ANTIVIRUS CAPABILITY AND PRECAUTIONARY MEASURES

1. ANTIVIRUSES:
   As already been discussed most of the updates information comes from common up-stream, so there are chances that a virus remain unknown for long( for example, few virus discussed in "little-black book of computer virus" by M. LUDWIG is undetacted even today).
   But, "something is better than nothing" , so you can choose any of the antiviruses among- Avast at www.avast.com/free-antivirus-download

kaspersky at www.kaspersky.com/downloads,

mcafee at www.home.mcafee.com/store/download.aspx ,

avira at http://www.free-av.com/ etc.
If i have to suggest i rather put more emphasis on use of a combination of these programs, i.e.
one antivirus+ one antispyware+ one firewall program=maximum security;

Among anti-spyware program i found ,1. MICROSOFT SECURITY ESSENTIALS(from microsoft),at www.microsoft.com/security/products/mse.aspx

2. SPY-BOT-SEARCH & DESTROY, at www.safer-networking.org/en/download/index.html

3. SPYWARE DOCTOR(from pc-tools) at www.pctools.com/spyware-doctor/download/

much more useful.Among these first two are free-of-cost,while you will have pay for "SPYWARRE DOCTOR".
FIREWALL PROGRAMS:
Among firewall programs i suggest

• BLACK ICE DEFENDER- at http://www.networkice.com/
  




• LOCKDOWN 2000- at http://www.lockdown2000.com/

PRECAUTIONARY MEASURES:

1. If you are a dial-up user and use external modem, the rate of blinking of light(which is in the front of modem) gives the rate of data transfer.When system is idle the blinking rate may be once or twice i 15-20 minutes. If suppose you are not doing anything which require huge data transfer for example, you are reading mails but even then blinking rate is quite high then definately, some data transfer is taking place without your knowledge.
   

In case of internal modem, one can rely on two-t.v. like looking screen near the clock, here also blinking of light represent data transfer.

2. Whenever you have doubt that your system's security is compormised(as in above case) take the following steps:

• Click start>Run
  




• Type "CMD" over there and click "ok"
  
  




• On the DOS-PROMPT ,thus appeared type the command "Netstat -a", this command will give you a list of everything your computer is communicating online currently with as:

ACTIVE CONNECTIONS

PROTOCOL LOCAL ADDRESS FOREIGN ADDRESS STATE

TCP COMP:0000 10.0.0.1:0000 ESTABLISHED

TCP COMP:2020 10.0.0.5:1010 ESTABLISHED

TCP COMP:9090 10.0.0.3:1918 ESTABLISHED

First column gives the protocol used for connection, second column holds your computer's address, third is foreign address to which your computer is connected, and forth column tells that connection is established or suspended.

A software for same purpose called " Xnetstat" can be downloaded from www.arez.com/fs/xns

3. File with suspecious extention should not be accepted(specially if it is from some chatline or freeware sites.) ,for example, picture files generally comes in jpg, jpeg, bmp, tiff and, gif format any other format say "picture.exe" is un acceptable. There is no reason for having a single file with more than one-extension.If you are uncertain about what type of file is here go to

• http://www.altavista.com/, or
  




• http://www.metacrawler.com/

and in search field type

*Doc file type (for document files)

*Exe file type (for exe files)

This will give you a more detailed explanation on the possible formats of particular file type.

4. REPORTING OF HACK ATTEMPTS:

Consistent attempt to break into your system (if any), must be reported. So obtain a copy a copy of " Netlab" from www.filedudes.lvdi.net/win95/dns/netlab95.html and install it. Consult your firewall program documentation for instruction and identify how many time a individual ip-address attempted to gain access and at what time recent attack was, and follow the following steps:

• Write down the ip-address you have got by your firewall program(black ice or lockdown2000)
  




• Click start> Run
  




• type "CMD"

and "Netstat -a" on the dos-screen thus appeared.Look whether your attacker is connected ,once the hacker is unsucessfull you can proceed to gather information to report about attack. To do this:

• Start Netlab and type ip-address of attacker and click on "ping" button. If you see a response then, attacker is online.
  




• Next step is to check whose ip is it, by using "whois.arin.net " on the person's ip-address. After typing ip-address click "who-is " button. You will then see who the ip-address belongs to.

This will reveal who the "hackers internet service provider is" . This is very important if you can figure out where your attack is coming from, you can forward the appropriate information to right people.

5. SOCIAL ENGINEERING:

Social engineering term is often used among "hackers" for technique that rely upon weakness of people.

Even today one of every twenty user keep their user-id as password.So don't do such mistakes.

REMMEMBER: YOU ARE YOUR SYSTEM'S WORST ENEMY.

AT last, though the antivirus serves our purpose a little, but we can add our intelligence to improve our personal security.

FURTHER REFRENCES:

1.FIREWALL FUNDAMENTALS: www.amazon.com/Firewall-Fundamentals-Wes-Noonan/dp/1587052210

2.MICROSOFT BETA ANTIVIRUS AND ANTISPYWARE SOLUTIONS: www.amazon.com/Microsoft-Announces-Antivirus-Antispyware-Solution/dp/B0007N4BWI

3. C. Dalton and D. Clarke. Secure partitioned access to local network resources over internet, Technical report, H.P. lab. 1998.

VIRUSES AND TROJANS

WHAT A VIRUS IS?

Viruses are the programs(simple codes written mainly in assembly level language) ,to compromise your system's security in some or other way.

The term "virus" was first introduced in year 1985, by fred cohen in his graduate thesis,later these programs were called as "living programs",living because they have ability to ride over and exploit other programs.Moreover, their ability to fight for their survival by changing forms made it resemble a "unicellular organism" thus named "virus".

One more notable point is that not all viruses are harmful infact, some of the found to be very useful ,for example, a virus called "cruncher" compresses the executable files thus saves the disk space for you.

VIRUS PROBLEM:

Though, a few of the are useful but, most of them are often programmed to harm your system; once your system is compromised...

Now, one can say that "I use a antivirus ,so why should i worry?",then let me tell you my friend, most of the updates of these programs are configured from virus information received from you only, moreover, whenever a new virus is found antivirus communities does research work on them and then the information comes to you as a update. But, my friend this process takes time(one or more month) there are chance that u got infected before the update information reaches you.

Now,again a user can say "I just do check my mails and a few similar sort of things so such things cannot happen to me!". so, lets do a test, tell me "How many of you have ever downloaded a attachment file(or a game), on which when you clicked they appears to do nothing?". Probably, most of you. So here follows a discussion....

TROJAN HORSE:

Trojan horses are the most compromising software ever-seen.The history reveals their usefulness to Greeks, to win a impossible (to won otherwise) war....

Even today, these are found to be responsible for almost all windows based machine being compromised. They give hackers a remote-control over your machine.

Utilities commonly associated with a Trojan horse program are:

• Opening your CD-ROM drive.





• Capture screen-shots of your computer.





• Record your key-strokes and send them to hacker.





• Full access to all your drives and files.





• Ability to use your computer as a bridge for other hacking related activities.





• Disable your key-board\mouse and much more.....

For among most common Trojans(for example,sub7,net bus,pro rat, etc.), all have two parts:-

1. SERVER:- server should be installed on your computer in order to , so that your computer is compromised.

2. CLINT:-Clint is used by hacker to control your system.

The next target of a hacker would be install server on your computer by fooling you.

Method-1:

Send "server file" directly to you through email, of course, by renaming it as something else say "cricket.exe", once you downloaded the attachment and clicked on it ,nothing at all seems to hap pend(suspicious,but u ignored it). The server is now silently installed and your system's security is compromised.

As method-1, may create suspicion so method-2 ,

Method-2:

Hackers camouflage the server with some legitimate "executable file".

for example,

Cricket.exe + Serve.exe=A.exe (say)

SIZE: 6,239kb + 365kb = 6,604kb

The server in our example is attached with cricket(game), which is a legitimate file, to form a new file called "A.exe"; now the hacker will rename it as "Cricket.exe". As one can see that the only difference between binded(with server) and unbinded "Cricket.exe" is a little increment in size which ,largely remain un noticed.Once you downloaded the file and installed the "Server.exe" file is also installed along-with "Cricket.exe", so no chance of suspicion even.

GRAPEVINE:

Once you received such a infected file, say you send a copy of the "Cricket.exe" to your friend (though, un-knowingly), virus is also transmitted.

The matter of compensation of arose particularly when:

1. You do some kind of online transaction-even if your bank uses say a 128-bit security system, what is the use when your password and id is already sent(by keylogger) with a screen-shot of bank you are dealing with.

2.Tell me how many of you have your resumes stored in your system, probably they contain all the informations, your name,how you look like, your family background, with whome you are working and worked etc.

3.Not all but, some Trojans can send your pictures taken using your own web-camera and can be sent to hacker.No need to tell what security threat they impose on you an and your family. so,"How many of you use web-cams?"

In light of the above given facts, surely you don't want your system to be compromised.....

For further reference,

1. MAXIMUM SECURITY at, www.amazon.com/Maximumsecurity-Hackers-Protecting-Internet/dp/1575212684

2.THE HAPPY HACKERS at, www.amazon.com/Happy-Hackers-Harmless-Computer-Hacking/dp/0929408349

3. LITTLE BLACK BOOK OF COMPUTER VIRUS: www.amazon.com/Little-Black-Book-Computer-Viruses/dp/0929408020

4. GIANT BLACK BOOK OF COMPUTER VIRUSES: www.amazon.com/Giant-Black-Book-Computer-Viruses/dp/0929408233

Promote your blog

HACKING

Hacking in simple terms is unauthorized and unlawful access to a network or a computer,with a goal to steal information(s).

Basically,there are two ways to hack in to a system, for example, if one has to access some kind of safe(suppose for a while) we hav possibly 2-way of doing that-

• steal the key-deals with ignorance and knowledgelessnesss of your(the users), this method require enough knowledge,talent and a little-bit of luck.




• use dynamite to burst the lock-deals with use of viruses,trojans,spyware programs etc.;This method doesn't require much talent,as these tools are freely available on diffrent sites which even a "kiddle hacker" (mostly highschool students with little or no knowledge of the subject)can easily excess easily,this arose the situation even more dangerous..
  
  Now,one can say that "i don't do anything except reading my mail suchthings are not likely to happen to me?"

Then,my friend you are mistaken...

ok,tell me how many of you have file\printer sharing turned on ?,i will tell you how can u be hacked in even less the 15sec...,

Proceeds as the steps below:

• click start>run
  



• click run and type "winipcfg"




• hit the enter key

a window will appear..

choose PPP Adapter,if you are dial-up user ;OR

PCI Busmaster or SMC Adapter etc if you have dedicated access.

• Note down your IP-ADDRESS and close the window.




• Again click start>run
  



• Type "cmd".
  

a black screen(dos-screen) will appear.

• Type the following "Netstat -A IP-ADDRESS" over there.

IP-ADDRESS:Type the ip-address you got from above step.

• This will give you a "NET-BIOS" remote machine name table:

NAME TYPE STATUS

J-1 <00> UNIQUE registered
WORK <00> UNIQUE registered

J-1 <20> UNIQUE registered

• look for 20hex in the 2nd column ,in between angular braces(as we have last one in above table).The value 20hex means your file\printer sharing is turned on and any-one (even a kiddle hacker) can hack into your computer as follows:





• They will scan on a range of ip-addresses for the system with "file and printer sharing" turned on. Once found what has been shared.





• "Netuse X:\\\temp" command is used for example, if "temp" directory of yours is found to be shared.If every-thing is alright ,hacker can access your computer through this directory.

This type of attack is called"NETBIOS ATTACK".

Now,tell me how much time is needed for such a attack?

PREVENTION STEPS:

• Look for any shared directory-
  

.click start and scroll for shared programs(shared files look like someone holding a folder in hand)

• Open the folder in specific drive .
  



• At right click of mouse button you will find a option "share with" and click on it.





• Now, mark it as read only and give a password if you share file or printer otherwise,directly turn off the sharing by clicking on "not shared" option and then click on "ok" button.

NOW,you are protected to "NET-BIOS" attack.

Conclusion: With the development of sophisticated tools and advanced technique hacking became so easy that even a kid can accompnish it.No software or antivirus can keep the pace with the development in the field of hacking.perhaps, a awre user(you) can tackle.

REFRENCES BOOKS:

1. THE WATCHMAN at, www.amazon.com/Watchman-Twisted-Crimes-Serial-Poulse/dp/0316528579

2. TAKEDOWN at, www.amazon.com/Takedown-pursuit-Americas-Computer-Outlaw/dp/078689136