        ĳ
                                +-+-+-+-+-+-+-+-+
         ۲|O|u|t|b|r|e|a|k|𰰰
                                +-+-+-+-+-+-+-+-+
                             Issue #6 - Page 4 of 16 
        ĳ



Internet Security Myths 
by fwaggle | Oct 25 '00 (a bit outdated. but still good)
<root@fwaggle.net>
http://www.fwaggle.net

* note: epinions.com sucks because they owe me $40
--------------------------------------------------------


I can't stress some of the points I'm about to make enough, because surprisingly 
a lot of people panic when it comes to internet security. First of all, there are 
these evil people called "hackers" which are lurking around every little corner 
waiting to break into your computer.

First things first, I find it somewhat offensive that people even use the 
term hacker any more. I mean, the term hacker in the 80s referred to a very 
small and elitist group of people. These were people who learnt entire computer 
systems, and how to program them, and exploit security features... Without any 
documentation or help files... Simply from dialling into a stolen dial-up, and 
experimenting. A very talented group of individuals...

Nowadays, you have any 12 year old geek with some of the latest "toolz" is now 
a "hacker". Would you appreciate spending a decade of your life learning and 
improving yourself, only to see in another decade, a stupid 12 year old hot-shot 
categorized in the same place as you?

It may be the same outcome - someone's computer getting invaded in some way, 
but it still kind of ticks me off.

Which brings us back to people's fear. All you need is some technical knowledge 
(not a lot, just a basic grasp of a few concepts), and some common sense, and 
you can be reasonably safe without spending a cent on software.

Firstly understand that to break into a computer, it must have a service which
you can exploit. Windows machines (the kind you're probably using to connect 
to the internet now) usually have one service nad one service only. This is 
called NetBIOS. 

NetBIOS can be exploited with what's called an OOB Nuke. This is old hat, 
anything over Windows 98a is immune to this.

There are ways to prevent your computer from even listening to NetBIOS on 
the internet. If you read up on how to do this (and have a friend port-scan 
you and it shows up empty), then there is no concievable way you could be 
"hacked".

Unless, with the lack of services some pimply geek decides to create a service 
of his own. This is what's known as a "trojan horse". Well known trojan horses 
are (you may have heard of these):

Back Orifice
NetBus
SubSeven
Master's Paradise

How do these get onto your computer? Exactly like a virus. You have to run a 
program which contains one. Which brings us to common sense. NEVER run programs
from sources you don't trust. You can set up email filters to block files which 
end in .exe and so on.

Remember things like file extensions. Pictures end in .bmp, .gif, .jpg, and that's
about it. If it ENDS in anything else, don't download it.

If you run an email client such as Outlook Express, then disable Javascript in 
Email. You don't need it, and it can be used for malicious purposes. If you use
Outlook, get the patches or disable Word Macros to prevent viruses such as 
Melissa from entering your system.

As you can see, with a little common sense there really isn't much to be worried 
about. If you can get a shell account who will give you permission to run a port 
scanner, investigate the possibility of doing so (do it quick before the stupid 
government makes it illegal).

If nothing shows up on the port scans, then there are no security holes. Therefore,
no need for Firewalls. If you don't accept files from other people, then there is no
way for a virus to enter your machine. Therefore, no real need for anti-virus software 
(although it's probably a good idea anyway).

In my opinion, it's probably better to clean up your system yourself, armed with 
some technical knowledge, rather than paying money from security software which 
is only as good as the person who installs it anyway.

One final note, it's of great importance that if you have children, you 
educate them in the dangers of accepting files from other people (even their
friends, you never know when one of their friends will experiment, leaving you 
open to attacks from more experienced losers). If in doubt, set programs such 
as ICQ to ignore file transfer requests (you can do this in the preferances 
under events), and Email programs to automatically dump attachments with programs 
in them.

Thanks for listening.

- fwaggle
<root@fwaggle.net>
