Question: I recently came across a Web page located at
http://www.bigron.com that claimed to be able to display all
the files on my hard drive. I was quite alarmed to discover
that it was indeed true. How is this possible and what can I
do now to protect my computer? I am using Internet
Explorer 3.02 with Authenticode 2.0 for Windows 95. Also,
is it possible that my data files from my hard drive were
copied onto their site?
-- B.H.
Answer: The link, found on BigRon's Hedonistic Society
Humour Page is nothing more than a joke. A scary joke,
admittedly.
He's used a little Web page design trick to fool you. He's set
up a hyperlink, which is a clickable element in a Web page,
to tell your browser to display the contents of your C: drive.
"Essentially, you are showing yourself your own hard drive
contents, not anybody else," explained Dave Carter,
marketing manager, Internet Customer Unit, at Microsoft
Canada. "This would be a concern if this information could
be passed back, which it can not. There's no security issue
here."
The key here, as Carter points out, is that only YOU can see
the files. There's no programming on the page to capture or
collect the file names at his end.
The bigger question this example asks is "What can I do
now to protect my computer?"
That's not a simple question to answer, as it's a personal
decision. You have to decide what level of risk you're willing
to take.
Think of Internet as a family reunion: family members, like
computers, can talk to each other and sometimes they can
ask for information you're uncomfortable giving.
Theoretically, every time you connect to the Internet, you are
opening yourself to invasion of privacy. When your
computer connects to the network, it becomes a part of the
network. Just as you can request information from a remote
computer, it can request information from your computer.
Luckily, there's a limit on what it can ask.
Not so at family reunions, though refusing to tell your
Great-Aunt Hilda why you're still not married might be the
equivalent of a "404 Not Found."
The browser companies, such as Netscape and Microsoft,
have gone to great lengths to limit who can ask for what. So
very little information is available unless you want it released.
Some information, like the colour of your underwear or
personal data on your hard drive, is completely out of
bounds.
Some information, though, is impossible to hide. Like your
IP address. That's the unique number assigned to you when
you connect to your Internet Service Provider. It's no secret.
Remote computers need to know what that number is so it
can route data you request to your computer.
Also available to remote machines is your domain. That is
the name of the ISP machine. Often it's the same as the
information after the @ sign in your e-mail address. In fact
any computer can figure that out from your IP number. So if
your ISP's domain is naughtmonkey.com, then that's public
knowledge.
Another piece of information available to anyone is the
address of the previous place you visited. You can hide that
by clearing your browser's cache.
Cookies are also a bit of a liability. These aren't the yummy
chocolate kind. They're little files that get saved on your hard
drive that contain information about you that you've provided
to a remote computer.
In fact any information you've submitted via a Web form can
be saved as a cookie by a remote computer and retrieved
later. You make the decision to submit that information
across the Internet by filling out the form. So don't give any
information you want to keep secret.
The other uses for cookies are for tracking movements on a
Web page. Pages you've visited could be stored and
retrieved later. Personal preferences you've selected from a
Web site are often stored using a cookie, as well.
There are other, more serious consequences that are a little
difficult to overcome. Browsers are sometimes flawed.
Occasionally bugs crop up in new versions of both Netscape
and Microsoft browsers. Those bugs are typically esoteric
and difficult to replicate in the real world because a series of
conditions have to be met to exploit the flaw. They usually
involve combinations of programming technologies like Java,
Javascript and Active X controls.
Both Microsoft and Netscape design such technologies so
that their scope of operation on a user's machine is limited.
For example, JavaScript, which is a programming script built
into a Web page, is not allowed to delete or create files on
your hard drive (except for cookies).
That's not to say there's no risk. Bugs do pop up. The only
way around this problem is to keep an eye on bug reports
and download fixes from the browser-maker as soon as they
are available. A good place to look for bug reports is Cnet's
daily computer news at www.news.com.
The other more conservative approach is to wait until a new
browser has matured. Downloading it on release day makes
you a big guinea pig for that software. Waiting a couple of
months until post-release bug fixes have been found or ruled
out is safer.
The same advice applies to a new relationship. Iron out the
"toothpaste squeeze" bug before showing your significant
other off to family. Failure to do so can result in a recall.
One other item you should be concerned with is sending
secure data across the Internet. Netscape and Microsoft
have developed encryption features in their browsers that
allow the software to make a connection with a secure
remote server, so that data passing between them is coded.
You'll want 128-bit encryption for financial data.
Think of it as a more sophisticated version of spelling out
messages in front of kids and pets to hide information from
them.
Netscape has 128-bit encryption built in. Internet Explorer
requires a 0.2 meg add-on that you can download from
www.microsoft.com
Adding RAM is easy, 
