Free tools to protect your PC from attack
15th Feb 2010 | 13:00
Secure your Wi-Fi, find keyloggers and more
How to secure your Wi-Fi
From a neighbour stealing your Wi-Fi bandwidth to a professional hacker using your hardware to attack a high-value target, hacking comes in many forms. We're going to look at common hacking scenarios and learn how to detect and deal with unauthorised activity.
The first reaction many people have to the possibility of their computer being hacked is one of disbelief. Who would bother, they ask, to hack a home server that's of limited interest to the world? In fact, it's this very obscurity that's so attractive to serious professional hackers.
They may not be interested in you as a target at all. Instead, your system is merely a stepping-stone towards launching an attack against a target of far higher value.
A large percentage of people who consider themselves hackers, however, are simply vandals. It's a sad fact of online life that some people actually believe they're teaching you a lesson in internet security by defacing your website, locking you out of your own accounts and otherwise creating unnecessary mayhem.
Activities that can be classed as hacking come in many forms. Your new neighbours might decide to hijack your insecure Wi-Fi network rather than pay to have their own broadband installed, for example. If you share a house with other people who you don't know that well, another member of the household could have installed snooping software to steal your identity.
In this tutorial, we're going to show you how to detect and recover from these and other common hacking incidents. First, let's take a look at a very useful system tool.
Examine your PC
There's nothing worse than suspecting that something untoward is happening on your computer but not being able to investigate properly. If you don't already use it as a substitute for the standard Task Manager, download and install Process Explorer. This program is very useful when you need to know exactly and instantly what's running on your system.
Once you've downloaded it, unpack Process Explorer (procexp.exe) from the zip file and place it in a suitable directory. Run the program and you'll see lots of information about every process running on your machine. You can also make Process Explorer start up instead of Task Manager when you hit [Ctrl]+ [Alt]+[Delete]. To do so, simply select 'Replace Task Manager' in the Options menu.
If you click the CPU column in Process Explorer, it will sort the list of processes by the amount of CPU time they use. This is very useful when you suspect there may be a rogue process taking up too much CPU time and slowing down your system.
Clicking the Process column header a couple of times produces an indented list showing the parentage of all processes. Your applications and other desktop programs are all under the Explorer process, whereas all the system processes are children of the System process – which is a child of the System Idle process.
Process Explorer makes it easy to drill down into an individual process to see what it's doing. Pick an application and doubleclick it. A new window will open. On the Image tab, click 'Verify'. Each process has a signature that Process Explorer will verify by contacting the vendor's site. The 'Verify' button is a quick way of ensuring that an application hasn't been infected by malware.
If there's a process you don't recognise, right-click on it and select 'Search Online...'. This opens a browser and searches the web for information about the process. If it's malicious, the results will soon tell you so.
Secure your Wi-Fi
Now let's examine a social problem that still catches out users of older Wi-Fi equipment. If your computer is switched off, yet the data lights on your Wi-Fi router are blinking away like mad, you should be suspicious.
If, in conjunction with this, you find that when you use the internet, your connection is slower than it used to be, you should assume the worst: someone in the vicinity is using your Wi-Fi connection.
Some people think it's OK to steal wireless bandwidth rather than buying their own. Some believe it's acceptable to do so for a few days while they wait for a provider to hook them up. The simplest way to lock out freeloaders is to access your Wi-Fi router's web interface and select 'WPA security'.
You'll have to consult the manual for your router to find out how to do this on your hardware. If your router and Wi-Fi network cards support WPA2 security, it's best to use this because it's stronger.
Some security consultants now also advise further deterring people looking to leech Wi-Fi by giving your network an unappealing name. Something like 'Unstable network' is good, but 'Infected network' may be a better option.
How to find keyloggers
If someone can gain physical access to your computer, they can install a keylogger to capture passwords and usernames. This may be a worry if you share a house with strangers, and students are particularly at risk.
Luckily, discovering if someone has sneaked into your machine is easy using a keylogger detector. One such program is the award-winning Online Armor by Tall Emu Software, which is available in both a free and a commercial version. The latter also contains antivirus protection, but you should already have such a package installed, updated and actively protecting you, so the free version will do.
Installation is as simple as repeatedly clicking 'Next'. However, when you come to the step of registering your email address, you can simply untick the associated tickbox and move on. Once installation is complete, run Online Armor and select the option to run the wizard, then click 'Next'.
This begins a scan that includes running processes, Start menu items, start-up objects and various important files. Once complete, OnlineArmor may tell you that some scanning categories need attention. Click 'Next' to see the programs on your PC that OnlineArmor doesn't recognise.
These are usually just applications that Online Armor doesn't have in its database, but check to see if there are any you didn't install. Highlight them and click the 'Block' button to ensure that they never run. It may be that they're simply bloatware installed by the manufacturer when the computer was commissioned. You can free up some space by uninstalling them later.
Clicking 'Next' shows a list of programs that start when you boot up your computer (called Autoruns). Hover your mouse pointer over each one to get more details. If there are any that you don't recognise, then run Process Explorer and double-click on the running process. The Image tab enables you to verify them and see details of their publisher.
Use Process Explorer's 'Search Online...' facility to get extra details about these processes. After all, it's not unheard of for keyloggers and rootkits to take the names of legitimate programs. If you see something you don't like the look of and there's no publisher information, go to www.processlibrary.com and enter its name. This should give you chapter and verse on what each process is.
If you believe there's anything dodgy about something you find, block it while you find more information. When you're done, click 'Next'. OnlineArmor will then display the list of IE extensions that it's found but doesn't recognise. You can use ProcessLibrary.com to check out their legitimacy.
When you're done, click 'Next'. The next page enables you to determine how OnlineArmor checks for updates and whether it's launched automatically at startup. Finally, click 'Next' again and decide whether you want to reboot the machine now to put the decisions you made in place.
When you next reboot, Online Armor will enter Learn mode for around two minutes while it learns what services and start-up programs should be running. Once complete, when anything tries to run on the computer, Online Armor will intercept it and ask if you want it to do so.
If someone has installed a keylogger or other piece of malware, Online Armor will pick it up, even if your antivirus software misses it.
Secure your website
If you run your own web server, watch out for malicious hackers. These people deface web pages, supposedly to let the owner know that they're insecure.
Some hackers replace carefully written web pages or blog entries with a single, stark page telling the whole world that the site has been hacked. Sometimes they even include a message letting you know that they've changed your admin password to 'secure' the site.
How did this happen? It was probably your password that let the hacker in. Despite the public's perception of hackers as malicious geniuses, this is the easiest way to gain unauthorised access to an online resource, and there are password-cracking programs online that will plough through a huge list of possibilities.
If your website exists on hosted space and the hacker has changed your password as punishment for using a weak one, you'll need to contact your hosting company and have it changed to let you back in. If your hosting company can restore your site from its backups, it's time to invoke that service. Otherwise, you'll have to reload everything by hand.
If you run your own web server and it's hacked, the hacker will probably have made a mess. You shouldn't trust the server because the hacker may have installed a rootkit to get back in. The first thing to do is unplug the machine from the internet. Next, format it and reinstall the operating system from scratch.
You'll then need to reinstall your web server software and any extension packages, applications and scripts. It's been said countless times, but making nightly backups is far easier.
First published in PC Plus Issue 291
Liked this? Then check out Who's hacking your PC?
Sign up for TechRadar's free Weird Week in Tech newsletter
Get the oddest tech stories of the week, plus the most popular news and reviews delivered straight to your inbox. Sign up at http://www.techradar.com/register