Surfing With Security

By Glenn Hefley

The Microsoft Security Bulletins for December 2005 have told us about problems
in the security area of the Microsoft Windows and the Internet Explorer web
browser. The problem is a hole in the security area of the Active X controls.

With this problem exposing your computer, a program can be forced to download
and run without your knowledge, by simply visiting a web page or opening
an HTML email message. The program or code can be arbitrary, or very damaging
to your system. Most of the known exploits are installations of spy-ware
and
ad-ware onto your system.

You can read CERT warning for this security problem on the US-CERT website.

Microsoft Security Bulletin Summary for December 2005 -

Of course this isn't the first problem that the IE web browser has had over
the years, and it is fairly certain this won't be the last. So what can we
do to protect ourselves from problems like this? Thankfully there are several
things we can do, to place a few barriers between us and those who would damage
our systems for their own gain.

Before we get into these ideas, let's go back to the CERT website (www.cert.org)
CERT was started back in 1989, following the Morris worm incident, which brought
10 percent of internet systems to a halt in November 1988. Since that time
CERT has been around to tell us what is going on in the security areas of the
Internet world. Recently Homeland Security decided that they wanted to get
into the action and created the US-CERT website (http://www.us-cert.gov). Both of
them publish the latest high risk security problems.

Reading CERT every day however, gets boring, or at the very least, depressing,
as you begin to realize how many problems are really out there. We also start
to wonder why, with all of the security holes and exploits reported every month,
the computer is running at all. A great deal of that has to do with CERT teams
making news and repair information readily available to the System Administrators.
The rest of our protection we have to prepare on our own.

Windows XP added several features giving us a great deal of protection. A
firewall, for example, keeps unwanted connections off our computer, but the
problem described above isn't stopped or even checked by our firewall. So before
we get into some general ideas, let's look and see what we can do specifically
for problems like that one.

ActiveX is a type of programming created by Microsoft to add functionality
to websites that are created to be viewed using the Microsoft IE browser. There
are projects which give ActiveX ability to browsers like Firefox (http://www.iol.ie/~locka/mozilla/mozilla.htm)
but the main ActiveX browser remains IE.

In IE we can turn off the ActiveX controls and only allow the sites that we
trust use ActiveX programming. You can get the information and instructions
on how to do that on this website here (http://www.microsoft.com/athome/security/online/browsing_safety.mspx#2 ). To enable ActiveX for a web site, add that site to the Trusted Sites Zone.
The default settings for the Trusted Sites Zone enable ActiveX.

Microsoft also has a new update to help protect against this exploit, but
it is better to simply cut the access off completely, unless you trust the
website.

Another thing we should be doing, which few of us really do (especially those
of use with personal laptops) is to perform most of our computer time on a
User account, instead of an Administrator account. The exploit described above
can only run programs with the security level of the user currently logged
in on the system. If we are the only one that uses the computer, then we are
probably running the system as an Administrator, which allows the exploit or
damaging program to download through ActiveX and do just about anything it
wants to do. However, if we were signed in as a User account, the system would
stop it from doing most of more damaging actions, and might even stop it from
installing at all.

To setup a User account, go into your Control Panel, and open the User Accounts
Panel. Follow the directions in there. It is a bit of a hassle to always have
to switch users in order to install new programs, but believe me, it is much
safer.

After that we should have three programs working correctly on our system.
The three programs are; a good Virus protection program, our Firewall, and
a Spyware hunting program.

Virus Protection

There are several good virus protection programs available today. I prefer
the AVG system from Grisoft (http://www.grisoft.com). The software is very light on
your computer, using a low amount of resources, while providing great protection.

Firewall

The Windows XP firewall does a great job blocking inbound traffic, but makes
no attempts to filter outbound traffic. This can be a concern with several
of the spyware and chatty programs on our systems these days, but learning
how to set the Firewall against inbound traffic is a great way to keep your
system a great deal safer.

Anti-Spyware

So far, the best anti-spyware program I've come across is put out by Microsoft,
and it is free. (http://www.microsoft.com/downloads/details.aspx?FamilyID=321cd7a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en).
Installing that software will do wonders for speeding up your system and keeping
it safe during Internet surfing.

With the growing popularity of high-speed connections, marketing drones have
been flooding the TV and Radio ad-space with warnings about security. One even
has the cute phrase that goes something like "With high speed internet,
attackers come at you faster..." Which as far as I know, is meaningless.
What does happen however is your IP address doesn't change as often, which
means you are probably found more frequently. What does that mean?

With a dial-up connection, your computer isn't connected to the Internet 24/7.
Each time you dial-up for a connection your computer is assigned a new IP address.
With high-speed connections, your address could stay the same for months. Your
IP address is your Internet Address, much like a street address, allowing other
computers to connect to yours, which is good; we want them to send us web pages
and MP3 files. What we don't want is hackers and viral attacks to also find
us.

A simple solution to this problem is an inexpensive router. A router is a
device that was created to allow several computers to use the same connection
to the Internet. What it does for us as a security measure, even for those
of us with only one computer at home, is a function called IP Forwarding. What
this means is that your computer has an IP address that the rest of the Internet
can not see, or connect to directly.

So make sure your computer has the basic software and hardware needed for
safe surfing, and keep an eye on the CERT warnings.