CERT
 
US-CERT Vulnerability Notes Database CERT Statistics Vulnerability Disclosure Policy CERT Knowledgebase Courses Link to US-CERT cylab
 

CERT® Coordination Center

Windows 95/98 Computer Security Information

This document is written for users of Microsoft Windows 95/98. The MS Windows 95/98 operating systems are not designed to be used with computers storing data that is considered critical to a project or that must be very securely protected. The Windows 95/98 operating systems are commonly installed on home computers. Because of an increasing number of incident reports from Windows 95/98 users the CERT Coordination Center (CERT\CC) and AusCERT have created this document to help these users become more aware of computer security.

What is computer security?
Why should I care about computer security?
Who would want to break into my computer at home?
How easy is it to break into my computer?
What type of threats are out there?
What can I do to better secure a computer running Windows 95/98?
Where can I get updates and patches?
How do I find out if there is a new patch for an application?
What if I need a more secure system?
What security concerns are there with...
Where else can I get information about computer security?
In what locations should I be concerned about computer security?
What if my computer is broken into?

Document revision history

What is computer security?

Computer security is the process of preventing and detecting intrusions into your computer system. Prevention measures help you keep intruders from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, whether or not they were successful, and what they may have done.

Why should I care about computer security?

We now use computers for everything from banking and investing to shopping and communicating with others through email or chat programs. Although you may not consider your communications "top secret," you probably do not want strangers reading your e-mail, using your computer to attack other systems, send forged email from your computer, or examining personal information such as financial statements.

Who would want to break into my computer at home?

Unauthorised people who try to break into computers, either in a local network or using the Internet are called intruders. They may not care about your identity. Often they want to gain control of your computer so they can use it to launch attacks on other computer systems. Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest games or to send email to friends and family, your computer may be a target.

Other intruders cause trouble by reformatting your hard drive, changing your data, or by watching all your actions on the computer.

How easy is it to break into my computer?

Unfortunately, intruders are always discovering new vulnerabilities (informally called "holes") to exploit in computer software. The complexity of software makes it increasingly difficult to fully test. When holes are discovered, computer vendors will make patches to fix them. However, it is up to the user to find and install the patches. Most of the incident reports of computer break-ins received at CERT\CC and AusCERT could have been prevented if system administrators and users kept patches up-to-date.

Also, some software applications have default settings that allow other users to access your system unless you reconfigure the settings. Examples include chat programs that let outsiders execute commands on your system or Web browsers that could allow someone to place harmful programs on your computer that run when you click on them.

What type of threats are out there?

Trojan Horse

Trojan horse programs are a common way for intruders to trick you into installing "back door" programs that allow intruders easy access to your system without your knowledge, change system configurations, or infect your computer with a computer virus. Further information about Trojan horses can be found in the following document.

Back Door and Remote Administration Programs

On Windows systems, two tools commonly used by intruders are BackOrifice and Netbus. These are known as back door or remote administration programs; once installed, they allow other people to access and control your computer. We recommend that you review the CERT vulnerability note about Back Orifice. This document describes how it works, how to detect it, and how to protect your systems from it:

The following ISS X-force advisory discusses Back Orifice and Netbus.

Denial of Service

Another form of attack is called a Denial of Service (DoS) attack. This type of attack causes your computer to crash or to become so overloaded that you are unable to use it. In most cases, the latest patches will prevent the attack. The following document describes Denial of Service attacks in greater detail.

What can I do to better secure a computer running Windows 95/98?

Prevention

The best way to secure your computer is to prevent intruders from attacking your system in the first place. To do this, install current patches for your operating system and your applications. Beyond patches, be aware of the types of attacks and vulnerabilities used by intruders, install only the applications you really need, and back up your data regularly.

As there is an increase in digital subscriber line (xDSL) and cable modems more home computers are constantly connected to the Internet. Consider setting up a firewall to prevent intruders from breaking into your computer. A simple firewall for home use could be put together using an old 486 computer (very cheap) running Linux (free). The following document discusses how to setup a firewall with Linux.

Virus Protection

Computer viruses are another wide spread problem. They spread easily through floppy disks, email, or by programs downloaded from the Internet. They can cause problems ranging from reformatting your hard drive to changing data. Once created, viruses spread without help from their creators. You can get them from people at the office, using computers at school, or in a document emailed to you by a friend.

To protect yourself, we recommend that you install a virus scanning/detecting/cleaning program. The following Computer Virus Resources document has a number of links to information about computer viruses, hoaxes, and chain letters.

Once you start using a virus detection/prevention program it is very important to keep it up to date. New viruses are continuously created, and vendors of virus detection software offer updates to detect them. To get the latest updates, check the manuals or the vendor web page. Some virus detection software offers methods to automatically get the updates via the Internet.

Monitoring activity on your system

Unfortunately, Windows 95/98 does not have a good way to track who logs into your computer and what files they may have accessed. (If this is a problem for you, see "What if I need a more secure system?") However, to monitor your system for possible intrusion, you can install software that watches for attempts to connect to your computer. One example of this type of application is called NukeNabber. NukeNabber is used to listen on TCP and UDP ports -- connection points that are commonly attacked over the Internet.

Where can I get updates and patches?

Windows 95

Windows 98

  • Use the Microsoft Windows Update, which is part of the Start menu.

Microsoft Office

Internet Explorer

Netscape

  • If you are using Navigator 4.02 or higher, you can use the SmartUpdate. Go to the Help menu and then select Software Updates.
  • Also review the information about security available under the Help menu.

Other sources for updates and patches

  • Most product documentation offers a method to get updates and patches. You should be able to obtain updates from the vendor's Web site. Read the manuals or browse the vendor's Web site for more information.

How do I find out if there is a new patch for an application?

Some vendors offer a mailing list service that automatically sends you mail when updates become available. Look on your vendor's Web site for information about automatic notification. If no mailing list is offered you may need to check periodically for updates.

There have been a number of attacks in which email was sent to users saying to apply the attached patch. This "patch" in reality was a Trojan horse program. Generally vendors do not email patches to customers, but they will alert customers that patches are available from the vendor web site. If you ever received email saying to run the attached file to install a patch, you should instead go to the vendor's web page and download the patch if one really exists.

What if I need a more secure system?

If you have data on your system that you would like to keep more secure than Windows 95/98 allows, choose another operating system that offers better security. Consider using Microsoft Windows NT or a version of Unix.

For more information about configuring an NT system, see our NT Configuration Guidelines.

For more information about configuring UNIX systems, see our UNIX configuration guidelines.

What security concerns are there with...

MS Office?

One of the most commonly reported problems related to Microsoft Office are malicious macros. A legitimate macro is a piece of code that helps users perform complex or repetitive tasks with just a small number of key strokes. Unfortunately, a new type of virus emerged known as a "macro virus." These macro viruses are found in Word or Excel documents and perform destructive tasks. They can also spread to other documents and contaminate other computers. Many virus detection programs detect and purge macro viruses.

MS Chat? mIRC? Chat Programs?

There has been an increasing use of chat programs which let many users connected to the Internet communicate with each other. Some of the programs have features such as "backdoors" that let malicious users run commands or install applications on your computer. Frequently, these programs are insecurely configured by default, so before connecting to chat rooms be sure to configure your chat program appropriately.

Netscape? Microsoft Internet Explorer?

Web browsers store pieces of information called "cookies" on your computer. Although these are meant to be a useful tool, they can also be used to gather information about your browsing habits, favorite sites, etc. It is possible to change the settings to notify you of the cookies being written to your computer or to completely disable cookies. The following CIAC Information Bulletin has further information on Internet cookies.

There have also been reports of problems with Java, Javascript, and ActiveX. These are programming languages that let Web developers write code that is executed by your Web browser. Although the code is generally useful, they can be used by intruders to gather information such as the Web sites you visit or to run malicious code on your computer. It is possible to disable Java, Javascript and ActiveX in your Web browser. We recommend that you do so if you are browsing Web sites that you do not know or trust. More information is available in these documents:

Another security issue to be aware of is sites that require a password to enter them. We recommend that you do not use the same passwords at these sites that you use to access any other systems at your office or home. The systems used to store the username and passwords may not be secure.

Email?

There are various security issues to be aware of when you use email. First, messages you send pass through many computers across the Internet. Any one of these systems could have someone reading the mail that passes through it. To prevent strangers from reading your email, the best method is to encrypt your messages. The most popular method to encrypt email is to use a program called Pretty Good Privacy (PGP) or Gnu Privacy Guard (GnuPG). These programs offer many options for encrypting files. Some email programs also offer easy methods for encrypting and unencrypting messages within the application. For further information about GnuPG and PGP, visit the following Web sites.

Secondly, email attachments (such as executable programs, MS Word documents, or other file types) may hide a virus. In most cases, malicious attachments install a computer virus. This is another reason to install a good virus detection program on your system. Other attachments, when opened, could start malicious code running on your computer.

Third, email can be forged to look like it was sent by someone you trust, but it was really sent by a malicious user. This forged email may ask you to change configurations or to send information that would make an intruder have an easier time breaking into your system. Further information can be found in the following document.

Wingate?

Wingate is a popular package that allows a number of computers on a LAN to share a single Internet address. Wingate could be configured to allow an intruder to use a Wingate server to conceal their true location. Further information can be found in the following vulnerability note.

Where else can I get information about computer security?

In what locations should I be concerned about computer security?

  • Office -- Do you know the computer security policy at your office?
  • School -- Are these systems scanned for possible computer viruses?
  • Friends and Family -- Do you know what software others are installing on your computer?

Do not assume that your system won't be attacked "because my computer doesn't contain anything important". If your system is connected to a network, it may be of interest to an intruder, either because it could be used to attack another victim using your computer, or simply because you were unlucky in an indiscriminate attack.

What if my computer is broken into?

The following document explains steps for recovering from a UNIX or NT system compromise.

This document is available from: http://www.cert.org/tech_tips/win-95-info.html

CERT/CC Contact Information

Email: cert@cert.org
Phone: +1 412-268-7090 (24-hour hotline)
Fax: +1 412-268-6989
Postal address:
CERT Coordination Center
Software Engineering Institute
Carnegie Mellon University
Pittsburgh PA 15213-3890
U.S.A.

CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) / EDT(GMT-4) Monday through Friday; they are on call for emergencies during other hours, on U.S. holidays, and on weekends.

Using encryption

We strongly urge you to encrypt sensitive information sent by email. Our public PGP key is available from

If you prefer to use DES, please call the CERT hotline for more information.

Getting security information

CERT publications and other security information are available from our web site

* "CERT" and "CERT Coordination Center" are registered in the U.S. Patent and Trademark Office.

NO WARRANTY
Any material furnished by Carnegie Mellon University and the Software Engineering Institute is furnished on an "as is" basis. Carnegie Mellon University makes no warranties of any kind, either expressed or implied as to any matter including, but not limited to, warranty of fitness for a particular purpose or merchantability, exclusivity or results obtained from use of the material. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement.

Conditions for use, disclaimers, and sponsorship information

Copyright 2000 Carnegie Mellon University.

Revision History
April 17, 2000
 Initial Release
November 12, 2003
 Updated links