Okay, First, I DO NOT want to know how to do this...but do want to know what someone needs in order to hack into someone else's home computer.

I have extremely legit reason to believe someone would like to get into my files and just want to do everything to protect myself possible. For a firewall I'm only using the one that comes with XP. Should I perhaps use something a bit more sophisticated and if so, suggestions?

Thanks...this is an area I know so little about.

Well there can be thousands of ways on someone 'hacking' into your machine, and it really depends on the methods they used to get in.

If they sent you a file such an image, they could have included a trojan. However, if they port scanned you and looked for exploits in software that you are running and got in that way. Also with the amount of programs and frameworks out there that can do it automatically, it will be difficult to trace how they got in. IF you want to look at a few programs/frameworks, send me a PM, as I'm not going to publish them publicly.

A problem with the firewall in XP is that it blocks all inbound traffic unless it came from your machine. This only solves half the problem. If the attacker as installed a trojan on your machine, the trojan can send out traffic, in other words because the torjan is sending out traffic, the windows firewall does not block the returning traffic for the trojan.

If you are behind a router you can normally turn on the router firewall, however some router firewalls operate the same way as the windows firewall. An extra line of defence is to block and allow certain ports, such as port 80. However, if you keep for instance port 21 for FTP and you attack has installed an FTP service, this can defeat the object.

If you are using a router, then the likely hood is that your router is using NAT. NAT basically translates your private IP address, such as 172.16.12.1 to a public IP address. Your attacker may know your public IP address, but it is very difficult for them to find your private IP address.

If you really want to protect yourself I recommend the following:

Turn on Windows firewall
Turn on your router firewall
Check to see if you router is blocking certain ports
Install a good anti-virus/trojan remover
Install the latest updates on all of your software (not just your OS)

However just remember, if the person wants to get into your machine, they will.

Hamesy this was a great response and I really appreciate how informative you went in your explanation here. I have read everything you said and I will follow these step to remain safe and secure. I guess you really just can't be safe in the end. Sure we can take the steps to provide a sense of security but if someone want s in bad enough I assume they will get it?

Quote:

Originally Posted by bbrian017

Hamesy this was a great response and I really appreciate how informative you went in your explanation here. I have read everything you said and I will follow these step to remain safe and secure. I guess you really just can't be safe in the end. Sure we can take the steps to provide a sense of security but if someone want s in bad enough I assume they will get it?

Thanks for that Brian, nice to hear someone you liked my post.

Like I've said, if someone wants to get into a computer system, they will.

Just as an added note, as said above Windows firewall only blocks inbound connections, not outbound or received. So it would be a good idea to install an alternative or third party program.

Zonealarm free firewall is a popular choice because its great software, and its free: On the far right, download

AVG free is a good reputable antivirus

Using two firewalls on the same machine can cause conflicts, and your machine can become unstable. If your going to install a third party firewall, disable the Windows firewall.

Use good Anti-Virus(NOD32) and Anti-Spy(SpySweeper) program. And good firewall(ZoneAlarmPro)

Don't forget to check for rootkits either. There are a lot of rootkit detection programs out there for free.

Rootkits are designed to hide themselves and their bundled malware. Its a good idea to wipe and reload if you think your OS is compromised.

Jeni one rule of security is you can never be 100% secure. It's unfortunate, but it's true. All the advice above is good and for what it's worth I use Zone Alarm and have the Windows firewall disabled.

hamsey, thank you ever so much -- very helpful post. IN the end it looks like one just has to practice caution, caution, caution. I will backing up any and all important, private files to CD's and DVDs and just won't keep them on my computer then. That's in addition, of course, to following your suggestions.

What would a really good, but user-friendly firewall be? Doesn't some anti-virus come with one? For example, on my laptop I have a McAfee package -- will check it over a bit more later, but would something like that, bundled with your anti-virus, give a person some decent protection? Tx -- and again, your post helped me ENORMOUSLY!

van gogh, thank you also. Do you have the paid version? I'm happy to pay if its necessary, (I'll still continue to transfer files to an external source just for safe keeping). I was just wondering if the paid version gives added protection. It gets to be a pain sometimes, but could ward off a far greater pain, right?

I use the free version for my firewall and have been happy with it. If you've never used a firewall before it can take a little bit of getting used to, but we can walk you through.

One thing with a firewall is it will attempt to block or at least warn you when a new program tries to access your network. Many times the program is fine. For example your browser will ask and you'll need to let the firewall know the browser is ok. You can tell the firewall to remember too so you don't have to approve things all the time.

One thing that can trip you up right away is that a firewall could block your wireless connection until you set it up to allow it. So if you install Zone Alarm and find you can't get online or access anything beyond your computer don't panic. Just know you'll need to set the firewall up. You can always disable the firewall to get online again and ask how to configure it if you need help.

I'm not sure what kind of firewall McAfee has. I would think it's better than the Windows firewall, but I really don't know. I've always used Zone Alarm and been happy enough with it not to look for anything else.

With security the best thing you can do is learn more about it. As we said you're not going to get 100% secure. I always think of it the way you might about trying to make sure your car doesn't get stolen. You can add an alarm which will stop many people, but some will know how to get past the alarm. Then you can add something like the club to your steering wheel, but there will be people who have the tools to get past that.

Every level of security you add will keep out more people who don't yet know how to defeat that particular level of security, but it won't stop someone who does know how.

You also have to look at the tradeoff. You can protect yourself by staying offline, but that's obviously not going to happen.

And also keep in mind that the weak link in security usually ends up being us people. You can lock down everything, but if your password to unlock the door is 123 then you haven't really locked things.

Wherever possible use lower case, upper case, numbers, and special characters in passwords, and use different passwords for different things. If you use the same password for your financial account as you do for your MySpace account then you're trusting the security of your financial information to the security of MySpace.

Quote:

Originally Posted by vangogh

And also keep in mind that the weak link in security usually ends up being us people. You can lock down everything, but if your password to unlock the door is 123 then you haven't really locked things.

Wherever possible use lower case, upper case, numbers, and special characters in passwords, and use different passwords for different things. If you use the same password for your financial account as you do for your MySpace account then you're trusting the security of your financial information to the security of MySpace.

Totally forgot to mention passwords. Using different passwords will add another line of defence. I personally use a generic password for forums and such. When it comes to emails, financial information and anything else that contains sensitive data, all use different passwords using both lower and uppercase characters along with numbers and other characters such as !.

For a third party firewall Jeni, I recommend the following:

Kerio Personal Firewall - It's shareware and for the first 30 days you have all the functions available, however after the 30 days are up it reverts back to the free version. Costs around $20 if you wish to keep all the functions.

McAfee Internet Security Suite - If you’re going to use a security package, then I seriously recommend this. Contains an antivirus, firewall, popup blocker, SpamKiller, privacy service, spyware/adware removal, plus loads of other features. I've used this for years, and still do on some of my machines, and comes in at around $70

If you want some advice on setting anything up, give us shout.

Also when logging into a web account, make sure you are using the https version of the URL.

Never post sensitive information to a url that is using http, if someone intercepts the data - they can view it clear as day.

HTTPS for login/credit card info.
Encrypt that information, and don't trust unsigned ssl certificates (easy for someone on your same network to spoof).


If you are worried about cross-site scripting attacks, disable javascript or use the noscript plugin for firefox. noscript lets you control which client side scripts you trust

noscript for firefox is highly recommended if you visit questionable site (it takes a little while to get used to using it though). Don't browse sites using windows xp and IE. IE is deeply integrated into windows (disable activex if you must use IE to browse). Vista has better security for IE from what I've heard.

If you're on a wireless network, make sure that you have at least WAP encryption set too. If you are using a router, make sure the admin password has been set to something other than the default.

Thanks, LNR -- I got a magazine here about wireless connections because truth be told, as long as mine worked that was pretty much all I concerned myself with (rather dense of me, wasn't it), but it's past time I learned a bit more about the security issues that go along with having one. I should have a better understanding as to how wireless works with the router, the security and all. People often ask me and how I hate saying "ah duh, I don't know...".

Quote:

One thing that can trip you up right away is that a firewall could block your wireless connection until you set it up to allow it.

GASP! That would not only trip me up, it would freak me out!! thanks for the heads up -- you may have saved me from a complete panic attack, van gogh! And Im' not kidding...

Quote:

You can protect yourself by staying offline, but that's obviously not going to happen.

No way, no how... you've got that right!

Quote:

Totally forgot to mention passwords. Using different passwords will add another line of defence. I personally use a generic password for forums and such. When it comes to emails, financial information and anything else that contains sensitive data, all use different passwords using both lower and uppercase characters along with numbers and other characters such as !.

Yes, that's an outstanding point, too. I have been doing that as of late -- making my passwords longer and such and adding numbers and some capital letters, etc. Like you, I don't worry so much about the one's for forums and such and it's easier to remember one word for say, all forums because I just hate it when I forget a password or one just stops working.

I also password protected my computer so no one who may come into the house can view anything w/o the password. I know it's not super-secure, but it lends me a bit of a feeling of security in that no one can, say, just pop open my Outlook and take a quick peek at my e-mail w/o knowing the password. The other day a gal stopped by with some papers. She waltazed right back into my office and instead of sitting down in the chair I have for clients, she stood behind me -- well, a few hour later I'm getting e-mails that she's flapping her gums about a file she saw on my computer that contained some information that was none of her peckin' business. So, in a case like that, this could help. Now I just have to get in the habit of logging off when I leave my desk or let anyone in the house. So far I'm doing pretty good.


Sorry, I'm rambling... just one more comment:

Quote:

If you want some advice on setting anything up, give us shout.

Thank you ALL ever so much - - I'm going to check out Zone Alarm and Kerio -- read good reviews on both of those. I'm a little worried about my wireless but it's a great comfort to know I can be a pest in here and still be treated so nicely!

Another word of advice regarding your wireless connection is to enable MAC address filtering. It provides one more line defence. Basically if someone does break into your wireless encryption, they still cannot access your network because your access point will not allow it.

Okay, thanks hamesy. I'll look that up in my manual -- I think I read something about it doing that during set up but it's been so long I really can't remember for certain.

Jeni I think you can tell that security isn't changing a few simple settings. There's certainly a learning curve that goes along with security.

Most of the things we've all talked about here aren't difficult. but they can take a little time to get used to.

Quote:

Originally Posted by fitnfree

hamsey, thank you ever so much -- very helpful post. IN the end it looks like one just has to practice caution, caution, caution. I will backing up any and all important, private files to CD's and DVDs and just won't keep them on my computer then. That's in addition, of course, to following your suggestions.

That raises the bar substantially. Anyone who wants your data needs physical access ... they have to actually be inside your house, at which point your data isn't so much of a concern. Of course the security you get makes using your data less convenient. You might want to consider encrypting it instead.

I think encryption is a good idea given your concerns. PGP is an excellent application to handle this. They use to have a free version for non-commercial use but it looks like they sell that now. GnuGP is an open source (an free as in beer) tool that does the same thing from the command line and works with windows as well as linux. No one without the kind of computer resources held by a major nation state will break the encryption.