FREE Internet Security Check

Steve Gibson is a very smart and prolific guy--- he's been producing very cool, very useful software for, gosh, 15 years or more now.

A lot of his stuff takes a unique spin or tack at solving problems, and often does a better job than some of the more widely-know apps from the giant software houses.

Last week, I got a note from Steve describing a new free service he's offering:

Hey Fred,

I wanted to apprise you of my just-this-instant finished contribution to the Internet-connected Windows-based personal computer community: 

http://grc.com/x/ne.dll?bh0bkyd2   or  
http://grc.com/ShieldsUp 

When I recently switched my office from ISDN to DSL (our servers live on an off site T1 trunk), I did some research into the insecurity of typical Windows-based Internet connections ... which is exacerbated by "persistent" connections to the Net such as those now being established by DSL and Cable Modem technologies. I was SHOCKED by the number of people with insecure connections, and then by the ease with which Internet scanners can find, target, and penetrate their systems. (This is all documented in tutorial form on my new web site, but you can quickly peek here: < http://grc.com/su-nbscan1.htm > and also here < http://grc.com/su-nbscan2.htm >)

On Friday of Labor Day weekend (9/3) I realized that when someone came to my web server, their connection gave me the IP address of their machine. This meant that I could perform an ACTIVE SECURITY ANALYSIS of their system on the spot and display the results as a web page. So I started coding and the concept grew into a comprehensive, free service and extensive tutorial -- including some freeware -- to quickly secure ANY Windows system.

Given the inherent "default" insecurity of most Windows connections -- and the significant financial gain possible for intruders who can now easily install keystroke-monitoring Trojans into people's computers to capture online banking passwords, account numbers, etc. then eMail the results -- I worry that Internet Intrusion and Theft is a "growth industry." So I think this is a VERY important message to get out to the population at large.

The ratios of exposure as shown by the graphs on the visitor history page demonstrate the extent of the problem! http://grc.com/x/ne.dll?bh1akydu 

If you agree and wanted to help me spread the word that would be totally terrific!

Steve's site attempts to sniff back through your internet connection and will show you everything it can find out about your system, your files, your printer and so on.

Note that this is NOT the little JavaScript browser-sniffer that you may have seen. Steve's page is digging deeper and may uncover security holes you didn't know you had.

I tried Steve's test---I have a cable modem setup here--- and was relieved to see that the security steps I've taken here keep me pretty well hidden from prying eyes. Steve's pages reported:

"Unable to connect to your computer. All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer is VERY SECURE...."

Whew. 8-)

I'll discuss security more in an upcoming newsletter, but for now, check out Steve's page---it just might save your bacon!

return to top of page

Human Factors

Of course, sometimes security is compromised by none other than good ol' User Error.

Just last week I got an email with the subject "confidentiality agreement." In it was an email contract describing how two companies would be working together, and what steps they'd each take to ensure that neither party would reveal confidential information to anyone else---to any "third party.".

Trouble was, I was a third party! I had no clue who either the sender or the recipient was, and had no dealings whatsoever with either company. 

I guess the sender had accidentally chosen my name, somehow, in his email program, or incorrectly built an email alias for his client that erroneously included my email address as well.

It was kind of funny--- and embarrassing for the sender, once I told him what he'd done: Sent a confidential contract to a total stranger. 8-)

Just a gentle reminder: No software can save you from yourself or errors such as sending an email to the wrong person. Check the To, CC and BCC fields on your email before you click "send," and make sure any email aliases/nicknames or groups you set up in your address book contain only people who should be there!

return to top of page

Forget the Forest; See Some Trees

I mentioned in a recent newsletter that when I'm typing (with a few other standard tasks running in the background) my CPU is using only 13% of its power. Several readers wondered how I found that out.

Windows itself is so large and has so many features, it's easy to have missed some of the nifty tools that are built in, such as those in Start/Programs/Accessories/System Tools. They're examples of some of the trees that may get lost in the forest that is Windows

Take System Monitor, for example: This app lets you peek into the guts of your Windows system and observe what's going on in real time. By default, the system monitor shows you a moving graph of how much of your CPU's power (actually, clock cycles) you're using, but there are many, many other parts of your system you can monitor.

Some of it's just for fun--- if you're as geeky as I am <g> you may find the graphs are kinda cool in themselves--- but there's also a very serious side. For example, if you'd like to see how much of your system horsepower a "background" task is taking, start System Monitor and let your system stabilize before you engage the background task. Note the rough average amount of CPU usage. Now launch the app you're checking, and put it in background mode, out of the way. Let your system stabilize again and note the new CPU usage. Some apps recede into the background and leave little or no discernable load on your CPU. Other apps still eats lots of CPU cycles, even when they're not in obviously active use.

Using System Monitor in this way, you can see where your horsepower is going. You may decide that some apps just aren't worth running all the time because of the residual load they induce! 

return to top of page

OK, OK, DOS Is NOT Dead! (item 1)

DOS may be hurting, but it's not dead, if the flood of email from DOS users is any indication! (see http://www.langa.com/newsletters/oct-7-99.htm#dos  )

Reader Dev Teelucksingh writes that

DOS is dead - not yet!

I practically use DOS apps all the time (even now to send this letter to you!) If you like, check out my website Interesting DOS programs at http://www.opus.co.tt/dave 

Lo and behold, there are a pile of new DOS apps there--- even MP3 players! It's amazing stuff. Check it out!

return to top of page

OK, OK, DOS Is NOT Dead! (item 2)

Frequent contributor Roger Griffin suggested this excellent resource for those wanting to learn more about DOS

Fred,

This site contains DOS commands and syntax notes. http://www.easydos.com/ 

Thanks, Dev and Roger (and all others who wrote!)

return to top of page

Is 400MHz “Fast Enough?” 500? 600?

Everyone knows what a "yuk" computer experience is: when a system is frustratingly slow and seems unable to get out of low gear. But have you ever had a real, rock-you-back-on-your-heels, “Wow” moment with a PC? You know, when you saw something so unexpected or fast or dazzling that you were literally astonished?

Readers are sharing their observations on "wow," "yuk" and the happy middle ground in between in this week's InformationWeek column and online discussion: What’s your take? If you’re replacing a PC, what’s the minimum “step up” it takes to feel that you're getting something better? How do you determine the tradeoff between purely technical needs and the slippery realm of user satisfaction? Does the “Wow” effect matter? At what point do you declare old machines obsolete? What standards do you use for specing new hardware? Join in the discussion at http://www.informationweek.com/langaletter !

return to top of page

Speaking of Speed...

Reader  Peggy Christianson asks:

Is there no easy way to find the speed of your machine other than at bootup?

There sure is: grab the free download here: http://hp.vector.co.jp/authors/VA002374/nrklv/e/wcpu.html

It's a small app that will tell you more than you probably want to know about your CPU. 8-) It works on almost all current CPUs, and most older ones too. It's a very, very popular application among the real I-eat-silicon-for-breakfast, hard-core system-modification crowd, but it's useful and handy for anyone to have.

return to top of page

-------------( Please Visit This LangaList Sponsor!) ------------

--------------( the above is an advertisement )--------------