ad info
   personal technology

 Headline News brief
 news quiz
 daily almanac

 video archive
 multimedia showcase
 more services

Subscribe to one of our news e-mail lists.
Enter your address:
Get a free e-mail account

 message boards

CNN Websites
 En Español
 Em Português


Networks image
 more networks

 ad info




Protect against Trojan Horses


January 17, 2000
Web posted at: 11:02 a.m. EST (1602 GMT)

by Brian Livingston

(IDG) -- My last two columns have described two major problems that afflict Windows users' privacy and security on the Internet. In this week's column, I give you two tools that attempt to deal with these issues.

The first problem is that marketers have found a way to send you e-mail that links your e-mail address with your computer's IP address, browser version, and other data. If you've given your real name, address, and e-mail address to anyone (using electronic commerce, for example), you are now in a database.

Web sites that purchase this database can find your real name from your IP address when you merely look at one of their Web pages.

The second problem is that malicious hackers can run destructive ActiveX controls, JavaScript, and Java applets on your PC when your browser merely looks at a Web site or your e-mail program displays a message (without even opening an attachment).

These programs can change or destroy data on your hard drive, or install a Trojan horse. The hacker uses such a program to scour data files from your PC or from your entire network.

These problems can potentially affect your company, even through a firewall. A firewall typically rejects outside communications to an Internet-connected PC, unless the communication was requested (as when a browser requests a Web page). But a Trojan horse can transfer data on port 80, which is used for Web traffic. Most firewalls leave port 80 open. If they didn't, PC users wouldn't be able to see Web sites.

Quite a bit of news was generated recently by RealJukeBox. This music player accessed the Internet to send its creator, RealNetworks, data about the music files you play. A critique by security consultant Richard M. Smith is available here.

This behavior, in which an application accesses the Internet without your knowledge, can be more dangerous than simply revealing your musical tastes. Any applet that opens a channel to the Internet poses a risk in which nefarious persons can use the link to access your system.

For example, take the Server Management Agent software that is installed on Compaq machines running Windows NT or NetWare. In its original configuration, this software allows "any user with access to the Internet protocol port 2301" -- the device management 0port -- to read any file on your system, according to Compaq. (For information and a fix, go here.)

  InfoWorld home page
  The perils of privacy
  Contain your e-mail
  Reviews & in-depth info at
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for IT leaders
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Stopping the unauthorized flow of data from your system is the goal of a new, free program called ZoneAlarm. This utility, developed by San Francisco-based ZoneLabs, displays all processes that access the Internet from your Windows NT, 2000, 98, or 95 system. You can configure it to deny Internet access to unauthorized programs or block all Internet access after a period of inactivity. To get ZoneAlarm, go to

The first problem I mentioned above is as serious as the second. If a malevolent person knows your e-mail address, your browser version, and the IP address you're currently at, he can try to access your system -- perhaps using a weakness peculiar to your browser.

If successful, that person can deposit something like Back Orifice 2000, a Trojan horse that sends your data files out to be searched automatically.

This is a factor in the increasing incidence of identity theft. Credit theft reports to Trans Union, a large U.S. credit databank, are up from 35,000 in 1992 to 500,000 in 1997, according to the Federal Trade Commission.

With a person's Social Security number and birth date, crime rings can acquire credit cards and ruin your credit. Quicken financial records and many other files contain exactly the information these rings seek.

The fact that Web sites can find out your real name if you browse them has serious consequences, too. With a database of all the Web sites your browser has touched in the last 12 months, someone who doesn't like you can select a few URLs that would make you appear to be quirky or even dangerous.

Protecting yourself from these threats is the aim of Freedom 1.0 (software that gives you any number of untraceable e-mail pseudonyms). It also protects your IP address and other information while you use the Web, telnet, chat systems, or newsgroups. Freedom operates with a $50 a year service (or a free trial) available from

Brian Livingston 's most recent book is More Windows 98 Secrets (IDG Books). Send tips to He regrets he can't answer individual questions.

Viruses anew pop up post-Y2K
January 5, 2000
Top 10 antivirus downloads
December 27, 1999
Y2K: A good time to boost your virus protection
November 4, 1999

Read an e-mail, lose your privacy
The perils of privacy
(Network World)
Self-destructing e-mail
(Network World)
Spam: There oughtta be a law
Secure your e-mail with Interosa
(PC World)
Another spam bill headed for Congress
Contain your e-mail
(PC World)
McAfee protects the paranoid
(PC World)
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.