By CHRIS BARTON
We know they're out there. Like sharks in the ocean, they can strike anytime.
But unlike sharks, with hackers you don't always know when, or if, you've been bitten.
Sometimes you'll know right away. That's when you notice your PC behaving oddly while you're online. Worse is when it won't start up next time because important files have been deleted.
Often you'll only find out a hacker has called when extra amounts start appearing on your credit card or internet account.
So what's a normal law-abiding netizen to do? For many of us, the answer is nothing. Mostly, real hackers - some of whom are motivated not by malice, but by making the inherently insecure internet a safe place - don't go after home users.
And overall, hacking incidents are still relatively rare. But increasingly, "script kiddies" - wannabe hackers using pre-written "Trojan" software that's freely available over the net - are posing a real threat to home users. Which means doing nothing is just tempting fate.
I asked John Thackray, manager of the police electronic crime group in Auckland, what he does to protect his home PC. He began by saying, "the only safe PC is one which is switched off."
Mr Thackray says such is the dramatic speed of technological development that systems are always vulnerable. But he has a few pointers.
If you're not using the internet, don't leave your PC connected. Yes, he knows that flies in the face of the convenience of "always on" connections such as Telecom's Jetstream, but sometimes convenience can come at too high a price.
Have good anti-virus protection, he says, and keep it up to date. But remember, "virus protection on a computer is absolutely useless unless you're getting regular updates."
Ditto for the software patches release for Windows and other Microsoft software. If there's a security upgrade, get it.
He points out that a lot of hacking isn't very technical at all, involving conman tricks - "social engineering" - to steal your password.
Sometimes users make it too easy by "hiding" their passwords under the keyboard, the first place a hacker will look. Or users are unaware of "shoulder surfers" peering over their shoulders as they log on.
The message: "Physically protect your password. Keep it to yourself."
Change your password often and make sure it has a combination of numbers and letters in capitals and lower case. "Don't use the name of your pet."
How else does Mr Thackray protect his home PC? If there's any important or sensitive information, he doesn't keep it on the computer he uses to connect to the net. He keeps it on backup disks or on a separate computer.
As well as anti-virus software, he is further protected from intrusion by personal firewall software. Plus, he uses monitoring software that tells him when someone or something (a program) is trying to get into his computer - what's known as "probing your ports."
Another who knows just what he's up against is Arjen de Landgraaf, whose company, Co-Logic, runs the internet security service E-Secure-IT.
He advises turning off default functions such as JavaScript and ActiveX in your browser and e-mail software. The settings are usually found under Internet Options in the Tools menu.
"Set them to have the programs prompt you, so that you can make a choice on whether to receive items using these tools or not," says Mr de Landgraaf.
Set your e-mail to receive only as text, not HTML (hypertext markup language). That way hackers can't send you bogus e-mail that makes your computer link to a web page and downloads a Trojan into your system.
Don't open e-mail attachments unless you know they safe. Remember that's how the notorious Love Bug virus got to do its work.
On his own home PC, Mr de Landgraaf uses monitoring software such as Zonealarm. For extra safety he encrypts (scrambles) confidential e-mail with software such as PGP (Pretty Good Privacy).
His strongest message is to be ultra careful with credit card details. Only give them up when you are 100 per cent sure of the web address.
It's mostly men visiting porn sites that get into trouble here, he says. The porn sites often ask for a credit card as verification you're over 18 - and further entice the unsuspecting with the promise that the site is free for a limited time.
What users don't realise is that they'll subsequently be charged something like $US20 a month. In some cases, it's almost impossible to get unsubscribed, and in such instances credit card companies are often unsympathetic.
Even if you don't cruise porn sites, your credit card numbers may end up in this nether region of the web if the card has been stolen by using a Trojan planted on your PC.
There's a very healthy trade in credit card numbers among the hacker community.
That is one of the many reasons not to let your PC remember password or credit card details - that is, to hold them in cache memory. It makes it far too easy for Trojans to grab them. "Flush your cache often."
Good grief. It's a minefield out there. Yes, says Mr de Landgraaf.
Watch out when using file-sharing software like Napster, too. Hackers are exploiting the security weaknesses in the program to infect your system with Trojans.
Meanwhile, the Government drags its feet on hacking legislation. Cyber-vandalism and hacking still are not illegal in New Zealand.
All the more reason to be vigilant. Watch your ports...
HOW TO FIGHT BACK
Secured, a local "anti-Trojan warfare" site which tells what Trojans are and how to deal with them.
Trend Micro - If you don't have anti-virus software installed, Trend Micro's free online virus scanner will check you out online.
Pro-Tect 2000 - If you want to install some additional defences, this a great site for free tools and services.
Shields Up - Here's where you can find out just how vulnerable or secure you are. Check out "Test My Shields!" and "Probe My Ports!"
Some tools recommended by security consultant Brad Price (www.webfusions.com):
eSafe Desktop
SurfinGuard
MailWall
FlowProtector
AVX Script Wall
The Cleaner
Read more:
New breed of easy-to-use firewalls put to the test
Safeguard your PC against hackers planting Trojans
AdvertisementAdvertise with NZME.
