ad info




CNN.com
 MAIN PAGE
 WORLD
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
* TECHNOLOGY
   computing
   personal technology
 SPACE
 HEALTH
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 ARTS & STYLE
 NATURE
 IN-DEPTH
 ANALYSIS
 myCNN

 Headline News brief
 news quiz
 daily almanac

  MULTIMEDIA:
 video
 video archive
 audio
 multimedia showcase
 more services

  E-MAIL:
Subscribe to one of our news e-mail lists.
Enter your address:
Or:
Get a free e-mail account

 DISCUSSION:
 message boards
 chat
 feedback

  CNN WEB SITES:
CNN Websites
 AsiaNow
 En Español
 Em Português
 Svenska
 Norge
 Danmark
 Italian

 FASTER ACCESS:
 europe
 japan

 TIME INC. SITES:
 CNN NETWORKS:
Networks image
 more networks
 transcripts

 SITE INFO:
 help
 contents
 search
 ad info
 jobs

 WEB SERVICES:

COMPUTING

From...
InfoWorld

Protect against Trojan Horses

virus

January 17, 2000
Web posted at: 11:02 a.m. EST (1602 GMT)

by Brian Livingston

(IDG) -- My last two columns have described two major problems that afflict Windows users' privacy and security on the Internet. In this week's column, I give you two tools that attempt to deal with these issues.

The first problem is that marketers have found a way to send you e-mail that links your e-mail address with your computer's IP address, browser version, and other data. If you've given your real name, address, and e-mail address to anyone (using electronic commerce, for example), you are now in a database.

Web sites that purchase this database can find your real name from your IP address when you merely look at one of their Web pages.

The second problem is that malicious hackers can run destructive ActiveX controls, JavaScript, and Java applets on your PC when your browser merely looks at a Web site or your e-mail program displays a message (without even opening an attachment).

These programs can change or destroy data on your hard drive, or install a Trojan horse. The hacker uses such a program to scour data files from your PC or from your entire network.

These problems can potentially affect your company, even through a firewall. A firewall typically rejects outside communications to an Internet-connected PC, unless the communication was requested (as when a browser requests a Web page). But a Trojan horse can transfer data on port 80, which is used for Web traffic. Most firewalls leave port 80 open. If they didn't, PC users wouldn't be able to see Web sites.

Quite a bit of news was generated recently by RealJukeBox. This music player accessed the Internet to send its creator, RealNetworks, data about the music files you play. A critique by security consultant Richard M. Smith is available here.

This behavior, in which an application accesses the Internet without your knowledge, can be more dangerous than simply revealing your musical tastes. Any applet that opens a channel to the Internet poses a risk in which nefarious persons can use the link to access your system.

For example, take the Server Management Agent software that is installed on Compaq machines running Windows NT or NetWare. In its original configuration, this software allows "any user with access to the Internet protocol port 2301" -- the device management 0port -- to read any file on your system, according to Compaq. (For information and a fix, go here.)

MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  InfoWorld home page
  The perils of privacy
  Contain your e-mail
 
  Reviews & in-depth info at IDG.net
  E-BusinessWorld
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for IT leaders
  Search IDG.net in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Stopping the unauthorized flow of data from your system is the goal of a new, free program called ZoneAlarm. This utility, developed by San Francisco-based ZoneLabs, displays all processes that access the Internet from your Windows NT, 2000, 98, or 95 system. You can configure it to deny Internet access to unauthorized programs or block all Internet access after a period of inactivity. To get ZoneAlarm, go to www.zonelabs.com.

The first problem I mentioned above is as serious as the second. If a malevolent person knows your e-mail address, your browser version, and the IP address you're currently at, he can try to access your system -- perhaps using a weakness peculiar to your browser.

If successful, that person can deposit something like Back Orifice 2000, a Trojan horse that sends your data files out to be searched automatically.

This is a factor in the increasing incidence of identity theft. Credit theft reports to Trans Union, a large U.S. credit databank, are up from 35,000 in 1992 to 500,000 in 1997, according to the Federal Trade Commission.

With a person's Social Security number and birth date, crime rings can acquire credit cards and ruin your credit. Quicken financial records and many other files contain exactly the information these rings seek.

The fact that Web sites can find out your real name if you browse them has serious consequences, too. With a database of all the Web sites your browser has touched in the last 12 months, someone who doesn't like you can select a few URLs that would make you appear to be quirky or even dangerous.

Protecting yourself from these threats is the aim of Freedom 1.0 (software that gives you any number of untraceable e-mail pseudonyms). It also protects your IP address and other information while you use the Web, telnet, chat systems, or newsgroups. Freedom operates with a $50 a year service (or a free trial) available from www.freedom.net.

Brian Livingston 's most recent book is More Windows 98 Secrets (IDG Books). Send tips to brian_livingston@infoworld.com. He regrets he can't answer individual questions.


RELATED STORIES:
Viruses anew pop up post-Y2K
January 5, 2000
Top 10 antivirus downloads
December 27, 1999
Y2K: A good time to boost your virus protection
November 4, 1999

RELATED IDG.net STORIES:
Read an e-mail, lose your privacy
(SunWorld)
The perils of privacy
(Network World)
Self-destructing e-mail
(Network World)
Spam: There oughtta be a law
(IDG.net)
Secure your e-mail with Interosa
(PC World)
Another spam bill headed for Congress
(IDG.net)
Contain your e-mail
(PC World)
McAfee protects the paranoid
(PC World)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

RELATED SITES:
ZoneLabs
Freedom
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.