Hacking risk for broadband internet

Do you know who is rifling your files?

By BBC News Online internet reporter Mark Ward

Internet enthusiasts eager to use the new high speed connections are being warned to ensure they are protected from hackers when they go online.

Next week BT is finally due to announce final details of its high speed internet access service. Many other companies are expected to announce their versions of the service soon after.

But security experts warn that the high-speed links leave home computers vulnerable to attack by malicious hackers or cyber criminals.

They say that surfers must become more familiar with computer security to ensure they are not at risk.

In a bid to head off the problems some companies are starting to scan the PCs of customers to ensure that they are adequately protected.

Security becomes no longer the responsibility of anyone else it is up to you now

Kevin Chapman, Symantec

Online all the time

BT is using a technology called Asymmetric Digital Subscriber Line (ADSL) for the fast service which lets your ordinary telephone line pass megabits of data around per second.

Initially however the service is expected to run at 512 kilobits per second, many times faster than is possible with a modem.

But at the same time that surfers get high-speed access they also are more likely to receive the attentions of malicious hackers and computer criminals.

Unlike traditional modems, ADSL connections are "always on", the box connecting you to the network does not have to dial up, it is constantly linked to the internet.

The high speed and fixed monthly cost of ADSL will mean that people use the web for far longer than they do when they pay by the second for slow access.

But this permanent connection means that each ADSL connected computer is a node on the internet long enough to draw the attention of malicious hackers and other computer criminals.

"Because it is always on you are more vulnerable to hackers and computer viruses," said a spokesman for BTOpenworld, "We strongly recommend that ADSL customers use or buy firewall software."

A firewall can be a program or a physical device that sits on your net connection and stops anyone but you fiddling with the innards of your machine.

DSL Forum Security TIps

Set up strong passwords

Keep your anti-virus software up to date

Use a software firewall to cordon off your PC

Heavy web users should use a hardware firewall

Turn off "Internet Connection Sharing" on WIndows 98

Turn off file and print sharing in Windows

"With a modem no-one knows who you are and you are not there for very long so you are not worth bothering about," said Gunter Ollmann, principal consultant at Internet Security Systems (ISS), "With ADSL you are effectively a server on the internet and permanently available."

Some of the companies offering ADSL connections are planning to give everyone a single internet, or IP, address so they can take part in multiplayer games and host their own websites.

But Mr Ollmann said having a fixed IP address only makes it easier for hackers to find and attack vulnerable machines.

Many dialup providers allocate these internet addresses on a dynamic basis making it far harder to identify who is whom.

Share and share alike

Mr Ollmann said part of the danger arose from the fact that the operating systems of home PCs are not designed to act as file servers or internet nodes and do not have adequate security built in.

Many of the default settings on Microsoft Windows allow any machine to share files. In the early days of cable modems many people who shared the same link to the web found they could copy and change the files on the machines of other people.

A spokeswoman for Telewest which gives people fast net access using cable modems says it works hard to ensure that people are aware of how vulnerable they are and that they change settings on their PC to limit access.

"In addition we actively block the netbios ports on Cable Modems as this is a well known security risk," said the spokeswoman.

Wholly holey software

Many hackers use automated tools to scan for vulnerabilities in machines connected to the internet and then attack the ones they know they can crack.

Earlier this month security expert Dan Brumleve found a loophole in the Netscape version of Java that, when exploited, turned a person's computer into a file server. This allowed anyone who knew how to plunder its contents for valuable information.

Even if a hacker does not steal information they may plant a program that they later use in an attack on another computer at a later date.

"ADSL means you are personally connected and far more likely to be found either by a hacker or automated process that does the scanning," said Kevin Chapman, sales and marketing director for Symantec, "Security becomes no longer the responsibility of anyone else it is up to you now."

Some companies are not trusting consumers to look after themselves. The Bank of Brazil regularly scans the home computers of the people using its home banking service to ensure that their anti-virus protection is up to date and they are patching holes in software.