|
I know what it’s like to be a victim of identity theft. And I don’t want it to happen to anyone else, ever again. Nothing short of a gun stuck in my face ever scared me so much.
Personal computers using the Windows operating system are notoriously susceptible to attacks that can compromise your personal security and privacy.
The term “zombie” refers to PCs that become unconscious victims, or worse, henchmen of other remote PCs on the Internet, or even a corporate Intranet or Extranet to extract your information and perform tasks to harm your personal security and privacy in some way.
PCs linked to the Internet via an unprotected broadband connection using any form of DSL or cable-modem are the most vulnerable victims. This leaves your PC open to raids by malicious hackers (or worse) since their connections to the Internet are “always on” and “always connected”.
What you have to realize, is that when your PC is connected to the Internet, the Internet is connected to your PC. That is... it’s a 2-way information super highway.
Here in this document you will find 10 ways that your PC can become your worse nightmare. Be forewarned.
Compromise #1: The Plain-Old Vanilla Windows Installation
This is the most common, and the easiest (and most obvious) compromise to correct. Never rely on Windows to provide you with adequate security and/or privacy. Especially when you are using your PC to connect to the Internet. Note this applies equally to desktops as well as to mobile PCs including Laptops.
At a minimum, you should get additional software such as a personal firewall, and virus scanner. This is a good beginning, but as you will see later in this document, there are other ways your PC can be compromised where even these won’t help.
Windows itself has a few issues that are normally “invisible” to the average PC owner. Remember that Microsoft’s main focus in developing Windows was that of user-friendliness and ease-of-use. Security was a very distant lower priority... especially with the legacy (16-bit) versions of Windows such as 95, 98, 98SE, and ME.
Compromise #2: Failing To Remove Temporary Files
What is so dangerous about temporary files?
Temporary files contain a host of information (such as passwords, financial information, personal identification data, etc.) that you really don’t want in the hands of “the wrong people”.
Some people believe that clearing out the obvious folder “C:\WINDOWS\TEMP” and the Internet Explorer folder “C:\WINDOWS\Temporary Internet Files” is enough.
Nothing could be farther from the Truth.
Temporary files are your worst enemy... period.
Seemingly innocuous, they contain almost any kind of information about you and your privacy and security possible.
Since, by definition, they are “temporary files”, many application programmers, when designing software in a time-crunched, limited-budget environment just ignore them. They probably figure that since they are going to be destroyed anyway, why bother to take the extra time to program code just to make the application clean up after itself? Unfortunately, this is very, very common.
Deleting temporary files is the easy part. Finding them is actually the hardest part.
Besides the “C:\WINDOWS\TEMP” and Internet Explorer “C:\WINDOWS\Temporary Internet Files” folder, where else would you look?
Many applications have their own temporary file folders, sometimes referred to as “Cache” folders. Sometimes they use “My Downloads” or “My Music” or even the application’s own installation directory to store their temporary files. The fact is, you have to have some technical knowledge about each of the dozens or hundreds of applications on your PC to know where to look.
Your PC security and privacy gets compromised by two factors:
1. There exists kinds of software that attempt to access your PC to rob you of your security and privacy.
2. There exists private data existing somewhere on your PC in a non-secure form.
Security software like PC firewalls and virus scanners go a long way in preventing programs like viruses, trojan horses, worms, etc. from infecting your PC.
But they don’t catch everything... and it only takes one time for such a program to strike and to fully compromise your personal security and privacy.
So what can you do? Here’s a great analogy.
If you are camping in the forest filled with big grizzly bears... it’s smart not to leave food around your campsite tempting the grizzly bears to “feed”.
In other words, you must have a way to get rid of those temporary files, which are “food” to software designed to compromise your security and privacy.
Fortunately, there are a few file-naming conventions that are used for temporary files. You can find them and then delete them using the Windows “Start > Find” command, here are the most common temporary file conventions:
Most Common Temporary File Naming Conventions:
*.TMP *.BAK *.GID *.CHK
*.$* *.~* *.--- ~*.*
Of course, there are more because software applications may use random file names, or names based on the date they were created, etc. That’s why you may need to have technical information on your applications so you know not only the location, but the names of the temporary files these applications create and leave on your PC.
It would be best to find a way to automate the removal of all temporary files on your PC as you shut down your PC.
Compromise #3: Forgetting To Empty The Recycle Bin
Gosh, you wouldn’t think this should even be on the list. But it’s a big one. Many people just “delete and forget”, and let their old deleted files accumulate in the recycle bin on their hard drive.
This is a simple thing to fix. It just takes a little vigilance or maybe some automation to make sure it gets cleared every time your PC shuts down so that data isn’t there at all, even when the PC is turned off.
For some of the older and “dumber” viruses, worms, and trojan horse hacker-type software out there, this is usually an adequate solution to prevent them using the recycle bin contents for compromising your security and privacy.
However, be warned that there have been reports of newer, “smarter” hacker invented software showing up at the rate of almost a new one a day now. Not just a few times a year like it used to be. It is just not as easy for the virus scanners to keep up anymore.
These newer “daemon” type programs can actually read the data directly from your hard disk, even after your files have been deleted, and then cleared from the recycle bin. This is an issue that is a bit more involved, and we’ll touch on this more in-depth a little later.
Compromise #4: Activity History Files
You have nothing to hide? Good. Windows will make sure whatever you do will be recorded for posterity (or anybody else who wants to know) automatically, without your knowledge.
This is definitely one of those “Windows issues”.
Windows, for ease-of-use or whatever reason, keeps history logs on just about everything that happens on your PC.
While this is great for administrators, it’s also great for hackers’ viruses, worms, trojan horses, etc.
This usually requires some form of specialized software to clean this up as you go.
For now, let’s dig into the problem a little deeper for a better understanding of how you are affected by this problem in greater detail.
Windows keeps history lists, usually inside the registry where you’ll never be able to find it without some digging for the following types of activity:
1. “Run” history (software programs you use)
2. “Find Computer” history of every computer you look for over the network.
3. “Find Files” history of every file you look for on your hard drive on your PC.
4. “Documents” history of the last 15 documents you have opened or used.
5. “Start Menu Order” history contains the list of what programs were on your Start Menu in the past.
6. “Start Menu Click” history holds the dates and times you use programs in a hidden encrypted database. As far as I know, there is no limit to the number of entries.
7. “Typed URL” history of every web page you have visited using Internet Explorer.
8. “Autocomplete” history of all web pages displayed whether typed in or visited by clicking a link.
9. “Download Folder” history of all files ever downloaded.
10. “URL Error Logs” history of any errors you had accessing any web page.
11. “Visited URLs” history of all web pages displayed in Internet Explorer either typed in or by clicking a link.
12. “Outlook Express 5” history of all email you have processed using Outlook Express.
13. Common dialog histories for applications showing last visited locations.
14. Common dialog open / save file lists history.
There may be more I don’t know about... but I think you get the idea. Who would care to know this stuff? Maybe your spouse, your boss, the police, a hacker...
Compromise #5: Common Applications Activity History Logs
Almost in the same category as software application temporary files, this is a little bit more insidious since the permanent storage of these activity logs was planned by the software developer.
Here are just a few applications listed below that are all too common, and what activities that they are recording as you use your own PC:
1. Windows Media Player URL history list
2. Windows Media Player media library list
3. Windows Media Player playlist(s)
4. Netscape URL History
5. Netscape History Cache of downloaded pictures
6. Netscape Activity History Database (history.dat)
7. Netscape Mail History for deleted items folder
8. Netscape Mail History for sent items folder
9. Netscape Mail activity cache files (*.snm)
10. AIM (AOL Instant Messenger) History of AOL Member names that have been sent messages
Sometimes applications will have an “Option” to eliminate the histories when the software is closed. Others don’t. You really have to be on your guard with this, since you probably enter private and financial information in some of these applications if you’re like most people.
Compromise #6: Internet Browser Cookies
Everybody knows about cookies. No? They are scraps of information usually generated by a server on the Internet, and sent to your browser. Depending upon the type of cookie, your browser may save it to disk... possibly keeping it there for years.
What’s the problem with this?
The problem is the same as with Windows’ activity histories. In fact, a category of software known as “mal-ware” uses this information to trace and track your every move on the Internet. Sometimes anonymously, sometimes not... depends on the software. Unscrupulous information technology savvy marketers with bad intentions have even had software written specifically to track where visitors of their websites go on the Internet so they know what kind of products they are most likely to buy. They then use this to create “targeted visitor email lists” that they then sell to others as “opt-in lists” and make tons of money off of unsuspecting unsophisticated Internet marketers.
How does this affect you? Tons of Spam in your inbox.
Most Internet browsers have an option to clear all new cookies upon closing the browser page. Alternatively, there may be an option to allow only “session-cookies” which do not get stored to disk. You should activate one of these options in your browser so you can’t be tracked.
Compromise #7: The Windows Swap File
We’ve covered a lot of the obvious ways your PC can compromise your security and privacy. Now we’re going to get a little more technical, and maybe a little more esoteric. Try to follow if you can... since I can guarantee you that those wishing to rob you of your security and privacy are quite aware of these concepts.
The Windows swap file, usually named WIN386.SWP found in the “C:\WINDOWS” or other folder is a haven for information about you. It literally contains the memory images of programs that are / were running in your PC. Not just the software, but the data as well.
The only thing you would really want to do with this file is to delete it when you shut down Windows. Some kind of automation software that can intercept the “Start > Shutdown” command would be useful here.
Windows will not let you delete it yourself while Windows is still running, since it locks the file. However, you can manually “Restart in MS-DOS Mode” and then you can erase the file manually.
It would take a sophisticated hacker indeed to make use of this file, however, anyone with physical access to your PC without you there would have access to literally an “image” of the memory in your PC of the last time you used it.
Compromise #8: Windows Registry Backups
Here is a feature that you would think would be a “warm and fuzzy” aspect of Windows since it is only trying to prevent a disaster should your Windows registry become corrupted in some way.
Maybe that’s true, it should be.
However, the Windows registry is a treasure-trove of information for hackers. For example, it contains a complete list of the hardware, not to mention most, if not all the software, you have installed on your PC.
Making backups of the registry is just begging for some virus, worm, or trojan horse to come along and “read” what kind of configuration you have with no trace. You see... if it tries to access the normal registry files, a trace of that activity is kept. However, that’s not the case with the backup registry files.
Best thing to do... is to back up the registry using the “Export Registry Files... ” option of the REGEDIT program, and then ZIP the “*.REG” file it produces, which could be many megabytes in size. The ZIP file will usually compress very well down to a size of less than a megabyte, and can be stored on a floppy disk. The REGEDIT program can be used to restore your registry (if needed) at a future date.
If possible, this process should be automated when you shut down your PC. It also wouldn’t hurt not having to ever use your registry backup by keeping your current registry file in good shape. The program “REGCLEAN.EXE” from Microsoft (freeware) can be run to make sure your registry is in good condition. If possible, you should also automate this on a regular basis.
Compromise #9: Application MRU Lists
What is an MRU list? MRU is an acronym which stands for “Most Recently Used”. While this can be convenient to have each program automatically record and store in the File Menu the last 4 to 10 last documents you opened or saved... you have to ask yourself... do you necessarily want the documents you are working on to be visible for all to see that may have access to your PC?
Remember... this may include undesired persons such as hackers, your boss, the police, etc.
Some software gives you options of either eliminating the list altogether, or clearing the list by using a menu option or pressing a special key. However, my experience has been that most software won’t let you touch it.
However, all these MRU lists are stored in the registry. However, I do NOT recommend you using software like REGEDIT to directly modify the registry. One little slip and you could destroy your Windows registry (and therefore your installation). There is software that will clear these lists, more on that at the end of this document.
Compromise #10: Hard Disk Free Space
This is the least obvious, yet probably the most dangerous (from a personal security and privacy standpoint) of all the compromises we’ve discussed so far.
As mentioned earlier in our discussion of the Windows recycle bin, when you “delete” a file, and then “empty the recycle bin” your files are supposed to be gone.
Surprise, they’re not. The only thing that gets erased is their entry in the folder. That’s it. The data is still there.
Hackers (et al) know this, and Windows happily complies since Windows does no securing of the “free space” at all. After all, it’s supposed to be empty anyway... right?
DOS used to have a utility called “UNDELETE”. It was a favorite of DOS administrators, since when a user they supported might accidentally erase a file they were working on, the administrator could go to the PC with this utility, and by supplying just the first letter of the filename could restore the file in it’s entirety... almost like magic.
It was this penchant for users to accidentally delete files that prompted Microsoft to create the recycle bin, since the “normal user” couldn’t figure out how to use something like “UNDELETE”. Ah... the good old days...
As you can see, since all Windows installations using a FAT partition is no different than DOS using a FAT partition, you can see that if UNDELETE works in DOS, the same logic will work in Windows.
That’s how hackers, viruses, police forensic tools etc. can get access to your data that you thought was deleted and cleared off of your PC’s hard disk.
Now here’s the surprise... even if you format your hard drive, the data can still be recovered if you used the “Quick Format” option (which is sometimes the default even if you don’t specify it explicitly). Not too cool.
My recommendation is from time to time, get a software program that can help you by clearing your free space. Some people go to the extent of low-level formatting their hard drives and re-installing Windows and their applications. I think that’s really extreme in most cases.
Conclusion
I hope you’ve found this document helpful in trying to get an understanding of what you are up against when using your PC either offline or online connected to the Internet.
I concentrated on the aspect of what your PC contains that can be used against you, rather than on what software tools there are to “fix the problem” because I wanted you to be aware of the problem in the first place.
Most people I contact typically have no clue how vulnerable they are.
That’s sad... and dangerous for us all. If we don’t know how to protect ourselves, or even know we have to take certain actions to protect ourselves then more than just a few individuals’ security and privacy are at stake. We literally put our entire computing nation at risk.
If you'd like to know the tool I found that solves all these problems for me, simply click on the link below and read all about it. I have included an on-line database about the software I recommend, so you can become informed before you choose to take action.
I hope that Identity Theft via the Internet never happens to you.
Thomas Straub
http://www.evidence-eliminator-info.com
|
|
