What makes your computer run slowly?

Malware is a huge problem these days. It’s not quite surprising to hear recommendations to run anti-virus/anti-spyware scan when someone complains of a slow computer. But the malware is not the only reason that causes slow performance; it’s not even the number one reason of this common problem. What makes your computer to freeze and halt and how can you fix it?

* Unnecessary temporary files. Do you really need to keep that ‘backup of backup of backup of report.doc’? Many programs create temporary files, but not all of them are deleted after they are no longer in use. A few files won’t jam your computer, but when the numbers grow bigger, the problem becomes noticeable. Taking regular care of temporary files can make a difference in computer’s performance.
Temporary files also include those created by web browsers. Browser literally downloads every website you visit. Collecting files from visited pages was invented to make the pages load faster. However, nowadays this feature often causes the opposite effect. The temporary internet files must be cleaned out every time now and then; otherwise they make browser halt.

* Ignoring Disk Defragmenter tool. When drive controller needs to save the file on disk, it looks for a free space. Imagine that hard drive is a chest of drawers. If the file doesn’t fit into single drawer, it is divided into several fragments and those are put into different drawers. When you try to open the file, it takes more time for drive controller to find all the pieces and it takes more time to save the file again. Hard Drive defragmentation puts things in order; therefore it should be performed once every month or two.

The tasks mentioned above require regular attention; however there are other causes of slow performance too. Taking care of the following issues has positive effect on computer’s speed.

* Setting many programs to run on start up is not a bad idea; however, it has influence on machine’s performance. It takes more time for a computer to boot up; and those programs constantly uses computer’s resources. Many programs has a default setting to load automatically when Windows starts; this way you may have plenty of them running without your consent. Make sure that only software you really need runs at startup. Most people are not aware of the fact that they have email client, security tools, mp3 player, downloads manager, personal organizer, instant messengers and other programs running in a background all the time.

* Windows operating system needs some free disk space on Hard Drive in advance. If it can’t find the necessary space, it isn’t able to handle tasks and this causes a slow down. It’s optimal to have 15-20% of Hard Disk empty. If the reason is overburden disk, start cleaning it up by deleting unnecessary programs and reducing number of System Restore points.

Hackers and Law

Given that computer hacking is at least three decades old, there has been plenty of time for governments to develop and approve cybercrime laws. At the moment, almost all developed countries have some form of anti-hacking law or legislation on data theft or corruption which can be used to prosecute cyber criminals. There are efforts to make these laws even more stringent, which sometimes raise protests from groups which support the right to freedom of information.

Over the past few years, there have been lots of convictions for hacking and unauthorized data access. Here are a few of them:

* Kevin Mitnick is probably the one of the most famous hacker takedown cases. Mitnick was arrested by the FBI in Raleigh, North Carolina, on February 15th, 1995, after the computer expert Tsutomu Shimomura managed to track him to his hideout. After pleading guilty to most of the charges brought against him, Mitnick was sentenced to 46 months in prison and three years probation. He was additionally sentenced to another twenty-two months for probation violation and additional charges. He was eventually released from prison on January 21, 2000.
* Pierre-Guy Lavoie, a 22-year-old Canadian hacker, was sentenced to 12 months of community service and placed on probation for 12 months for fraudulently using computer passwords to perpetrate computer crimes. He was sentenced under Canadian law.
* Thomas Michael Whitehead, 38, of Boca Raton, Florida, was the first person to be found guilty under the Digital Millennium Copyright Act (DMCA). He was prosecuted as part of the Attorney General's Computer Hacking and Intellectual Property program and charged with selling hardware which could be used to illegally receive DirecTV satellite broadcasts.
* Serge Humpich, a 36 year-old engineer, was sentenced to a suspended prison sentence of 10 months by a ruling issued by the 13th correctional chamber. He also had to pay 12,000 francs (approx. €1,200) in fines, and symbolic damages of one franc to the 'Groupement des Cartes Bancaires'.
* On October 10, 2001, Vasiliy Gorshkov, age 26, of Chelyabinsk, Russia, was found guilty of 20 counts of conspiracy, computer crime, and fraud committed against the Speakeasy Network of Seattle, Washington, Nara Bank of Los Angeles, California, Central National Bank of Waco, Texas; and the online payment company PayPal of Palo Alto, California.
* On July 1, 2003, Oleg Zezev, aka "Alex," a Kazakhstan citizen, was sentenced in a Manhattan federal court to over four years (51 months) in prison following his conviction on extortion and computer hacking charges.
* Mateias Calin, a Romanian hacker, along with five American citizens, was indicted by a federal grand jury on charges that they conspired to steal more than $10 million in computer equipment from Ingram Micro in Santa Ana, California, the largest technology distributor in the world. Mateias and his network are yet to be convicted for these crimes and face up to 90 years in prison.

The list above is simply a brief digest which illustrates how cybercrime legislation has been used across the world against hackers or to convict cybercriminals in general. There are also some cases where people have been wrongly convicted of cybercrime. There are also numerous cases where hackers are still at liberty despite their names and identities being known. However, the number of such cases is being reduced day by day.

Cybercrime is here to stay. It is a reality of the 21st century, and the wide availability of the Internet and the insecure systems which come with it have increased the reach of cybercrime. With sufficiently sophisticated legislation, and more international cybercrime treaties such as being adopted, the world is hopefully heading in the right direction, with the long term aim being a safer, more law-abiding cyberspace.

How to Detect a Hacker Attack

Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.

Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.
Windows machines:

* Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.
* Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.
* Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.
* Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.

Unix machines:

* Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.
* Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.
* Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.
* Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.

An Analysis of Hacker Mentality

Why people hack is a subject which is often discussed. Some say the explanation is the same as the one given by people who climb mountains: 'because they [computers] are out there'. Others claim that by highlighting vulnerabilities, hacking helps increase computer security. And finally, there is the explanation most often put forward: criminal intent.

Whatever the reason, as long as computers exists there will be hackers - white hats, black hats and grey hats. And because there is no way of predicting which kind of attack ('curiosity' versus 'malicious') will hit your computer first, it is always best to be prepared for the worst.

The truth is that in hours of a machine being connected to the Internet, somebody will scan it with an automated vulnerability probing tool, looking for ways to get in. It may be somebody who is just curious to see what is on the machine, or a white hat from the other side of the world checking to see if the computer is secure. Of course, in real life you wouldn't want passing strangers stopping to check if your house or car were locked, and, if not, to go inside, look around, go through your possessions and leave a note saying 'Hi, I was here, your door was open, but don't mind me and BTW, fix your lock'. If you wouldn't want someone to do this to your house, you wouldn't want someone doing it to your computer. And there is no excuse for doing it to someone else's computer either.

Premeditated, criminal, hacking is obviously even worse. In the real world, somebody walks by, breaks your lock, gets inside, disables your alarm system, steals something or plants listening devices in your phone or surveillance equipment in your living room. If this happens you call the police, they look around, write a report, and you wait for the thieves to be caught. Unfortunately, this is a rare luxury in the computer world; the culprit may be far, far way, downloading your confidential files while sitting in his personal villa or sunbathing by his huge pool, nicely built with stolen money. Or, in a business environment, many large corporations prefer not to report hacking incidents at all, in order to protect their company image. This means that the criminals remain unpunished.

Another hacker motivation may be hooliganism, or digital graffiti, which can be summed up as hacking into systems to cause damage. Web site defacement is a very popular form of digital graffiti and there are some hacking groups which focus on this task alone. Just as in the physical, non-cyber world, catching the hooligans is a tedious task which usually doesn't repay the effort or resources expended.

Whatever the reasoning, be it 'to help others', 'security heads-up!', 'hooliganism' or 'criminal intent', hacking is a phenomenon which is deeply rooted in the world of computing and will probably never die. There will always be people immature enough to abuse public resources, self-proclaimed 'Robin Hoods' and criminals hiding in the dark alleys of cyberspace.