February 14, 2000

Stump the Geeks

Section: Connect
Edition: Final
Page: D6
Estimated Printed Pages: 4

Index Terms:
hi-tech
Letter

Article Type:Letter

Article Text:

Q. Being concerned about security, I purchased InternetAlert'99 from Bonzi.com software. This alerts and logs attacks on my computer. Well, I was more than surprised at the number of attacks and went to the site recommended to find out the identity of the intruder's ISP. Each time, no such address could be found.

I am presently on a phone line with modem, but plan to go a cable connection when available in my area. Should I disconnect from the cable access after each use? The number of attacks is disturbing, as well as the fact that they cannot be identified.

The attacks are coming through my Internet service provider's server, I presume. Can they prevent these attacks? This seems to be a more serious problem than many people realize, and serious harm could be caused if the attackers got into the computer.

Please advise.

Dudley B. Morrison

Apex

A. First, let me say that the danger that you may experience from people trying to exploit holes in your computer security is much, much less than that caused by systems and program crashes caused by a poorly written and poorly supported operating system. Think of this: How many hours have you lost to random system reboots of your computers while you were trying to create a document, balance a spreadsheet, or even find information on the Web? Countless, if you use your computer at all. In nearly 20 years of networked computer usage, I have not had a single file deleted by an intruder. I have had, to my knowledge, only a very few snatched. Further, the value of the information in those few, very few, files was of no consequence to anyone other than myself and perhaps one or two students.

Now think about how you use the Web and how you conduct business elsewhere. Do you send your credit card off into some eatery's kitchen with a poorly paid food service employee? Do you buy items online? In both cases, you are at risk but you are also insured.

However, there is some very intrusive behavior going on on the Web. No, it is not from a mysterious cracker blocking people from their inalienable right to consume, say, books in a timely manner. It is from a division of a net.company stalking you as you surf the Web, keeping an individualized record of your activities and using that information to target you for privacy invasion. It is from "personalized" advertising based on your activities. It is the complete and total transparency of your net.life - not to a few 1337 script-kiddies (read: "leet" or "elite" kids running commonly available security compromising programs) nor to vast international conspiracies, but to ethically amoral corporations that seek to coerce and shape your reading, seeking and shopping behavior - that is the greatest vulnerability that you are facing.

For how to protect yourself against such unprecedented invasions, see The Privacy Page www.privacy.org/ and the Center for Democracy and Technology www.cdt.org/ At the CDT, you have the opportunity to "opt out" of some advertising stalking software schemes as well as a great legislation tracking system www.cdt.org/legislation/106th/privacy/ that will allow you to keep up on privacy related bills in Congress.

Now let me speak directly to InternetAlert'99. It is a simple port watching program that reports when a packet is directed at a port in your computer without your request.

Each Internet function is related to a port. Port 80 is the port for WWW requests; port 23 for the telnet program; port 79 for the finger program. It is not unusual for someone who sees you in a chat room, for example, to use the finger program to see if you have a publicly accessible file on your system that tells more about you. When someone does make such a request, it shows up in your InternetAlert log. This does not mean that your computer is under attack - regardless of the icons used by the people at Bonzi.com. It does mean that a request was made of your computer that you did not expect. Unexpected requests may come from curious individuals or even from software robots looking for Web servers where they might index the contents for improved search-engine databases. True, an alert could mean that someone is attempting to exploit your computer, but if you are running a reliable and secure operating system and not accidentally sharing files with the world, you are in no danger.

Let me say again strongly: Despite what you hear from self-serving security specialists on National Public Radio, a probe is not an attack. In fact, a probe is not even necessarily anything more than an innocent mistake or an inquiring helpful robot.

Incidentally, InternetAlert'99 not only raises your blood pressure occasionally with "attack" reports; it also comes with a free gift. The gift is a very annoying animated parrot that "helps you surf by learning your habits" and directing you to the snap.com web site at every opportunity. I consider "Peedy, the Bonzi Buddy" much more of a danger to my peace of mind than any intrusion that I've seen in the log you forwarded me.

A word of caution about your cable modem neighborhood. Be sure that you follow the initial warnings and set up instructions from your cable service provider as you go online with your computer. Microsoft's notion of a "neighborhood" means that it is easy to share resources on your Local Area Network or LAN. Most LANs are isolated within your office or home, but the cable sets up a neighborhood-wide virtual-neighborhood network so that you may be sharing files and your printer with your actual next-door neighbors on the same local cable. This was more of a problem in early implementations of cable modems, but it is now well understood. Still, it would be wise to ask your cable provider about this directly and follow their recommendations.

Once you are online with your fast, reliable and safe connection, I recommend listening to Douglass Rushkoff's wise audio essay on the recent Internet Denial of Service Attacks: www.npr.org/ramfiles/atc/20000210.atc.16.ram

In summary, I would make some reasonable precautions whether I left my computer online for a few hours or permanently, but I would not consider turning my computer off as a security plan. Relax and enjoy your fast and permanent network connection.

Paul Jones

director of metalab

University of North Carolina at Chapel Hill

Copyright 2000 by The News & Observer Pub. Co.

Record Number: fpxh9d89