This month I need to discuss firewalls: intrusion detection and control.
The subject is not because it is the "in" thing to do but because, in the past few months, there has been a tremendous surge in break-in capabilities and the seriousness of the resultant effects.
It used to be that kids would break into a machine and merely tell the world that they had been there. Now they are modifying your hard disk or deleting files at will, which is really very expensive in time and money to recover from.
Don't for a minute think that the fact that you are using a dial-up modem is going to protect you from an intrusion. Forget it. While the risk is somewhat less, the interface to the rest of the world is identical to the interface presented by a DSL or cable modem - just slower. I expect that the hackers will begin to target the modems even more earnestly.
My reaction to finding a virus on my NT machine wasn't happiness. There were three pages of instructions on how to rid the machine of the virus. As a result, as I was setting up a new machine, I needed to take heroic actions to assure that I did not allow any viruses to arrive on that machine.
The first attempt to install a firewall didn't work out well. It is well known that a Linux machine can act as an effective firewall—all it takes is two Network Interface Cards (NIC). Unfortunately, when I ran into problems, I could not establish where the problem was, so I abandoned it the project.
So that left me with a new machine directly connected to the Internet, and a probe of my machine showed that I was extremely vulnerable.
So I bought an instant firewall in the form of a Linksys router (Model BEFSR41 $160) which showed, on a self-initiated probe of the machine, that the security was, indeed, much improved. The only remaining port open was port 139 (NetBios) which is a very common one to have open and to have probed to allow intrusion.
In case you have thoughts of getting your own Linksys router, the reason I chose the more-expensive BEFSR41 model was because I use more than one computer here at my home. Often, on Saturday morning, I have the clinic and rather than take lots of time loading critical software by the clients modem, I put in a NIC and load at full DSL speeds. If I were to do this without the 4 ports that the Linksys BEFSR41 has against the smaller single port BEFSR11 ($99), I would have to either buy a small router ($25) or not be able to do simultaneous operations with the clinic machine and the general support machines. So the investment is worth it and I encourage you to follow suit if there is even the possibility of more than one machine simultaneously in the home, even if for a short time.
Because the self-initiated port probing still showing deficiencies, I decided to install Zone Alarm, a freeware port monitor that has very good feedback capabilities.
I have to tell you that my first encounter with Zone Alarm on my NT machine was a total disaster as it froze the NT machine. Somewhat anticipating a possible problem, I had made a backup just prior to the installing of the Zone Alarm, so all I had to do was roll back to before the install. Another advantage of having total backups.
Anyhow, after making a backup, I installed Zone Alarm onto my Windows 98 Second Edition. At first it seemed balky, but I presently realized that I had set security too high which precluded the program from adjusting itself to the programs on my machine. Having sensed this, and having set security quite low, the first of my routines requesting access to the net was logged. Thereafter, I chose to force the issue by activating, one by one, about eight programs that could be expected to utilize access to the Internet.
When that was accomplished, I again probed my machine using WWW.GRC.COM and the errant port 139 was closed. My machine was then fully stealthy. I didn't exist on the net unless I started the activity. That is the way it should be.
To verify that I wasn't just tuning the machine for only one port prober, I then went to www.earthlink.net/freescan. This confirmed that the PC was secure and the threat was eliminated of outside factors causing my machine to be invaded by outside hackers and being made a host for Denial of Service attacks, Trojan horse attacks, and similar problems.
All of the above handles the attacks but does absolutely nothing to control viruses and associated problems that come in legitimately via attachments to e-mail and documents.
So I started in again by dumping McAfee and buying a copy of Norton Anti-Virus. While some things have to be said for McAfee, the poor performance on handling a virus made my decision easy.
The Norton Anti-Virus was NOT loaded as part of any other package. You want to install the program from a stand-alone package because the packaged wrap-around products often cause more problems than they are worth, especially Crash Guard that seems to make machines crash..
The scheduler of Win 98 is used to automatically update the virus files at 7 p.m. each night and the machine has all of its files scanned automatically at 3 a.m. I am not aware of all of this it is all automatic.
By putting in place the above procedures, you can, with impunity, go about your computer-related activities and ignore the sea of hackers and kids playing with your life through the Internet.
Regards,
Jim
Members present: Nat Landes, Stan Hutchings, Mildred Kohn, Robert Mitchell, John Buck, John Sleeman, Patricia Corrigan, Bev Altman, Kendric Smith and Jim Dinkey.
Treasurer's report: there is about $6800 in the SPAUG account. Jim will buy a new bulb for the projector for about $185. Our good financial condition is due mainly to the efforts of Kendric Smith and Jim Dinkey: Kendric for getting our web hosting and listserv provided gratis by MNC, and Jim Dinkey getting use of the Elks Lodge. In addition, Jim and Kendric edited and published the very successful Christmas 2000 CD-ROM. Jim also asks people he helps at his Saturday morning workshops to contribute to SPAUG.
The schedule for speakers is set for March, April and May. June and July are open, but Rick Altman is possible for June. August is set. Then September through November are open. We decided Google would be a good speaker, and Jim is trying (without much success) to get in contact with the proper division of Microsoft. Jim has a backup presentation ready if a speaker doesn't show up.
Jim Dinkey outlined the process for getting speakers:
Jim will have a long message from the Prez, emphasizing virus protection and security concerns. One quick fix is to switch to a different email program if you are using MS products, since they are particularly targeted for attacks. Eudora would be a good alternative, it is on the club CD-ROM.
John Sleeman will try his hand at updating the website this month. All final copy should be copied to him, in addition to Stan.
We decided in addition to coffee, some good cookies (perhaps from Costco or Trader Joe's) would be welcome. Mildred volunteered to pick up a package. It looks like the second round of coffee could be reduced to two jugs; four jugs was too much.
The meeting schedule was discussed. We decided the speaker should allowed to choose whether to go first, or be a "grand finale". Some speakers might want to leave early, if they have far to travel; but others might want to stay and answer questions, sell their product, or see the raffle. It would be a courtesy to the speaker to give them the choice. CrossTalk (Random Access) can be continued on the SPAUG listserv. The listserv might be a better vehicle for some problems, because it is hard to remember exactly how to solve some problems.
Jim proposed a Home Networking SIG, to be followed by a ICS SIG. More information and schedule will follow when Jim can decide how to organize and run the SIG.
Fry's offers Earthlink with an introductory offer of a dollar per month for the first month, which Jim Dinkey recommends. The offer is for Earthlink's dial up modem service, but DSL may also be available.
Hank to Skawinski's price lists for his computers are available from Jim. They are also available online.
Question: are any one day computer courses available?
Answer: the Palo Alto adult school offers courses beginning soon. Also, check the WebSite.
Problem: while Arachnophilia is open, opening Netscape Communicator causes a fatal error. The error continues even after rebooting.
Micro-center has in-store and online help available.
APC has an uninterruptable power supply (UPS) that is good for the brown-out/rotating power out conditions that have been affecting our area recently at their WebSite www.apcc.com. Sometimes re-conditioned units are available at a very good price. Expect to replace batteries about every three to four years. The Allied catalog has replacement batteries at a big savings over the APC price.
Problem: Netscape Navigator 4.74 got overloaded when the inbox had approximately 10,000 files.
Advice: don't let the inbox get so full! Find the file and back it up.
Question: where is the control that tells control-right arrow to advance to the next word? If it doesn't work, how can you fix it?
Question: is there a way for Windows NT to perform defragmentation?
Answer: use DiskKeeper, a program from Executive Software.
Problem: Norton Utilities and Crashguard seem to cause problems with stability. DiskDoctor seems to be okay, but never use speed disk; and use other tools carefully. Run Norton Utilities from the CD, do not to install and run on your computer.
Jim Dinkey is proposing a networking (peer to peer for the home) class/special interest group. After that, perhaps an Internet connection sharing class. ICS allows several computers to share one modem. This feature is available in Windows 98 SE.
Jim Dinkey is using a daily upgrade for virus protection. He uses Norton's product; McAfee is not adequate anymore. He has a LinkSys router that cost about $160, which blocks ports and controls access. The Internet site grc.com will check your computer for vulnerability to hackers probes. Jim added ZoneAlarm, a free product that acts as a firewall. He recommends starting at a low security level, then increasing security as you gain familiarity. Earthlink also has a vulnerability checker that finds even more vulnerabilities than grc.com. The LinkSys router is probably overkill; ZoneAlarm is probably sufficient for most users.
Jim Dinkey has found that EarthLink blocks a lot of Spam.
There will be an auction of CorelDraw 8.0 at the next general meeting.
eGems was designed to gather pieces of data, especially collected from the Internet, and organize them. It also keeps track of the data source. Click and drag data "gems" to a "chest"; data includes bibliography data (source, date, notes, etc.). The data is compressed and stored on the hard drive. There is also a link to the source. You can send eGems as email, if the user has the free plug-in viewer available from eGems.
From the eGems application, you can drag and drop to another application, such as Word, Excel, PowerPoint, etc. this makes it useful as a source of boiler plate text, or converting eGems to a final document. Graphics are saved as bitmap files, then compressed to save space. However, eGems is not meant for high-quality images. The retail price is $60; at tonight's meeting it will be for sale for $40. The Quicklink Pen from Wizcom Technologies www.wizcomtech.com is available for $135.
