Author: Sandra Prior
Most people won’t have File and Printer sharing enabled on their home computers, but they may still have other vulnerabilities. Windows XP comes with web server and remote administration disabled by default.
And then there are those port scanner programs hackers use, scanning the Internet for vulnerable PCs. Some sites, such as Shields Up, make great play of this, especially having the key Netbios ports 135-139 open, but fail to clearly explain exactly what hackers can do with them.
The fact is that even if a hacker did interrogate these ports, all they would retrieve is your computer and workgroup name, along with its description – no big deal for a stand alone home system. Still, you may want to close these ports anyway.
There are also personal firewall programs which can detect and stop attempted probes into your system. Windows XP comes with a firewall by default, but this is a one way firewall. A more secure, and free firewall is zone alarm. If you are a novice its best to stick with the default Windows firewall, but if you’re a more advanced user and familiar with most technical details on your computer then you may consider it best to install a more secure firewall like Zone Alarm, or something else.
Firewalls can detect and stop probes into your system. If your system is properly secured, any probes will have no effect at all, so all the firewall is doing is telling you about them. It’s better to spend time checking your computer’s security rather than spend money on a firewall.
The Real Danger
Anyone who knows about Trojans will realize that it’s not entirely safe out there. A Trojan differs from a virus in that it appears to be a useful program, which you happily install and use. Unfortunately for you, the apparent function masks something much nastier. The real payload can be anything the author likes, but the particular type of program we’re interested in is known as a ‘backdoor Trojan’.
One of the worst is known as SubSeven. Once you’ve installed the active part (the ‘server’, which can be bound to any other EXE file so you’ll never know what’s going on), it attempts to broadcast to its author via IRC every time you go online. They can then use the ‘client’ part of the program to literary take over your computer. Of course, it’s unlikely to do anything dramatic immediately, but the potential features are very dangerous indeed.
It can log key presses, for example, even while offline, then transmit them to the author, so anything you type (passwords, credit card numbers) is at risk. SubSeven also has a comprehensive file manager, enabling the remote client program to browse your system, accessing or running any file on your computer. And if you really want to be scared, email us for the complete list of the 113 functions it is able to perform.
Don’t be Complacent
It’s easy, and certainly more comforting, to imagine that you won’t be affected by a Trojan like SubSeven. After all, setting up and using something like that must be a very difficult process, right?
Wrong, Unfortunately – take a look at SubSeven. Anyone can download the program, and even get help about how to use it, just like any other software package. It’s easy and it’s free; kids could set it up (and some probably do).
But surely your anti virus program will be able to detect it? Well, maybe, but the author of SubSeven has a way to bypass that. New versions are released frequently, with more powerful features than the last, and once the server part is installed on your system it can be updated remotely. This means that by the time your anti virus software knows how to pick up one version, the copy on your system might be quite different.
And what’s more. SubSeven is only one program with these capabilities. There are hundreds, maybe thousands of programs exactly like SubSeven equally capable of permitting others to access files on your computer. Trojans like this are the biggest Internet threat to the security of your system, so what can you do to protect yourself from them?
Get the Right Advice
One thing you should not do is simply download and use the first Trojan detection program you can lay your cursor on. Beware also legitimate software that makes excessive promises. Promises that it will detect and remove all known and unknown Trojans. If it’s that good, why is the program already at version seven?
All detection software requires frequent updates just to keep up, and no one can guarantee to defeat all future threats.
About the Author