Hacker prevention software?

greenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread

In several different threads on this forum, people have mentioned that they can tell when and who might be attempting to access their computers, by the use of some type of software. Does anyone know what kind of a program this might be, and whether it is shareware or where it can be purchased (and cost). Will it prevent a computer from getting hacked, or just inform the user, that someone is attempting to scan your drives? Is there reliable software available that can prevent being hacked? (JAVA already disabled, except when going to bok's.)

-- suzy (HAYSandCO@aol.com), February 14, 2000

Answers

Suzy:

Are you connected to the Net full-time, e.g, through a T1 or DSL line, or do you dial up through a modem? Are you on a network? If you have a dial-up connection and aren't on a network then don't worry about getting hacked - it's highly unlikely that you'd be on enough to become a target.

If you are on the Net full-time or on a network, getting some port sniffer software isn't a bad idea. Go to someplace like CNet and enter "port sniffer" in the software seach field. This will turn up several programs, some free and some shareware. Each has their strong and weak points. You should download at least two different programs and try them out as they all have some adverse affect on how quickly things run when connected.

-- Jim Cooke (JJCooke@yahoo.com), February 14, 2000.


Suzy - The program I use to know when someone is attempting to access my system is Nukenabber. It lets out a very loud gunshot .wav to notify me of an intrusion. I'm on a dial-up telephone line and hackers DO attempt access to use your computer as a portal to other systems. When I receive the alert that someone's sniffing around, I simply unplug my modem from the phone line and the hackers wander off to annoy someone else. NukaNabber also contains a log file to identify the hackers location so you can report the intrusion if you're so inclined.

If you want your computer locked down tight you might want to check out the new "Black Ice" software which is supposed to do *everything*. I believe it's $40. I haven't personally used this software but it's gotten rave reviews from reputable sources so this is something you might want to consider. This program will monitor the activity at the ports and if it sees anything it notifies you to take action. But here's the real beauty of this one...when you send out a ping it turns the tables on your attacker and locks up *their* machine. While I don't like the way many security programs bog down my system I must admit...the concept of delivering Instant Karma to a hacker with a program like this has a certain appeal and enticement!

-- LunaC (LunaC@LunaC.com), February 14, 2000.


I installed zonelabs2.0 yesterday. I'm still trying to discover what it does. It was free BTW. Anyone using it now? Thanks

-- goldenokie (garland@clnk.com), February 14, 2000.

Before you invest in such a program, I suggest you spend a few moments at Steve Gibson's site.

Click through onto "Shields Up" and read the material there. About the port monitors, he has to say,

Many companies are already exploiting the fear of Internet intrusion by selling really bad solutions in the form of "intruder detectors" and "port monitors." I call these products "evil" because they make your computer more attractive and vulnerable to intruders ... and do NOTHING to protect you!

I suggest suggest that you take the "shields up" test to find out how vulnerable your computer really is. I recently took it twice, once with my port monitor software activated and once without. When the port monitor software was activated two things happened -- first at least 10 ports were found and probed. BAD! Second, the port monitor software failed to detect the intrusions. WORSE!!!!

I came back, with the port monitor software turned off. The intrusion could detect the ports, but all were "turned off" and could not be entered. This means that an intruder knows that a computer is there, but can't get into it at this time. (They may try again later).

The best arrangement is when you appear not to even be there to the probe. This requires some work, but Steve provides a set of guidelines to go through and disable most of the (unneeded unles you insist on microsoft networking) most common entry points. At worst you may have to buy a simple firewall program (Gibson recommends several that work) for about $40.

I'd rather spend $40 on a working firewall than on intrusion detectors.

There's also some good material on the subject provided on this page.

suzy, spend the time to learn before you invest in something that may simply advertise the fact that you're there. I say that from the experience of doing it wrong. If you do decide to try port monitor software, test it against Gibson's site to see the results before you think that you are safe. Some of the stuff may work a lot better than mine.

-- rocky (rknolls@no.spam), February 14, 2000.


Rocky:

Thanks for providing Steve's URL. I had it about 6 months ago but failed to bookmark it. I completely agree that the sniffer programs are a waste of time, and I DO use Microsoft's software to connect into a client's site when I'm telecommuting. Firewall software ALSO isn't necessary for the average Joe/Jill on a P.C. I don't have any and all my ports are seen as "closed" to the hackers that sniff around.

Suzy: Go to Steve's site. If you find vulnerabilities on your PC, follow the instructions on closing those gaps. If the instructions are confusing, find someone with more experience to help you go through them. If you run ICQ, your port 80 will be vulnerable. If your port 139 is found vulnerable, there are instructions to help you eliminate that vulnerability also. Ensure that you have downloaded all the latest security updates from Microsoft or the provider of your operating system.

-- Anita (notgiving@anymore.thingee), February 14, 2000.



I am a personal fan of Black Ice Defender.

First it is a full blown firewall, with no confusing setups.

It works by closing all ports, and will only return packets initiated by your computer. If Back Orfice is installed on your computer without your knowledge, the ping going out, will be stopped upon installation of Black Ice.

If someone "pings" your computer to see if your vulnerable, Black Ice simply ignores the request and does not reply. It makes it seem as if there is no computer on the other end of the ping.

If someone really threatens with more serious attacks, thier IP address is blocked so that your computer wont even acknowledge them. You can even add IP addresses that you wish to ignore, permanantly.

You can stay "on-line" and not worry about someone comming into your computer - period.

Even if you have a modem, they will still attack you, as I am a testiment to that fact. Hackers just love sending out pings of a certain type to a "pool" of IP addresses, usually they start with thier own ISP, which just happens to be, YOURS.

-- Electman (vrepair1@tampabay.rr.com), February 14, 2000.


Boy was that interesting. Went to Steve's site and had just about everything probed. All of the ports tested show that they are closed, without any additional software. When I enable java, and scripting, it opens the 139 port. Learned that I better keep these things closed. Copied off the directions for making the computer a little more invisable, which is probably all that it will take for us right now. The jury still seems to be out on the value of some of these programs, and will probably wait to see how they test out. Have an antiviruse with firewalls, and that might be the least complicated process for now. Have no private or business information stored on any of the hard drives on this computer, but wondered about vulnerability because we are online. Thanks Luna, Anita, Rocky and Electman.

-- suzy (HAYSandCO@aol.com), February 15, 2000.

Moderation questions? read the FAQ