So you have a firewall and an antivirus, perhaps even a dedicated anti-spyware program.
You feel safe and secure. And then one day, without warning, you’re locked out of your Liberty Reserve account and hundreds of dollars worth of your sweat and blood are gone in instants. Out there, some smug hacker is grinning, displaying a perfectly uneven row of rotten yellow teeth.
Where did you go wrong? Was your firewall not expensive enough? Did you not update your antivirus often enough? Did you anger the gods? Is that dog you ran over last month coming back to haunt you?
In this post I’m hoping to give you a brief glimpse into the mind of a hacker and give you a few extra precautions that you can take in addition to those you already have put in place.
The first thing you need to realize is that computer security is a chicken-and-egg problem that just won’t stop cropping up. What I mean by this is that regardless of whether the hacker or the security developer came first, they’re always going at one another trying to defeat each other’s work. As a consequence, every system, no matter how iron-clad, is going to have a flaw. No one might have found it yet, but it is there.
Take quantum encryption. It costs $50,000 per node and it’s claimed to be unbreakable since any observer would disrupt the system and change the code, making it unuseable. But even the owner admits that since the lasers sometime Liberty Reserve spew out more than one code by mistake, there is a theoretical possibility of a hacker getting hold of one of them and decoding that one without the people behind the two nodes knowing.
Now, you must be wondering where I’m going with all this. The conclusion is simple: whatever you do, your system will always be vulnerable. You can reduce this risk until it is practically non-existant, but it is still there.
There is one piece of good news. Hackers are like the rest of us, they like easy money. They don’t want to spend months trying to hack away at your computer if all they think they’ll get is a few hundred dollars. This works in your favor, because if you can make it hard enough for a hacker to get into your system, chances are they’ll just give up and move on to the next one. After all, unless you’re boasting online about being a closet billionnaire, they have no reason to stick around…it’s a pointed waste of time.
How to wear a hacker down
Forget what you’ve seen in the movies. It will usually take a real-life hacker a long time to get your Liberty Reserve password. First, he needs to find a way into your system. Then, he needs to plant a backdoor. Finally, he needs to wait for his backdoor to tell him your Liberty Reserve password. If he’s a really good programmer, this step might be automated and the only thing he might have to do is break in. If he’s not, he could be sifting through useless data for days.
Note very carefully: A hacker will assume you use a firewall and antivirus! Actually, an antivirus is useless against a hacker…he doesn’t want to destroy your computer, he just wants your money (hopefully). An anti-spyware program is useless as well – the hacker will just write his own backdoor and the anti-spyware program won’t pick it up. The only problem for him is really getting the backdoor into your system, i.e. circumventing the firewall.
Now a hacker trying to circumvent a firewall will most often (I may be wrong on this – correct me if I am) attempt to enter by using another program which has access to the internet. This is why security flaws in internet explorer are so critical. So if you’re going to make a hacker’s job harder, you want to be doing three things:
1) Configuring your firewall properly, i.e. setting it at least on “medium” security (depending on the firewall you use) and regularly going through the list of programs with internet access to make sure you don’t see any mean-looking things.
2) Making sure every program you have on your computer that is on your firewall’s list for internet access is up-to-date and properly configured security-wise. I’m not going to digress into internet explorer’s security settings since I think some users in other threads have done that already.
3) Manually checking for strange connections. To do this, go to the command prompt (start–>run and type “cmd” then press ENTER) and type “netstat -o” and press enter. A table should have come up. Unless you’re acquainted with the common ports trojans use, you can ignore the first three columns and skip to the last. These numbers tell you which programs are using the internet at this moment. Write the numbers down and close the window. Now press ctrl + alt+delete to bring up the task manager and click the “processes” tab. To make your life easier, sort the processes by pID by clicking once on that column. Now look up the numbers you wrote down to see to what programs they correspond. Anything looks suspicious, then google it.
Congrats! You’ve just become your own firewall.
He’s in! What do I do?
OK. Suppose that a hacker has already gotten into your computer, bypassed your antivirus, firewall, and anti-spyware software, and that there is a backdoor program running on your system right now. How do you find and destroy it?
Well, first, let’s think about this logically. A backdoor program, to be effective, needs to run every time you start your computer. Therefore it has to be on a startup list. So let’s examine the startup list manually. Go to start–>run and type “regedit”. Then use the treelist control left of the screen to navigate your way to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run.
This is list of the programs that are set to run every time your computer starts up. Go through them, looking for odd filenames. Now you may be asking: what makes an odd filename? Generally, a hacker will do one of two things: he will create a pseudo-random filename (e.g. “adflkj.exe”) or one that imitates a program on your computer, e.g. “svchost.exe”. Very rarely, you’ll see something like “trojan.exe” but that’s just ridiculous and stupid on the hacker’s behalf. Let’s assume you don’t see any pseudo-random filenames you didn’t already know and that there aren’t any “ripoff.exe” programs hanging around. You must verify that the processes in the list are in the right local path. There can be more than one “svchost.exe” running at once, but they may not all come from the windows directory where the real svchost program is located. Generally, if you google these programs you can find out where they’re supposed to be located. Any discrepancies should be taken as suspicious, but don’t start trashing everything that doesn’t follow your expectations!!