O'Reilly Book Excerpts: Windows XP Power Hound
Power Hound Tips for Online Protectionby Preston Gralla
Author's note: The Internet is a dangerous place, and sometimes the dangers come from unexpected quarters. So in addition to taking the usual online precautions, the Power Hound offers some tips about how to protect yourself against dangers you may never even have thought of.
Tip 6-17. Testing Your Security with ShieldsUp
Do you really know how secure your PC is? Probably not. But there's a free online tool that probes your PC for online security vulnerabilities: ShieldsUp. Offered by the Gibson Research Corporation, ShieldsUp tests your computer to see if it can make connections to some of the most well-known and exposed elements of your PC.
To test your computer using ShieldsUp, go to grc.com and click the ShieldsUp link. Once the site runs its tests, it shows you the results and explains what the reports mean - where you're vulnerable (see the box below), and how serious those vulnerabilities are. Figure 6-13 shows the results of probing one particularly well-guarded machine.
Figure 6-13. ShieldsUp reports that this PC is operating in "stealth mode," meaning it's not vulnerable to most Internet-based attacks.
Gibson Research Corporation's Web site also has lots of useful information about Internet security, as well as free and for-pay software you can download to help block your Internet ports.
UP TO SPEED - Vulnerable Areas: NetBIOS and Internet Ports
Your PC has a couple of areas that are particularly tempting to hackers: the NetBIOS and the Internet ports. While security software ought to help you protect these things, you'll be better prepared to deploy protection if you understand what you're guarding.
Your PC's NetBIOS (Network Basic Input/Output System) is software that allows your computer to work with other computers on a network. Needless to say, it's important to guard your NetBIOS from unauthorized visitors. If someone did reach the NetBIOS, they would have crucial access to many areas of your PC, including your programs and files.
Internet ports aren't physical objects; they're virtual connections your computer uses to send and receive data over the Internet. Different Internet services use different ports. For example, you use port 80 to communicate with Web servers when you surf the Web. And the infamous Back Orifice Trojan, which can give malicious hackers complete control over your PC, uses a variety of ports, including 31337 and 31338.
Tip: Once you've seen your vulnerabilities, install a firewall and do another round of tests to see if the firewall makes a difference.
Online Safety You May Not Have Considered
Installing a firewall and controlling your cookies are smart ways to protect yourself when you're online, but they're not the only security measures you should consider. This section gives you several additional strategies for safeguarding your computer and your personal information as you surf the Web.
Tip 6-18. Controlling Your Internet Security Levels
In the real world, it's usually obvious which are the seedier, more dangerous parts of town. But that isn't always true on the Web. An attractive, respectable-looking home page may actually be disguising a site intent on harm.
To help protect you from potential menaces, Internet Explorer categorizes Web sites and other places you may visit online (for example, an intranet) and places them into a handful of different security zones, each of which applies different levels of protection to your computer. The four security zone levels are as follows:
- Internet (medium security)
- Local Intranet (medium-low security)
- Trusted Sites (low security)
- Restricted Sites (high security)
Table 6-3 explains which security settings are applied for each zone. Any sites on your company's network or intranet are automatically added to the Local Intranet zone. All other Web sites are automatically added to the Internet zone. You can move sites from the Internet zone to the Trusted Sites or Restricted Sites zones manually. For example, if you know from experience that you can unequivocally trust catster.com, go ahead and put it in the Trusted Sites zone.
To assign a Web site to a particular zone, open Internet Explorer and choose Tools -> Internet Options -> Security. The Internet Options screen appears; Figure 6-14 tells you how to use it.
Table 6-3. Internet Explorer's Security Settings
|Security Zone Level||How the Setting Affects Security|
|High||Disables many of Explorer's features, including ActiveX controls, Java and Java applets, and downloads.|
|Medium||Asks whether you want to run an ActiveX control before running signed ActiveX controls; disables unsigned ActiveX controls and certain other ActiveX controls; enables downloads and Java applets; prompts before downloading potentially unsafe content. (Note: Unsigned ActiveX Controls are those that have not been digitally "signed" by a site, so you can't know for certain who created the control.)|
|Medium-Low||Most settings are the same as Medium, except Medium-Low runs certain content such as ActiveX controls without first displaying a message asking your permission.|
|Low||Runs all content, such as ActiveX controls; offers the minimum number of safeguards and prompts, so, for example, you won’t be asked whether you want to run an ActiveX control.|
Note: Java applets and ActiveX controls are two kinds of programs that you can download to your PC and run inside your Web browser. They're frequently used to add interactivity to Web sites and are usually safe, but sometimes they're programmed to do your computer harm.
Figure 6-14. Use this screen to assign Web sites to different security zones. For example, to assign a Web site to the "Trusted sites" zone, select "Trusted sites" and then click the Sites button. Enter the Web site's address in the dialog box that launches.
Adjusting the security level of each zone
If you're not happy with the security level that Microsoft has assigned to a particular zone, you can pick a different level. To change a zone's security level, open Explorer and choose Tools -> Internet Options -> Security. Click the zone whose security setting you want to change and then select Default Level. A dialog box appears; move the slider to the security level you want that zone to have, and click OK.
For even greater control, Internet Explorer lets you customize the settings within each security level. For example, you can enable Java applets in the High setting, or disallow ActiveX Controls in the Low setting. To customize the settings for any level, choose Tools -> Internet Options -> Security. Click to select a zone, and then click Custom Level. In the Security Settings dialog box that appears, you can enable, disable, or customize up to two dozen security settings for that level.
Tip 6-19. Beware of AutoComplete
Internet Explorer's AutoComplete can be a great time-saver. It remembers things like Web sites you've visited, passwords and user names you've entered, and your shipping address, and then it recalls that information the next time you start entering the same data. For example, AutoComplete might automatically fill in the rest of a form once you've entered your first name or even prompt you with a list of words it knows will be helpful to you.
AutoComplete's convenience does, however, come with some privacy and security downsides. Namely, anyone using your computer can easily gain access to things like password-protected Web sites because AutoComplete can automatically input user name and password information.
To protect your privacy, you can turn off AutoComplete altogether, or you can use it to remember only certain information. For example, you can tell it not to remember passwords. To make these changes, open Internet Explorer and choose Tools -> Internet Options -> Content -> AutoComplete. The AutoComplete Settings dialog box appears (Figure 6-15).
Figure 6-15. The AutoComplete Settings dialog box lets you decide which items AutoComplete should remember, and which it should forget. For absolute safety, turn off all boxes, which means it won't remember anything. Of course, this now means you have to remember all the information you're telling Internet Explorer to forget.
Turn on the items you want AutoComplete to keep track of, and turn off the settings you'd prefer it didn't remember. Your passwords are the most sensitive information AutoComplete remembers, so you should strongly consider turning this option off.
To delete all the entries AutoComplete already has in its database, click Clear Forms to delete all forms-based information, such as your name and address. Then click Clear Passwords to delete your passwords.
Note: AutoComplete works in conjunction with Windows XP's user accounts feature—in which information is kept separate for each person who uses your PC. So, for example, if you've logged out of your XP account and your sister is logged in, she won't be able to use your AutoComplete information—and vice versa. Therefore, another way to protect yourself, even while using all of AutoComplete's functions, is to log out of XP whenever you're not at your PC.
Tip 6-20. Don't Let the Web Bugs Bite
Web bugs are invisible bits of data (sometimes called clear GIFs) that follow you around on a Web site and track what you do. Unfortunately, they're surprisingly common.
You can avoid these spies by using a free program called Bugnosis, which identifies Web bugs on any site you visit, and alerts you whenever you encounter one. It doesn't, however, possess the ability to eliminate the bug. But, hey, at least you'll know when you're being bugged, so you can leave the site before you're spied on.
To download Bugnosis, visit bugnosis.org. After you install the program, a small "bug" image appears whenever you visit a site that has a Web bug.
Preston Gralla is the author of Windows Vista in a Nutshell, the Windows Vista Pocket Reference, and is the editor of WindowsDevCenter.com. He is also the author of Internet Annoyances, PC Pest Control, Windows XP Power Hound, and Windows XP Hacks, Second Edition, and co-author of Windows XP Cookbook. He has written more than 30 other books.
Return to WindowsDevCenter.com.