UPDATE....A very recent and far more dangerous threat then any malicious software to date, is crackers' use of "rootkits", "dll injection" and "global hooks" to take over systems "invisibly". These threats are difficult to prevent, detect and almost impossible to remove once they have successfully been deployed on your system. Prevention is the best way to stop these threats, as removal tools are only now being developed to clean a system after infection from one of these new threats. Removal tools for this type of threat are in their early infancy, and cannot be relied upon to clean a system once it has been compromised. Once infected, the only way to dependably remove one of these threats is to either restore a backup known to be made prior infection, or to completely reformat all your hard drives and reinstall your operating system and hardware.
You best be serious about the possibility of one day opening your door at your home to the FBI and having to explain and later prove to them that it was not your PC that hacked into a US Government agency and stole secret information....or all of a sudden you get a certified letter in your mail from your Bank asking to explain why your account has been depleted.....Or, that you are being sued by your client who claims his crucial private information was stolen from your PC and his identity has been compromised....And YES, the burdon of proof is on your shoulders in all of these cases!... And whats really dangerous is that you will not even know your PC is hacked!
Internet and Computer Security....The rest of the story:
Protecting yourself from all the "bad guys" on the Internet requires a multi-tiered approach. There is no single product, either hardware or software based that will adequately protect you from the perils of being connected to the Internet. Only you can protect yourself and that will require some effort to understand the nature of the threats, the potential ways to protect yourself, and how these protective measures can be integrated together.
There is no such thing as a secure OS (operating system), or web browser. If you want true security disconnect your network card, turn off/unplug your computer, take out the hard drive and smash it to bits, take computer to a construction site and ask the bulldozer operator to run over it.
A fully patched Windows XP and to a lesser degree Windows 2000 are the only non-server Microsoft OS's that are even remotely secure. If you care about security you shouldn't be running any other Microsoft OS's. If you have machines on your home network that run anything less than a fully patched XP, 2k, Linux (distro), OS X then the security of any machine on your network is lessened.
To give you a feel for how dangerous some of these threats can be, let us talk about port scans. A "port" is the doorway by which computers communicate with each other. A "port scan" often takes place with the use of programs called "port scanners". Crackers use port scanners to identify open ports on your system. Once an open port is found they attempt to enter your system to collect data or place malicious programs on it. Scary, isn't it? But, is this threat real or imagined? DShield.org tracks port scans in real time. Reports on attempted port scans from participating companies and individuals are sent to DShield on a real time basis. At the time of writing, the number of reported entry attempts is averaging over 1.1 BILLION attempts per month. Remember that this only represents a small percentage of the actual number of port scan attacks, those that are reported by participants.
In fact, the current "survival time" (the average time for an unprotected system to be attacked and compromised) is only 9 minutes. This means that a newly installed unprotected operating system connecting to the Internet for the first time will, on average, be attacked within 9 minutes and compromised in some way. That further implies that there is insufficient time for a new system to connect to the Windows Update site and download the latest security and critical updates from Microsoft before the system is attacked and compromised. Yes, the Internet is a dangerous place for the unwary.
Let us describe another, far more subtle form of attack. Recently it was discovered that viruses, Trojans and other executable files could be embedded within a simple .jpg (picture) file. If an infected .jpg is downloaded by your browser or email client, the embedded executable could run and install a Trojan or virus. Microsoft, software and anti virus developers have been working hard to close this vulnerability.
Internet and Computer Security....
Why should I be worried?
There are plenty of hackers, crackers and lurkers out there to get YOU. Why you? Because you are easier target than I am. They try to find the easiest target they can, and believe me, they will find you. The question is, will it be you or the guy next door...Until the gut next door patches his system and the hacker either moves on to another target or gives up because its become too complicated and hard to attach to someone.So what can they do to you? Well, they can hack into you or your companies computer and steal precious information (industrial espionage) or personal information like emails and documents you store on your computer. They can use your computer to launch attacks against other computers, and YOU will get the blame for it. Usually the targets are companies and websites, perhaps the company you are working in, and they are using you and your computer to get them. Either for money, fame or revenge. One example about this is DoS or DDoS attacks (Distributed Denial of Service attack). In DoS, the hacker gets his hands on a computer by planting a Trojan horse program (via email attachment or from ICQ or Messenger service usually), and then uses that computers connection and resources to flood some specific target, like a particular www-page so it cant be used at all and has to be shut down. Not long ago one case was exposed, in which a cracker used a victims insecure WLAN connection (Wireless Local Area Connection) to download and perhaps spread kiddy porn...luckily the cracker was caught, and not the "victim" who's WLAN was used and where all the logs and tracers pointed to! You can read more about these attacks in the net, Im not going to go to the specifics here, but the point is, that your computer can be used to commit crimes without your knowledge if you don’t know how to protect yourself! Also, hackers use computers to launch SPAM, store pirated software or just mess around for their own amusement.
There are also cases where some perverts use their victims computer as a tool to get her/him in person or via net….or just terrorise her/him. And NO, children are NOT safe from these perverts either, on the contrary, children are the easiest targets for hackers and perverts to attack.
Then there is the danger of viruses or worms. These programs spread from user to user and can cause serious damage. You can get worms from your friends with email (as an attachment) and if you are fooled onto executing them...ANYTHING can happen. Some worms get executed simply by you looking at the email due the security bugs in email software! Latest worms have had dangerous payloads. For instance... they have copied documents from your computer and emailed them on to people you know, pillaged your files, messed up your computer so you have to reinstall everything etc. It is very important to protect yourself against viruses and worms and be aware! When you surf on the internet, you can be attacked as well. Hacker might plant an Active-X component or Javascript on the www-page and trick you to run it. In fact, if you have default settings, it might be done in the backround without you knowing anything about it! It can just crash your computer or browser, or exploit some security hole in your system and do…well, almost anything. No, I’m not joking here! Active-X component can format your harddrive, they can do ANYTHING that the creator of them wants them to do. Here you can find more information about Active-X and Java.Also, in many xxx-rated sites they offer you to download a file that they say “will let you to see all xxx-pics and videos”…they are usually dialers, and when you launch them, they can make your modem (if you have one that is) to call somewhere like Brazil....on to some very high-cost xxx-phone service. You credit card information can also be stolen and used for hackers own amusement and you have to clean up the entire mess and perhaps even pay a part of what he’s “shopping” for. Also, if someone is just being naughty to you, they might lock you out from your own email service by capturing and changing your passwords. Or send email under your name to your friends, boss, anyone.
What else is on the line here?
Besides what mr. Gates says, Internet isn’t a child’s play. Enormous amount of data is already being collected by internet service providers, email providers, religious cults, marketing experts, intelligence agency’s, etc. Cookies are the most infamous “features” that can be used to track you and build a profile from you, but there are plenty of others as well. And that data they collect isn’t going to "vanish" anywhere. Governments and companies change overnight, but technology, information and files remain. Think about the cruel fact that you might not get some job you apply for just because you have spend too much time in www.playboy.com or because you have sent a few emails to your friends that say:"xxxxxx is bastard!". Or because you have by an accident surfed into www-site that contains illegal or dangerous information. Or because someone has used your internet userID and password and done that ! Some employers sometimes check their "rookies" internet image. Why ? Because they can easily build up a profile from you that way and because its perfectly legal! In some countries, some internet activity’s are protected and compared to the "phone privacy", but in most countries, there’s no law that says:"Thou can not follow ones internet activity nor sell that information to third parties". And since information is worth $$$, just guess how many people earn their incomes from that ?One good proof about this is SPAM. SPAM is junkmail, advertisements that you can get to you email account. I have gotten SPAM before I learned to protect my internet activities. Then I also changed my email address, and off went the SPAM. As far as I’m a aware of, EVERYONE I know, gets SPAM and curses it to hell, because they don’t (want to) know how they can prevent SPAM. However, its simple: take care on your privacy!
Also remember, that Windows and many programs in Windows OS environment, create logfiles and history information about your activities. Most of them are pretty harmless, except that they take up your harddrive space, but there are some which you should think about. Your TEMP-folder, for example, can contain almost anything. It can have copies of documents you have deleted, programs you have installed or uninstalled, log files from various programs, etc. If you are using normal settings, you Internet Explorer browser is almost a gold mine: it stores information about the sites you have visited for weeks, in theory, forever! So, anyone getting into your computer, one way or the other, can easily see what did you see on the net and when. Programs also contain information about what files they have last opened. Word documents also contain hidden metadata, that can tell who has created the document, when it has been created, what has been changed onto it and by whom etc.
Also, remember, that deleting a file doesn’t erase it…when you delete a file, Windows simply marks those clusters as “unused” so that something MAY be written to them in the future. Using a simple, freely available undelete tool, most of them can be recovered even months after! You need to overwrite the files if you don’t want them to be recovered by anyone.
But I have nothing to hide! If someone really wants to hack me, go ahead!
Now, most people who refuse to listen to common sense and protect their privacy and security, say something like:"I don’t have anything to hide. If someone wants to do that, I don’t really care." Now, this kind of comment is very easy to crush:"How would you like to find out someone took over your computer, launched an attack from there, then find the police on your doorstep? Would you like me to read your personal mail (both email and regular mail)? Would you like me to read your personal files on your computer? Would you like me to give your home address and phone number to hundreds of commercial enterprises for marketing purposes, and for every crazy person I see on the street? Or wipe all the hard work you have done and stored in your computer? Or how about this, would you like me to mess around in your house, steal, break or just pillage it?" Nobody would say yes to those questions. The problem, however, is that people simply don’t realize the fact, that in the age of computers, your email IS as good as your regular mail, your IP-address IS your home address, and basically the only thing that protects you is YOUR own actions. There’s no international police force operating on the internet. There are no international courts where you can easily sue a cracker. Welcome to the digital age.These are just some examples about what not only can be done, but what is done on daily basis. There is very good chance that if you don’t pay attention and know how to protect your privacy and security, some hacker or cracker or psycho might get your computer under his control. Usually things don’t get that far, but there are plenty of easy targets on the net. So you might be lucky enough not to get abused or hacked.... But don’t count on it. Protect yourself, because nobody else will!