Is your PC safe?

Many home PC users wonder about the safety of their own systems. While there’s a good chance you don’t have much data on your computer that would be of value to an al-Qaida operative, the system sitting in your den could be used by online evildoers in a variety of ways, if you don’t take basic precautions.

Still, a lot of bad information is out there, making home users unnecessarily jumpy. Here are some of the most common beliefs about home PC security, and the real story behind each one:

Just being online is risky. False. Merely connecting to the Internet does not automatically expose you to great danger. This is particularly true for dial-up users whose computers are not connected to a network. The simpler a setup you have, the safer you are. What makes you vulnerable online? Three things: An improper Windows network setup, in which you unwittingly expose shared folders and drives to others online; failing to keep up with the various patches and fixes for your operating system and Internet-related applications; and your own behavior.

Windows makes it relatively easy to share files and folders across a network. But if you don’t take precautions—such as a software or hardware firewall and password-protecting shared folders and drives—you run the risk of allowing a hacker to link up to your machine as though it was his or her own.

By not keeping up with the fixes for your software, you could be open to attempts to exploit flaws in your programs. While these kinds of flaws are most common in Microsoft’s operating systems, Macintosh, Unix and Linux users should not feel too smug. There are problems with those operating systems as well. Be religious about checking for these things.

Finally, practice safe computing. People too often open email attachments without thinking, which explains the quick spread of viruses. Your rule of thumb should be this: If you get an attachment you were not expecting, even if it is from someone you know, do NOT open it. Period. Contact the sender first and ask if he meant to send it.

The announcement of a hole in a software program means its users are immediately vulnerable. False. Just because Microsoft or some other software company announces a new security issue doesn’t mean there’s a hacker tool—or exploit—that takes advantage of it. In most cases, the announcement of a problem precedes an exploit, often by several months. For example, the Code Red worm takes advantage of a problem of the Web-server software built into Windows NT and 2000—but a patch was available long before Code Red began making the rounds. In other words, just because there’s a round hole in a program doesn’t mean there’s a round peg that yet fits it.

The attacks you’re seeing (thanks to the new firewall software you just installed) means hackers are coming after you. False. More and more people are installing firewall software and hardware on their computers, and that’s good, particularly if you have a DSL connection. But many of those users freak out when they see the logs those products generate. They show what appears to be wave after wave of attacks against that specific computer, as though hordes of hackers are massing on the virtual shore.

Here’s the right way to look at what you’re seeing: It’s nothing personal. What’s happening is that hackers—usually curious amateurs known as “script kiddies”—are running automated programs. They randomly probe at the numeric Internet protocol addresses that all computers are assigned when they connect to the Internet. Often these probing programs are designed to focus on the IP addresses most often associated with home cable and DSL users. They are running through a list, probing, and then logging any they see that appear vulnerable.

The good news is that if you see by your firewall logs that a probe has been detected, then, your firewall is actually doing its job. Properly configured, your firewall should be preventing a hacker’s probe from receiving a reply, making your PC appear invisible to the outside world.

(Franco O. Mendoza is Systems Administrator of Verizon.)