|
|
|
|
Investigation Tool: KnowledgeHow to: Protect Your Windows PC. Welcome: If you are an advanced user or IT professional you might enjoy playing with some of the more sophisticated toys.
|
|
Don't be shy to admit to yourself this time is a little early for a person at your present learning level to be doing system re-configuration. If you are unsure, read on and learn what you can without making any changes to your computer or try only some of the basics. None of this stuff is very difficult, especially for a power-user, but making wrong changes to the system registry can leave you with a blank screen on your next reboot and may require a complete system re-installation. Take good care and check your work completely before committing to a change. Be brave here. Newbies, this article is really for you. A starting point. Be brave and drop us a question or two here if you want some extra help. People who need computers to store, extract, or report intensely sensitive data would not, should not, better not be running Windows 98 of any flavour in a networked configuration. No matter who you are, if you are running a consumer-oriented operating system on a networked PC (dial-up, ethernet, DSL etc.) don't store any sensitive information on it!!!!!!!!! |
DNS Tools |
| BIND Host Query | |
| NSLookup Tool | |
| Whois | |
| Dig 8.3 Query Tool | |
| Host Lookup (SOA Records) | |
|
|
If you intend to perform the actions explained here while you are reading, either print the section you are doing, or write the instructions down. Some actions may require a restart of the computer in which case you will not be able to continue reading this should you encounter restarting difficulties. Bookmark this page so you can come back to it easily without having to drill your way through the browser "history" files. Before undertaking any changes to your computer, however, please read the appropriate section carefully and check your work twice or more. As you might expect, we take no responsibility whatsoever for any jam you might get yourself into. :o) Don't hesitate to ask for help though. Write this down -- techsupport@mobrien.com so at least you can run to the Public Library and send us an email if your machine never again boots into life. (Just kidding. But write down the email address anyway.)
Read on.
We also suggest you check out the latest security releases from the following:
Someone may be watching you right now. Click here to get a brief idea (in picture form) of what some hackers can do with their "Remote Control" over your computer.
Do you really think your personal information is safe while resting on a computer hard drive, meanwhile your system is humming away, broadband-connected at a potential of 160,000 or more bytes per second to 30 million global users? Doubt it!
Much talk these days surrounds the issue of computer security. The hyperbole is expansive but there are some serious issues at large. Surely the problem is getting worse. An equal certainty is that no matter how insignificant you may feel your system may be, if it is networked to the internet in any manner, YOU are extremely important, as is everyone, to the overall security within our respective communities. Take that very seriously without further explanation right now. (More is available on that topic at this web site and elsewhere on the internet using some of the links we are going to explain and give to you, later.)
Here are a few steps you can take to build a deterrence and enhance your own security.
Identification:
Remember way back when on that exciting day when you first booted your new computer? You hastily entered all your information along with your Microsoft Windows owner registration key. Chances are you typed in your full name and possibly even your company name. Hey. Get rid of it! Many cracking and automated hacking programs can easily siphon out your name from the System Registry, patch it to other data on your machine and give who-knows-who your full identity attached to registration keys, email addresses, passwords, usernames, credit card numbers, kid's names etceteras etceteras etceteras.....
Open your System Registry (Go to: Start / Run and enter [cut and paste this to "Run" --> %systemroot%\regedit ) and use the Find tool to locate this key or just go to it if you know how:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
In it, you will see two string values; "RegisteredOwner" and "RegisteredOrganization." Surprised at what you see? Click "Modify" and change these to something less revealing about yourself.
While you are there... and it never hurts to check this occasionally, like every time you open the registry ...
Go to [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] and make certain there is nothing listed there that shouldn't be. Like SirCam.exe or any such thing that you recognize as trouble. Below is an example of what you may expect under normal (clean) circumstances.
This machine (below) runs the System Task Tray and a Sun Microsystems Star Office 5.2 integration process at system start. That's it! Your machine may have a series of processes that you have elected to run from start-up. One is wise to run as few of these as possible for good system management and control's sake, however, that's your business. What you don't want here are worms and viruses and other such plagues starting up every time your system re-invokes. Go to http://www.antivirus.com which is the domain that trend.com (Trend Micro. Incorporated) recently points to and have a good read from time to time so that gradually you will be able to spot trouble. (The top corner of this page on the right hand side often has virus and worm id info and warnings.) I can tell you that among the hundreds upon hundreds of boxes I have sat in front of for troubleshooting purposes, there has invariably been something ugly in this section of the registry:
EXAMPLE SYSTEM START HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SystemTray"="SysTray.Exe"
"SO5 Integrator Pass Two"="C:\Windows98\SOINTGR.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"Having opened this can of worms -- a bigger topic than this whole page -- I should tell you what to do if perhaps you do see a registry "run" command for something evil. Kill it! -- meaning delete the registry entries after first saving them to a floppy as a reference so that you can manually track down the files that the registry entry points to and delete those files too. But that doesn't mean that you have removed the problem. Maybe. Maybe not. There could be other instances of the offending file elsewhere on your machine (often that is the case) You will then need to (anti-virus) scan the entire system after a reboot. Remember: whatever you find in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] is almost certainly running as you are staring at it! Clean it up and reboot. Then get a new virus scanner or update your currently ineffective scanner's pattern files.
Aren't you glad I suggested you do this while you are there? Oh. Another "while you are there" ... also check RunOnce (just below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) as I have seen some viruses that got there start in life from this invocation. Rare, but possible.
A Bailiff once told me, "Locks and deadbolts only keep the honest people out!"
So every lock, no matter how good nor how expensive it may be, has now or will eventually have a corresponding crook/creep/whatever to break it! Nice. Not.
Let's get some "deterrence" going for us then.
Description Many computers allow you the option to set up a password in the BIOS (Basic Input Output System) of your computer. The BIOS is the software that performs all of your startup routines including booting the Operating System. What makes a BIOS password ideal is that since the BIOS is the first piece of software loaded on a machine, a password is consequently the first thing a person sees when they turn on your machine. Disadvantage While BIOS passwords deter the common snooper, a persistant person such as a cop can get around them. BIOS password crackers are available, and many motherboards have a jumper pin which will clear the password when removed or inserted as the case may be.
Description The age-old practice of hiding directories.... every Operating System (OS) can do it. In Windows 98, the easiest way to hide a directory is through Windows Explorer. Simply right-click on the directory, select 'Properties' and at the bottom of the box that appears, check the option for 'Hidden.' Click 'OK' and then hit F5 (Refresh). The directory and it's contents have disappeared from view. This is handy for keeping your children from finding those secret adoption papers you've been meaning to tell them about. In order to retrieve the information, one needs to use the Find program and search for the name or reset the "Folders" configuration to check 'show hidden files and folders'. Disadvantage As previously mentioned, all someone has to do is do a search for the directory name. Also, some programs are designed to ignore the 'hidden' attribute and will display the file as long as the viewer is in the appropriate higher directory. Would you like to see what we mean? If you click this link you can actually view some screen shots of Hacker Server screens.
There is a feature of Windows 98 that is often forgotten because of its annoying habit of getting in the way to most personal computer users: The network login. This feature is many times disabled by users who think that since they are the only person ever using the system, why have a login? Or, perhaps it was never there to begin with, and your system simply loads up without needing to touch a key.
However, with a little tweaking, you can make your system not just request, but require a login in order to access your Windows desktop. This safeguards your system from potential snoopers who are a little more knowledgable and may perhaps try to gain information about where you store sensitive data, by looking where your desktop shortcuts point to, or seeing what programs you have loaded.
The first step in the process is to set up Windows for networking. Of course, many people aren't really going to have a network in their house, but this provides the necessary means of securing your system.
To get started, go into your Control Panel, and double-click on the 'Network' icon. You should see the Network configuration box, and a listing of the components installed on your computer. You want to "Add.." a new component. Select 'Client' from the next list and hit "Add..." This will bring up yet another box. Select "Microsoft" and then from the list that appears on the right, "Client for Microsoft Networks" and hit OK. You may be prompted to insert your Windows 98 disk. After the appropriate files are loaded, you may be prompted to restart your computer. Before doing this, make sure that in the original Network configuration box, your Primary Network Login is "Client for Microsoft Networks" which it should be by default. If not, change it to that just to be safe.
After rebooting, you will see your computer now prompts you for a Username and Password before starting Windows. Choose a username and password carefully, and then enter it. It will prompt you to re-enter the password, and then present you with your Windows desktop.
NOTE: Some users do not get the Network Login prompt right away after reboot. If this is the case, do the following. Go back to Control Panel, and select the "Users" icon. The wizard will take you through some instructions, prompting you to enter a username and password. After entering your desired username and password, the next screen will prompt you with a list of options. Just click "Create New Items to Save Disk Space." When it prompts you to reboot, do so. You should now have a login prompt.
Congratulations, you're halfway there!
There was once a time when every Windows user spent countless hours customizing his system. Everything from adding shortcuts here, to renaming shortcuts there, to changing settings that effectively made a Windows computer unrecognizable!
Well, back by popular demand and better than ever, is Microsoft's Powertoy, TweakUI. Hidden away on the Windows 98 CD-ROM, it contains a wealth of settings that effect just about everything. Fortunately for us, some come in very handy for protecting yourself!
TweakUI does not come preinstalled by default on a Windows 98 system. Therefore, you must go get it. Start by placing your Windows 98 CD in the drive, and exploring it. Where X: is your CD drive, you will need to navigate to the directory X:/tools/reskit/powertoy. In that directory, you will see a bunch of files. Only one is important to us. Right click on the 'tweakui.inf' file. From the menu, select "Install" and Windows will copy the necessary files to your hard disk. When the TweakUI help file pops up, just close it and the install should complete.
Now, go to your Control Panel and you should now see the TweakUI icon. Double click to get started.
You should now be staring at a fairly complex looking program that is separated with tabs listing each category. Feel free to browse through and take a look at all the things you wanted to do (or do away with) in Windows but never could.
Now, to the important stuff. There are a few settings you must change in order to make your computer as protected as possible. Keep in mind that these settings may not always be the most convenient, as many will effectively remove shortcuts from your Windows desktop working area. First, click on the 'IE4' tab and you will see a list of settings. There are essentially four that we are concerned with. Make sure the following is true:
| Unchecked | Checked |
| Add new documents to Documents on Start
Menu Show Documents on Start Menu Show Favorites on Start Menu |
Clear document, run, typed-URL history on exit |
You can leave the others as is. What you are doing is preventing users who access the system, hints as to the recent files you've worked on (in Documents menu), the URL's visited in your browser, or programs you've run from the Run menu. You also removed those options from the Start menu, making it more difficult to locate.
Next, you may have to scroll to the right a little to view the appropriately named "Paranoia" tab. In this menu, you see a bunch of options with a common theme: they all get cleared at login. Make sure every one is checkmarked. This will essentially erase all traces of your recent activity on your computer when you reboot or log off the current user. Kind of like covering your tracks.
After changing any other settings that you want, you can now click 'OK' at the bottom of the program. The computer may prompt you to reboot.
The only way to safely protect all of your data, is to encrypt it. There is no better technology out there than removing your hard drive and burying it at the center of the earth. There are many programs out there that do outstanding jobs in providing you with a means of digitally securing your personal data. PGP and Norton's Your Eyes Only are a few that come to mind.
Also there is Jetico, Inc.'s Bestcrypt. For a very minimal cost, you get one of the most powerful, essential personal security programs we've ever seen on the market. This program allows users to create virtual partitions, or "containers" that store data just like a hard drive. These containers can be mounted and dismounted at will, with all encryption being done transparently. The latest version also supports some of the strongest encryption algorithms out of the box, with the ability to add others in a plugin-style format.
Using Bestcrypt as a hard drive:
After downloading and installing Bestcrypt, you should create a New Container. This container should be large enough to store program files for many different software packages. A size of 300-800 MB is usually sufficient. What you will be doing is installing programs that maintain personal data, into the drive so that any data created such as email, newsgroup files, personal FTP sites, etc, will be kept in an encrypted drive.
Note: Twofish and GOST28147-89 (GOST) are two very strong encryption algorithms to use. Coupled with lengthy passwords, it is said that they are near impossible to crack.
Once you have a container, mount it. You are now ready to begin. We will now discuss how to configure standard Windows 98 software and common third-party software for use on a Bestcrypt encrypted drive. From this point on, "mount" or "opening" your Bestcrypt drive simply means using the Mount command in Bestcrypt's Control Panel to make your new container a usable drive.
Outlook Express is the default mail client for Windows 98. Normally when you first start it, it will prompt you to select where you would like to keep your mail database.
Once Outlook Express is installed, you are ready to proceed. If you already use it, copy your mail database and address book (commonly named *.wab or *.pab, and *.pst files) to a temporary directory. Now open your Bestcrypt container and create a directory that you can store your email files in; "Z:\Outlook Express" or "Z:\email" will do fine, where Z: is your mounted Bestcrypt drive.
If you attempted to do the logical thing of saving your mail database to your container the first time you started Outlook Express, you found that the program will not allow you to save to a removable drive, which is how Bestcrypt containers are classified under Windows 98. So you will need to make a small adjustment to the System Registry in order to tell Outlook Express where to store your data.
First, open the System Registry editor (Go to Run command; enter 'regedit'). You need to browse to the following key:
HKEY_CURRENT_USER\Software\Microsoft\Outlook Express\
In this key, you should find a string value named "Store Root" which, if you did not change Outlook Express' default setting, will have a value of:
C:\WINDOWS\Application Data\Microsoft\Outlook Express
Modify this value to reflect the FULL PATH to your new email directory you created in your Bestcrypt container (ie. Z:\email). Close the registry and reboot your computer.
Upon rebooting, mount your Bestcrypt drive and open Outlook Express. You now need to import your mail and address book databases that you stored earlier. Once that is done, you are finished. Your personal email, newsgroups, and address book is stored away safely on your encrypted Bestcrypt drive until mounted. Try it out! If you attempt to access Outlook Express without your Bestcrypt drive mounted, the program will simply attempt to create a brand new mail database. Mount the drive, and Outlook Express will run without a hitch.
Installing Other Common Programs:
There are many other programs that are available to the Internet user. Fortunately, virtually all of them are not as picky as Outlook Express when it comes to installing on a removable drive. Here are some common programs and reasons why you should install on an encrypted drive.
| Program | Reason |
| Chat client | Many IRC clients have the ability to store log files, and in some cases stores personal data that you use to access IRC. By default, most IRC clients store all downloads in a subdirectory off of their program directory. These directories cannot be changed to a removable disk without a lot of trouble. By placing in your Bestcrypt drive, you no longer have to worry about unattended downloads or risque log files. |
| FTP client | FTP clients, much like IRC clients, store log files and other miscellaneous data in their program directories. A more serious threat, however, is access to your stored personal FTP sites, along with your username and password. By installing into a Bestcrypt drive, you secure your FTP site list, personal data, as well as downloads that are placed in the default program file directory. |
| Newsreader | With all of the interesting newsgroups out there, sometimes curiosity gets the best of all of us. This being said, you must remember all newsreaders store at least the headers from your group locally (on your hard disk). If you frequent alt.future.serial.killers or alt.i.am.above.the.law, you may want to make sure all this potentially incriminating data is being stored in your Bestcrypt drive by installing your newsreader directory into it. |
Another feature that makes Bestcrypt a complete package is it's free BCWipe utility that also comes bundled with the commercial software. More on this in a moment.
Ok, you now have more files installed on your Bestcrypt drive than on your main drive! You've secured your login and TweakUI'd yourself silly. That's it, right?
Wrong. You've successfully protected your data your physical data, but what about the data that you thought you got rid of? Or the data that your web browser conveniently stores so you can access it faster?
Even if you just bought a computer to keep the papers from blowing off your desk, you've probably heard the term "RAM" before. Computers live off of it. RAM (Random Access Memory) is like the desktop working space of a computer. The more RAM, the more working space, the more the computer can get done at one time. Computers are continuously storing information away in RAM for later retrieval. You can test your computer to see this. Open a large program that you haven't opened since you booted (Office, Photoshop, and Corel work well) and take notice how long it takes to load. Now exit out of the program and open it again. Wow! You could only wish it opened that fast all the time!
Aside from using RAM to store often accessed data, computers also use other means. Among the most popular, and the most dangerous, are the swap file and cache.
Every major operating system uses a swap file of some sort. This file is used randomly for storing data that you are currently or recently accessing. This file has a horrible tendency of growing very large as your computer's RAM grows (In most cases, many OS' base the size of the swap file on the total system RAM, thus effectively 'doubling' your system's usable memory). The swap file is perhaps the hardest file to keep control over, because you really never know what is being stored to it. A good rule of thumb however, is just bet that anything you do will be stored to it. Therefore, the best alternative to completely masking your computer activity is to disable the swap file. (In Control Panel, choose 'System'. From there, choose the 'Performance' tab, then 'Virtual Memory' and disable the setting.)
When talking about cache in general, you are actually talking about many different types, including RAM itself. Cache is the designated word for memory a computer uses to store frequently-accessed and recently-accessed data. While your computer has its own levels of cache, both internal and external, many programs such as web browsers designate an area to store their own files.
Browser cache is simply a directory structure designed to save files that are frequently viewed on the browser. This can be images, tables, forms, and graphics in general. Unfortunately, your web browser doesn't have the ability to distinguish which web sites you want to have cached, so it just caches all of them! This poses a problem, especially when you have private or adult web site content that has been stored in the cache.
There are numerous ways to get around this. One way both applies to Internet Explorer and Netscape Communicator, the two more popular web browsers. Accessing your Options/Preferences menu, you can adjust the amount of cache disk space alloted down to a relatively low number, thus practically guaranteeing every time you visit a website, it will overwrite the previously stored website. You can also manually clear the cache in the same screen. This is highly recommended if you frequent many sites which pose a threat to your privacy.
However, there is an easier way to take care of this.
Cookies are the name given to small files of information that websites store on your computer when you surf onto them. They are a complete threat to your privacy, as many websites allow the full exchange of cookie information unless you specify otherwise (by default, the two web browsers mentioned have no restrictions). Cookies are used to log your surfing interests, name, personal information, and other valuable information that comes in handy in marketing. You have the option in all browsers to disable cookies, but sometimes this presents a problem with sites such as web-based email. Again, a quick and easy way to take care of this is to follow.
Did you know that every time you open a program in Windows, you are being watched? Yes, in a way, that's what you call it. Windows 98 stores log files of every program executed, that contain information such as what runtime files were accessed, what external programs were spawned, and other such stuff. If you want to view these logs, explore the directory C:\Windows\Applog. Use Notepad to open any .LGC file, but watch the directory; a logfile appears for the program you are using to view logfiles! Read the next section for more on how to do away with this un-needed information.
You now have see just a few of the reasons you need to be more secure. Now lets find out how to secure it. All the files mentioned above can be removed without you even lifting a finger, aside from the initial task to make it all work.
Batch files are a long-lost secret of MSDOS, that was conveniently carried over into the Windows Shell. They are simply files that allow you to automate processes by writing code to instruct the computer what to do. Using batch files, you can automate the process of deleting all the files mentioned above every time you reboot or even more often. How do you do this?
A common file named autoexec.bat is called by Windows 98 every time your computer starts, initializing things like the sound card and CD-ROM drivers. By inserting the appropriate code, you can also have it erase anything you want prior to arriving at your Windows desktop. Start by exploring your root (C:) directory, and finding the autoexec.bat file. Open it in any editor and add the following lines:
@ECHO OFF
deltree/y c:\windows\cookies\
deltree/y "c:\windows\temporary internet files\"
deltree/y c:\windows\temp\
deltree/y c:\windows\history\
deltree/y c:\windows\applog\
ECHO Batch process complete.
This effectively erases all of the files found in these directories and all subdirectories upon loading Windows 98. If you are a Netscape Communicator user, follow the syntax for the above commands, inserting the appropriate links to your "Cache" directory also. Keep in mind if there are spaces in the directory name, you must enclose the full path in quotes, as seen above. It may look something like this:
deltree/y "z:\Program Files\Netscape\Communicator\Users\Dave\Cache\"
The next time you reboot your computer and the Windows 98 splash appears, hit Escape and watch as all your cached files are done away with. You may also want to create a copy of this batch file, rename it, and place it somewhere that you can access while you are using the computer. Then, whenever you wish to clear the directories during usage you can simply click on the file and execute it.
Temporary files are created by many programs when you load them. They are what they are named, temporary files used for various tasks performed by the program. A good idea is to get in the habit of clearing these files too, by using the Find tool in the Start menu. Exit out of all programs, search for the file mask *.tmp, and delete all occurances.
There once was a time when if you deleted a file, there was no way to bring it back. Then came a useful little utility named "Undelete" that somehow, magically made it reappear. Along came Windows which packed that useful utility along with it, and then the upgrades, in which the Recycle Bin made it's first appearance.
However, you could always easily retrieve your deleted data. How so? Data that is deleted is never really gone at that moment. Think of it as that annoying substitute teacher you had who used to erase the blackboard, but you could still see all the shadowy writing after he was done. It was not until she wrote overtop of it, or wiped the blackboard clean with a sponge, that you could no longer read the writing.
The same applies for hard drives. When you delete a file, you are simply removing the reference to it from your index of viewable system files. 99% of the time, the actual file will remain on your hard drive until another file needs the space, or you wipe the free space clean. In order to be secure, you need to make sure those two processes happen immediately.
Defragmenting basically organizes your hard drive. When storing information, hard drives don't have any particular order. They like to mix things up, literally. As a result, a lot of space gets wasted that is otherwise good to use. Running a defragmentation program organizes a hard drive into used space and unused space, and places the used space in the quickest accessable area for better performance.
Before you use the next utility, you want to make sure your hard drive is defragmented by using the System Utility that comes with Windows 98.
I mentioned this program earlier, and this is why. It is one of the most essential programs that you can have in your arsenal. BCWipe prevents access to your deleted files by overwriting them immediately. It also features a swap file and free space wiping option.
BCWipe adds a "Delete with Wiping" option to your right-click menu when you install it. Use it! Every time you delete a file using this method, it will randomly write data to the file's previously used space, essentially making the file unreadable.
Also, the night you get this program, you should plan on performing a Free Space wipe of all available storage drives. This option is found by right clicking in Windows Explorer on any hard drive. Choose to use a the DoD extended pass wiping for extra precaution. Wiping an entire hard drive will ensure that your deleted data will never return.
On a side note, BCWipe wipes the free space on the swap file every usage, which is yet another powerful feature that puts your mind at ease.
The methods listed are by all means the absolute MINIMUM you can do to protect yourself. If you are interested in further protecting yourself, you should look into the following:
Any web search engine will bring you plenty of hits on those keywords. Also, check out the following links for more information.
Simcoe County, York Region, Toronto GYTA, Ontario, Canada
Prevent snoops from tracking your
internet activities.