COPYRIGHT © 2004

JK PUBLICATIONS

This book may not be reproduced, either in

its entirety, in any form, by any means,
without written permission from the
publisher, with the exception of brief
excerpts for the purpose of radio, television,
or published review. All rights are reserved.

Author: Kenneth H. King

Editor: Jennifer M. King

Published in the United States of America

JK PUBLICATIONS
484 E Greg Rock Rd
Vail, AZ 85741

www.jkpublications.com

i
Preface ................................................................................................................................. i
Chapter 1 -The Threats Exposed..................................................................................... 1
Hacker:........................................................................................................................... 1
Virus:.............................................................................................................................. 3
Spyware: ........................................................................................................................ 3
Chapter 2 - Five Levels of Protection .............................................................................. 6
Levels of Protection....................................................................................................... 7
Chapter 3 - Security Updates ......................................................................................... 10
What Version of Windows Do I Have? ..................................................................... 11
Available Patches and Updates .................................................................................. 13
Getting the Critical Updates Installer Options ........................................................ 15
Windows XP: ........................................................................................................... 15
Windows 2000 and Windows ME: ........................................................................ 15
Chapter 4 - Online Resources ........................................................................................ 19
BugMeNot.Com........................................................................................................... 19
Download.Com sponsored by C-Net ......................................................................... 20
Google.Com ................................................................................................................. 20
GriSoft.Com ................................................................................................................ 21
McAfee ......................................................................................................................... 22
Microsoft’s Support Website ..................................................................................... 22
Panda Soft Removal Tools ......................................................................................... 23
Symantec ...................................................................................................................... 23
Chapter 5 - Network Security and Firewalls ................................................................ 25
Routers ......................................................................................................................... 25
Importance of a using a Router ................................................................................. 28
Undeniable Evidence .................................................................................................. 31
Firewalls ....................................................................................................................... 36
What about spyware? ................................................................................................. 39
Windows XP’s Firewall .............................................................................................. 43
Chapter 6 - Anti-Virus.................................................................................................... 46
The Anti-Virus Engine ............................................................................................... 46
The Virus Definition File ............................................................................................ 47
McAfee’s Virus Definition File .............................................................................. 47
Symantec’s Virus Definition File ........................................................................... 48
Free Anti-Virus ........................................................................................................... 48
A Real Virus Infection ................................................................................................ 49
Hoaxes .......................................................................................................................... 51
Email Spoofing ............................................................................................................ 53
Chapter 7 - Removal Tools............................................................................................. 56
Virus Removal Tools................................................................................................... 56
Spyware Removal Tools ............................................................................................. 57
Cool Web Shredder..................................................................................................... 59
Conclusion ....................................................................................................................... 60
Definitions ........................................................................................................................ 61

i
 Preface

Hello and thank you for purchasing this guide. Computer security has recently been a hot
topic in the news because of the increasing numbers of identity theft victims, computer
virus infections, and privacy issues. I have spent a lot of time lately helping family and
friends clean their computers and secure them so they are not vulnerable to the three
major threats: viruses, spyware, and hackers. Most of them had computers that were
bogged down by spyware causing them to run very slowly and potentially transmitting
personal information across the Internet. Fortunately none of them have become victims
of some of the worse things that can happen like identity theft, credit card fraud, and
wireless router hijacking. Hopefully the help I provided will prevent them from ever
becoming victims of those crimes. In helping them I quickly realized that little
information was available to completely assist the average computer user in preventing
these things from happening to them.

My goal in writing this is to provide a guide that is comprehensive enough to cover all
aspects of computer security yet easy enough to follow so that even casual computer
users can apply all of the tools. In this guide I reference several websites and Internet
downloads. They are all very trusted sources designed to secure your computer. The
best part is that almost all of it is free. The only expense you will incur in a complete
computer security package is the router (and this is a minimal expense). There is no need
to spend money on any other tool. It can all be found for free from very reputable
sources. I tried not to get too technical in this guide but wanted you to understand why
each of the tools is important, instead of just telling you to do it. I know this guide will
give you the knowledge and tools you need and more importantly save you time,
frustration, and money. Thank you again for taking the time to read this guide.

i
 Chapter 1 -The Threats Exposed

There are three major threats to computers:

Hackers Viruses Spyware

Hacker:
A hacker is anyone who wants to break into someone else’s computer or network. There
are many reasons why a hacker would want to do this; the most dangerous reasons are to
gain access to personal information and to gain access to the internet using the person’s
access point. Hacking into computers is no longer just a threat to government
departments, large corporations, and colleges. Hacking has evolved from students
changing grades in the school’s computer system and groups hacking into government
computers to discover top secret information. Victims of computer hackers now include
anyone who has a computer with Internet access at home or at work.

A WORST CASE SCENARIO

Joe is your average computer user. He isn’t exactly a novice but not exactly an expert
either. He is good at following instructions and can usually figure things out given
enough time. He always tells people, “I know just enough to be dangerous.” Joe makes a
trip to his local computer store and buys a wireless network card and wireless access
point, also called a router, for his home computer. He follows the instructions for
installing the network card in his computer and configuring the router to access the
internet through his Internet provider. In a short time Joe is able to access the Internet.
Joe, not aware of all of the technical aspects of routers and network cards is unaware that

1
extra steps must be taken to secure his Internet connection. Joe has now given access to
his computer and Internet connection to Harry.

Harry is a new breed of hacker. Harry drives around neighborhoods with his laptop
trying to gain access to wireless networks such as the one Joe has just set up. One day
Harry is driving down Joe’s street when his laptop beeps letting him know it has detected
an unsecured wireless access point. Harry stops his car and goes to work. Harry first
attacks Joe’s computer. He uses computer viruses, known security holes, and other
hacking tools to gain access to Joe’s data on his computer. Joe loves his computer and
technology. He uses his computer for everything. He files his taxes on it. He does his
banking online. He pays his utility bills online. He even shops at some of the online
stores and auction websites. He uses his computer to organized picture albums too. He
has pictures of himself, his family and friends. His computer is a virtual gold mine to
Harry. It has Joe’s social security number, mailing address, banking account information,
credit card information, and personal information about Joe and his family. Harry now
has all the information his needs to steal Joe’s identity but he doesn’t do it right away.
Instead, Harry installs a small program called a key logger onto Joe’s machine. The key
logger is a Trojan Horse Virus. It records all the key strokes made on a machine into a
log file. Harry lets the key logger record all of Joe’s keystrokes. Joe is unaware that all
of this is happening. A couple of days later Harry comes back to download the log file
from Joe’s computer. Harry uses another tool to get all of Joe’s user names and
passwords from the log file. Now Harry has everything he needs to steel Joe’s identity.

In a couple weeks Joe will start getting credit card statements for credit cards he never
signed up for. A couple weeks after that the police are knocking on Joe’s door. They
have questions about suspicious activity being conducted from his router (his access point
to the Internet). This happens because when Joe signed up for Internet access his
computer was given an Internet Protocol (IP) address. This IP address is required for any
computer to access the Internet and acts as the computer’s fingerprint. It is unique to the
computer and tells the Internet provider where Internet traffic originated from. Joe is not
the only person Harry is targeting. Harry uses Joe’s access point to sign up for credit

2
cards using identities he stole elsewhere. By now Harry is gone, enjoying the benefits
from another successful job while Joe is facing a criminal investigation.

Harry’s next target does not use a wireless router. As a matter of fact, Harry’s next target
does not use a router at all. Their computer is connected directly to the Internet through a
cable modem, phone line, or DSL. Harry uses the same viruses and the same security
holes to access the computer of his next victim.

Virus:
A virus is a parasite program that needs another computer program to reproduce itself and
be transmitted to other computers. They are usually designed to be undetectable by being
disguised as an apparently legitimate and harmless program. This allows the virus to
infect a computer without the user’s permission or knowledge. Viruses are often
transmitted through email messages that appear legitimate and may even appear to be
sent from a person the user knows. Some viruses are simply created to annoy, such as
those that create a funny image or message. Other viruses can alter files, complete
destroy a computers software or bring down a network by overloading it. All viruses are
malicious and are intentionally created to invade computers and networks.

Spyware:
Spyware does exactly that – it spies. Spyware is a hidden program that monitors a
computer user’s actions and gathers information about a computer user. Hackers use
spyware to steal information about a computer user. As described in the Hackers “A
Worst Case Scenario” above, spyware can be used to gather social security numbers,
bank account numbers, and passwords. Spyware is also used legally by many companies
to gather information about the user. This information may be sold by advertising
companies or used to send specific information to the user based on preferences or
demographics. This type of spyware usually comes in the form of a “cookie.” A cookie

3
is a piece of information sent by a Web browser that is saved on the user’s computer as a
text file (.txt). The user is often unaware that this file has been transferred to his
computer. The file gathers information and can transfer that information back to the
sender whenever the originating server asks for it. Cookies are not necessarily bad. They
can be used to remind a server of your preferences last time you visited a particular site
so it can tailor the site to fit your needs. Some people view cookies an invasion of
privacy because they are often hidden and placed on the computer without the user’s
permission or knowledge.

Regardless of the intent of spyware, if it is not managed properly by the user, it can
wreak havoc on a computer. The volume of spyware installed on computers has
increased tremendously and has become a major headache for almost everyone. In a very
short time, enough spyware can be sent to slow down a computer so much that it is no
longer usable. Spyware can change your Internet homepage and continually redirect you
to websites of its choosing preventing you from getting to the sites you are trying to get
to.

I SEE YOU

As a test, I connected a computer to the internet without the protection of an anti-virus

program or spyware detection program. I used the computer for my normal day to day
browsing on the internet, excluding sites which require a username and password,
because I did not want these to get stolen. I was on the internet when this pop-up
window appeared:

4
Keep this in mind; I did not install an anti-virus program or a spyware detection program.
So where did this pop up come from? If you guessed spyware you’re right. This is the
way it works.

1) The Spyware infects your computer

2) Then it sends a pop up window to your screen, informing you of the infection
3) Then it directs you to a sight where you can purchase the removal tool for the
spyware they put on you computer.

This scenario is the same as someone throwing a rock through your car window, telling
you it’s broken and charging you money to fix it. Fortunately there are some very good
spyware removal tools available for free. I’ll tell you about them in the chapter on
removal tools.

5
 Chapter 2 - Five Levels of Protection

Hackers, Viruses and Spyware use your Internet connection to infect, attack, or spy on
your computer. The good news is you can protect from all three using five levels of
protection.

Level 1 is Network Security through a combination of a router and a firewall.

Level 2 is Antivirus Software running with an up to date Virus Definition File.
Level 3 is Security Updates from Microsoft, downloaded and installed automatically.
Level 4 is Online Resources.
Level 5 is Removal Software for Spyware and Viruses.

This is how it works.

A hacker tries to scan your computer for open ports (security vulnerabilities that will give
the hacker access to your computer programs and files) but is stopped by your router. So
he tries to email a virus to you, but your antivirus software detects and removes the virus
before it can do any harm. So he sets up a website and tries to hijack your web browser
using know security holes in Internet Explorer, but you download security updates from
Microsoft automatically so all the known holes are patched (fixed). By now the hacker is
getting frustrated.

For further discussion let’s assume that somehow a virus or spyware has found its way
onto your computer. This is where the firewall comes to the rescue. The firewall
monitors your internet connection. When a program that you have not previously
permitted tries to access the internet the firewall will alert you. A firewall gives you the
ability to deny it access to the Internet. For example, a spyware program that is hidden
on your computer attempts to send information about you and your computer usage to an

6
outside server. A small window pops up and asks you if you want to allow the program
to be sent. The name of the program may sound like a legitimate program and you have
no idea that your computer is infected with the spyware. Using the online resources
discussed later in this guide, you can look up the program to determine if it is a virus,
spyware, or a legitimate program. If it is spyware or a virus, you can remove it using
instructions from the online resource or one of the removal tools. Removal tools are
available for free from several trusted websites. I will tell you where to get those later in
Chapter 7, Removal Tools.

Okay, that is a lot of information and some of you may be wondering if setting up a
complete computer protection system is really something you can handle by yourself. In
the next chapters you will see just how easy, and necessary, it really is. It is not
important that you understand all of the technical terminology used. You can refer to the
“Definitions” section if you want further information regarding the computer components
and other terminology used but it is not necessary for you to learn the techniques to
protect your computer and yourself. These first two chapters are a brief overview of the
very real threats out there and how the five levels of protection work together to protect
your computer. There is a chapter dedicated to each protection level. In each chapter I
will attempt to answer any possible questions you may have using plain English and as
little technical jargon as possible.

Levels of Protection

I have been working with computers on a daily basis for almost 15 years now. One of the
very first computer games I played was a submarine game. In this game the player had to
track down enemy submarines and sink them. Submarines are very interesting to me
because they don’t have windows. They cannot see their enemies but they know they are
out there. Just like submarines, computer users cannot see their enemies; hackers,
viruses, or spyware; but we know they are out there. Submarines use SONAR to detect

7
the enemy so that they can employ other equipment to protect against them and destroy
them when necessary. We can use our S.O.N.A.R. to protect our computers and remove
harmful viruses and spyware.

Remember the five levels of protection? I wanted to give you an acronym to remember.
The acronym provides several benefits. It gives structure to this guide and gives your
mind a tool you can use to recall some of the information in this guide. If someone asks
you, “What do I have to do to protect my computer?” Tell them they need focus on these
five levels. Use the acronym to help you recall them.

S Security Updates

O Online Resources

N Network Devices/Software

A Antivirus

R Removal Tools

8
Security Updates

9
 Chapter 3 - Security Updates

A virus can infect your computer in three ways: email, websites, and security holes.
Email and website based viruses require some interactions with the user. The user has to
open the email or go to the website. As a result the user has some control and can protect
their computer by practicing safe computing techniques. An example of a safe computer
technique would be not opening email messages from someone you do not know. Some
viruses will attach themselves as files to emails that appear to have been sent by someone
the user knows so it is also important not to open files that you were not expecting
attached to emails even from friends.

Viruses are also able to infect a computer through security holes in the operating system.
These viruses do not require the user to go to a specific website or open an email.
Internet worms will infect any un-patched computer that is connected directly to the
Internet. Internet worms are viruses designed to infect every computer connected to the
Internet. They use security holes found in Microsoft’s operating system to infect a
computer. Once infected, a computer begins to replicate the virus and sends it out to
infect other computers without the users of any of the computers aware this is occurring.
In 2003 more than half a million computers were infected with Internet worm viruses. To
combat this problem Microsoft has setup a website for users to obtain critical system
updates. These updates will patch known security holes or security exploits. This is an
on going process, as security holes are discovered and exploited by hackers every week.
Microsoft has given the public the ability to automatically download and install updates
from their website so we can stay one step ahead of the hackers and their viruses.
Unfortunately, a hacker will occasionally get a step ahead of Microsoft and computers
will become infected before Microsoft can develop a patch.

Patches are vital to computer protection but it is also important to use a multi-tool
approach. Keeping your computer updated with the patches is like rolling up the

10
windows of your car when you go inside the store. It makes it a little more difficult and a
little less attractive for a thief to steal your car. But we all know rolling up your window
is not enough to prevent everyone from attempting to steal your car. You also need to
lock the doors. And using a car alarm or a steering wheel lock will make it even harder
for a thief to break into your car. The thief will immediately see that your car is well
protected and he will move on to a vehicle (or computer) that he does not have to work so
hard to get in to.

What Version of Windows Do I Have?

Before we go any further it is important for you to know what version of Windows you
have. Knowing this information will help you determine what steps to follow to install
updates and patches.

Determining your Windows version is very easy to do.

Click once on the button on the bottom left side of your computer screen.
Along the left side will be the Windows version on your computer. In the following
picture you can see that Windows 2000 Professional is the version on the computer this
following screen shot was taken from.

11
Another way to determine what Windows version is on your computer, and find out the
most current update installed on your computer is to use the “Run” command.

Click on the button and then click once on “Run.” Type in the word
“winver” (without the quotation marks) and select OK.

12
A window similar to the one below will be displayed. You can see that the computer this
image is from is operating with Windows 2000. You can also see that the last update
installed on the computer is Service Pack 4.

A service pack is a group of updates and patches put together by Microsoft. In addition
to individual updates and patches that are sent out by Microsoft, whenever a certain
number of updates have been created and after a certain period of time, Microsoft will
bundle the updates and send it as a service pack. Each Windows version has its own set
of service packs. Each service pack is a cumulative update that includes all of the
updates in the previous service packs in addition to the new updates.

Available Patches and Updates

The terms “update” and “patch” are often used interchangeably and they both have
generally the same purpose. Updates and patches both protect your computer from the
security holes but with subtle differences. Updates are usually created to correct a bug in
a program, possible a bug that makes it easier for a virus to infect a computer. Patches are
used as a band-aid for security holes that have been found, potentially by a hacker who

13
has searched out the hole and created a virus to sneak through it. From this point on
updates and patches with both be referred to as updates.

Prior to the devastating viruses and worms of the past few years, Microsoft simply
notified computer users that updates were available to be downloaded using a program
called Critical Update Notification within the Windows operating system. They did not
want to force their updates onto users. Users had a choice in whether or not the updates
were downloaded onto their computer. After more than 500,000 computers became
infected with various worm viruses in 2003, the public wanted a better way to keep their
computers protected and up to date. Microsoft responded by replacing the Critical
Update Notification program with Critical Updates Installer. As you will see in just a
few moments, Critical Updates Installer gives the user choices that include automatic
download and installation of any available updates that apply to their specific Windows
version.

Critical Updates Installer is included with Microsoft’s newest Windows version,

Windows ME, and the program is available to download for Windows XP (in service
pack 1 or greater) and Windows 2000 (in service pack 3 or greater). The user can elect to
only be notified about the updates or to have the updates automatically downloaded and
installed when they become available. Critical Updates Installer is not available for
Windows 98. Windows 98 continues to use Critical Update Notification.

If you have Windows XP or Windows 2000 and do not already have a current service
pack with the Critical Updates Installer you can go to www.microsoft.com and click on
“Windows Updates” on the left side. Microsoft will scan your computer and let you
know what updates and service packs are available for your computer. You will then
have the option of downloading and installing the most current service pack with the
Critical Updates Installer.

14
Getting the Critical Updates Installer Options

Windows XP:
Click on the System Icon in the control panel. Then click on the Automatic Updates Tab.

Windows 2000 and Windows ME:

Click on the Automatic Updates Icon in the control panel.

This is what it looks like when you find it.

Put a check in front of “Keep my computer up to date.” I recommend using the second
settings option, “Download the updates automatically and notify me when they are ready
to be installed.” Your computer will automatically scan for updates through Microsoft
when there is an active Internet connection and download them to your computer. All of
this occurs behind the scenes and does not interrupt anything you are doing on the

15
computer. If you have a cable modem or DSL, your computer is always connected to the
Internet and you will be quickly notified when Microsoft has a new update available.

Note: If you are using a dial up connection with a phone line, setting your computer to
automatically download updates may cause performance issues due to a slower Internet
connection. I recommend selecting the first option “Notify me before downloading any
updates and notify me again before installing them on my computer. This will allow you
to choose a time that is convenient for you to close all other programs to make the
downloading and installation quicker. Your computer will still automatically search for
updates when you open your Internet connection.

When updates are ready to be installed you will get a popup notification in the lower right
hand corner. It looks like this.

Microsoft has a number of updates it makes available. This message only notifies the
user when critical updates, security updates, or service packs are available. If you are
interested in downloading updates such as language updates you can go to
www.microsoft.com and download anything available.

When you see the above notification, click on the world icon that the notification pop-up
is extended from to open the installer.

16
The installer screen will look like this:

If you want more detailed information about the updates click on the details button. It
will give you another window with a list of all the updates it has downloaded. If there are
a lot of updates listed it may take a long time to install all of them. You can do them in
small batches by un-checking all but 2 or 3 of them. The ones that remain checked can
then be installed. The ones you unchecked can be installed later by going back to the
Automatic Updates Setting Window and clicking on the “declined updates” button.
Please note that some of these updates require a restart so do not leave any unsaved
documents open while the updates are being installed. It is best to install the updates
with all other programs closed. If you have any questions about the Automatic Update
Installer go to Microsoft’s Knowledge Base located at http://support.microsoft.com . Use
the keywords windows 2000, windows xp, windows me or automatic updates. Microsoft
has several very good knowledge based articles on the Automatic Update Installer. The
Microsoft homepage, www.microsoft.com, has a great deal of useful information about
viruses, patches, and other products available.

17
Online Resources

18
 Chapter 4 - Online Resources

Numerous resources are available on the Internet for protecting your computer. Some
work better than others, and some are more trustworthy than others. If you spend
anytime at all online you have probably seen a number of pop-ups offering to scan your
computer for spyware for free. After scanning your computer, the program notifies you
that it found spyware on your hard drive and for some price it will clean off the spyware.
Some of these programs work well. However, some of these offers will actually place
spyware on your computer when you download them.

More than 57,000 computer viruses and 1000’s of spyware programs are circulating on
the Internet. New spyware programs and viruses are coming out everyday. This guide is
a very good start to securing your computer against spyware and viruses but there is no
way I could tell you how to detect and remove all forms of spyware or viruses in a single
guide. What I can do, however, is give you some of the best resources available. These
are resources the Information Technology (IT) professionals trust and use for their own
problems. Most of them are referred to in other chapters of this guide, mainly Chapter 7
on Removal Tools. I’ve listed them in alphabetical order.

BugMeNot.Com
http://www.bugmenot.com/

Some web sites require you to sign up for an account before you can access their
information or services. They require you to give them an email address and some other
information. Then they sell your email address to other companies. Before you know it
you are getting so much spam email you can’t even access you email address anymore.
BugMeNot.Com is a place where people share generic username and accounts for
website that require you to register. If you are trying to access some information on a

19
website and they require you to sign up for an account, try going to BugMeNot.com
before you sign up. Enter in the URL of the website and see if someone else already
signed up for that website. Then use their generic username and password. Another great
thing to do is to sign up for a free email account at hotmail.com and use it, instead of
your real email address when you have to fill out forms online. Remember, the best way
to protect your email box from spam is to not give out your personal email address to
businesses. It pays to have two accounts, one for family and friends and one for
correspondence with potential spammers.

Download.Com sponsored by C-Net

http://www.download.com

This website has been around for many, many years. It is owned and operated by C-Net.
They are a reputable company. They offer virus free downloads of software. The
software is usually freeware or shareware. Freeware is free software offered by the
software developer. Even though the software is free there are some restrictions placed on
it by the developer. For example, some developers offer their software free to home
users but require companies to buy it. Shareware is usually free to try for a short period
of time, but requires the user to purchase a license when the trial period is up. Nagware
is like Shareware but the trail period doesn’t expire. Instead, a pop-up window will open
when the software is being used to remind you to purchase a license if you like the
software.

Google.Com
http://www.google.com

Aside from being one of the best search engines available today, Google offers two very
important tools for combating spyware and viruses. The first is the Google toolbar,
which can be downloaded for free from: http://toolbar.google.com/. The toolbar has a

20
built in pop-up blocker. This pop-up blocker is easy to use and is very effective. The
install is very easy. There is only one thing to remember. When installing the pop-up
blocker, select “Disable advance features” to prevent the toolbar from sending
anonymous information to Google. The second tool is the Google Groups. The groups
provide a forum for users to find answers to questions they have or to ask questions that
an answer has not already been established for. The questions and answers are archived
into a searchable database. Google Groups is very useful when your firewall notifies you
of a file that is trying to access the Internet, as described in Chapter 5, Network Security
and Firewalls. If you want to know what a file does because you think it might be a virus
or spyware do this:

1) Go to www.google.com,
2) click on the groups link
3) type in the name of the file in the search box
4) click “Google Search”.

You should see many conversation threads to choose from. Click on one that looks
promising to open it. Then click on “View Complete Thread” to see the question and all
of the replies. This is a lot like fishing for answers. Sometimes you get a really good bite
and land a big one, sometimes you don’t get anything good at all. The thing that I like
most about the Google Groups is this; it is not limited to computers. You can look up
almost anything in the news groups and get testimonials from other consumers. It is a
very good idea to research major purchases in the Google Groups before making them.
Try it.

GriSoft.Com
http://www.grisoft.com

GriSoft.Com offers free Anti-Virus software for home users. Their free anti-virus
software works well. It can also be configured for automatic updates for free, which

21
means you do not have to manually download the virus definition file every week. See
Chapter 6 on Anti-Virus Software for more details.

McAfee
http://us.mcafee.com/

McAfee’s website is a wonderful resource to use when researching viruses. If you know
the name of a virus you can find information about it in McAfee’s Virus Information
Library. This library has detailed information on viruses. The Library may even contain
information on how the virus infects a computer and instructions for removing it. You
can download some useful tools from McAfee’s website as well. McAfee has created
files which target specific viruses and removes them. These files are called Stingers. We
will discuss them in more detail in Chapter 6 on Antivirus Software. We will also discuss
virus definition files, SuperDats, which can be downloaded for free at:
http://download.mcafee.com/updates/superDat.asp . Be sure to scroll down to the bottom
half of the screen. Look for the download button at the bottom of the screen. Ignore any
links asking you to pay a subscription fee. The SDAT is free but they try to sell you a
subscription to their automatic upgrade service on the same page.

Microsoft’s Support Website

http://support.microsoft.com

Microsoft’s website is enormous and can be difficult to navigate if you are not entirely
sure what you are looking for. I recommend starting with their support website
http://support.microsoft.com first for most information unless you simply want to
download updates for your computer. The Windows Updates are very easy to find on
www.microsoft.com. The Microsoft support site has a searchable knowledge base,
information about available updates, and customer service links.

22
Panda Soft Removal Tools
http://www.pandasoftware.es/library/pqremove_en.htm

Panda Soft is another company which provides reputable anti-virus and removal tools.
They have a shareware version of their antivirus program as well. Their removal tools
can be found at www.pandasoftware.com/download/utilities/ .

Symantec
http://www.symantec.com/index.html

McAfee and Symantec are competitors so they offer a lot of the same services.
Symantec’s website has a database of know viruses, their descriptions, and how to
remove them. They also offer a list of virus removal tools for specific viruses. If you
have a virus on your computer you can go to Symantec’s tools website
http://securityresponse.symantec.com/avcenter/tools.list.html and see if there is a removal
tool for it. If Symantec does not have a removal tool listed for the virus try McAffee’s
website. Symantec also offers free downloads of their virus definition file at
http://securityresponse.symantec.com/avcenter/download/pages/US-N95.html. Again,
ignore any links requesting you sign up for a subscription, unless you want one of course.

23
Network Security

24
 Chapter 5 - Network Security and Firewalls

Network security is essential in a comprehensive approach to protecting your computer

from intrusion by a hacker or a worm virus. There are two main components of network
security; a router and a firewall. If you are using a cable modem or DSL, your best
protection from outside attacks is a router. If you are using dialup, you are safe from this
kind of attack due to the process used by dialup networks to access the Internet and a
router is not necessary. If a worm virus does manage to infect your computer, through a
dialup or high speed connection, because an email containing it was accidentally opened,
you can prevent the worm from accessing the internet and downloading more viruses by
installing a firewall. The firewall will also alert you if a virus tries to access the internet.
This chapter will help you understand how routers and firewalls work and how to use
them with your computer. Some of this information may seem complicated. You do not
have to understand all of the technical aspects. My goal is to help you see that, without a
doubt, a router and firewall are two of the most important tools in computer protection.

Routers

Before I can tell you how a router protects your computer I must first tell you some basic
information about what a router is and how it works. Every computer on the internet has
a unique Internet Protocol (IP) address. The IP address is assigned to your computer
when you sign up for Internet access. It is like a mailing address for your computer.
Routers use the IP address to identify all of the computers connected to the internet.
When one computer wants to send information to another computer the routers use the
final destination IP addresses to route the information. Each individual router is
connected to multiple routers. The router has a spread sheet called a route table. Routers
use this table to decide which router to route the information to. For example, if your
computer wanted to send information to a computer in Seattle if may have to cross 15

25
routers. Each router that receives the information would examine the final destination IP
Address, look at the routing table, and forward the information onto the next router until
the information reaches its destination. Each stop is sort of a “connecting flight” as the
information flies from your computer to the final destination. The simplified purpose of
a router is to send information from point A to point B.

As described later, routers can be separated into two categories; an Internet Router and a
Private Router. We will focus on private routers. These are the routers a user can buy in
a computer store to protect a home or office computer from hackers and viruses.

This is picture of the back of a private router:

Internal Ports External Port Power cord

LAN WAN

Routers have internal ports and one external port. The internal ports are labeled LAN,
which is an acronym for Local Area Network. The external port is labeled WAN, which
is an acronym for Wide Area Network. The WAN port is also called the external
interface because it is connected to your cable modem with a network cable. The LAN
ports are called the internal interface because they connect to your computer(s). When
your computer makes a request for information from the Internet it is forwarded to the
router. The router forwards the request to the cable modem, which then forwards the
request to an Internet Router and away it goes across the Internet. The response is sent
back to your cable modem. The cable modem forwards the response to your private
router. Your private router forwards the reply to the computer that made the request. The
router uses Network Address Translation (NAT) to keep track of the requesting computer
so it knows which computer to give the reply to.

26
A simple description of an actual information request:
You are on the Internet and want to go to the Microsoft website. You type in
www.microsoft.com in your Internet address bar. The request goes from your computer
to your router. Your router looks up the IP address of Microsoft on its route table. It
then sends the request, through all the other router stops along the way, to Microsoft’s IP
address. Microsoft receives the request and replies by sending the website back to the
sender (your IP address). Your router receives the information and uses Network
Address Translation to recognize that it is the response to your request for the website.
The router then sends the website to your cable modem and to your computer screen.

Typical Cable Modem Setup with no router:

Cable Outlet Desktop Computer

Cable Modem
(Back and Front)

27
Cable Modem setup with Router:

Router

Cable Outlet WAN

LAN
Cable Modem
(Back and Front)

Desktop Computers

Another benefit of having a router is being able to share your internet connection with
multiple computers. You can connect 4 computers to the internet with a 4 port router.

Importance of a using a Router

Now that you know the concept behind a router we can discuss the importance of using a
router. If a hacker or a worm wanted to attack your computer they would direct their
attack at your computer’s IP address. Remember, your computer’s IP address is its
unique identifier on the network. Without a router, a hacker could, for example, try to
establish a telnet session with you computer. A telnet session enables a hacker to control
what your computer does on the Internet without physically using your computer. To do
so he would type in telnet <your IP address>. His requests would be forwarded from
router to router until it reached your computer. If that specific telnet port that he typed in
was open on your computer the hacker would have an access point into your system. The

28
hacker could run through all of the available telnet ports on your computer until he finds
one open. That open port is his door into your computer. Without a router, this would be
a relatively easy task for a hacker. Each computer has thousands of individual ports.
You will learn in this chapter how to hide all of the ports on your computer so a hacker
will not even know they exist, therefore he will be unable to access your computer.

Worm viruses are similar but they are more systematic. They do not attack a single IP
address but rather a range of IP addresses. For example a worm virus would scan all
computers with an IP address starting with 68.x.x.x. If your computer’s IP address
started with 68.x.x.x. the virus would scan your computer’s ports and try to infect it
through any open ports. The common thread between the hacker and a virus is this; they
must have your computer’s IP address to attack it.

Remember, the Internet routers use your IP address to route information from the hacker
or the virus to your computer. What if we could stop the Internet router from doing this?
Wouldn’t it make it impossible for a hacker to attack your computer’s IP address if the
Internet routers did not forward the attacks? Yes, it would. This is how it works.

As mentioned above, the routers on the Internet use routing tables to determine the next
router to send traffic to, but there is a catch. If the final destination IP address is
designated as a private IP address, the Internet router will not forward the information.
The information is discarded instead. The governing body of the Internet decided to
establish private IP addresses for companies to use on their internal networks. Home
computer users may also use private IP addresses. These reserved IP addresses are added
to every Internet router’s routing table and designated as private or non-routable. When
information or an attack is destined for a non-routable address it is discarded. These are
the non routable IP addresses company and individuals can use on their private networks:

Class A 10.0.0.0 – 10.255.255.255

Class B 172.16.0.0 – 172.31.255.255
Class C 192.168.0.0 – 192.168.255.255

29
Class C addresses are the most common. My home computer runs on 192.168.0.2. My
wife’s computer is 192.168.0.3. Our router’s internal interface is 192.168.0.1. All three
of these addresses are non-routable addresses. This means that even though I have told
everyone who reads this guide what my home IP addresses are, no one on the Internet can
connect to my computer, my wife’s computer or my routers internal interface. They are
protected.

How do I get a non routable IP address onto my machine? And why is it I can still
use the internet if information and attacks are discarded?

Those are both very good questions. Let me start by making a distinction between an
Internet Router and a Router you can buy at a computer store. An Internet Router is
configured by a network engineer to function on the Internet. The network engineer,
abiding by standard Internet protocol, programs the router to discard information destined
for the non-routable addresses. A router you buy at the store will not be programmed to
do this. I will refer to these routers as private routers.

Viruses are designed to attack computers not private routers. The LAN ports of a
private router, the ports that connect the router to the computer, have a separate IP
address for each port. These are the private IP addresses. By virtue of connecting your
computer to a router, you have established a private and non-routable IP address. Private
routers will not let someone from the Internet administer (break into) them. Information
and attacks on your computer are discarded immediately because the destination IP
address belongs to a private router. However, you can still use the Internet because each
website you go to and the links you click on are a request made by your computer. The
incoming information is a reply to your request and therefore allowed to pass to your
private IP address without being discarded.

Again, without a router, any incoming information can pass to your computer, including
viruses and programs sent by hackers to gain access to your programs and files.

30
Undeniable Evidence

I connected a test computer on the internet without a router and scanned its ports using a
popular internet port scanning utility called Shields Up. Then I put the same computer
behind a router and ran the test again. If you would like to try this on your computer go to
http://www.grc.com/x/ne.dll?rh1dkyd2 , or search for “shields up” at www.google.com.
This program scans the first 1024 ports (considered the “well known ports”) and tells you
if they are open, closed, or in stealth mode. The designer of this program uses the term
stealth to describe ports that do not respond to a probe. “Stealth” is the most desirable
status to have because a hacker cannot attack a port they cannot see. “Closed” is the
second most desirable status to have because a hacker would have to work at getting
access to it. Open is the least desirable because a hacker could use this port to infect the
computer with viruses and access data on the computer.

31
Ports #’s

1025

You can see that without a router only 9 of the ports were hidden from potential threat
leaving the majority of the ports vulnerable to attack. The test computer even had a port
open. See the red dot on port 1025.

32
 113

You can see that with a router all but one port is hidden. Even though port 113 is visible
it is still in the closed status. Just by connecting your computer to a router you have
protected every port a virus or hacker could use to gain access to your computer.
The stealth status will make it nearly impossible for the security of your computer to be
compromised. The closed status of port 113 will make it very difficult for a virus or
hacker to get into your computer, but it is still possible. You can hide port 113 by setting
up a rule to forward incoming traffic on port 113 to a non existing computer, say
192.168.111.111. Just make sure none of your computers have that address. The steps to
do this are a little different from router to router so check the instruction booklet or online

33
help files for your specific router. I created a rule on the router to forward all incoming
traffic on port 113 to 192.168.111.111.

This is what it looked like:

Since I do not have a computer with that IP address in my home any requests sent there
will not be answered, thus hiding the port. Here is another port scan on the test computer
showing all port as hidden.

34
My computer is completely hidden and protected from hackers and worms trying to
infiltrate my computer from the Internet. The router does not protect against viruses
embedded in websites that you visit or viruses embedded in emails that you open.
You still need routine system updates and anti-virus to protect your computer from
these threats.

35
When you go into a computer store to buy a router keep it simple. You do not need a lot
of fancy bells and whistles. Network Address Translation (NAT) is what protects your
computer. All routers use NAT so get the cheapest router they have. Do not get
distracted by terms like VPN, Firewall, QoS protection, etc. What you want is an
inexpensive router with 1 WAN port and 4 or more LAN ports. Do not get a switch or a
hub. Switches and hubs do not use NAT and therefore do not offer the same protection as
a router. Switches and Hub do not have WAN ports either. This might help you make
sure you get a router. If you decide to get a wireless router that is fine but remember this;
wireless routers can be accessed from your drive way by someone with a laptop if they
are not configured properly. If you get a wireless router make sure you follow the
manufacturer’s instructions for setting up WEP, SSID’s and DHCP restrictions.
You will be able to set up password protection and other encryption protection. The
wireless router will still use NAT, so it offers the same protection as a wired router from
internet based attacks.

I cannot stress enough that a router is absolutely essential to protecting your home
or business computer. They are relatively inexpensive (around $50) but the security
that they provide for your computer and ultimately you and your family is priceless.

Firewalls

A firewall is software that you install that will notify you when a program from your tries
to access the Internet from your computer’s IP address. As mentioned in Chapter 2, Five
Levels of Protection, the information provided by the firewall pop-up window gives you
the ability to look up the program on www.google.com and determine if the program is a
virus or spyware. Many viruses and spyware programs have names that sound legitimate.
This is how they get so many users to open them or allow them to access the Internet
through their computer. If you look up the program name and find out that it is not a
legitimate program the firewall gives you the ability to block the program from doing

36
anything until you can scan your computer with a removal tool (Chapter 7). If you know
the IP address of the server the virus or spyware is trying to respond to from your
computer, you can setup a rule on the firewall to block all traffic to that IP address. This
will reduce the chance of your computer becoming infected in the future. Instructions for
setting up a rule can be found through your firewall provider.

Below is an example of how a firewall actually works. The firewall I am going to use is
called Sygate Personal Firewall, Version 5.5. This firewall is available for free to home
users. You can download it from www.download.com. Simply search for it by name.

Let’s pretend I checked my email and was in the middle of writing a reply to someone
when this window popped up on my screen.

Easy Antivirus isn’t a program I use and I don’t recognize EasyAV.exe but maybe it is
part of my anti-virus program. It looks suspicious so I write the name of the program
down and tell my Firewall to deny EasyAV.exe from accessing the Internet by putting a
check in front of “Remember my answer…” and hitting the No button. I want to know
what this program is so I know if I it is something my computer actually uses or if it is a
virus or spyware. I go to one of the online resources from chapter 4. I almost always
start with the Google newsgroups. I go to www.google.com, click on the “Groups” link
and type in my search of “EasyAV.exe”. Always search for the exact filename first. You
will have more success. It is a good thing I checked because the program is a virus that

37
somehow got into my computer. Look at this conversation thread from the Google
Groups:

From: Trish
To: microsoft.public.windowsxp.general group

Does anyone know what EasyAV.exe is? It is not working

properly on my computer and is not allowing me to access
the web. When I took off the task manager I am able to
access the internet. Should I delete it from my system?
Thanks for any advice.
Trish W

From: Richard
To: Trish

Trish,

IT A VIRUS! RUN A SCAN ASAP!!!

Go to :http://www.sonicwall.com/alert/W32Netsky_s.html

This will tell you about the virus and how to get rid of it.

I don’t know who Trish or Richard are but I want to thank them because their postings in
the Google newsgroups gave me answers I needed. I now know EasyAV.exe is a virus
and I know where to go get removal instructions. This is a perfect example of how
Google Groups can save you time and money. I also want to thank my firewall because it
alerted me of a new program trying to access the Internet. It even told me the name of
the executable file (easyav.exe). 99.9% of the time, if you know the name of the
executable file, identifying the virus or spyware program is easy. This is the beauty of
firewalls and why they are so nice to have installed. It will take a little work to get your
38
firewall configured properly. The very first time a program tries to access the internet
your firewall will ask you if it is okay. If you have 5 programs that legitimately need to
do this, such as Internet Explorer, Microsoft Money, Turbo Tax, Outlook Express or
Outlook you have to tell your firewall to always allow access to the internet for these
programs at least once for each program. Believe me when I tell you it is worth it. Some
viruses cannot fully infect a computer if they cannot access the internet. This is because
only half of the virus is installed from the infected email. That half is designed to
download the second half from the Internet but if your firewall blocks the program from
accessing the Internet, the virus cannot be fully installed. This makes the virus easier to
remove and makes it impossible for it to replicate to other computers on the Internet.

What about spyware?

A firewall will also help protect your computer from spyware. It is similar to virus
protection but gets into the more advanced features of the firewall. Let’s pretend I am
surfing the web when I get this pop up from my firewall:

I have no idea what s13ds.d8t.biz is and it looks suspicious. We should research this
website before allowing our browser to access it. After doing some research, again in
Google Groups, I find out that my computer is infected with spyware. I must have
clicked on something that installed it the last time I accessed the internet. This particular
spyware program is a browser hijacker. This means that no matter what I set my

39
homepage to, the next time I open Internet Explorer to get online the homepage will
become s13ds.d8t.biz. This is what the page looks like:

Spyware programs want you to browse only their websites so they can generate traffic for
their sponsors. They also do this because their creators want you to buy their products
from their websites. I traced this particular spyware program to Russia using the
“WhoIs?” Feature in the Firewall program.

40
Here is a screen shot of the results:

The nice thing about this feature is that it gives you the range of IP addresses assigned to
the owners of the website. See where it says inetnum: 195.190.118.0 – 195.190.118.255.
All I have to do is setup a rule on my firewall to block all traffic to that specific range

I open my firewall program and go into Advanced Rule Settings. On the “General” tab I
have selected “Block this traffic;” for “all network interfaces.” On the “Hosts” tab I have
inputted the IP range of the Russian Spyware Web servers.

41
42
The Rule Summary in the block at the bottom confirms I have blocked all traffic, both
incoming and outgoing, to those IP addresses. Now I can scan my computer using one of
the removal tools describe in Chapter 7 to remove the spyware. I know this particular
spyware program will not be able to infect my computer again, thanks to the new rule I
added to my firewall.

The default settings that come with firewalls are adequate for the general computer user.
It will display the pop-ups for programs (including both viruses and spyware) that are
trying to access the Internet and give you the choice of allowing it or not. It will give you
the information you need to find out what the program is so that you can clean or remove
it if necessary. If you are interested in any of the Advanced Rule Settings like the one
above, your firewall tech support will be able to help you.

Windows XP’s Firewall

Windows XP has a built in firewall you can enable in the network properties. It is
basically a simple on or off firewall. You can use a different firewall program if you
want more choices. Follow these steps.

To enable or disable Internet Connection Firewall

1. Open Network Connections from the control panel

2. Right Click on Internet connection
3. Click on Properties
4. Go to the Advanced tab
5. Enable Internet Connection Firewall (ICF) by putting a check in front of “Protect
my computer and network by limiting or preventing access to this computer
from the Internet.
6. Click on the “Learn More about Internet Connection Firewall” for more
details.

43
NOTE: A firewall should be used in addition to your router but should not be used
instead of a router. No software firewall can match the protection of a hardware router.
Remember a hardware router makes your computer untouchable from the Internet by
giving it a non routable IP address.

44
Anti-Virus

45
 Chapter 6 - Anti-Virus

Anti-Virus programs protect your computer from viruses. They consist of two major
components, the Anti-Virus Engine and the Virus Definition File.

The Anti-Virus Engine

The engine of the anti-virus program is loaded into memory as a service and actually
powers the anti-virus program. It runs in the background and scans every program or file
you access. It compares the signatures of the files to those in the Virus Definition File. If
the signature of the file you are opening matches one of the virus signatures in the
definition file an alert will pop up on your screen. The alerts look different from program
to program but the options are basically the same. It will tell you which file is infected,
what virus has infected it and what options you have. The most common options are
clean the infected file, delete the infected file or disable it (also called inoculate or
quarantine.) It is safest to delete the infected file if you have a backup copy you can use.
If you do not have a back up, try to clean it. It is a good idea to do a full system scan
after a virus is found. Also look up the virus in McAfee’s Virus Library or in the Google
Groups just to get an idea of where it came from, how to get rid of it, and how to make
sure it is gone. The link for McAfee’s Library can be found in the Chapter 4, Online
Resources.

The engine usually has a version number or name attached to it. These differ from
company to company. The engine is usually updated every year or two when a new
version is released. You do not have to update your anti-virus engine every time a new
version comes out. The virus definition file is very different though.

46
The Virus Definition File

The Virus Definition File, referred to as Super Dat or SDAT for short, is a large database
file. It contains the signatures for all 57000+ viruses in existence. The Anti-Virus Engine
uses the Virus Definition File to determine if a file you opened is infected with one of the
viruses listed in the definition file. Because new viruses are being created everyday the
Virus Definition File needs to be updated constantly. Some anti-virus programs like
Symantec (maker of Norton Anti-Virus) and McAfee offer a subscription service to their
Virus Definition Files. If you have Symantec or McAfee the subscription service will
automatically update the Virus Definition File for you on a scheduled basis. If you do
not want to pay for the subscription service you can download the Virus Definition Files
manually. The virus definition file must be the one from the developer of the anti-virus
program (engine) you have. McAfee’s definition file only works with McAfee’s engine
and Symantec’s definition file only works with Symantec’s engine.

McAfee’s Virus Definition File

Simply go to http://download.mcafee.com/us/updates/superDat.asp

Scroll down on the site until you see this:

Click on the download button to download and install the latest version of the virus
definition file. If you are going to do this manually, do it often, about once a week.

47
Symantec’s Virus Definition File

Symantec also offers free downloads of their virus definition file at:
http://securityresponse.symantec.com/avcenter/download/pages/US-N95.html. Again,
ignore any links requesting you sign up for a subscription, unless you want one of course.

Free Anti-Virus

Some new computers come with Symantec’s Norton Anti-Virus or McAfee already
installed. If you do not already have one of those products you can purchase it from a
computer store or online. Or you can download a free anti-virus program from GriSoft.
It is a good program and allows you to schedule the Virus Definition File updates for free
too. Please note this program is free to home users only, not companies. They do offer a
version for company to buy. The free version can be found at
http://free.grisoft.com/freeweb.php/doc/2/.

Here are the highlights of the GriSoft Anti Virus Software:

• Automatic update functionality

• The AVG Resident Shield, which provides real-time protection as files are opened
and programs are run
• The AVG E-mail Scanner, which protects your e-mail
• The AVG On-Demand Scanner, which allows the user to perform scheduled and
manual tests
• Free Virus Database Updates for the lifetime of the product
• AVG Virus Vault for safe handling of infected files
• Great customer satisfaction!

48
A Real Virus Infection

I purposely infected my test machine with a virus to see if AVG would detect it and
remove it. This was very easy to do. I simply connected my machine to the Internet
without a router or anti-virus program running and started browsing. After a couple
hours my homepage started to reset itself to this:

I would reset my homepage to www.msn.com, close Internet Explorer, open it and end at
this web page. Okay, that is a pretty good indication I infected my computer with
something. I installed Grisoft’s AVG and within minutes received this pop warning:

49
The AVG Anti-virus program, like all AV programs, has a resident scanner, which is
loaded into memory when the computer is started. This scanner, aptly named AVG
Resident, will scan all the files your computer tries to open or run. If the file is infected
with one of the viruses identified by the virus definition file the anti-virus program will
notify the user. We can see from the pop up that mshphd.dll is infected with a Trojan
horse virus called BackDoor.Agent.BA. It also tells me to run AVG for Windows to
remove it. This is screen shot of the AVG scan finding the virus and alerting me:

50
It is a little difficult to see in the screen shot but my options for dealing with this virus are
move to vault, move all viruses to the vault, ignore this virus and display virus
information. Anti-virus programs are able to remove most viruses but sometimes you
have to get a specialized tool to remove a specific virus. These tools are discussed in the
chapter on Removal Tools.

Hoaxes

You might receive an email from a friend telling you about a virus you might have. The
email will ask you to look for a specific file on your computer and remove it. This is
known as a virus hoax. The file you are asked to locate is actually a valid windows file.
The two most popular versions of this hoax ask you to look for jdbgmgr.exe or

51
sulfnbk.exe. Both of these files are valid windows files and should not be removed. If
someone emails you a filename and instructions to remove it, do not do it. Go to
McAfee’s Virus Library or Google Groups first and make sure the file they mention is
not a valid windows file. It is possible to do more damage than a virus if you delete a file
on your computer because someone gave some bad advice.

Hoaxes
Chain Letters - Phony Virus Alerts

You might receive an email from a friend telling you about a virus you might
have. They’ll ask you to look for a specific file on your computer and remove it. This is
known as a virus hoax. The file you are asked to locate is actually a valid windows file.
The two most popular versions of this hoax ask you to look for jdbgmgr.exe or
sulfnbk.exe. Both of these files are valid windows files and should not be removed. If
someone emails you a filename and instructions to remove it, do not do it. Go to
McAfee’s Virus Library or Google Groups first and make sure the file they mention is
not a valid windows file. It is possible to do more damage than a virus if you delete a file
on your computer because someone gave some bad advice.

VMyths.com
http://www.vmyths.com

Learn about computer virus myths, hoaxes, urban legends, hysteria, and the implications if
you believe in them. You can also search a list of computer virus hoaxes & virus hysteria from A
to Z.

Hoax Busters
http://hoaxbusters.ciac.org/HoaxBustersHome.html

A Little Girl Dying

http://hoaxbusters.ciac.org/HBSympathy.shtml#girldying

Here is an example of a chain letter that preys on the sympathy of others. It is a hoax
because what it claims is impossible. How can the American Cancer Society possibly

52
know who you sent this to so they can donate 3 cents? Also, you donate to the Cancer
Society, not the other way around.

Actual Hoax Email:

You guys..... this isn't a chain letter, but a choice for all of us
to save a little girl that's going to die of a serious and fatal form of cancer. Please send
this to everyone you know...or don't know at that. This little girl has 6 months left to live
her life, and as her last wish, she wanted to send a chain letter telling everyone to live
their life to fullest, since she never will. She'll never make it to prom, graduate from high
school, or get married and have a family of her own. By you sending this to as many
people as possible, you can give her and her family a little hope, because with every
name that this is sent to, the American Cancer Society will donate 3 cents per name to her
treatment and recovery plan. One guy sent this to 500 people!!!! So, I know that we can
send it to at least 5 or 6. Come on you guys.... and if you're too selfish to waste 10-15
minutes and scrolling this and forwarding it to EVERYONE, just think it could be you
one day....and it's not even your $money$, just your time. Please help this little girl out
guys, I know you can do it!! I love you guys!

American Cancer Society's comments about the Hoax

http://www.cancer.org/docroot/nws/content/nws_2_1x_giving_wisely.asp

Another hoax uses a chain letter claiming the American Cancer Society (ACS) will
donate three cents to cancer research for every letter forwarded to someone else. The
ACS has no connection to the letter and regrets people are fooled into thinking they are
helping the organization by perpetuating this e-mail message.

Email Spoofing

53
Email spoofing occurs when a virus replicates from one computer to another using a
random email address from the address book as the sender. Viruses can and often do use
someone’s email address that the receiver knows as the sender when replicating
themselves. This is what happens. Joe is friends with Sally and Mike. Joe has both of
their names in his address book. Joe’s computer gets infected with a virus. The virus
sends Mike a copy of itself and uses Sally’s address as the sender, even though Sally is
not infected. Mike gets the virus and thinks Sally’s computer is the infected computer
that sent him the virus.

54
Removal Tools

55
 Chapter 7 - Removal Tools

Once you find out that your computer is infected with spyware or a virus it is important
to remove it to prevent further damage.

Virus Removal Tools

Viruses today are very complex. The removal tools that come with the anti-virus
program you use may not be able to completely remove a virus. In these situations you
can look for a removal tool custom tailored for a specific virus. McAfee has an
aggressive virus removal tool called a Stinger. You can download the Stinger from:

McAfee’s Removal Tools (STINGER)

http://Vil.nai.com/vil/stinger/

Note: Sometimes you have to run the Stinger from Safe Mode for it to work. This is
because viruses will not be loaded into memory in Safe Mode, making them easier for the
Stinger to get rid of.

To get to Safe Mode, watch your computer start up. It will usually display a screen for a
few seconds that tells you to press F8 to go to Safe Mode or press the left CTRL button
and F8 during start up.

56
If McAffee’s Stinger utility does not remove the virus you have, you can look for more
specific removal tools from Symantec and Panda Software at:

Symantec’s Removal Tools

Securityresponse.symantec.com/avcenter/tools.list.html

Panda Soft Removal\Repair Tools

www.pandasoftware.com/download/utilities/

Spyware Removal Tools

Spyware comes in many forms; data miners, aggressive advertising (pop-ups), parasites,
Scumware, Trojan programs, dialers, mailware, browser hijackers, and tacking
components.

There are several programs you can download for free from www.download.com to
remove spyware; Ad-Aware SE is the best. I will show you how get and use Ad -ware
SE.

Ad-Aware SE is very similar to an anti-virus program because it has a scanning engine

and a reference file. The reference file is similar to a Virus Definition File. The
reference file contains all of the signatures of known spyware programs. New spyware
programs are coming out everyday so it is important to use the most up to date reference
file when scanning your computer. Ad-Aware will let you check for updated reference
files before starting the scan.

To get Ad-Aware go to www.download.com and search for “Ad-Aware.” You should see
these two among the first options:

57
The first option “Ad-aware SE Personal” is the full program. The second option is just
the reference file. The program will automatically update the reference file the first time
you install it. If you are downloading this to a CD or memory stick to be used on a
computer that cannot access the internet, download the reference file as well. The
installation is very easy and when you are done you should have a screen like this:

Every time you run Ad-Aware click on the “check for updates now” link before doing
any actual scans. This way you can be sure to have the most up to date reference file

58
every time you run it. Ad Aware is a passive scanner. This means you have to manually
open Ad Aware and run scans to remove Spyware. Ad Aware has a component called
Ad Watcher. This component is an active scanner. The active scanner is a more
proactive approach to spyware protection but you have to pay for it. The Ad Watcher
monitors specific areas of your registry and alerts you if a program is trying to change
your webpage or other internet settings. It’s almost like a firewall for your Registry. It
will tell you which program is trying to change you internet settings and ask you if you
want to allow or deny the changes. Almost always you will want to deny them, unless
you are trying to change your homepage.

Cool Web Shredder

This is one spyware program so evil that computer technicians get cold chills when they
here it’s name, Cool Web Search. This program is so difficult to get rid of that a
computer programmer has made it his mission to create a removal tool to get rid of it.
For years it has been a battle between the developer of Cool Web Search and the
developer of the Cool Web Shredder also known as CWShredder. The developer of Cool
Web Search is making it more and more difficult to remove and the developer of
CWShredder is making the shredder more and more aggressive. This is good new for us.
If you get infected with a spyware program and cannot get rid of it, CWShredder may be
your answer. Spyware programs all attack the same files and registry keys, so all of them
are similar in design and removal. This means CWShredder will remove Cool Web
Search and other hard to remove spyware programs. CWShredder can be downloaded for
free from www.download.com.

59
 Conclusion

You have read through a lot of information but I hope I have shown you why it is so
important to completely secure your computer. The Internet is constantly progressing
creating new vulnerabilities for all computer users. The examples in this guide are very
real and have affected thousands of people. The few hours and minimal costs are well
worth it to protect yourself, your family, and everything you have worked for. Using the
five tools of S.O.N.A.R. will give you peace of mind and security when you are using
your computer. Remember, though, that no matter how fancy your hardware and
software is, using safe computing techniques, such as not opening unexpected files
attached to emails, is the first step of protection. Thank you for reading this guide and I
hope it has been helpful to you. Do not be afraid to use your computer for all of its
abilities. It is amazing technology.

60
 Definitions

Cookie
A piece if information sent by a Web server to a user’s computer. The information is
stored on the user’s computer as a text file and can be accessed by the originating Web
server at a future time.

Firewall
A hardware and software package that forms a barrier between a computer or network
inside a company or home and those outside of it. It filters all information entering or
exiting the computer, preventing unwanted data from passing through.

Internet Protocol (IP)

The method by which information is sent from one location to another on the Internet. A
unique identifier (address) that is assigned to each computer connected to the Internet.

Internet Provider
A company that provides Internet service. Internet Providers include AOL, Earthlink,
Juno, etc.

Operating System
The program that runs all other hardware and software on a computer, including basic
computer functions such as recognizing keyboard input, sending displays to the screen,
and keeping track of files and directories. The main operating systems are Microsoft
Windows, Mac, and Linux.

Ports
The final part of the destination address for all Internet information (in addition to the IP
address). In hardware, a port is the connection point between devices.

61
Network Address Translation
Interprets information sent between two networks. Enables a router to transfer
information between its internal interface (private side) and external interface (public
side) and vice versa.

Router
A device that directs information to the next point along the route to the final destination.
It is connected to a minimum of two networks and determines which way to send
information and what route to take to get it there.

Security Holes
Bugs or flaws in a program that makes it vulnerable to outside attacks.

Service Pack
A group of updates and patches created over a certain time frame. A cumulative update
that includes the updates from any prior service packs.

Server
A computer or software that shares its resources with other computers, usually through a
local area network. For example, a Web server would store all files related to a Web site
and perform all work necessary for hosting the Web site.

Signatures
The binary pattern of a virus. It can be used to detect and identify a specific virus.

Telnet Session
Connects your computer to a server on the network. Commands can be entered through
the telnet program and they will be executed as if they were entered directly into the
server. Enables you to remotely control the server.

Virus Definition File

62
A file that contains the signatures of known viruses. Also known as a SuperDAT File.
Must be updated daily or weekly for adequate virus protection.

Wireless Network Card

Allows users to share an Internet connection without additional cables or equipment.
Home users can set up a wireless LAN router (WLAN) in one room and can connect to it
from any computer with a wireless network card in any other room of the house. Special
security precautions must be taken if using a wireless connection. See Chapter 5.

63