Window Manager

SAN MATEO (01/24/2000) - My columns over a period of several weeks (Oct. 18 through Nov. 8, 1999, and Dec. 20, 1999, through Jan. 10, 2000) described ways that rogue hackers could gain access to or damage PCs that use high-speed Internet access under certain conditions.

I also discussed questionable e-mail messages and Web pages that use what I call "moles" to covertly send information from your PC to remote servers across the Internet. (See " 'Moles' are one thing, but malicious e-mails are an even worse form of Web abuse," www.infoworld.com/printlinks.)This week, it's my readers' turn to make themselves heard. I received many comments on these subjects, and I expect this will continue. Use "protection" as the first word of your e-mail subject line if you have new information to add.

Marty Tillinger was one of many readers who provided his own example of malicious hackers taking over computer resources to hide the true identity of their attacks on others. Tillinger uses BlackICE Defender (www.networkice.com), an inexpensive software firewall I described on Nov. 1.

"BlackICE detected port probes on multiple machines on my network a few days ago," Tillinger writes.

"I traced it back to a firm and called them. They said the machine was an SGI domain name server with no one at it. It had been hijacked and was being used to scan and hack other machines," he writes.

"In the end, the administrators were fighting with the hackers for control of the machine." Tillinger adds, "Their Who Is record is now gone, so they must have had it reassigned [to end the attack]. Very, very scary."

Other readers provided insight on how easy it can be to open up a security hole in your system without realizing you might be doing so.

Geoffrey Coram writes, "I was installing a new version of American Power Conversion's PowerChute Plus for [Microsoft] Windows 98. When I brought up the user interface, it asked me to select a server, listing my own -- and one for another machine in my building," a dormitory at MIT.

"According to the online help file, the default configuration sets up a share resource called PWRSHARE that is accessible by everyone. Someone else with the same software (or a text editor and some knowledge) could then edit the setup for my UPS [uninterruptible power supply] and cause it to shut down or simulate a power failure, or make a loud warning beeping at, say, 4 a.m.," Coram continues.

"I can see that it would be a feature for network administrators in a corporate setting, where one person could control all the UPSs on the corporate network.

But in my on-campus residence at MIT, and for a machine on a cable modem, the default should be off and a corporate network administrator could certainly figure out how to enable the feature."

Reyes Ponce has taken steps against e-mail moles using a utility called AtGuard. This product, formerly from WRQ Inc., was recently acquired by Symantec Corp. and incorporated into Norton Internet Security 2000. (For more information, go to www.symantec/sabu/nis.)"I've been seeing moles for months," Ponce writes. "I'm using AtGuard firewall software, and I have it configured so that Outlook Express only has privileges to communicate via POP [Post Office Protocol] and SMTP to my ISP's mail server.

"When I first got a mole e-mail, AtGuard popped up and told me that [Microsoft] Outlook Express was trying an unauthorized outgoing communication to the sender's Web server. Since anything not explicitly permitted is denied, I can be sure that any new program I install (or a Trojan that I don't intentionally install) will not have the ability to communicate on the network/Internet."

Readers David Hite and Andrew Bennett responded to my comment that HTML-capable e-mail clients such as Outlook Express don't make it easy to turn off the execution of mobile code in e-mail messages.

Hite writes, "With Eudora 4.1 and later, executables in HTML are disabled by default. It's also possible to disable the use of the Microsoft HTML viewer."

If Microsoft's Internet Explorer 3.0 or later is installed, Eudora uses Microsoft's HTML rendering engine if the option Use Microsoft Viewer is turned on in the Tools, Options, Viewing dialog box. It's a simple matter to turn this off, in which case Eudora uses its internal viewer. Eudora's own viewer correctly displays HTML code in e-mail messages, such as fonts of different sizes and colors. But it will not exchange data with remote servers, which is how moles work.

Readers Tillinger, Coram, Ponce, Hite, and Bennett will receive free copies of More Windows 98 Secrets for being the first to send tips I printed. Do keep sending them my way.

Brian Livingston's latest book is More Windows 98 Secrets (IDG Books). Send tips to brian_livingston@infoworld.com. He regrets he can't answer individual questions.

Join the newsletter!

Error: Please check your email address.

More about American Power ConversionLivingstonMicrosoftMITNetworkICESGI AustraliaSymantecWRQ

Show Comments

Market Place