# How to prevent hacking



## MolotovCocktail (Mar 13, 2007)

I know this is a gaming section, but I thought that this subject would be most appropriate here. You see, the thing is that my email address was hacked into (which I deleted already). Also, my computer was probably hacked into as well, because Symantic Anti-Virus detected a Trojan on my computer. I was wondering how I can prevent them from hacking all together???? What is the most effective way to do it, besides anti-virus software?


----------



## gigantes (Mar 13, 2007)

1) use 2-3 pieces of good anti-spyware, malware and adware software.

2) firewall.  either software / or hardware (ie router).

3) use firefox or opera- never IE.

4) from firefox, install the "noscript" extension, which automatically blocks all java, javascript and flash unless you specifically authorise it on a per-site basis.

5) adding a configured HOSTS file doesn't hurt.

6) prolly some other more minor stuff i can't remember right now.


----------



## iansales (Mar 13, 2007)

The most effective way of all is to not connect to the Internet, or any network at all.


----------



## Joel007 (Mar 14, 2007)

Use a firewall, I use Tiny personal firewall, but there are plenty around. Windows XP has a firewall option, there is also Zone Alarm and a load more to choose from. 
Use regular anti-spyware scans, they may pick up minor programs that virus scanners ignore but may still present a security risk. Ad-aware and Spybot are reputable free spyware scanners.
Use antivirus, most important of all. AVG has a free version, Symantec you have to pay for. There is also McAfee but I haven't tried them. 

If you use the internet, you will inevitably get viruses. The important thing is that your antivirus can detect and delete them before any harm is done. Run regular scans and update both your antivirus and your antispyware programs. 
If your email account was a free online service, it was only a matter of time before someone managed to hack it. Its probably unrelated to viruses and a firewall wouldn't do you any good against that kind of attack, it will have occurred purely within the online server.


----------



## sanityassassin (Mar 14, 2007)

The best defense against someone hacking you e-mail apart from what is already mentioned is to make sure your passwords are not easily guessed the more complexed the better and change them regularly


----------



## Happy Joe (Mar 14, 2007)

Hacker protection (If an experienced hacker wants into your machine the only way to keep him out is to never go onto the internet);

Never go to P2P or any software sharing sites (probably the easiest way to catch a "unique" (undetectable) Trojan, that the anti virus companies have not profiled, is to download a piece of software that has been booby trapped).
Use a special free email/hot mail/gmail account only to sign up for thing like forums, image hosting etc. and never open any of the emails  on that account other than those necessary for sign ups (most forum sites are safe and will protect your address but it pays to take precautions).
Restrict the number of people that have your Email address to those that take precautions.
Do not send out jokes and junk emails to all of your friends, they will send them to all of their friends and eventually some one who has a virus will get your email.
Do not send an email to people who send out jokes etc over the web, eventually, they will catch a virus and it will automatically get sent to you.
Run email protection anti virus software.
Never open a piece of email that has an attachment.
Never open an email that is sent from someone you do not know.
Keep your software up to date.
Protect your hosts file.
Avoid the hacker sites.
Run a registry protection routine in the background (It will at least warn you when changes are being made to your registry).
Run a firewall that blocks, unauthorized, outgoing traffic.
Do not leave your computer connected to the internet when it is not being used (I found a Trojan on a friend's machine because it turned itself on and connected to the internet in the middle of the night).

Enjoy!


----------



## Ice fyre (Mar 15, 2007)

Hi folks 

I am on a virgin media account which has anti spy ware and ad ware pop up blocker and stuff free with my broadband account. 

I still take precautions tho, I have another anti spy ware programme (spy bot) on my desk top and am very careful not to go into dubious web sites. I am looking for free a anti virus scan too and will let you know if I find one. 
The best advice has already been given be careful if it looks too good to be true it usually is!


----------



## The Ace (Mar 15, 2007)

ER Ice Fyre (and anyone else) AVG 7.5 is an excellent free antivirus system.  Trend micro's housecall and bitdefender are very good online scans.  (Just google them to find out more, but they only work with ie ).  For browsing, a good, secure browser is the free-to-download Mozilla Firefox.


----------



## Lenny (Mar 15, 2007)

There's also AVG Anti Spyware 7.5 which is a good spyware scanner. Though don't have it all on it's lonesome.

I've got AVG AS, Spybot S&D, and Ad-Aware all working together. Each picks up things that the other two doesn't.

Otherwise I've got AVG Anti Virus, and FileSecLab as my Firewallm as well as one built into the router.

Whatever you get, you've just got to remember to keep it updated.


----------



## gigantes (Mar 15, 2007)

*I still take precautions tho, I have another anti spy ware programme (spy bot) on my desk top and am very careful not to go into dubious web sites.*

one program is not enough.  spybot does not catch all malware, but a combination of adaware and spybot (or similar combination) is quite good.

also, if you use FF and noscript you won't need to worry nearly so much about visiting dubious sites.  99+% of any malicious attempts will be automatically blocked.


*I am looking for free a anti virus scan too and will let you know if I find one.*

AVG has excellent reviews, automatic daily definitions updates, and is free.


----------



## Aes (Mar 16, 2007)

Oh yes, AVG is an awesome anti-virus program.  I have it installed on all the computers in my house along with spybot, ad-aware, and spywareblaster.

Another way to keep safe is to run windows update regularly.

As already mentioned, use Firefox instead of IE.  IE is a swiss-cheesed full of security holes.  A firewall is great, but a router + a software firewall is almost unbeatable.  The firewall I use is Sygate Personal Firewall Pro, but it's since been discontinued because Symatec gobbled Sygate up.   At some point, I need to find one with as many features as SPF.

Lastly, Spybot S&D has a really great feature that isn't made readily available:  You can have it add a list of malicious/junk websites to your hosts file to keep certain servers from ever talking to your computer.  Follow these steps to unlock it:

 - Go into mode -> advanced
 - Click on the tab for "tools"
 - Check the option for "Hosts File" to enable it.
 - "Hosts File" should now appear on the left bar -- click it.
 - Lastly, "Add Spybot S&D hosts list" to block all those sites.

From here on, anytime any program (browser or otherwise) tries to contact a site on that list, it'll think the website is -your- computer, be unable to find it, and therefore load nothing for that website.

 - - -

These are the protective measures I take, and the most I ever end up having to deal with is spybot & ad-aware find like 2-4 tracking cookies every few months.


----------



## gigantes (Mar 16, 2007)

i'm guessing atomika got blown away by the wave of information and is thinking about going back to AOL so as not to have to learn about all this tech crap.


----------



## Ice fyre (Mar 16, 2007)

Thanks for that advice Ace but I'm not just running one anti spyware program ive got two running with an active firewall. My built in package has an antispyware as good as spybot (I run two scan's one after the other Spybot imunises tho) will look up firefox been thinking bout converting for a while.

But thanks for your concern nice that everyone looks out for one another here 

Ta Dude


----------



## bruno-1012 (Mar 17, 2007)

I am running Firefox, Thunderbird and Sunbird (calendar program)

Use Mcafee for the main element of protection with Spybot and Adaware to cover the wings.

How much does M$ want for outlook? £70 plus!! go with the free stuff - its better and safer.


----------



## MolotovCocktail (Mar 18, 2007)

gigantes said:


> i'm guessing atomika got blown away by the wave of information and is thinking about going back to AOL so as not to have to learn about all this tech crap.




no, no, no, I'm still here, I'm just trying to listen to all of the different suggestions


----------



## gigantes (Mar 18, 2007)

ah, cool.

The 46 Best-ever Freeware Utilities


----------



## Happy Joe (Mar 19, 2007)

Good site... Thanx!
Enjoy!


----------



## dustinzgirl (Mar 19, 2007)

Everything mentioned above.

Also, you have to wonder how hackers get your passwords and log ins?

Its actually pretty simple. See, there are programs that just run dictionaries, so if your pass/log in is any word or combo of words in a dictionary, you can be hacked. There are other, more elaborate programs that run probability functions of letter/number combos, but thats a little rarer. Best bet is to keep your antivirus, firewall, ect up to date and have log in and passwords that are letter/number combinations. Don't use names. So, for example: You1rN4m3 is harder to hack than YourName is.


----------



## gigantes (Mar 19, 2007)

dustinzgirl said:


> So, for example: You1rN4m3 is harder to hack than YourName is.


that was true at one time... doesn't seem to be true anymore:
How to Pick a Genuinely Secure Password : Christopher Null : Yahoo! Tech


----------



## MolotovCocktail (Mar 20, 2007)

Luckily for me, I typically employ non-english words for mine...


----------



## MolotovCocktail (Mar 21, 2007)

Oh, by the way, thanks for the info!


----------



## mosaix (Mar 21, 2007)

The problem people have with passwords is that they the more complex they are to crack, the more difficult they are to remember leading to people writing them down - fatal. 

Alternatively if people want them to be easy to remember, they make them simple and hence, easy to crack.

Here a good way to generate a passord.

1) Take a dictionary and find three, four character words, at random. 

2) String them together into a single password

3) Change all O's to zeroes, all i's to 1's, e's to 3's. Or anything else you can think of.

4) Capitalise some letters according to a private rule.

Here's and example:

does, hilt, ride

Becomes D03sh1ltR1D3

Looking at the password it seems be a random jumble of letters but, infact, as long as the first three words are remembered then the rest follows. In this case I chose to capitalise all d's and r's but I could have chosen say, the first and last characters - so long as the rule is memorable.

By the way don't stick with three, four character words if you don't want. 2 x 6 or 4 x 3 are just as good. The point is that they are memorable TO YOU, and so are the remaining rules.


----------



## gigantes (Mar 21, 2007)

*Change all O's to zeroes, all i's to 1's, e's to 3's. Or anything else you can think of.*

unfortunately this is too common to be of any use.

much more effective is to take the whole password and write it upside down.  the password crack programs do not look for that kind of thing since it's so uncommon.


----------



## mosaix (Mar 21, 2007)

gigantes said:


> *Change all O's to zeroes, all i's to 1's, e's to 3's. Or anything else you can think of.*
> 
> unfortunately this is too common to be of any use.
> 
> much more effective is to take the whole password and write it upside down.  the password crack programs do not look for that kind of thing since it's so uncommon.



gigantes, I agree it is common. But can be used as an effective strategy when combined with other techniques, including writing it upside down if you want to. BTW by upside down did you mean back-to-front?

The important thing is to make the password unrecognisable to dictionary look up techniques but also be memorable, or if not memorable then deduceable from a memorable starting point. If people have difficulty memorising their password then they just become more and more simple and less and less effective.


----------



## gigantes (Mar 21, 2007)

i'm not disagreeing with anything else you say, mosaix.  it's good advice IMO.

but using the common number symbols to replace letters is useless, either by itself or combined with any other method, because hackers have already expanded their base alphabet to include such symbols.  this didn't just happen recently btw.  for more info on this (and lots of other aspects of PW encryption and hacking), read christopher null's articles linked above.

*upside down = nmop ap!sdn*

few people use that, therefore the hackers haven't bothered integrating that into their algorythms yet.


----------



## mosaix (Mar 21, 2007)

gigantes said:


> i'm not disagreeing with anything else you say, mosaix.  it's good advice IMO.
> 
> but using the common number symbols to replace letters is useless, either by itself or combined with any other method, because hackers have already expanded their base alphabet to include such symbols.  this didn't just happen recently btw.  for more info on this (and lots of other aspects of PW encryption and hacking), read christopher null's articles linked above.
> 
> ...



Thanks gigantes - now I see - good idea.


----------



## Leonardo (Mar 22, 2007)

How about this. Don't piss off any hackers?  

This whole thread is way paranoid. It's not as if hackers hack at complete random. And besides. Why would anyone hack into your computer? To steal your homework? Listen to your mp3's? Change your background picture?  I've been more online than offline since I was twelve years old, and I've never used neither a firewall nor an antivirus program. All you need is common sense. If your computer is acting strange, figure out why and fix it. Reinstall windows now and then. Don't have "password" or "1234" as your password. Don't execute files unless you know what they do.   

And just so you know. Symantec Anti Virus thinks everything is a trojan. Oh no, you've got a swf file that has a password module in it. TROJAN. Oh no, this mp3 file has a foreign character in the name. TROJAN  Stop worrying so much.


----------



## gigantes (Mar 22, 2007)

lol... i guarantee you that every hacker and spammer in the world loves you, leonardo, and appreciates the fact that you would give anyone else that advice.


----------



## Leonardo (Mar 22, 2007)

Yeah, now they can finally access your shareware screensavers. That'll pay the bills for sure. In fact, maybe I am a hacker spy, an undercover agent sent solely to make people uninstall their anti-hack programs so that my brothers-in-spam can launch their attack to rename your recycle bin and change your MSN chat logging directory. MY PLOT HAS BEEN UNCOVERED. RETREAT!


----------



## gigantes (Mar 22, 2007)

or maybe you have no idea how they operate and what they're really looking for.


----------



## Leonardo (Mar 22, 2007)

Touché. In fact, I believe you have hit the nail on the head. I don't know what they're _really looking for_, and therefore do not understand why they would ever bother looking. Why don't you explain to us all _how they operate_? Do they dress in black and wear shades? Can they _bend time and space?_


----------



## gigantes (Mar 22, 2007)

botting, phishing, key logging, password breaking and malware are all very common and have become much more widespread in recent years to the point that loads of people have suffered from them and are wondering what to do.  i see and hear people complaining about this all the time, for example the first poster in this thread.

your misperception is apparently that there has to be a stereotypical hacker responsible for each attack on a 1:1 basis rather than a script kiddie able to attack thousands of computers at a time on an automated basis.

botting, phishing, key logging, password breaking and malware- feel free to look those terms up and learn something if you care to.

and no- 'reinstalling windows' does pretty-much squat against this stuff.


----------



## Leonardo (Mar 22, 2007)

Well said. First of all, reinstalling windows was not a way to prevent hacking. Just a generally good tip to keep your computer healthy. I'm glad you and wiki get along so famously, your reply has many good terms that in one way or the other equate hacking. 

Now then. You raise a valid point here - Not everything computer-security related happens on a 1:1 basis. As far as hacking hotmail adresses goes, this is a good point that I overlooked. However, "script-kiddies" aren't going to do any damage to your system except by chance. On your list, there's the exception of malware, which is generally harmful. But also absurdly easy to notice and remove.

So as far as I'm concerned, unless you've pissed off a hacker, advanced computer security is as redundant as carrying a gun for self defense.


----------



## gigantes (Mar 22, 2007)

*Not everything computer-security related happens on a 1:1 basis.*

not only does not everything security-related happen on a 1:1 basis, virtually _nothing does_.  the idea that there's some kid or spammer trying to actively break into your computer on a personal basis is over 99.9% a myth.


*However, "script-kiddies" aren't going to do any damage to your system except by chance.*

and that's all they need- chance.  chance and any kind of simple distribution method, examples being email attachments, javascripts in webpages, java applets in webpages, any application at all that you download or P2P off the net, etc. 


*malware... also absurdly easy to notice and remove.*

haha, yea... easy to notice it if it's doing something obvious, like slinging ads at you.  unless it's NOT easy to notice because it's quietly working in the background using your email frontend to send out spam using everyone on your address list as the senders.  or perhaps cooperating on sending out a dos-attack along with 1000 other machines who've been infected.

yea, real easy to remove, unless of course stuff like "adaware" and "spybot" and others don't have the defs pre-loaded for your convenience and you have to take hours walking through your entire boot-up process one step at a time to figure out where the culprit is.


*So as far as I'm concerned, unless you've pissed off a hacker, advanced computer security is as redundant as carrying a gun for self defense.*

it has nothing to do with pissing off a hacker, and the short list of stuff you can do to prevent this crap is hardly 'advanced'.  but like i said, these guys love people who don't worry about this stuff.


----------



## Leonardo (Mar 22, 2007)

Malware able to "quietly work in the background etc" is generally malware that require some sort of permission of access to your computer. This predominantly means that you have to execute something, though not neccessarily on purpose. Like you said, email attachments, javascript or applications off P2P could easily do it. Just like running in traffic will get you killed. It's so obvious, that if you get infected by it you deserve to have your computer malfunction. There are malware / spywarer apps that manage to install themselves more subtlely, but like I said, if you were paying attention you would notice. Sluggish windows behavior, strange popups, self-installed programs, unremovable software. There are tons of telltales. I'm not advocating a total celebacy from software either. Malware removal softwares are handy, and there's no reason not to use it.
And I'm not saying malware is harmless, just that you don't need any software to help you avoid it.

Call me naïve, and I'll call you paranoid. I think we're at a stalemate here. Let's just hope someone learned something of interest.


----------



## gigantes (Mar 22, 2007)

call yourself as you will.

i had to support an office of 350 users and since then have loosely kept up with the major crap coming out, as well as being regularly involved in a fairly tech forums and regularly reading various 'ask an expert' type net resources and noticing the kinds of things that people complain about.

being informed is not being paranoid, and i'm not advocating users doing anything more than the short list of stuff in the first post i made in this thread.  that's 30-60 minutes of work _done once_ to keep themselves protected, and then about 10 more minutes of painless work done every month or two as maintainance.

that's not asking much effort, and any security expert will tell you roughly the same thing.


----------



## dustinzgirl (Mar 22, 2007)

gigantes said:


> that was true at one time... doesn't seem to be true anymore:
> How to Pick a Genuinely Secure Password : Christopher Null : Yahoo! Tech



Thats creepy. 

Then again, we run a few programs, so I don't think I have to worry much. My password would be easy to hack, but good luck getting that far.


last year someone hacked my dad's password to the rural fire dept., which was linked to the entire town, and then they got everything on everybody. The Feds and homeland security even showed up, which was a trip for the little town of Glide, Oregon (population 2000). It was funny, because my dad is so old school, had no idea what was going on, and has a history with the feds and he was all "I didn't do it!" lol. 

His password was PatH....first name, first letter of last name.

Not a great idea lol.


PS: I think we can keep the discussion a bit more civil, this is, after all, JUST THE INTERNET(S).


----------



## scalem X (Mar 22, 2007)

You can guard yourself in a few ways:
1. Why would a hacker even bother with you?
Unless you hold special info of some kind (don't piss off relatives who can hack), your computer is of only one single use of the hacker: speed.
He steals your Ram, your computer does calculations for his pc and seems to go slower (sounds familiar? ). So the factor here is to not be targeted by the sort of hacker that wants your system.
As said before: don't use doubtful sorts of programs, since these 'hacks' are not done in person they are either part of a program (download programs anyone?) or on doubtful sorts of sites (password crack sites for illegal games/software and the likes).
2. Defend yourself: you can run antivirus software, but do you know what it does? If you don't why would you bother? Do you install an alarm system in your house without knowing how it works? I think not.
I have a mac. The relation with a mac and a pc is somewhat like the difference firefox and iexploder. I don't want to turn this into a mac-pc discussion, but it is an option and it's safer that can't be denied.
3. Watch your back. Find the problem and deal with it directly (as said before in this thread). Don't be satisfied with: it works again if I do this and this. You want it to work perfectly again, without that and this. Reinstalling isn't a bad idea, but make sure you don't walk into the same traps. If it happens time after time and your pc only keeps running because you reboot every month then you better start thinking.
And on passwords: well anything can be cracked, so isn't it just better to keep your ultra-secure info offline? Anything they can know off me is online the rest, is in some place else.


----------

