The OneMinute Geek:

Going on-line may share more about yourself than you realize

Freeware, shareware, and media players often come with hidden surprises--surprises that let others collect information about you. You can see the results in the pop-up ads that often invade your screen. These ads can be targeted to your tastes when marketers know which sites you visit and where you shop.

Although annoying, pop-up ads are a relatively benign use of "tracking" data. There is a much darker side of tracking software. In the worst case, it can allow someone else to take over your browser and alter files on your computer.

Problem:

Using the internet freely while protecting your privacy is a problem every surfer must address. A quick visit to the website of the SANS (SysAdmin, Audit, Network, Security) Institute will show you what cyber attacks are underway at any moment. (http://isc.sans.org)

The SANS Institute recently identified the top 10 Internet Security Vulnerabilities for Windows users and a similar list for UNIX users. The security risks on this list have actually been used in cyber attacks such as Trojan horses and worms. Although most of these Top 20 risks may not affect the average websurfer, there are some disturbingly familiar names on the lists below.

If you use any of these, you may have more than a problem with unwanted pop-up ads, you may have a serious security problem.

The Top 10 List for Windows.

Internet Information Services (IIS)

Microsoft SQL Server (MSSQL)

Windows Authentication

Internet Explorer

Windows Remote Access Services

Microsoft Data Access Components (MDAC)

Windows Scripting Host (WSH)

Microsoft Outlook and Outlook Express

Windows Peer-to-Peer File Sharing (P2P)

Simple Network Management Protocol (SNMP)

The Top 10 List for Unix systems.

The BIND Domain Name System

Remote Procedure Calls (RPC)

Apache Web Server vulnerabilities

General UNIX Authentication Accounts with no passwords or weak passwords

Clear Text Services

Sendmail

Simple Network Management Protocol (SNMP)

Secure Shell (SSH)

Misconfiguration of Enterprise Services NIS/NFS

Open Secure Sockets Layer (SSL)

Solution:

If you have one of the security risks above, go to (www.http://www.sans.org/top20) and assess your current risk. Details on how to protect your PC are there along with links to other sites for further information. Then, once you've solved your current problems, try to be sure you don't get any new ones.

Ad-aware is a good way to start getting your privacy back. Go online and go to www.Google.com. Search for "ad-aware". You will find numerous websites offering free software designed to remove nefarious spying software. Select one, install it and use it. You may be amazed at how many dataminers are lurking in your background.

As an example, Ad-aware from Lavasoft scans your computer's memory, registry, and all drives for dataminers, tracking components and aggressive advertising. You can scan your whole system or a single folder. Identified files are put in quarantine where they can be restored should you need them.

Lavasoft also offers a free newsletter. The most recent issue included the SANS updated list above. Go to www.lavasoftnews.com/theeye to subscribe.

James Kerr is President/CEO of SuperGeeks, a Hawaii-based computer service and repair company (www.supergeeks.net). Please feel free to send your questions, comments and suggestions to Mr. Kerr. He can be reached at kerr@supergeeks.net and 942-0773.