INTERNAUT

System paranoia is OK'it's a good bet someone is watching

Shawn P. McCarthy

Steve Gibson is a man on a mission. He wants to protect the privacy of the data on your PC.
'
His mission, dubbed Project X, could help improve security on computers that run Microsoft Windows'including hundreds of thousands of government computers. Gibson said he hopes to do this by revealing places on PCs where software companies have hidden small lines of code that collect information.

''Yes, it sounds like something out of an 'X-Files' episode, but Gibson says he believes he's onto something rather shocking. If you can't wait for Project X to develop, it's worth visiting Gibson's Web site. You can run a remote scanning utility called Shields Up that checks your PC for security problems.

''Gibson is a programmer, writer, tinkerer and developer of SpinRite, a disk recovery program. On his Web site, at www.grc.com, he points out that he discovered his new calling last fall while working on some Windows drivers.

During that coding, he said, he found evidence of two things:

' First, many computers that run Windows can be scanned via open ports when connected to the Internet. In some cases, the Net-connected computers were completely insecure; in a few cases, the PCs were actively being scanned over the Net.

' Second, he found that some programs send information back to their creators. In a recent e-mail newsletter, he described tiny programs that act as parasites, latching onto your Web browser and using its Internet connection to communicate with specific Web servers without your knowledge or permission.

''These are two separate problems, but both can be exploited in concert.

''To address the first problem, Gibson developed Shields Up to show users how easy it is for him to look at their computers when they connect to his site. He can remotely analyze a computer's openness. If he's able to see all the way to your hard drive, he'll tell you so.

''Gibson said he does not retain any of the information his scanner finds, but he does keep statistics on his discoveries. He's found problems with about one quarter of the PCs he's scanned. About 10 percent have revealed serious security problems, he said.

''Shields Up attempts to connect using the NetBIOS protocol. Many systems leave this bound to the computer's TCP/IP device, which can allow unwanted external connections. The utility also can see if a user has file and print sharing turned on and if a password is set. If these are vulnerable, it's possible to look at the files on your hard drive or use your network printer.

''Gibson's application can tell if the Media Access Control address on your network card is visible and what name your computer uses to identify itself on your LAN.

''Gibson also uses his site to tell people how to fix most of these security loopholes.

''Password-protected files or network resources don't necessarily constitute a roadblock. If hackers can get far enough into your PC, they can run sophisticated password-cracking tools that can try thousands of combinations per minute.

''Because many client machines aren't set up as servers, users or systems administrators might not have set up their PCs to detect such activity.

''The best response you can hope for from the utility is, 'There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!' That means you're operating in stealth mode. Some personal firewall products break this stealth mode by opening a port specifically to look for hacker activity. But it's better if a hacker simply does not know you're there.

''For Project X, Gibson plans to go far beyond what he has done with Shields Up. It's an attempt to get down into the guts of the code that runs on a machine and to see what programmers have hidden at that level. Gibson is an assembly language expert, so he understands what's going on in those long code strings. His efforts include work on something he calls a hyperspeed port scanner, which would look for suspicious code activity.

''Whether Gibson can bring Project X to fruition remains to be seen. In the meantime, it's also worth installing good personal firewalls to protect your agency's end-user machines [GCN, April 3, Page 33].

Data traffic cop

Check out the $40 BlackIce Defender from Network Ice Corp. of San Mateo, Calif. Go to www.networkice.com. BlackIce Defender is supposed to scan all inbound and outbound traffic for suspicious activity and deny access to hackers while leaving legitimate traffic unaffected.

For $58, Symantec Corp. of Cupertino, Calif., offers Norton Internet Security 2000. It targets viruses, malicious Java applets and suspicious ActiveX controls. Visit www.norton.com.

Zone Labs Inc. of San Francisco offers a good, free program. You can download ZoneAlarm from www.zonelabs.com. It alerts you if the app detects hackerlike activity while you're surfing. Not all alerts are prompted by hacker activity, however. Some attempts to establish secure connections at electronic-commerce sites could trigger the alarm.

All three programs help battle attacks from inside a network. It will be interesting if we find that threats often are from within.

Shawn P. McCarthy designs products for a Web search engine provider. E-mail him at smccarthy@lycos.com.

inside gcn

  • A forward-located Control and Reporting Center. Air Force photo.

    Data security at the tactical edge: Rightsizing solutions

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group