PCTechBytes Computing Guide To Being Paranoid

| March 16, 2013 | 28 Comments

They’re watching you. Literally. In a recent article posted at Ars Technia, it was reported that hackers have the ability to remotely take over your computer and install software on your computer that allows them to turn on your webcam. What? They do this using a RAT pack (Remote Administration Tool). In addition to that, we are hearing of new router exploits that give a hacker the ability to remotely access your router and gain access to your Local Area Network. If you think you’re overly paranoid about your computing you should be. This stuff is scary.

So now that you know that the whole world is out to get you, what can you do about it? These steps will help close some of the holes used to exploit computers.

Turn off Remote Administration – Remote administration in routers give users outside of your network the ability to access and control your router. In many cases, this is turned on by default. What? Of course the intention of this option is benign, but it can be used by a hacker to get into your LAN and see all of your internal computers, manipulate your firewall and do basically anything they want with your traffic.

To do this, you can navigate to your router’s admin page using your web browser. Normally, this can be done by typing http://192.168.1.1 or http://192.168.0.1 into your browser’s address bar (not the search bar). Your router location may vary. You will also need to know the username and password of your router. If you do not know it, and the router was supplied by your ISP, you can check the physical device to see if the information is printed there or call your ISP for log in details.

Look for an “Advanced” or “Administrator” tab and make sure remote administration is disabled.

Turn Off Wake On LAN - While not necessarily an exploit, WoL allows your computer to be turned on when powered off from an outside source. Imagine this, ole paranoid one, if a hacker had access to your internal LAN and had the ability to turn on your PC whenever he or she wanted to perform whatever nefarious acts he or she wanted. Unless you have a specific need to have it on, go into your computer BIOS when booting and disable that wicked feature. Depending on your BIOS, it may not even be an option.

Turn Off Allow Network Traffic To Wake Computer – Similar to WoL, your network adapter has the ability to listen to network traffic and can allow your computer to be woken up while asleep.

wol

To shut this down, go into the Control Panel, look for your network adapter, right-click it and select Properties. Under the Power Management tab, uncheck that option if it is checked.

Turn Off UPnP – Turn off Universal Plug and Play in your router. Universal Plug and Play allows programs within your network to automatically punch holes in your router. What? Us paranoids can’t allow this to happen! Imagin a virus on your network having free reign to open ports on your router to allow even more bad guys in. For most of us, having this feature off will not affect anything we do from day to day. For others, you may need to occasionally go into your router and manually open ports for programs or system that require them to be open–like game consoles, for instance. You can turn off UPnP in your router.

Uninstall Java and Adobe Reader – With Windows doing a better job securing the OS, hackers are seeking softer targets like Java and Adobe Reader, both of which seem to have some type of zero-day exploit a couple times a year. Most of us have these programs just sitting on our system, never being used and never being updated to the latest versions. If you simply must have them, be sure to update them frequently.

Scan Your Ports - The Gibson Research Corporation (GRC) has been providing a free online tool to scan your router for open ports for over ten years. This tool is called Shields Up and you can find it here. The UPnP Exposure test will check to see if your router is open to a new router exploit that gives hackers the ability to access and control your router.

shieldsup

If all is well with the GRC test, you will see the above image.

Run Your Browser In Privacy Mode – Private Browsing (which may be called something else depending on which browser you’re running) allows you to surf without the fear of a history being saved, and temp images, videos, files and cookies being stored on your computer.

In Firefox and IE, this is enabled by hitting CTRL+Shift+P.

In Google Chrome hit CTRL+Shift+N for Incognito mode.

Do The Basic Computer Security Measures – Of course, you should also make sure you are running a current antivirus–if your free antivirus from Symantec or Mcafee has expired, uninstall it and get another. If you do not have one, Microsoft Security Essentials is free. In addition, make sure your WiFi is encrypted in your router settings using WPA-2 so the whole neighborhood isn’t using your bandwidth. Make sure you have Windows automatic updates turned on. Make sure your Windows firewall is also enabled. Modern Windows Operating System will have these on by default, and if you’re running Windows 8 you also already have an antivirus called Windows Defender–built in.

If you have more tips for us paranoid folk, please be sure to leave them below so we can all sleep good at night.

Tags:

Category: Security

Dave

About the Author ()

Dave has been providing free computer repair and tech support advice online since 2002. Join us on our forums and be sure to subscribe to our newsletter for weekly tips and other helpful computer articles. Connect with me on: Google+

Comments (28)

Trackback URL | Comments RSS Feed

  1. Louis McDonald says:

    How about not using account with admin privs as your day to day account. Use a standard user account

    • Dave Dave says:

      Great point, Louis. I can’t believe I forgot that one!

    • Tom & Julie Harris says:

      OK…let’s see if I understand this correctly. Are you saying when logging on to your computer, logon as a standard user and not as the Administrator?

      • Dave Dave says:

        Hi Tom and Julie. Yes, you should always run as a standard user. The theory is, if you happen to get malware on your system, the malware will not have the elevated rights of an admin because it is running under an account that only has standard rights. While this won’t necessarily protect you completely, it is one more thing you can do to slow down the bad guys. Keep your admin account, of course, because you will occasionally need it to install software, etc.

  2. Steven Sund says:

    What about using WPA-PSK encryption instead of WEP

  3. Dan says:

    “Turn off Remote Administration”? When I found no mention of that facility on my wireless hub admin page, I contacted my internet provider (BT). They never heard of such a thing—and rather thought I was off my trolley.

    • Dave Dave says:

      I can assure you it is real, but not all routers are created equal.

    • Steve says:

      Dan,
      I have basic computer skills and even I know about Remote Admin. You may want to look for a new ISP.

    • Charles says:

      In my router this is an option that is turned on /off by a checkbox in the router control panel. I am certain the default setting is off.

      • Dave Dave says:

        It might be off by default, which is a good thing. In many router it is ON by default.

        • John says:

          I use a second router after the one furnished by the ISP. The only use of the ISP router is for guests to use for their devices — and it’s wireless is disabled when I have no guests! There is password protection here and no remote access, etc.

          The second router is locked up really tight with different passwords, no remote access, etc.

          I figure if someone gets through one they are in for a second challenge!

  4. Secret says:

    No joke, how about the capable Microsoft employee who supplied his MIL with a laptop complete with keylogger? Having been revealed by his need to boast, he now remotely manipulates the router. Apparently he feels secure enough not to worry about his current employment with the company.

  5. tvterry100 says:

    Ive been working in the field for many years and hold an A+/NET+/MCP certifications I have found “windows defender and microsoft security essentials” to be a false sense of security, as many of the common av products on the market.
    For the past ten years I have been putting a suite of tools on the desktops of my clients computers,which can be securely downloaded from CNET.COM/Downloads and includes:

    AVG FREE
    MALWAREBYTES FREE
    SUPERANTISPYWARE FREE
    CCLEANER FREE
    ADVANCED SYSTEM CARE FREE

    I install the free full trial versions and then when the free trial ends roll back to the free versions as they work very good as long as the customer first updates then runs them at bi-weekly or as soon as needed.The AVG free can be scheduled to scan but is not by default.
    These free versions can be reinstalled as many times as needed and or when they continuously bug the consumer to buy the product.
    I tell the customer If they are going to buy a product buying the full versions of these products would not be a bad idea.
    and of course viper antivirus is one of the best paid products I have found.

  6. John Gennari says:

    when I went to the link you provided in the Scan Your Ports section I did not get the message ” The equipment at the target IP address did not respond to our UPnP probes.” What should I do to remedy this?

    • Dave Dave says:

      Did it say it failed? If so, you may want to look into turning off Universal Plug and Play (UPnP) in the router settings. In addition, see if there is a firmware update to the router.

      • Greg says:

        Hi:

        I had a similar experience and the new window t hat opened did not make much sense:

        Port Authority Edition – Internet Vulnerability Profiling
        by Steve Gibson, Gibson Research Corporation.

        Browser Reload Suppressed
        For your security, your web browser’s “reload”
        function has been temporarily disabled
        Allowing a web browser to “reload” a page which has already been sent to you creates a “security hole” that would allow someone using your computer at any later time to attain potentially private and personal information.

        To safeguard your privacy we have disabled the browser’s “reload” or “refresh” facility while you are in sensitive areas of our web site. Reloading pages will function normally once you have left this area . . . but until then please refrain from “reloading” pages.

        You may press your browser’s [BACK] button now to return to the page prior to the one you were just viewing.

        Thanks very much for your interest and patronage.

        Gibson Research Corporation is owned and operated by Steve Gibson. The contents
        of this page are Copyright (c) 2013 Gibson Research Corporation. SpinRite, ShieldsUP,
        NanoProbe, and any other indicated trademarks are registered trademarks of Gibson
        Research Corporation, Laguna Hills, CA, USA. GRC’s web and customer privacy policy.

  7. Martha Dumas says:

    I also recommend changing the name of your wireless network from the default, setting it to not broadcast, and changing the admin password on your router.

  8. David Wendorf says:

    I’d add using PeerBlock with the default block lists, which acts like a firewall only better. It works by blocking IPs and it is free. The average user will be shocked at how many computers around the world are accessing yours constantly. PeerBlock is one more tool that can’t do it all, (nothing can prevent you from clicking on that banner that you just know you shouldn’t click on) but makes it more difficult for hackers to get into your PC. It also cuts down on governments and software companies (Microsoft and Google) from tracking your usage (for marketing reasons, of course).

    We also ran a computer business, and agree that MS Security Essentials is false security. We were resellers for AVG for many years. We stopped using AVG (paid and free) several years ago after getting tired of false positives (IE: key finders and game trainers that aren’t threats at all, rather a statement on ethics by AVG). We now use and recommend Avast (free or paid edition), and find the boot time scan to be the best of all AV solutions currently available.

    • Mike says:

      To be honest it really does not matter what anti-virus you use. They only work after a virus has infected someone then a new security rule is created. Not exactly good for protection after the fact. Only use free as your wasting money otherwise. Anti-Virus companies are hurting big time right now and realize their business is in jeopardy due to this fact. The president of McAfee even left the company to go to FireEye as a bit of a heads-up. The only real protection is educating users. STOP ARBITRARILY CLICKING ON LINKS!!! Even if you like kittens don’t click that link just because it came from someone you know. That should be the number one rule. Know what your clicking on. And of course stop going to bad sites, and we all know what bad sites are…

      • David Wendorf says:

        It’s a valid point that all AV solutions are in reactive mode. However, I wouldn’t want to come across as recommending nothing other than education. Even the most educated person can go to a common website and get drive-by malware. The fact is that the vast majority of us are benefitting from the small minority who get malware before they are identified and updates are provided.

        I definitely don’t agree with “only” free AV products having value. Malwarebytes Free Edition does not have active protection nor automatically update or scan. I can’t count the number of machines that we’ve had to remove malware with Malwarebytes Free Edition already on them, which hadn’t been updated or ran a scan for months or years. In almost all of these cases Malwarebytes Pro would have prevented the visit to us altogether. It goes towards your point about education, but it’s also about persistence. People can’t be bothered to run scans and updates manually. That $25 is the best investment a person can make for their PC in my opinion. Set it and forget it. The next best investment would be an imaging software and external hard drives – the best backup system available today.

        It’s also true that not all AV solutions are created equally, free or not. IE: AVG was a great solution for the first decade or so, and there was virtually no difference in protection between the free and paid versions. From around 2006 and on, we found more and more malware that AVG couldn’t get rid of – to the point where we had to find an alternative. We test several AV solutions every year, and have settled on Avast (free). We haven’t run across malware in quite some time that Malwarebytes (in safe mode) and Avast Free Edition boot time scan couldn’t eliminate.

        IMPORTANT (not directed at anyone in particular):

        Avast and Malwarebytes occasionally find things that the other didn’t. I’ve had the same results with SuperAntiSpyware, AVG, McAfee, Trend Micro, and even CounterSpy and Vipre (made by the same company and using the same database?!) all finding things that others didn’t. Most companies use the same Symantec virus database – so this shows the lack of consistency in the industry.

        Because of this, I believe that running more than 1 AV solution is necessary today – but that gets tricky. The industry has chosen to separate anti-malware from anti-virus solutions, as silly as it seems. A common malware such as a trojan could be put in either category or both. Most AV solutions (IE: McAfee, Norton, Avast, AVG, etc.) cannot work together with active protection enabled. However, most anti-malware programs (Malwarebytes, SuperAntiSpyware, etc.) can run simultaneously. (Vipre and CounterSpy specifically state that they cannot run active protection with any other product – which is why I’d never use them again.) I’d recommend the AV of your choice (avoid the suites as their own anti-malware is usually not as good as an independent malware product) and at least 1 anti-malware of your choice running in active protection mode (meaning you’ll need the paid version of the anti-malware product to get active protection).

        It should always be a red flag when AV solutions claim to remove malware without needing to remove files while in safe mode or pre-Windows boot (at least a reboot – usually where you can see the AV removing files before starting Windows). Any serious malware will require registry entries to be removed that simply cannot be done while the operating system is running.

        Some good points here by everyone. Keep ‘em comin’! :)

  9. JerickD says:

    Here are some other stuff that can be done:
    - Setting rights of Shared Folders to Read-Only or never share anything at all!
    - Not installing Universal Remote Access (Logmein or TeamViewer), if one does, make sure his account is not hackable.

  10. Here is a 100% ‘no fail’ protection trick when not using your computer. Turn off the power strip. Computer, modem, router, all gets turned off. No phantom power, no possibility of remote access when not in use. The system will take longer to boot up when you do power back on because the modem and routers will need to re-connect, but if your not in a hurry it’s a great way to stay safe.

  11. Peter Thompson says:

    Hi I know this is a few weeks old but thought I’d share something not mentioned.

    If you are paranoid about getting your computer infected, when downloading something from unknown untrusted sources you can always run a sandboxed type program.

    I use Sandboxie which offers a free version for personal use. You can run programs in it including your browser so you could run your browser via it, download something via it and then install something via it to see if it works. If it is a virus your AV program may still detect it but as its ran though a virtual mode, it won’t thankfully interact with any files on your PC.

    You can get programs that actually keep your computer at a set state so that anything you do will be undone after a reboot but obviously this isn’t very useful for general every day usage.

    I recommend checking out http://www.sandboxie.com/ – You may get a compatibility warning if using Windows 8 but it will work on it.

  12. Bernard W says:

    I think there is a case for using a program like Horizon Rollback or Comodo Time Machine which can rapidly restore a computer to a “snap-shot” in the event of trouble, as anti-malware programs are far from foolproof (see how much the results differ when a file is subjected to multiple scans on, say, virusscan.jotti.org) and infections can cause irreperable problems. With the aforementioned programs even a non-booting computer can be recovered via a pre-boot screen; they consume little in processing resources, but sometimes considerable hard drive space. System restore is much less effective and is frequently made unusable by viruses.

Leave a Reply

Your email address will not be published. Required fields are marked *