a superior firewall simply because it doesn't have auto-update. The key to this is that even if a hacker somehow manages to get through one firewall, when he discovers a 2nd, different, firewall he will usually move on and find something that doesn't take quite so much work to get into.

In addition to hardware firewalls, you should download and use a software firewall, along with the hardware firewalls. Software firewalls tend to 'protect the user from himself'. They will frequently block out web sites and known trojans or hacks that 'piggy-back' and take advantage of your browsers data stream, or some other programs data stream, that may otherwise sneak through the hardware firewalls. The two most common and arguably best free software firewalls today are made by Sygate and Zone Labs. Personally, I use Zone Alarm by Zone Labs. It also deserves mentioning that Zone Alarm Pro protects network services. If you are using services on a server, or a workstation with network services (such as Windows 2000 Pro or XP or some Linux boxes), it would be worth it to fork out the money to buy Zone Alarm Pro. Probably the oldest software firewall still in use today is known as Black Ice. Black Ice has had issues in the past about being kept up to date, and I would caution anyone who plans on trusting it to keep them secure. Also, never install and use two software firewalls at the same time. Software firewalls inherently believe that other software firewalls are Satan (or Diablo) incarnate. They will instantly get into a heated argument, calling each other dangerous, and you will have so many warning pop-up windows that you will be hard pressed to shut either firewall program down.

The next rung down the ladder would involve using a single hardware firewall along with a software firewall. This is the most commonly used method. As a minimum defense, at least download and use a software firewall. Whichever firewalls you decide to use, be sure that you set all of them up to block ports which are commonly used in attacks, and enable any other optional security functions. Note that doing so may very well cut you off from battle.net, but this is not a problem by itself. Simply go to blizzards tech support site and find the topic about ports and firewalls. They have been very kind, and outlined instructions on opening the ports necessary to connect to battle.net on almost all commonly used firewalls. This was very nice of them, because it isn't their responsibility. They gathered and posted the information for the safety of the battle.net community. Note that most firewalls are designed to allow common harmless traffic to pass through without a problem, but most internet games will need to be set up on the firewall to allow the proper ports to connect.

Ok some of you are thinking 'What ports? You mean like my printer port??' No, to explain it simply, your internet connection is made up of 1000's of 'ports'. Picture your internet connection as having 1000's of little holes in it, which all lead to paths to reach the internet. Each program you use that communicates across the internet, does so through a specific port, or range of ports. That includes trojans and hacks. By default, all of these ports are left wide open for anything that wants to, to talk through them. The main purpose of the firewall is to close the door on ALL of the ports you don't need to use, and lock them down so that unauthorized communication does not take place. As a bonus, the software firewalls keep track of which programs are allowed to use which ports, and make sure that they keep in line as well.

Step 4) At a minimum, download and use a software firewall. For maximum protection, use two hardware firewalls AND a software firewall. If you have a hub, throw it away and replace it with a switch.
-------------------------------------------------------------------------

The most ignored sore spot (which more closely resembles a festering oozing wound) in most companies security policies, is what is termed 'physical' security. This is not nearly as big of a problem for home computers though. It won't be easy, but I will try to be brief and still make my point. 'Physical' security involves preventing people from getting access to your computer in the first place, preventing them from finding out your password, and not using passwords that are so stupid your dog could figure it out. Surprisingly, dogs and other pets cause more security breaches than you would believe. The vast majority of people out there use the password 'password', the same password as their account name, or the name of a pet or child. This is closely followed by using some derivative of your birthday, your childs birthday, or your social security number. If they can get away with it, many people will leave their password blank (although you can't do this on battle.net). Not only do hackers know about this, but they have known it for YEARS. They have known about it for so long, that when they get together, they commonly joke about the complete and utter FOOL who was using the password 'password'.

Here's another one for you, do you know the real reason why identity theft is so easy? Call up someone's friend or co-worker, and ask them what the other guys cat or dogs name is. They'll say 'Uh, Max, why?'. If you are feeling generous you can tell them that you now have a 20% chance of knowing their password. If you're not feeling generous, you can hang up and call another friend or co-worker and ask them when the other guys birthday is. You now have about a 35% chance at knowing the password. It's that easy. Plus it's fun, give it a try if you don't believe me. Calling around I mean, not guessing someones password. Identity theft works on the same principals as password theft, gather enough information, and your set. For this reason, friends, co-workers and children need to be 'trained' not to give out seemingly mundane information. Especially if your password is 'rover'.

The most secure passwords involve using random words, or random letters AND numbers AND symbols. If it is possible, throw a '-' or some other symbol in the password. Also, if it is allowed, use a combination of upper and lower case letters (note that battle.net could care less if they're upper or lower case). Make sure it's not one that you will forget though, most passwords require a system administrator to change, and some of them are encrypted and set up so securely, that NO ONE can breach them if they don't know the password, without using a 'brute force' attack.

A brute force attack involves throwing passwords at a password prompt repeatedly, as fast as possible, using every combination possible, until the password is discovered. As fast as computers are today, and with the advanced algorithms today which theorize which words and number combinations are most likely to be used in a password, a brute force attack can be launched and finished rather quickly. Have you ever seen a door with a cypher lock on it? A cypher lock is one of those locks where you push a combination of buttons numbered 1-6 to get access. Someone who can do data entry (on a numeric key pad) at around 120 words a minute, can manually crack the code on a cypher lock in less than 15-20 minutes. After this was discovered, the sale of cypher locks took a nosedive. Do you know that 3-digit combination that locks your cell phone? The same data entry person, typing at around 120 words a minute, can crack that code in less than a half hour. This should give you an idea of how fast a modern computer, which operates around 100,000 times faster than a human, can crack a code. This is why you want to throw a '-' or some other symbol, numbers and upper / lower case letters into your password, if possible. The more variables that someone has to use in a brute force attack, the better. This is also why most password prompts will only allow you to 'guess' a password a few times before it locks you out. A brute force attack could decrypt the password 'rover' in a few minutes, but the password 'Orion-938AZY' could take a week. A password like '758D$Nfg8DF6n8F^*DS$%LmQ6du8468R$V*^*D$N^8lFM%6mX z56D%Oj6k%^W' could take weeks, if not months to crack. If you forget a password like that, and your system administrator doesn't have access to change the password, expect him to tell you where to shove it. Unless you happen to work for the CIA.

Obviously you also need to control who has access to your computer, if left alone, someone COULD do just about anything they wanted to. When computers were still in their 'infancy', I once had a friend, totally accidently, erase the hard drive on my Commodore 128 computer. While computers are much more advanced today, just last week I had an incident where the resident cat (whose main occupation is to catch mice wandering around the warehouse) managed to destroy a multi-thousand dollar server by pawing at the power cord and power buttons. The cat assumed that the whirring and clattering tape drive meant that there was a mouse somewhere in the server, and pawed at it until the noises stopped. Unfortunately, the noises stopped because the cat had shorted out the power supplies, and those shorted out all of the raid hard drives and tape drives. It's not the cats fault, the fastest way to trash any computer, is to push the power button or reset button repeatedly until the heads in the hard drive crash.

If I had access to a computer with Diablo II installed on it, and a floppy with a cd-key decoding program in my pocket, I could steal a cd-key in about 30 seconds flat. During that same 30 seconds, I could install a keylogging program manually, and steal ALL your passwords. This is the most effective way to steal passwords, because any virus or trojan scanners will believe that the tiny, hidden keylogging program is supposed to be there, so they will happily ignore it and let it do its job. With a bit more time, say less than five minutes, and a cd, I could install a hidden program which monitors everything you type, mouse movement, all your communications, shows me what you are doing on your screen and allows me to take control of your computer and do anything that I want to on it. By the way, while 90% of them are trojans, there actually are programs out there to decrypt your cd keys. If you have lost the case with your cd key on it, and don't mind that you have about a 90% chance that some hacker will end up with your cd key, a thorough search of the internet will turn up a cd key decoder. The other problem with allowing physical access to computers is that about 20% of the people who use computers, write down their password on a sticky note, and slap it on their computer monitor for all the world to see. It is for this very reason that hackers are known to attempt to get into an office to walk around for a bit, using any reason they can. If they spot one sticky note that says 'Angela1025' or some such, they can go home and bring an entire corporate network to it's knees.

Some of you may be aware of something called a CMOS, or boot password. A password at boot is rather a good idea, because if your computer is turned off, nobody can turn on your computer and start using it without the password. 1 in 10 of you probably know that a CMOS password can be erased and bypassed by opening up the computer case and switching a jumper. Less than 1 in 1000 of you probably knows that you can do the same thing by unplugging the power cord from the computer, shorting out the terminals on the power connector on the computer with a paper clip, and turning the computer on to drain the CMOS battery. Needless to say, a CMOS password does NOT make your computer physically secure. In fact, about the only thing it's good for, is keeping your six year old from turning on the computer to try to play an Elmo game, and accidently deleteing a weeks worth of work.

Step 5) Ensure that only people authorized to get physical access to your computer, have access to it. Ensure that friends, co-workers and children know not to pass out mundane information, and not to allow others to access your computer. Ensure that every password you have is as secure as possible, without being so complex that you will forget it. Finally NEVER write down a password ANYWHERE.
-------------------------------------------------------------------------

Anti-Virus software. The subject of which anti-virus software is best can start a heated debate almost as quickly as which firewall is best. Bar-none, the most technologically advanced and best anti-virus scanner today is Symantec Anti-virus Corporate Edition. If you have more than one computer networked together, or a server, NOTHING compares to it. It's in a class by itself. It is designed to protect servers, network services, workstations and everything in between, and it's guaranteed to do so. It is probably the only product on the planet that I can condone buying a yearly license for. It's not terribly more expensive than the anti-virus software designed for single computers, so if you have a handful of computers to protect, or a server to protect, this is THE anti-virus software to use. It can also be installed on single computers, so if you can get your hands on a copy of it from work or a friend who has a spare license or two, do it.

Other than that, I would rate Symantecs and McAfees normal anti-virus products as the only ones on the next rung down. Symantecs may be slightly superior due to the fact that they have SARC (Symantec Anti-virus Research Center). If you ever have any questions about anything remotely resembling a computer virus, start your research at sarc.com. While McAfee has built a similar research center, Symantecs has been around quite a bit longer. This is the only reason why I say that Symantecs products MAY be SLIGHTLY superior. If you already have one of the two, don't bother running out and buying the other.

Unfortunately, I need to rank Panda and all the others one rung lower than Symantec and McAfee. I know, some of the newcomers have incorporated ideas that the big boys haven't yet, but none of the other anti-virus products have multi-million dollar research facilities at their disposal, either. When it comes to anti-virus software, you DEFINITELY get what you pay for. On the other hand, if you're flat broke, download and use one of the free ones. Anything is better than nothing.

The same thing that applies to running two software firewalls, applies to running two anti-virus programs. Don't do it. They'll instantly go to war with each other, and war is never pretty. In the end, be sure to set up your anti-virus software to look for new variations of viruses. By default they don't do this, and you will need to dig into the advanced settings to tell it to do so. Be aware that after doing this, the anti-virus program may incorrectly report something as simple as a newly updated version of Microsoft Word, or any other newly updated program, as a virus. A virus scanner reporting MS Word as a virus would be weird enough, but if something like this happens to you AND you know for a fact that the program was just updated, simply tell the virus scanner to ignore it. Also, most anti-virus programs set up their auto-update to run once a week. This is not acceptable, be sure to change it to every day.

Step 6) Get the best anti-virus software you can. Set it up to protect against variations of known viruses.
-------------------------------------------------------------------------

This next chunk has relatively little to do with battle.net so I'll be brief. If nothing else, ad ware is a hassle because it clogs up your internet connection. Download and use one of the free ad ware blocking utilities. Ad ware reports all of your internet activities to sleazy companies (including some of the big name companies) using your internet connection, WITHOUT letting you know that they are doing so. They mainly collect statistical information that has nothing to do with you personally, but quite a few of them do track you personally. If you have ever visited something such as a florists web site, then left the web site and gotten a bunch of pop ups trying to hock other florists, your computer is definitely infected with ad ware. They accomplish this 'magic trick' by various means, from attaching ID codes to pictures on the internet or in e-mails, to putting information in your system registry without asking you, to lieing about 'free' internet search programs and toolbars or 'free' programs to automatically set your clock. There are various programs that take care of this problem, but I would recommend Ad Aware, simply because it integrates with a program I recommend below, Spybot. If you use any other ad ware blocking programs which back up malicious ad ware before deleting it, that program and Spybot (or any other spyware tracking program) may incorrectly report items stored in each others back up folder. Note that using ad ware blocking utilities will stop 90% of the pop up windows you get. At least the ones that are advertisements, you will still get flooded with pop ups while visiting most porn sites. Also note that there are various 'free' programs which support themselves using ad ware. If you have any of these programs, and remove the ad ware from them, the original program will probably stop working.

There seems to be a lot of confusion among Internet users about what cookies are, so this next bit is just provided for information. A cookie is a small text file which is usually placed on your hard drive. A cookie usually contains a unique identification number, this unique number identifies your browser, not you. A cookie allows each page in a website to 'remember' you and what you are trying to do. Without that particular cookie from that particular website, the different pages in a website would act like a bunch of separate websites, in essence. A cookie can not store any personal information unless you give it to that cookies website, and most websites don't store personal information in cookies anyway. Since a cookie is only a text file, it can NOT run on your computer, search your computer for information, transmit information to someone, or transmit a virus. What a cookie can do, is allow various websites using ad tracking software to discover which web sites you are visiting. Most ad ware and spyware programs will block, or at least delete, these cookies.

Step 7) Download Ad Aware, or some other ad ware blocking utility, and use it. NEVER EVER click 'Yes' when a pop-up asks you if you want to download a 'free' program.
-------------------------------------------------------------------------

The most common problem that people run into on battle.net are trojans and keyloggers. A keylogger is a type of program that records everything you type, and reports it back to someone else. As I said earlier, no one scanner can possibly detect all of them. Also, there are many trojans that the anti-virus programs are unable to detect until it's too late. If you download questionable software, you should check it before AND after you run it. This is why there are rumors floating around about 'undetectable' trojans or keyloggers. you need to scan for trojans AFTER you run a program. Some of these programs have viruses or trojans packed into the executable, or some other file, and there is just no way for any scanner to know every compression scheme possible. For a while, it was quite popular to pack a tiny virus onto the end of a wave file. You could even play the wave file safely, but you would hear a tiny little click at the end of the wave file. However, once the program unpacked the virus from the wave file, you were in trouble. Worse yet, you could still get nailed by a script which makes you join a game, drop your items and leave. This sort of thing would be undetectable to almost any scanner.

I have had very good luck with Spybot - Search and Destroy. It's updated all the time, and recognizes something like 12,000 different trojan and spyware variants now. Oh yeah, and it's free. Spybot detects a wide range of problem software, from those pictures with ID tags I mentioned earlier, to almost any known trojan, to other types of spyware. Spyware is similar to ad ware, in fact, ad ware is actually a type of spyware. Spyware collects various types of information and reports it back to someone, where as ad ware specifically collects marketing information. This is why Spybot and Ad Aware integrate with each other, some of the things they detect cross over into each others area of expertise. IF you can find it, Swat-it is an excellent little utility. The program itself was freeware and is a couple of years old, but it's database is updated constantly, because the company uses the same database of trojans for its current paid product. Other than these two, feel free to use any of the other spyware detection programs that are popular today. Just be sure that their trojan databases are being updated constantly. There are many programs out there with names similar to Spybot - Search and Destroy. They were named this because they are attempting to 'ride on the coat tails' of Spybot. Some of them even went so far as to steal some of the technology that Spybot uses. Those companies were sued and shut down, and probably were a major help to keeping Spybot free. This is why I have cautioned you to be sure that any spyware detection program you buy or download, is still being updated regularly.

If you want to pay for them, I would recommend Symantecs trojan scanner that comes with some of their anti-virus products, or Zone Labs trojan scanner, which comes with all of their paid products. Whichever one you decide on, be sure to sift through all of it's settings and be sure that all of them are enabled. Spybot especially, since it is basically quite a few programs rolled into one, has a fair amount of set up. Be sure to enable the function that blocks malicious banner ads in your browser.

As I mentioned before, most of the mainstream products have no idea how to detect trojans or keyloggers specifically designed for use with battle.net or other internet games. To remedy this, in addition to using at least one of the spy ware blocking utilities listed above, you also need to download a program designed to detect sub-seven, other keyloggers, and their variants. While these programs have their own little nitch in the world, they tend to come and go faster than current internet slang words. Also new types of keyloggers, and various variations of old trojans, pop up constantly. For these reason, I won't even bother recommending one by name, but go to a trusted download site, and download at least one program designed to specifically detect keyloggers and such. I would pick whichever one is the newest and most popular.

Step 8) Download a repertoire of programs which between them are designed specifically to detect, block and delete spyware, trojans and keyloggers. Once again, go through the settings and ensure that the various security functions are all enabled.
-------------------------------------------------------------------------

You will notice that I have not included a single link in this post. I have done that because the internet is a fluid creature, ever changing. Tomorrow McAfee may hire an anti-virus savant, and bring Symantec to it's knees. The two most trustworthy and most popular download sites on the web today, are hotfiles.com and download.com. Hotfiles.com is sponsored by ZD Net, and download.com is sponsored by C Net. The two companies are partnered, but ZD Net has been around a LOT longer, and has much older resources at their (your) disposal. However, web sites come and go, file links go down, and technology advances. Eventually, every program and site I have mentioned here will 'fall by the wayside'. There are even some people today who are predicting that Linux will bring the mighty Windows empire to it's knees. The point is, the key to all of this is to stay ahead of the technology curve. To stay there, you are going to need to do some research, and keep all of the anti-hacker tools in your arsenal up to date. The hackers are forever building bigger and better 'guns', so you need to be forever improving the armor on your anti-hacker 'tank'. (he-he that was pretty good, eh?) This brings us to the next step:

Step 9) Make every attempt to always download from trusted internet sites with a proven track record. Make sure all of the tools at your disposal are the newest, and most advanced.
-------------------------------------------------------------------------

If you follow all of these steps, I would rate your defense as 99% secure, maybe more. As I said, you will never be 100% secure. The fastest, easiest way to get yourself hacked, is to let a hacker find out that you consider yourself unhackable. This is like slapping a hacker in the face with a glove, and they will not rest until you are hacked 'but good'. There are methods out there that take advantage of the internet itself, and the way it works, to hack into a computer. There is no way in the world to keep out a hacker who knows those methods and is determined enough to hack through even the most advanced computer security systems. Some of you may know of some of these methods, and will understand why I am marking them 'taboo' as public information. So, keep in mind that you must never ever tell a hacker that you can't be hacked. You will regret it. Also, keep in mind that at this very moment, those very hackers that you are trying to keep out, are pouring over this information and looking for 'chinks in the armor'. The final step:

Step 10) Hackers are smarter than you. Deal with it. NEVER intimidate them or goad them into attacking you.
-------------------------------------------------------------------------

That 10th step will probably notch you up to around 99.9% secure, and only a lunatic with nothing better to do would spend the time and effort to hack you. However, as is clearly evidenced by all of the human rights groups in the world today, trying to force their opinions on to other people, there are PLENTY of lunatics out there with nothing better to do. Here's a recap:


Step 1) Update everything on your computer that can be updated. Setup everything that you can to auto-update daily, and make a list of those things that you can't. Keep everything up to date.

Step 2) Either gain a working knowledge of IRC, or uninstall and delete everything related to IRC on your computer.

Step 3) Make every attempt to use a separate computer to test questionable software, scripts and web sites on, or get your hands on a 'Sandbox' program.

Step 4) At a minimum, download and use a software firewall. For maximum protection, use two hardware firewalls AND a software firewall. If you have a hub, throw it away and replace it with a switch.

Step 5) Ensure that only people authorized to get physical access to your computer, have access to it. Ensure that friends, co-workers and children know not to pass out mundane information, and not to allow others to access your computer. Ensure that every password you have is as secure as possible, without being so complex that you will forget it. Finally NEVER write down a password ANYWHERE.

Step 6) Get the best anti-virus software you can. Set it up to protect against variations of known viruses.

Step 7) Download Ad Aware, or some other ad ware blocking utility, and use it. NEVER EVER click 'Yes' when a pop-up asks you if you want to download a 'free' program.

Step 8) Download a repertoire of programs which between them are designed specifically to detect, block and delete spyware, trojans and keyloggers. Once again, go through the settings and ensure that the various security functions are all enabled.

Step 9) Make every attempt to always download from trusted internet sites with a proven track record. Make sure all of the tools at your disposal are the newest, and most advanced.

Step 10) Hackers are smarter than you. Deal with it. NEVER intimidate them or goad them into attacking you.
-------------------------------------------------------------------------

humbly yours,
Crogon

p.s. Feel free to post this information anywhere you think it might be useful, but kindly do not edit my name out of it.
Sense and courtesy are never common
Don't try to have the last word. You might get it. - Lazarus Long
Reply
#2
Thanks Nastie Bowie! :)

I really should see that this gets posted to all the D2 forums, but there are so many of them these days I don't know if I remember them all. :P

None the less, I could be sure it gets onto the Basin and some of the other old ones. ;)
Reply
#3
For writing such a comprehensive and easy to read essay. :D
And you may call it righteousness
When civility survives,
But I've had dinner with the Devil and
I know nice from right.

From Dinner with the Devil, by Big Rude Jake


Reply
#4
Crogon,Jan 31 2004, 04:46 PM Wrote:Thanks Nastie Bowie! :)

I really should see that this gets posted to all the D2 forums, but there are so many of them these days I don't know if I remember them all. :P

None the less, I could be sure it gets onto the Basin and some of the other old ones. ;)
Posted at Diablo 2.com - thanks for the post. There is some very good information here. :)
Reply
#5
Step 11) Don't use IE. While Mozilla, Firebird, NS, Opera, Konquerer (I think there is a W32 port of it), etc are not immune to security flaws, they handle things much better than IE does as far as letting malicious web code run. They are all generally faster and have some other nice features as well. Keep an updated copy of IE around for those sites that are poorly coded or still won't work even when you tell your browser to report itself as IE. But you will have less pop-up add problems and less auto run malicious code issues without IE.


Other than that, it's good advice. I don't like the way it was written, and I wonder how much he paid for his 128 hard drive considering they didn't come standard with them and there weren't too many made. But it is good to see a post with decent information on internet security.
---
It's all just zeroes and ones and duct tape in the end.
Reply
#6
The thing that makes IE less secure than everything else is thanks to Active X. That allows things to be secretly installed or installed without your permission. Malicious websites will usually throw up things to distract you while their crap is silently installed- even with higher security settings. If you disable Active X, you will constantly get a annoying warning message.

Another thing is that in later versions of Windows like XP, IE is "integrated" into the OS. The results of IE being compromised is pretty obvious. Your whole operating system is vulnerable. Even if someone managed to get you in Mozilla or opera, the most you'd have to do is reinstall the browser. Sure it's possible to secure IE too, but it requires much more effort.

Oh yea, and MS is constantly releasing security patches to cover up their holes. Like this one: http://www.secunia.com/internet_explorer_a..._spoofing_test/

BTW, if you think you can avoid these problems by not visiting crack sites or other shady sites, you're wrong. People have been infected by visiting supposedly innocolus sites or sites that you could google up.
With great power comes the great need to blame other people.
Guild Wars 2: (ArchonWing.9480) 
Battle.net (ArchonWing.1480)
Reply
#7
Howdy,

Thanks Nasty. Even a computer illiterate retard like meself understood most of that article. I guess I should thank Crogon as well for writing it. I guess I run "a tad bit higher" than slightly paranoid when it comes to the internet, which I suppose is a good thing. Can't wait to put some of my newfound knowledge to use.

Scotty
'Me not that kind of Orc' - lazy peon
Reply
#8
Thank you all. :)

Other than ActiveX, which has been patched for quite some time, I don't think IE is a whole lot less secure than any other browser. I think the main issue, is that most people use IE so most of the hacks are designed to work with it. But there is no reason that a java hack, for instance, wouldn't work in any browser that supported java. Of course in the past microsoft has used their own flavor of java, but it shouldn't be too hard to design something that would work in all of them. And actually shutting down activex, and java, and cookies and all that stuff is what i was referring to when I said not being able to browse 80% of the internet. Sure, you could get away with using a plain vanilla text based browser, but who would want to. :P Also both mozilla and opera have been popular for quite some time now, if I were going to use a different browser in the hopes that most websites wouldn't even be designed to target it, I would choose something else, there are a few other good ones that I know of out there. :)
Reply
#9
Tremendous article, thank you :)

Quote:Less than 1 in 1000 of you probably knows that you can do the same thing by unplugging the power cord from the computer, shorting out the terminals on the power connector on the computer with a paper clip, and turning the computer on to drain the CMOS battery.

Woot, you just skewed this statistic!
-jms
*hemal2@USEast
Reply
#10
jms,Feb 2 2004, 11:54 AM Wrote:Woot, you just skewed this statistic!
are you sure of that, lets face it, even reading that, i would have to experiment with it for a long while to actually be able to do it.
The wind has no destination.
Reply
#11
yes mozilla firebird is your friend. Since I have switched to it ad aware and spybot hardly ever come up with anything. its definatly a more secure browser.

www.mozilla.org
Signatures suck
Reply
#12
Also, Mozilla finally allows me to not have to restart my computer after browsing the internet and attempting to open a game in full screen (when I used IE, it would set my color resolution to 256 colors, disable my mouse, 640x480 resolution, and only show the top left hand portion of the screen [until I restarted, then it would show me all of my 640x480 screen] upon starting any game in full screen... [don't ask]).
Reply
#13
Obi2Kenobi,Feb 8 2004, 12:26 AM Wrote:(when I used IE, it would set my color resolution to 256 colors, disable my mouse, 640x480 resolution, and only show the top left hand portion of the screen [until I restarted, then it would show me all of my 640x480 screen] upon starting any game in full screen... [don't ask]).
Whuuuuud????? Ok, stop the bus, I GOTTA check THIS out!!

What in the name of god OS and version of IE are you using?? I haven't heard of something that screwy happening since Windows for workgroups 3.11 and IE 4. I suppose If you dropped IE 4 or 4.5 on a Linux box it could do some pretty bizaar stuff, but all that happening at the same time is seriously hosed. ^^ Hmm, Win95 release 1 perhaps? I have a release 2 cd I could upload sumwheres if u need it. And how does mozilla figure into it?

Ok, I'll admit I just got home from setting up a domain server (25 hour job :P ) AND I've had a couple o' beers, but that is bar none the most bizaar troubleshooting issue I've seen in quite a while. You absolutely MUST share all the details with us, and tell us how it happens, and what makes it tick. :D

On an off note (or rather, getting slightly back ON topic ;) ), those of you just passively brushing up on your security skills needn't worry about this, but for you techie junkies out there, check out the link in Spybot for the ActiveX progy. That company has a couple of SWEET free -<ACTIVE>- (active as in blocks out spyware/adware BEFORE you download it!) spyware utilities on their website that compliment spybot, ad-aware and a pop-up blocker.. just.. PERFECTLY! If those boys all hooked up, they could sell that suite of programs for a nice grip of $$. :) It certainly can't replace the way spybot and ad-aware cover all the bases, but like they say, an ounce of prevention is worth a pound of.. something or other. ;)
Reply
#14
Thanks for the tips Crogon, I'm going to archive away your first post for future reference.

Unfortunately, my security measures are nowhere near that comprehensive, so I figure I might as well wait until I can buy/build a new box before I build my moat; I figure I've had this computer for about 2 years now, so it's probably riddled with everything if it's caught one thing. :(

(Thank god I haven't caught anything really serious - nothing system-wrecking, and AVG usually comes up clean)

One question I would like to ask, though - Know any download managers that work better than Flashget (and hopefully interface with Mozilla)? I'm fairly sure Flashget is (and/or installs) adware - I get IE popups w/ads (strange enough since I use Mozilla 99% of the time), but only when Flashget is running. It hasn't been anything but a nuisance so far, but I don't like nuisances. <_<
[Image: 9426697EGZMV.png]
Reply
#15
I am running Windows 98, I had IE 6.0. When I "upgraded" to Mozilla, I could (and still can) open my full screen games perfectly fine. It all happened one day.. for no good reason. Oh, and although it said it was 256 colors after checking my settings when restarting, it seemed to have been more like 64... It happens after opening Internet Explorer, then opening a game in full screen mode... I'm not sure if running in windowed mode helps. If I open the game first, alt+tab out, and then open IE, same thing happens. However (this will really bake your noodle [quoth the Matrix]), if I alt+esc out, I can open IE, it gives me a 1-5 second grace period (it fluctuates) to go back into the game, or it messes with my computer when I bring the game back up. I can then go back and forth between my game and IE using alt+esc with that same 1-5 second grace period.


/edit: Windowed mode does save me. But I run my comp in 1024x768, so it is a nuisance.

//edit: That was confusing. Let me recap.

Opening IE flips a "switch" that is only reset upon restarting my computer. If I open anything in full screen mode, the "switch" is activated and my comp gets messed up. If I maximize a full screen window that was alt+tabbed out of after the switch is flipped, it messes with my computer. If I minimize a full screen program via alt+escap, this "switch" goes dormant for 1-5 seconds after being flipped. It will stay dormant until the full screen window is again minimized. If it is alt+tabbed out of, it gets switched immediately. If it is alt+escaped out of, the 1-5 second timer is reset.

I hope that was more clear, but I fear it was just as bad.
Reply
#16
No Teeth
With great power comes the great need to blame other people.
Guild Wars 2: (ArchonWing.9480) 
Battle.net (ArchonWing.1480)
Reply
#17
But that still wouldn't explain why it worked perfectly fine, and then for no reason (at least not to me) started doing this.
Reply
#18
Obi2kenobi:

$5 says it's being caused by a corrupt add-on of some sort.

Go to tools > Internet Options. On the General tab, click the Settings button under Temporary Internet Files. Now Click the View Objects button. Delete everything. Note that this will kill MSN Chat, Flash, Acrobat reader, and anything else that 'bolts on' to IE, it's no biggie, you'll just have to reinstall flash or whatnot next time you go to a site that uses it. Now close that window, the Temporary Internet Files Settings window, and click delete files on the Internet Options window. Now close all your IE windows and games. If that doesn't work I would pop your computer open, and check and make sure that you are using the right video card drivers for your video card. :) Last ditch effort would be goto Start > Programs > Accessories > System Tools and open system information. On the Tools menu click System File Checker. Be CERTAIN that you have your Windows98 Install CD handy and run it. It may uncover a corrupt file somewhere. If it does, the corrupt file may not necessarily be on the Win98 CD, so you may need some other install CD, perhaps for your video card or something.

Warlocke:

Download Spybot and Ad-aware, or your choice of spyware/adware removing programs, then install, set up and run them. As I said above, checking though the settings in these programs is fairly important. This should remove all adware on your computer, including any installed in your download manager. Once you've done this, start up the download manager. It may not work if it's adware has been removed. If it still works, continue to use it. If it doesn't work, or if it still pops up advertisements, uninstall it, then go to hotfiles.com or downloads.com, and search for the most popular free download manager. I have had a broadband connection for years, and don't use download managers, so I won't try to recommend one. :)
Reply
#19
I'm digging this thread back up because I am in need of some tech support. About a week or so after I posted this, the problem went away (and Crogon's advice didn't help). However, today, it came back, only worse! Now it seems to be 8 colors, instead of the previous 64.* Same for everything else. Haven't changed anything in my computer when it first fixed itself nor when it broke again (today). Anyone have any ideas?

*The lowest I can set my monitor to is 256 colors.
Reply
#20
Damn. I thought this was going to be a thread where I could say, "Wait until the feller gots his hand into your door, then lop the stupid blighter's f&$*3*# 'ead off! Oy" :blink:
Political Correctness is the idea that you can foster tolerance in a diverse world through the intolerance of anything that strays from a clinical standard.
Reply


Forum Jump:


Users browsing this thread: 8 Guest(s)