BOOT CAMP ARCHIVE 2000

  

 

BOOT CAMP 142

 

TROUNCING TROJANS

 

Here’s something scary for you to think about the next time you’re on-line. When you are connected to the Internet it is possible for others to gain access to your PC, read files, scan your address book, see which sites you’ve been visiting, steal passwords, download files and viruses onto your machine, even wipe your disc, and you won’t know a thing about it!

 

Fortunately for most users the risk of it happening is quite small, nevertheless the possibility exists, and in the future when we are using “always-on” connections to the net, like ADSL, this kind of snooping could turn into a real threat. In Boot Camp this week we’ll show you how to check your PC for intruders and protect it against infiltration.

 

Typically a program called a “Trojan”, which gets onto the PC as an email attachment, or is deliberately planted by someone with access to the machine, opens an unauthorised ‘backdoor’ into the computer’s hard-disc. Once there it remains hidden but will activate whenever you go on-line, and provide anyone with the necessary “Client” program full remote access to your machine.

 

If you connect to the Internet by a normal ‘dial-up’ telephone line connection you are protected to some extent by the fact that your PC is relatively anonymous. When you go on line most Internet Service Provider ISP assign an ‘IP’ address to your PC, which changes every time you log on. This makes it difficult, but not impossible, for anyone to deliberately target your computer. Some Client programs randomly trawl through IP addresses for infected PCs but some Trojans automatically report back to the sender your current IP address as soon as you go on line.

 

Unlike a conventional virus or worm Trojans are not necessarily destructive, which makes them hard to detect. Most of the top virus scanners – if regularly updated -- will find the commonest Trojans, which for the record have names or go under file and program aliases like Back Orifice, Netbus, Buddylist, Deep-Throat, Girlfriend and Winsaver. If you feel you may be under threat you might like to try this rough and ready Trojan detector, which looks for programs that configure your PC to ‘listen’ for an Internet connection; be warned that it is really only suitable for stand-alone, non-networked PCs.

 

Here’s what to do, switch off and re-boot your PC. This is important because any running programs or previous Internet connections since Windows was booted will give spurious results. Next, open an MS-DOS window (Start > Programs > MS-DOS) and type the following command at the flashing prompt:

netstat –an  >>c:\netstat.txt

Press Return then type ‘exit’ then Return and the MS-DOS window will disappear. Now open Windows Explorer and in the root directory of your C: drive there will be a newly created file called Netstat.txt. Double click on it and it should open automatically with Windows Notepad. If all’s well it should look pretty much like fig. 1, with nothing logged under any of the headings. If you see any numbers and entries (fig. 2) don’t panic, it could all be quite innocent but it should put you on your guard and you might want to investigate further.

 

Even if this simple test suggests that our PC is currently Trojan-free that’s no reason to be complacent and you still might be infected in the future. In addition to all of the usual commonsense precautions, including not opening suspicious and unexpected email attachments, you should install software that prevents anyone from remotely accessing your PC. This type of program is commonly called a ‘Firewall’, and there are plenty to choose from but far and away the best and most popular one is ZoneAlarm, and the good news is that for personal and non-commercial use it’s completely free. The file is just over 1.6Mb so it should only take a few minutes to download from: www.zonelabs.com

 

Zone Alarm is very easy to set up and use and can be set to start automatically when you boot your PC. It operates in the background, monitoring programs that you have given permission to connect to the Internet; if a program unexpectedly tries to open a connection without your say so you will be warned. ZoneAlarm checks incoming email for ‘Love Bug’ type worms but the most interesting feature is the one that alerts you when any attempt is made to gain access your PC. What surprises a lot of users is how frequently this happens; you might get two or three warnings in a half hour session. Usually most alerts are entirely innocent and are often nothing more sinister than delayed Internet site responses, if you tired of waiting for a page to download, or sites calling the previous user of your current IP address. ZoneAlarm blocks all intrusions, displays the IP address of the site trying to get through and gives you the option to find out who it is.

 

In the case of an actual attack Zone Alarm is unlikely to tell you very much or identify the would-be intruder as any serious hacker will know enough to cover their tracks. However, it’s worth trying a program called Neo Trace (a trial version can be downloaded from: http://www.pkware.com/catalog/neotrace.html), which, in the manner of all good Hollywood spy movies, plots the path of the connection between you and the suspect address on a map of the world, with accompanying sound effects.

 

Next week – Preventative Maintenance

 

JARGON FILTER

 

ADSL

Asymmetric Digital Subscriber Line -- high speed digital connection using existing telephone lines. ADSL has the facility to be “always on”, so there is no need to dial up a connection

 

CLIENT

A PC or program used to access files on another PC on a network

 

IP ADDRESS

Internet Protocol Address -- unique 32-bit code, represented by four groups of digits, used to identify web sites and Internet users

 

TOP TIP

Just how secure is your PC? If you want to give yourself a really nasty shock there’s an excellent Internet site that automatically tests the integrity of your machine and its defences – or lack of them… With your permission it simulates the kind of surreptitious backdoor snooping an intruder might use to gain access to your system. The utility is called Shields Up! It was created by Steve Gibson of Gibson Research. It’s free to use and it can be found at: http://grc.com/. If that doesn’t convince you of the need for a Firewall on your PC, nothing will!

Search PCTopTips 


Web

PCTopTips

Boot Camp Index

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

 

Top Tips Index

Windows XP

Windows Vista

Internet & Email

Microsoft Word

Folders & Files

Desktop Mouse & Keyboard

Crash Bang Wallop!

Privacy & Security

Imaging Scanning & Printing

Power, Safety & Comfort

Tools & Utilities

Sound Advice

Display & screen

Fun & Games

Windows 95/98/SE/ME

 

 

 

 

 
 Copyright 2006-2009 PCTOPTIPS UK.

All information on this web site is provided as-is without warranty of any kind. Neither PCTOPTIPS nor its employees nor contributors are responsible for any loss, injury, or damage, direct or consequential, resulting from your choosing to use any of the information contained herein.