Here are Mark Nestmann's suggestions:
Step 1: Set Up Your PC for Privacy
Using two PCs instead of just one provides an excellent boost to security. If the security of your "online" system is breached, the confidential data on your "offline" system remains intact.
Every time you connect to the Internet, a hidden partition in your hard disk may be remotely activated and information transmitted to persons unknown. The only way to deal with this vulnerability is to use a two-PC setup or a hard-switched or removable "C" hard disk with its own operating system installed. Use one hard disk for high security purposes, the other for routine tasks. Keep the data on the high security drive "encrypted" with a program such as Pretty Good Privacy (www.pgpi.com) except when you're actually using it.
When you want to copy programs or files to your offline system—after testing them on the online machine—back them up and restore them on the main one using a rewriteable CD-ROM. Programs like pcAnywhere (www.symantec.com/pcanywhere) also work, but in addition to being a security risk in their own right, can facilitate the transfer of viruses or other malicious programs to your offline system.
If using a two-PC system isn't practical for you, consider the following precautions:
* Don't use Windows XP. The XP licensing agreement gives Microsoft (or anyone Microsoft designates) the authority to automatically and invisibly download future fixes or "upgrades" to XP, including secret code that could monitor everything you do on your PC. Older versions of Windows software (with the exception of the latest upgrade to Windows 2000) do not have these provisions.
* Disguise your "online identity." In Windows systems, go to the control panel and select "System properties" to review registration data. The "General" tab contains the registration information. This information is recorded in the Windows registry and the only practical way for a non-programmer to change it is by reinstalling Windows. Use the same precautions for your applications software.
* Physically disconnect your PC from the telephone line or cable modem when you're not online. These connections carry plenty of energy to manipulate chips in your modem, activating programs that can activate the next time your computer is turned on.
* Disable unnecessary "bindings." Windows systems have multiple levels of "connectivity" that most users don't need. Disable the ones you don't use, following the instructions at http://grc.com/su-bondage.htm.
* Disable printer and file sharing. Bring up "My Computer" on your desktop. Right click on the name of each hard disk. Select "properties," then "sharing." Click "not shared" for each hard drive.
* Minimize or turn off the Windows "swap file." Data can be recovered from the "swap file" Windows writes to your hard disk. Use Windows help to search for "virtual memory" and follow the prompts to manage virtual memory. Start with 100 megabytes and adjust to zero or as close to zero for your programs to run properly. Set the same "maximum" and "minimum" figures. Whatever size you specify, you must have at least 50 megabytes additional disk space free.
* Disable "universal plug and play." This is a networking standard designed to make different manufacturer's networking equipment, software and peripherals compatible with one another. Unfortunately, the Windows implementation of UPnP contains security flaws so serious that the FBI issued a warning in advising consumers to disable it. A free utility program to do so available at http://grc.com/UnPnP/UnPnP.htm.
* Wipe "free disk space" regularly. Forensic analysis of the unused "free disk space" on your hard disk can reveal traces of incompletely deleted files and a great deal of additional information you might prefer to keep private. Run at least weekly a utility such as the one in Windows versions of PGP (www.pgpi.com) that permits you to wipe free disk space. Also run the Windows "DEFRAG" facility at least weekly.
* Preserve e-mail privacy. The most important precautions are to close the "preview pane" in your e-mail program; turn off "active scripting" (instructions at www.europe.f-secure.com/virus-info/u-vbs); and to send and receive e-mail in "plain text" format, not HTML (instructions at www.expita.com/nomime.html).
* Resist "upgrades." Many upgrades come with a hidden cargo: either enhanced surveillance features or the disabling of formerly useful features. The latest upgrades to video and CD software, for instance, incorporate "digital rights management" technology that restricts or completely disables your ability to duplicate (or in some cases even play) CDs or DVDs. Some upgrades are essential, of course, but there is usually no need to "rush to upgrade" from a privacy or security standpoint if you follow the recommendations in this column.
Step 2: Practice "Safe Surfing"
* Minimize your online sessions. The fewer sites you visit and the shorter the time you are online, the less likely it is that you'll encounter a rogue Web site that will copy files from your hard disk.
* Obtain anonymous Internet dial-up service. In the United States, two Internet Service Providers (ISPs) that permit prepaid anonymous dial-up accounts are Anonymizer (www.anonymizer.com/services/dialup.shtml) and Cyberpass (www.cyberpass.net). In most other countries, anonymous dial-up service is not available. However, if you use a small ISP, the risk of monitoring is reduced. For instance, in the United Kingdom, only ISPs with more than 10,000 users are monitored.
* Beware of "always-on" Internet connections. High-speed cable or DSL connections have much higher security risks than dial-up connections. A continuous Internet connection makes it easier for a person running a "packet sniffer" to monitor the data flowing between the Internet and your PC.
Step 3: Use Privacy Enhancing Software
* Use "proxy servers." A proxy server is a computer between your browser and the Web page that you are visiting. When you type in Web page address, your browser passes the address to the proxy server and the proxy server retrieves the page. This protects your privacy because all the Web site sees is the proxy; you remain invisible. A good choice for a proxy server is WebWasher (www.webwasher.com).
* Use browser-scrubbing software. Your Web browser keeps detailed logs of everything you do on the Internet. To eliminate these logs, use a program such as NSClean (for Netscape) or IEClean (for Internet Explorer). Both are available from www.nsclean.com.
* Use anti-virus software. Good choices are AVG 6.0 (anti-virus) from www.grisoft.com. Do not use anti-virus software from Symantec (Norton) or McAfee; both companies have refused to rule out cooperation with the FBI in making sure their virus detection programs will not deactivate "authorized" intrusion software created on behalf of US law enforcement agencies. This is dangerous not only because it permits invisible surveillance by police, but because is no assurance that hackers wouldn't be able to create the same "digital signature" to fool Symantec or McAfee programs!
* Use firewall software. ZoneAlarm 3.0 (firewall) from www.zonelabs.com is a good choice. A properly functioning firewall will insure that there is no evidence of your PC even existing when you connect to the Internet! To test the "stealthiness" of your PC, run the programs at https://grc.com/x/ne.dll?bh0bkyd2.
* Use "Trojan" detecting software. It's remarkably easy for a hacker to install a program on your PC, such as Back Orifice 2000 (www.cultdeadcow.com) to secretly record everything you do on it. BOClean is a utility designed to detect and deactivate such "back door" or "Trojan Horse" software (www.nsclean.com).
* Use encryption software. Monitoring e-mail communications is easy, thanks to the fact that PC communications pass through multiple computers on the way to their destinations. Using encryption software creates an armored envelope around your e-mail messages (or the files on your PC) that can be defeated only with great effort or if you make a significant error. I recommend PGP for this purpose (www.pgpi.com).
* Use "spyware" detection software. Many free or low cost programs downloaded from the Internet secretly install software on your PC that monitors your online activities, then reports them back to the software manufacturer. To detect and remove such "spyware," install a program such as Ad-aware. (www.lavasoftusa.com or www.lavasoft.de).
Step 4: Use Someone Else's PC
If you're a frequent PC user, you'll probably need to configure your own PC for the most private communications possible. But if you only use a PC occasionally, or are traveling, you may need to use someone else's PC to surf or send and receive e-mail.
However, don't use your PC at work for this purpose—it may be booby-trapped. Indeed, about one-third of U.S. companies monitor their employees' Internet use, and such monitoring is increasing in other countries as well.
Instead…go to your local library. Most public libraries in the United States and Canada have free Internet service. You may have to sign in, but you probably won't have to show an ID (although this is now starting to change, allegedly as an anti-terrorist measure).
Find a PC with a floppy disk drive, or a CD-ROM drive. Upload encrypted messages you've prepared in advance to your account with an anonymous e-mailer such as www.hushmail.com. Copy any encrypted messages you receive to your floppy disk. Decrypt them later on your own computer.
Unfortunately, this strategy is becoming more risky. For instance, the USA-PATRIOT Act permits the FBI to obtain records of library patrons, including their PC use, without a warrant. Library PCs may also be "bugged." PCs in smaller branch libraries are much less likely to be monitored than in larger libraries.
Commercial PC services and cyber-cafes are also widely available. I've never been asked for an ID, although you will have to sign in and possibly leave a security deposit. For a list of more than 5,000 cyber-cafes in over 140 countries, see www.cybercaptive.com.
However, you have no assurance when using a "public" PC that the network it uses is secure. For this reason, sending encrypted messages and browsing through a "proxy server" is doubly important.
In addition, when you use a public PC, your Web surfing may be tracked by a network monitor and evaluated against a list of key words or phrases that if triggered will alert law enforcement. If you can't visit chat forums or certain web sites, the network is probably using monitoring or screening software.
You should also assume that any online search engine such as Google.com (my favorite) has the same capability. In China, the Internet police (now more than 40,000 officers strong) make arrests based on certain words used in e-mails or typed into search engines. You should assume police in other countries have similar capabilities. If you search for phrases like "enriched plutonium" AND "triggering device," an alarm may go off in a network administrator's office—or at the local FBI office.
You may also be being monitored via closed circuit television every time you go to a public location such as a library or office services store. Your arrival time might later be estimated based on the time you logged on to the Internet. Film from the estimated time of arrival may be examined to identify your face. A face can be matched against a database of more than 60 million faces in less than a second!
For all these reasons, use multiple locations if you use public PCs for Internet access.
Finally, remove your "tracks" from whatever browser you use when you leave. This requires installing a browser cleansing program such as NSClean, running it, then uninstalling it. However, most public PCs do not permit users to install or run software not already on the system. You'll probably need to manually delete your online trail. This data is ordinarily maintained in a subdirectories named "archive," "cache," e-mail" and "news," etc. in the Netscape or Internet Explorer program directory. Locate these files on your own PC using a program such as NSClean or IEClean so you know where to look. Also, delete all files in the Windows "temp" subdirectory and with the extension "*.tmp."
By taking these steps, you will have achieved greater security than the vast majority of Internet users. Most hackers, upon discovering that your PC is operating in "stealth mode" will move on to less well-secured PCs. And even if they don't, following these precautions will make it virtually impossible for them to break in.
If you are just an occasional PC user, and don't use it daily for work or investment purposes, these precautions are probably sufficient to preserve your PC privacy and security. But if you are a PC power user, you'll want to take additional measures to protect yourself. My newly updated user's guide to PC privacy on and off the Internet, the 5th ed. of Practical Privacy Strategies for Windows 95/98/2000, teaches you how to deal with hidden PC weak spots, vulnerabilities and countermeasures: incompletely deleted files, hackers, stolen files, encryption, etc. To find out more, click here NOW: http://www.agora-inc.com/reports/190SMNPS/W190D117/
By Mark Nestmann
So you can see that taking some precautions, there are a lot of trouble you can avoid, in addition to protecting your privacy. To quote an old wives' tale - "An ounce of prevention is worth a pound of cure".
I want to give special thanks again to Mark Nestmann and his extensive expertise.
and protect us from such people forever.
The wicked freely strut about
when what is vile is honored among men. Psalm 12:7-8 (NIV)
If you have comments or questions, please feel free to contact me at the address below.
Email: DeltaInspire@panama-vo.com
No comments:
Post a Comment