Community Newsletter: Q&A forum: 1/5/07 Help! I need clarification on Internet security

I recently read a reply that you wrote to a fellow named Kumar about protecting his network, but I'm interested in knowing how exactly would I go about setting up everything you explained to him. Thnak you again.

I had a similar problem, except that the text was intelligible but meaningless, similar to that found in a lot of spam. I found that the cause was a Microsoft feature! I guess you do not have a microphone attached to your computer and thus you get asterisks. Read this:

http://www.computeruser.com/news/02/03/12/news1.html
Daily News
'Phantom Menace' typing just a Microsoft speech feature
By Brian McWilliams, Newsbytes.
March 12, 2002
Random words and characters mysteriously appearing on the screens of some Windows XP and Office XP users are not the work of phantom hackers or a sign that users' systems are possessed by demons. It's just Microsoft's voice recognition system running slightly amok, the company said.

In recent weeks, several XP users have posted messages to Internet discussion lists and newsgroups reporting that text is automatically appearing in Internet Explorer's address bar or in Outlook e-mail messages or Word documents as users compose them.

In a posting entitled "My Remote Keyboard is Possessed in XP," for example, one Microsoft customer reported "very strange behavior" that included letters appearing in input areas of the screen while browsing and writing e-mails.

"I'm afraid Holy Water would short it out so someone please help me," wrote the XP user.

Another Microsoft customer separately reported that "a ghost" appeared to be taking over his computer. In the message, entitled "Phantom Menace XP," the user said something was causing toolbars and options to pop up without his input.

In response to user inquiries, in January Microsoft published a handful of articles in the Support section of its Web site about the problem.

According to Microsoft, after installing Microsoft's Speech application programming interface, "random words or characters may be displayed in Office XP documents or in the Internet Explorer Address bar."

The company said the behavior occurs because "the speech recognition tool is 'listening' to your voice through you computer's microphone and is attempting to recognize what you are saying."

Microsoft said its speech recognition engine, a program file named Sapisvr.exe, is turned on at installation by some computer manufacturers. The engine is also included with Microsoft Office XP and other speech-enabled products.

To resolve the problem, Microsoft said XP users should disable the Dictation and the Voice Command features on the operating system's Language bar. Alternately, users can turn off speech recognition completely from the Regional and Language Options tool on XP's Control Panel.

Merely unplugging or turning off the computer's microphone does not correct the random-character problem, according to several user reports.

Microsoft's article about random characters in Office XP is at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q315765.
Microsoft's article on configuring speech recognition in Windows XP is at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q306537.
Microsoft's .NET Speech homepage is http://www.microsoft.com/speech/.
Reported by Newsbytes, http://www.newsbytes.com.

John, this isn't directly related, but thought you had the smarts to know the answer.
Lots of folks complain about how long it takes Windows to start up. I use either standby or hibernate on my desktop and laptop (respectively), and am wondering if there's any reason ever to completely shut down.
My desktop is connected to a router, and the laptop is wireless. Any danger when they're in standby or hibernate?
Thanks for any light you can shed.
AL

I'm in the USA and I use my phone company as a DSL provider. I pay by check through snail mail each month. Last week I received, in my bulk mail box a WARNING that I needed to correct a billing error on the part of my DSL provider and that supply servers were being switched and added so if I did NOT fill out the credit card information I was at risk to be canceled. It supplied a link to go to to fill out this info, Name, address, credit card number, phone number and Social Security number. Curious, I clicked on the body of the message and got through to the site, however the same company(?) that made this request is my internet security provider and they threw up a big warning window that the URL was not normal and danger lurked there. A landline call to my provider proved what I suspected. This site, even though very much looking like thier site was bogus. They had received several complaints and got a copy of the e-mail and were investigating the matter. I was told they NEVER ASK FOR ANY FINANCIAL INFO ON THE NET ONLY BY SNAIL MAIL OR LAND LINE. This site had thier logo and formats down pat and sure looked real, however they are commiting a Felony crime that has severe penalties.I pay $15.00 for my DSL adn $5.00 more for thier security suite, per month. It sure gave me my monies worth that time. It also has a Firewall for in and out going email. Get it in some form and use it or you could be faked out. It's just like the Cobras with thier fangs pulled out, professional FAKERS!
Beware
Major Pain

Great idea. Free Firewall-extra protection! Except when I installed it on my laptop, I couldn't access the internet using my wireless connection. I uninstalled, and there was no problem. Is this over-protection, or what?

While John's answer was complete and accurate, I might point out that the kinds of high-tech attack possibilities you are talking about are theoretically possible (and may actually have happened in a few isolated cases), but the chances of these things happening to an individual that is taking normal precautions is about like getting hit by a meteor. A wireless router and XP Firewall is perfectly adequate! Leaving your wireless router on all the time is fine: in fact, you're supposed to! A properly configured wireless router is 99.99% as safe as a wired connection. You worry too much! Just set up your system and use it! Worrying about things like WOL and checking your router logs is getting way paranoid! Just going by John's (very good--too good, actually) answer would convince me to never use my computer!

You're exactly right. Let's add a few suggestions.

- Make sure your house is lined with at least three inches of lead shielding.

- Make sure all your passwords have at least 32 characters, including everything on the keyboard--numbers, symbols, upper-case, lower-case, etc.; change the password every six hours; no fair repeating any sequences from an old password; and for for God's sake don't write it down!

- You'll need at least three to five years of computer science in order to get a complete understanding of networking and malware programming--not to mention understanding the acronyms.

- Never use Internet Explorer. Ever.

- Also, try not to use Firefox, Opera, or any other browser--that's just inviting trouble. Best to just stay away from the Internet.

So, have fun using your computer. Just be sure you don't turn it on because I'm sure all your neighbors within 2 miles of your house are just waiting for you to do so.

Thanks for the link. I'll check it out. But I don't understand what you're saying I'm wrong about. Are you saying your mom got hit without even getting on the Internet? If so, I was right. You should just keep the computer off at all times. That way you'll never get hit. Problem solved. Thank you.

Holy mackeral! Florida just crushed Ohio State!

I'm with you Feskridge ... there's a fine line between protection and paralysis. We do a lot of support at Wi-Fi hotspots in RV parks, and we often see people unable to connect because their firewall is preventing it. Sure, there is a way to configure the firewall to allow the connection, but it's beyond most average users. If you're up-to-date, clean, and scan regularly for viruses and spyware, the one-way firewall that comes with XP is sufficient. And, doing your banking is just as safe on Wireless hotspots as on any other type of connection. The encryption is handled by the bank's servers and protects your information from your computer, thru the hotspot's network, across the Internet AND back.

I believe there is such a thing as too much protection. I see, in my mind's eye, little league hockey players that are so padded and protected that they can't even skate!

Use window's firewall, do your backups, stay up-to-date, scan for viruses and spyware regularly, and accept that there is a certain amount of risk in using the Internet. The only way to be 100% safe is to unplug your computer.

Pardon me. I don't know why, but it sounded like your last comment was directed at me. How very silly of me. My apologies.

ewido anti-spyware 4.0 has been replaced by AVG Anti-Spyware 7.5 and isn't available for sale and download anymore (under the old name). Instead, please try our new, highly improved version: AVG Anti-Spyware 7.5

If you CPU is hooked up to a Power Direction (like a power strip) and is turned off when the computer is shut down, wouuld it still be possible for the modem to "wake up the computer?" It doesn't seem like the modem waking up the computer would be possible then.

Jean

Answer:

This is a response to Kumar's security questions when using Internet. I apologize in advance for the long email, but the questions are much simpler than the answers.

1. Is it OK to leave my wireless broadband router on all the time, even when I switch off the computer or other times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

The answer to someone's ability to hack a wireless router is "yes & no". Some can, some will, and some can be stopped easily. There are a few things to consider before deciding on whether or not to leave a wireless router on when not in use. You decide.

Top 3: First, your router is a target. Those who are patrolling the Internet looking for systems to compromise cannot initially tell if there is a system behind your router, so if they can see the router, they will attempt to access it, and to by-pass or compromise it. Routers are in essence, computers that simply inspect and direct packets. If someone can subvert your router, your network is effectively "0wn3d". There is sufficient information in the public domain to make this easy in most cases.

Second, there is a question of what protective controls you have placed on the device to make it "hardened". Does it advertise its SSID? Does it have a hard to guess admin password made up of a long string (I use 16+ characters in my passwords.) of numbers, letters and special characters? Does it use WPA2 or other controls? Do you change the passwords and SSID often? Do you restrict access to the device by MAC address? Follow best practices and use a hardware firewall too.

Third issue is one of liability. While you are not using the wireless router, or even when you are, someone that has access to it can surf whatever they want, including child pornography or other illegal materials. They can also use your network as a free access and jump off point to attack others. As far as your ISP is concerned, that is your connection that is involved, and in essence, YOU.

2. Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?

Again, this depends on how good your other controls are. This is a very basic "firewall". Most NAT routers will stop some casual attackers. Windows XP firewall sill stop some as well. What is really lacking in Windows firewall is outbound protection and application monitoring. Any program that you download, install, or have installed for you by a malicious website or application (happens all the time) will be allowed to make connections outbound. A good desktop or personal firewall will provide you the opportunity to approve connections before they are made. A few years ago, I was surprised to have my personal firewall fire up a warning that Internet Explorer suddenly needed my approval to access the internet, even though I had allowed it access ages ago when I installed the firewall application. This indicated that the IE was either a bogus program launching from somewhere else on my hard disk, or that IE had somehow been changed. Neither is a good thing. Windows firewall offers no protection against spyware or much else. If you have nothing else, run it, but do not consider yourself "secure". It has been stated in the press that an unprotected system will be detected on the internet within 15 minutes. In my own experiences, I have found this to be true, and ANY Operating System will be compromised within another 15 to 20 minutes. It is really that bad out there.

3. From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?

Apples to oranges. A wired connection requires physical access to compromise a network, until it is connected to the internet. After that, it is just as insecure as a wireless connection. When thinking about security, don't think "what is more secure" because security is not a device you can attach. It is an evolving mindset. Look at the risks, value to you and motivations of those that might want to compromise your network or PC. Someone wants to make money. They want to use your system to generate spam, they want to use your system to hide their system when launching an attack, they want to steal your identity or personal information. They want to compromise your system so that they can use your VPN tunnel to get inside your business firewall and take over all of your company's systems so they can rent them out as a botnet to make a few quick bucks. You are providing them with a PC in order to do this. You are providing them a wireless connection to do this. All they need to do is find a way to get in. How easy are you going to make it for them to do this?

Encryption doesn't protect anything other than the data stream, making it harder to compromise the things that you are communicating in a session. Encryption can actually hinder an investigation because now the investigator cannot easily see what is passing through the connection. Don't get me wrong. Use encryption on your wireless connections to protect yourself from snooping and data injection, but don't rely on ONLY encryption as a security control.

You have to secure the end points. Harden your O/S. I have a total of 32 out of roughly 100 services enabled in my XP box in order to minimize its attack surface. I have configured its security options through the MMC according to published "best" practices (makes it much faster, too!). I have a hardware firewall to protect my perimeter. I have a software firewall to protect my applications and operating system from the internet as well as from my teenage kids who will download ANYTHING and run it. I have Anti-Virus and malware detection to protect myself from Trojans and the like, in case I have a teenager moment myself. I use a browser protection mechanism to lower the chance of getting a zero-day exploit from a malicious website. I use a non-administrator account for daily use. I use a spam filter and email rules to filter my email, and don't auto-preview it so as not to launch an HTML or scripted attack by accident. Defense in depth is not just for the paranoid anymore. Did I mention that it REALLY is that bad out there?

Security can be thought of as a balance between what is convenient and what is smart. You want to make it as hard as possible for bad guys to do bad things at your expense, while maintaining a measure of simplicity. That is my 2.

Submitted by: Mark B.

Hi 00h00m,

Understand that I enclose best in quotes, as the application of these practices are, in my opinion, "best" as formed over the past 25+ years working with PC's. Your own opinion, experience and mileage may vary...

The "Best" Practices I refer to are documented in the following locations:
Microsoft's Windows XP Security Guide: http://www.microsoft.com/technet/security/prodtech/windowsxp/secwinxp/default.mspx

NIST Security Configuration Checklists Repository: http://csrc.nist.gov/itsec/guidance_WinXP.html

Disabling XP Services: http://www.jasonn.com/turning_off_unnecessary_services_on_windows_xp/
& http://www.theeldergeek.com/services_guide.htm

The NIST site offers downloadable configurations -=[BUT]=- exercise extreme caution when you pull them into MMC (Microsoft Management Console). You will want to do a comparative analysis of your current policy using the policy database that you download from NIST. Only after you have compared your settings, and fully understand the settings you wish to change, should you commit any changes. Just plugging in the settings and committing the changes is GUARANTEED to break XP!

I recommend a clean installation of XP before even bothering with this exercise, as you ALWAYS want to start from a known good installation. Otherwise you are just locking the front door and opening all the windows. Download all the patches from the Microsoft site and apply them from CD/DVD WITH THE ETHERNET CABLE UNPLUGGED.

Creating your own Service Pack!: http://www.heise-security.co.uk/articles/80682

Good luck with your hardening!
Mark