Computer Help forum

General discussion

1/5/07 Help! I need clarification on Internet security

by Lee Koo (ADMIN) CNET staff/forum admin / January 4, 2007 5:43 AM PST

Hi, I need your help in clarifying some of the Security information when using the Internet.

1. Is it OK to leave my wireless broadband router on all the time, even when I switch of the computer or other times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

2. Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?

3. From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?

Look forward to hear from you.

--Submitted by: Kumar
Post a reply
Discussion is locked
You are posting a reply to: 1/5/07 Help! I need clarification on Internet security
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: 1/5/07 Help! I need clarification on Internet security
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
John's winning answer
by Lee Koo (ADMIN) CNET staff/forum admin / January 4, 2007 5:44 AM PST


Some of the greatest risks are a result of simply using your internet connection, for you could visit a fraudulent or otherwise malicious website that steals personal information (see Phishing) or download a file that is infected by malware. However, even when you are performing other tasks, such as typing a Word document, or are away from your computer entirely you are still at risk. As long as your computer is connected to the internet there is the possibility of being hacked. The good news is that there are things you can do to protect yourself and significantly reduce that risk.

First, I would recommend replacing the standard Windows XP firewall. This is a recommended step regardless of whether you are using a wireless router or not. No firewall is impenetrable but the XP firewall has several weaknesses when compared to other protection on the market, with its primary deficiency being the general lack of outbound protection. In short, that means that if you do become infected and the malware attempts to "phone home" for whatever reason (including to send the hacker your personal information) it will not alert you or do anything to stop it. Instead, I would recommend using the free ZoneAlarm basic firewall, which can be downloaded by clicking here. The default settings are fine and it will automatically disable the Windows Firewall to prevent possible conflicts.

It is also important to note that depending on which router you have there may be a hardware-based firewall built in. Hardware-based firewalls are considered superior to software firewalls because they stop the access attempt even before it reaches your computer and they are harder to circumvent. (Whereas software-based firewalls can be disabled by certain types of malware.) Regardless of this, I would still recommend having a software-based firewall, such as ZoneAlarm, for an extra layer of protection.

In addition to a firewall you should make sure you have adequate antivirus and anti-spyware software and keep it up-to-date. Norton and NOD32 are two of the top-ranked antivirus providers with McAfee, TrendMicro, and many others following closely behind. For spyware protection I rely on Webroot's SpySweeper, though you do not need to spend the money on it. Instead, you can use Windows Defender for real-time protection and Ewido (now known as AVG Anti-Spyware) for weekly scans, a combination that is quite successful and won't cost you a cent. Remember, you can build up a wall around your network but it won't do much good if the intruder is already inside the gates, so perform weekly scans religiously.

That said, a wired connection is always safer than a wireless connection to the internet for the simple reason that with a wireless connection someone could sit in the basement of the house next door and work on cracking the encryption or uncovering your password. With a wired connection, on the other hand, they would have to have physical access to your computer network in order to attempt that. That should not deter you from using a wireless home network but instead encourage you to take additional steps to protect yourself. These include:

1.) Encrypt the connection, preferably using WPA (or even WPA2) due to the widely-exploited weaknesses of WEP. If some devices are not compatible with WPA, though, be sure to enable WEP...some protection is better than none.

2.) Set a strong password on the router, using a combination of uppercase and lowercase letters, numbers, and symbols. The longer and more complicated it is the harder it will be fore someone else to guess or crack it using brute force methods.

3.) Change the internal IP subnet, router name, and password regularly. The more you do this the more you will keep 'outsiders' off balance. You will have to update each computer afterward but it is well worth it.

4.) Enable MAC filtering so that only the wireless devices you specifically allow have access to the network. It is possible to spoof (forge) a MAC address but every road block helps.

5.) Disable SSID broadcasting. This does not prevent your network from being attacked but it prevents the network's presence from being 'announced' to all wireless receivers within range, effectively removing the large arrow pointing to your house.

6.) Keep an eye on the router logs for unauthorized access attempts, particularly if you suspect something. The sooner you see unauthorized access attempts the sooner you can take countermeasures to prevent that party from succeeding.

7.) If all of your wireless devices use 802.11g disable 802.11b on the router. This has a very limited effect, but it would prevent others with older hardware from attempting to access your network.

The exact methods of adjusting all of these settings depend on the router and operating systems in use, but you should find illustrated instructions in your owner's manual or, alternatively, on the manufacturer's website in their Help section.

Aside from that I would like to make a few other comments. First, it is important to be aware of Wake-on-Lan (WOL), which, if supported by your motherboard, would potentially enable someone to 'wake' your computer remotely via an network connection. That means that after you have shut down and gone to bed someone could start your computer and accomplish their goals before the sun rises. Thus, even if you turn your computer off at night or before you go away for any length of time you should also consider shutting down the modem and router. It's not mandatory, but it is the only way to ensure the security of your network during periods when you do not have a watchful eye on it.

Second, never install or use P2P software such as Limewire. Aside from the legal issues associated with most of the content being pirated it opens up a door for others to access your computer, something that would potentially make all of your hard work go to waste. It is far better to download directly from the author or use download sites such as CNET's own

Finally, keep in mind that if someone else uses your network that you may be held responsible for whatever they do, be it download pirated content or hack another computer. That is added incentive to keep your network secure and limit who you let use your computers and/or network. (Never walk away and leave your desktop unsecured to attend to other guests unless you trust them.)

Best of luck in maintaining a secure wireless home network! John Wilkinson

P.S. While it does not pertain to your home network, I would like to leave you with one last piece of information: Never do online banking on submit/access other personal information while you are using a wireless connection other than your own. There is no guarantee of security and some even set up hotspots with the sole purpose of using it to acquire the personal information of others.

Submitted by: John W.
Collapse -
Thank you
by Monzerelli / January 5, 2007 1:04 PM PST
In reply to: John's winning answer

I recently read a reply that you wrote to a fellow named Kumar about protecting his network, but I'm interested in knowing how exactly would I go about setting up everything you explained to him. Thnak you again.

Collapse -
Goblins in my computer*----------*--------------------------
by NANCYAC / January 5, 2007 2:25 PM PST
In reply to: John's winning answer

The random stars and lines after the word computer are exactly the problem. I have tried everything and it apparantly has something to do with this location because I've moved the equipment to my other office (250 miles away) and have no problems.
I am running XP and Office 2003 on a new hp desktop Pavillion. I am using wireless keyboard and mouse and have tried replacing them w/ wired ones..makes no difference.
I am on a wireless connection to the internetn but that is also true in both locations. Last nite I literally had to shut everything down. The goblin open 25 internet connections to Mozilla when I tried to access one. It puts (usually) the symbols and such on the number keys and will go on for ever.
Last night it did new things but it has erased data.Changed the location of things etc. Most of the time I am in Outlook but it doesn't matter if I'm in mail or contacts OR WORD etc.-----------------It continues to interrupt & makes me nuts. Any help will really be appreciated.

Collapse -
Ghost writer in my computer
by Yeoville / January 5, 2007 7:33 PM PST

I had a similar problem, except that the text was intelligible but meaningless, similar to that found in a lot of spam. I found that the cause was a Microsoft feature! I guess you do not have a microphone attached to your computer and thus you get asterisks. Read this:
Daily News
'Phantom Menace' typing just a Microsoft speech feature
By Brian McWilliams, Newsbytes.
March 12, 2002
Random words and characters mysteriously appearing on the screens of some Windows XP and Office XP users are not the work of phantom hackers or a sign that users' systems are possessed by demons. It's just Microsoft's voice recognition system running slightly amok, the company said.

In recent weeks, several XP users have posted messages to Internet discussion lists and newsgroups reporting that text is automatically appearing in Internet Explorer's address bar or in Outlook e-mail messages or Word documents as users compose them.

In a posting entitled "My Remote Keyboard is Possessed in XP," for example, one Microsoft customer reported "very strange behavior" that included letters appearing in input areas of the screen while browsing and writing e-mails.

"I'm afraid Holy Water would short it out so someone please help me," wrote the XP user.

Another Microsoft customer separately reported that "a ghost" appeared to be taking over his computer. In the message, entitled "Phantom Menace XP," the user said something was causing toolbars and options to pop up without his input.

In response to user inquiries, in January Microsoft published a handful of articles in the Support section of its Web site about the problem.

According to Microsoft, after installing Microsoft's Speech application programming interface, "random words or characters may be displayed in Office XP documents or in the Internet Explorer Address bar."

The company said the behavior occurs because "the speech recognition tool is 'listening' to your voice through you computer's microphone and is attempting to recognize what you are saying."

Microsoft said its speech recognition engine, a program file named Sapisvr.exe, is turned on at installation by some computer manufacturers. The engine is also included with Microsoft Office XP and other speech-enabled products.

To resolve the problem, Microsoft said XP users should disable the Dictation and the Voice Command features on the operating system's Language bar. Alternately, users can turn off speech recognition completely from the Regional and Language Options tool on XP's Control Panel.

Merely unplugging or turning off the computer's microphone does not correct the random-character problem, according to several user reports.

Microsoft's article about random characters in Office XP is at;en-us;Q315765.
Microsoft's article on configuring speech recognition in Windows XP is at;en-us;Q306537.
Microsoft's .NET Speech homepage is
Reported by Newsbytes,

Collapse -
LOVE this!
by GSFran / January 6, 2007 2:21 AM PST

My mom has said, for years, that true computer experts are happy to share their knowledge. It's the phonies who won't share, who hide what they know, because they want to hide the fact that they don't know as much as they pretend to know.

I don't know a LOT, but I know enough to help my friends... somewhat. I'm absolutely delighted that I learned a LOT from this response. I'm also grateful to the person who asked the question, which hadn't occurred to me to ask.

Thank you all!!!

Collapse -
by lilliana / January 6, 2007 6:05 AM PST
In reply to: John's winning answer

John, this isn't directly related, but thought you had the smarts to know the answer.
Lots of folks complain about how long it takes Windows to start up. I use either standby or hibernate on my desktop and laptop (respectively), and am wondering if there's any reason ever to completely shut down.
My desktop is connected to a router, and the laptop is wireless. Any danger when they're in standby or hibernate?
Thanks for any light you can shed.

Collapse -
hibernation or standby
by wilbur frank / January 8, 2007 7:54 AM PST
In reply to: Hibernation?

is it safe?

Collapse -
Almost faked out!
by Major Pain51 / January 7, 2007 12:10 AM PST
In reply to: John's winning answer

I'm in the USA and I use my phone company as a DSL provider. I pay by check through snail mail each month. Last week I received, in my bulk mail box a WARNING that I needed to correct a billing error on the part of my DSL provider and that supply servers were being switched and added so if I did NOT fill out the credit card information I was at risk to be canceled. It supplied a link to go to to fill out this info, Name, address, credit card number, phone number and Social Security number. Curious, I clicked on the body of the message and got through to the site, however the same company(?) that made this request is my internet security provider and they threw up a big warning window that the URL was not normal and danger lurked there. A landline call to my provider proved what I suspected. This site, even though very much looking like thier site was bogus. They had received several complaints and got a copy of the e-mail and were investigating the matter. I was told they NEVER ASK FOR ANY FINANCIAL INFO ON THE NET ONLY BY SNAIL MAIL OR LAND LINE. This site had thier logo and formats down pat and sure looked real, however they are commiting a Felony crime that has severe penalties.I pay $15.00 for my DSL adn $5.00 more for thier security suite, per month. It sure gave me my monies worth that time. It also has a Firewall for in and out going email. Get it in some form and use it or you could be faked out. It's just like the Cobras with thier fangs pulled out, professional FAKERS!
Major Pain

Collapse -
by dobird / January 7, 2007 7:21 AM PST
In reply to: Almost faked out!

I also use my phone company as a DSL provider but I pay my bill through the phone company's website. I haven't received any bogus emails asking me for information, but THANKS FOR THE WARNING AND THE INFORMATION!!!!

Collapse -
by hibble175 / January 7, 2007 1:20 AM PST
In reply to: John's winning answer

Great idea. Free Firewall-extra protection! Except when I installed it on my laptop, I couldn't access the internet using my wireless connection. I uninstalled, and there was no problem. Is this over-protection, or what?

Collapse -
Thank you for the Assuring Tips
by Hsiung / January 7, 2007 6:06 PM PST
In reply to: John's winning answer

My friend used to laugh at me for being paranoid about running antispyware scans from at least two softwares (where I use SpyBot, Norton's AntiSpyware, and/or AVG Antispyware), and a resident antivirus protection program (AntiVir). They're all free. However I think, which I am open to correction, that paid-for antivirus and antispyware programs offer better, up-to-the-minute protection for newest updates. I will subscribe to them when I work full time.

Hsiung K.

Collapse -
Now I'm scared to use my computer!
by feskridge / January 7, 2007 10:40 PM PST
In reply to: John's winning answer

While John's answer was complete and accurate, I might point out that the kinds of high-tech attack possibilities you are talking about are theoretically possible (and may actually have happened in a few isolated cases), but the chances of these things happening to an individual that is taking normal precautions is about like getting hit by a meteor. A wireless router and XP Firewall is perfectly adequate! Leaving your wireless router on all the time is fine: in fact, you're supposed to! A properly configured wireless router is 99.99% as safe as a wired connection. You worry too much! Just set up your system and use it! Worrying about things like WOL and checking your router logs is getting way paranoid! Just going by John's (very good--too good, actually) answer would convince me to never use my computer!

Collapse -
Scared out of business!
by xin / January 8, 2007 4:02 AM PST

hmm, scared out of biz??
feskridge, please this is not to show disrespect or any attack on you personally but your post surely soundz like a thief that is scared to be out of business soon rather than be happy to use a well secured computer!

All of your comments:
Leaving your wireless router on all the time is fine
A properly configured wireless router is 99.99% as safe as a wired connection
You worry too much! Just set up your system and use it!

are just like a thief watching weak padlocks been replaced with dead bolts to thwart unauthorized access.
Please sir/madame, we come here to seek expert advice as to how best to protect our live blood but not to make jokes out of harmful security issues or to inveigle others into letting their guard loose as u suggest, for thieves to take advantage!
May i please ask, what is -way paranoid- about installing extra security locks other than leave thieves unhappy as u do?

Collapse -
by feskridge / January 8, 2007 4:30 AM PST

You're exactly right. Let's add a few suggestions.

- Make sure your house is lined with at least three inches of lead shielding.

- Make sure all your passwords have at least 32 characters, including everything on the keyboard--numbers, symbols, upper-case, lower-case, etc.; change the password every six hours; no fair repeating any sequences from an old password; and for for God's sake don't write it down!

- You'll need at least three to five years of computer science in order to get a complete understanding of networking and malware programming--not to mention understanding the acronyms.

- Never use Internet Explorer. Ever.

- Also, try not to use Firefox, Opera, or any other browser--that's just inviting trouble. Best to just stay away from the Internet.

So, have fun using your computer. Just be sure you don't turn it on because I'm sure all your neighbors within 2 miles of your house are just waiting for you to do so.

Collapse -
i don't know about THAT, but...
by santuccie / January 8, 2007 8:46 AM PST
In reply to: Exactly...

I will say this blatantly: you're wrong. I have a wireless router in my home, and my grandma's machine had MSC courtesy of Comcast, complete with McAfee Personal Firewall Plus. When botnet worms broke out in the end of September or the beginning of October, she started getting hit without even going online.

A wireless router could have one of two types of firewalls: NAT (Network Address Translation) or SPI (Stateful Packet Inspection). A NAT firewall hides your computer's IP address behind its own. It does nothing to stop an intruder from getting in. Check out this link to learn more about different firewall technologies:

Collapse -
Thanks, but...
by feskridge / January 8, 2007 12:58 PM PST

Thanks for the link. I'll check it out. But I don't understand what you're saying I'm wrong about. Are you saying your mom got hit without even getting on the Internet? If so, I was right. You should just keep the computer off at all times. That way you'll never get hit. Problem solved. Thank you.

Holy mackeral! Florida just crushed Ohio State!

Collapse -
not good enough
by santuccie / January 8, 2007 1:23 PM PST
In reply to: Thanks, but...

Funny. That's just what they said on the news in the evening of October 9. But here's how my system is set up...

I have System Scheduler on my machine. At 1:45 a.m., it starts updating my non-automatically updating products and scanners in five-minute intervals. By the time my Citrus Alarm Clock wakes me up in the morning, all the scanners are done, and I get to check the results and close the windows.

Here's a contrast for you. When I saw the news report, I immediately unplugged her ethernet, hit System Restore, and replaced the MSC firewall component with Safety.Net. Actually, I tried Jetico first, but IE couldn't find the server, so then I installed Safety.Net. And what do you know? The attacks came to a screeching halt!!! I was using BlackICE until my subscription expired in mid or late October, and I've also been using Safety.Net ever since. My machine has never been hit. Happy

Collapse -
Protection vs. Paralysis
by spencebj / January 10, 2007 10:19 AM PST
In reply to: Exactly...

I'm with you Feskridge ... there's a fine line between protection and paralysis. We do a lot of support at Wi-Fi hotspots in RV parks, and we often see people unable to connect because their firewall is preventing it. Sure, there is a way to configure the firewall to allow the connection, but it's beyond most average users. If you're up-to-date, clean, and scan regularly for viruses and spyware, the one-way firewall that comes with XP is sufficient. And, doing your banking is just as safe on Wireless hotspots as on any other type of connection. The encryption is handled by the bank's servers and protects your information from your computer, thru the hotspot's network, across the Internet AND back.

I believe there is such a thing as too much protection. I see, in my mind's eye, little league hockey players that are so padded and protected that they can't even skate!

Use window's firewall, do your backups, stay up-to-date, scan for viruses and spyware regularly, and accept that there is a certain amount of risk in using the Internet. The only way to be 100% safe is to unplug your computer.

Collapse -
If it works, use it!
by santuccie / January 10, 2007 10:48 AM PST

"The only way to be 100% safe is to unplug your computer." Well, that goes without saying, doesn't it? However, if you have broadband service for which you pay $60 every month, and depend on for your livelihood in a Remote Support occupation, you don't have that option.

Why don't you take a look at what's been going on while you were sleeping:;jsessionid=LNZDUIB1DD05AQSNDLQSKHSCJUNN2JVN?articleID=196603916

Clearly, signature-based scanners will not provide enough proactive protection against these new threats. But there are solutions. Like I've already said, an SPI firewall will keep intruders out, while an intelligent HIPS product like Cyberhawk will fill in the voids left by your traditional scanners and prevent "non-intruders" from infecting your machine with your unwitting authorization.

By employing these technologies, I have been able to make use of the Internet connectivity I've been paying for, while still managing to keep creepy critters off my machines. 100% secure? Maybe not, but it's a way better answer than "Unplug your Internet." Don't question success, folks!

Collapse -
by santuccie / January 10, 2007 11:21 AM PST
In reply to: If it works, use it!

Pardon me. I don't know why, but it sounded like your last comment was directed at me. How very silly of me. My apologies.

Collapse -
I'm just being a little sarcastic.
by feskridge / January 10, 2007 4:57 PM PST

So much ink is put out there regarding the onerous protection schemes that are recommended, some of which contradict others, that I don't see how a newbie would not be completely scared off. I go along with pundit Leo LaPorte: He (and I) use a properly installed wireless router with encrytion, the free MS firewall, the free MS Defender spyware and adware protector, and the free antispyware Avast! by Alwil. This seems to do the job as long as I stay away from obvious traps like links to unknown websites from unknown sources, particularly porn. And it doesn't slow down my machine (much) like Norton or McAffee tend to do. The best part is no subscriptions.

Collapse -
Thought you would like to know, not free anymore?
by BrianO5 / January 7, 2007 11:24 PM PST
In reply to: John's winning answer

ewido anti-spyware 4.0 has been replaced by AVG Anti-Spyware 7.5 and isn't available for sale and download anymore (under the old name). Instead, please try our new, highly improved version: AVG Anti-Spyware 7.5

Collapse -
re: John's Answer
by tms331 / January 8, 2007 5:33 AM PST
In reply to: John's winning answer

I was going to report this as an offensive post as it made me feel really dumb concerning my knowledge in this critical area - and I've used computers for many years. But instead I'll send this to friends who know less than I do about this area . Then I can feel just so darn superior! <(:<0)

Seriously, it is a great article and most helpful. I am sending it to friends, not to feel superior (they know better), rather it is just that helpful. Thanx, John.

Collapse -
Modem waking up computer
by jbliever / January 8, 2007 8:49 AM PST
In reply to: John's winning answer

If you CPU is hooked up to a Power Direction (like a power strip) and is turned off when the computer is shut down, wouuld it still be possible for the modem to "wake up the computer?" It doesn't seem like the modem waking up the computer would be possible then.


Collapse -
Nice answer Kumar but I have another question about Limewire
by buttdad / March 17, 2007 5:56 AM PDT
In reply to: John's winning answer

I have noticed when I am logged onto LimeWire after downloading a file and there is no apparent activity on LimeWire, in other words, no apparent uploads of my files by other users and I am not downloading. I notice the light on my modem Labeled "PC Activity" is flashing. Is this normal since I am logged onto LimeWire or is it an indication of something not good?

Collapse -
Mark's winning answer
by Lee Koo (ADMIN) CNET staff/forum admin / January 4, 2007 5:45 AM PST

This is a response to Kumar's security questions when using Internet. I apologize in advance for the long email, but the questions are much simpler than the answers.

1. Is it OK to leave my wireless broadband router on all the time, even when I switch off the computer or other times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

The answer to someone's ability to hack a wireless router is "yes & no". Some can, some will, and some can be stopped easily. There are a few things to consider before deciding on whether or not to leave a wireless router on when not in use. You decide.

Top 3: First, your router is a target. Those who are patrolling the Internet looking for systems to compromise cannot initially tell if there is a system behind your router, so if they can see the router, they will attempt to access it, and to by-pass or compromise it. Routers are in essence, computers that simply inspect and direct packets. If someone can subvert your router, your network is effectively "0wn3d". There is sufficient information in the public domain to make this easy in most cases.

Second, there is a question of what protective controls you have placed on the device to make it "hardened". Does it advertise its SSID? Does it have a hard to guess admin password made up of a long string (I use 16+ characters in my passwords.) of numbers, letters and special characters? Does it use WPA2 or other controls? Do you change the passwords and SSID often? Do you restrict access to the device by MAC address? Follow best practices and use a hardware firewall too.

Third issue is one of liability. While you are not using the wireless router, or even when you are, someone that has access to it can surf whatever they want, including child pornography or other illegal materials. They can also use your network as a free access and jump off point to attack others. As far as your ISP is concerned, that is your connection that is involved, and in essence, YOU.

2. Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?

Again, this depends on how good your other controls are. This is a very basic "firewall". Most NAT routers will stop some casual attackers. Windows XP firewall sill stop some as well. What is really lacking in Windows firewall is outbound protection and application monitoring. Any program that you download, install, or have installed for you by a malicious website or application (happens all the time) will be allowed to make connections outbound. A good desktop or personal firewall will provide you the opportunity to approve connections before they are made. A few years ago, I was surprised to have my personal firewall fire up a warning that Internet Explorer suddenly needed my approval to access the internet, even though I had allowed it access ages ago when I installed the firewall application. This indicated that the IE was either a bogus program launching from somewhere else on my hard disk, or that IE had somehow been changed. Neither is a good thing. Windows firewall offers no protection against spyware or much else. If you have nothing else, run it, but do not consider yourself "secure". It has been stated in the press that an unprotected system will be detected on the internet within 15 minutes. In my own experiences, I have found this to be true, and ANY Operating System will be compromised within another 15 to 20 minutes. It is really that bad out there.

3. From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?

Apples to oranges. A wired connection requires physical access to compromise a network, until it is connected to the internet. After that, it is just as insecure as a wireless connection. When thinking about security, don't think "what is more secure" because security is not a device you can attach. It is an evolving mindset. Look at the risks, value to you and motivations of those that might want to compromise your network or PC. Someone wants to make money. They want to use your system to generate spam, they want to use your system to hide their system when launching an attack, they want to steal your identity or personal information. They want to compromise your system so that they can use your VPN tunnel to get inside your business firewall and take over all of your company's systems so they can rent them out as a botnet to make a few quick bucks. You are providing them with a PC in order to do this. You are providing them a wireless connection to do this. All they need to do is find a way to get in. How easy are you going to make it for them to do this?

Encryption doesn't protect anything other than the data stream, making it harder to compromise the things that you are communicating in a session. Encryption can actually hinder an investigation because now the investigator cannot easily see what is passing through the connection. Don't get me wrong. Use encryption on your wireless connections to protect yourself from snooping and data injection, but don't rely on ONLY encryption as a security control.

You have to secure the end points. Harden your O/S. I have a total of 32 out of roughly 100 services enabled in my XP box in order to minimize its attack surface. I have configured its security options through the MMC according to published "best" practices (makes it much faster, too!). I have a hardware firewall to protect my perimeter. I have a software firewall to protect my applications and operating system from the internet as well as from my teenage kids who will download ANYTHING and run it. I have Anti-Virus and malware detection to protect myself from Trojans and the like, in case I have a teenager moment myself. I use a browser protection mechanism to lower the chance of getting a zero-day exploit from a malicious website. I use a non-administrator account for daily use. I use a spam filter and email rules to filter my email, and don't auto-preview it so as not to launch an HTML or scripted attack by accident. Defense in depth is not just for the paranoid anymore. Did I mention that it REALLY is that bad out there?

Security can be thought of as a balance between what is convenient and what is smart. You want to make it as hard as possible for bad guys to do bad things at your expense, while maintaining a measure of simplicity. That is my 2
Collapse -
MMC Best Practices
by 00h00m / January 5, 2007 6:18 AM PST
In reply to: Mark's winning answer

Any chance you could supply a link to the "best practices" setup for MMC. I have done a lot of tweaking in there but would love to see what is commonly considered the best setup.


Collapse -
"Best" Practices Links
by MadMark / January 8, 2007 9:16 AM PST
In reply to: MMC Best Practices

Hi 00h00m,

Understand that I enclose best in quotes, as the application of these practices are, in my opinion, "best" as formed over the past 25+ years working with PC's. Your own opinion, experience and mileage may vary...

The "Best" Practices I refer to are documented in the following locations:
Microsoft's Windows XP Security Guide:

NIST Security Configuration Checklists Repository:

Disabling XP Services:

The NIST site offers downloadable configurations -=[BUT]=- exercise extreme caution when you pull them into MMC (Microsoft Management Console). You will want to do a comparative analysis of your current policy using the policy database that you download from NIST. Only after you have compared your settings, and fully understand the settings you wish to change, should you commit any changes. Just plugging in the settings and committing the changes is GUARANTEED to break XP!

I recommend a clean installation of XP before even bothering with this exercise, as you ALWAYS want to start from a known good installation. Otherwise you are just locking the front door and opening all the windows. Download all the patches from the Microsoft site and apply them from CD/DVD WITH THE ETHERNET CABLE UNPLUGGED.

Creating your own Service Pack!:

Good luck with your hardening!

Collapse -
About Mark's winning answer
by imaudi / January 5, 2007 6:58 AM PST
In reply to: Mark's winning answer

This is the one of the best reply I have read sofar in CNET forums. Hats off to him and the susequent replies on this. I am forwarding this reply to all of my friends whom I insist on to become a member of CNET forum.

Collapse -
Honorable mentions
by Lee Koo (ADMIN) CNET staff/forum admin / January 4, 2007 5:46 AM PST

Kumar, here are the answers to your questions:

1. Yes, it?s ok to leave the wireless router on all the time, providing that you have proper security established (see below). And, in general, your cable or DSL modem and your router should be left on all the time, because the router ?learns? your network configuration as you actually use it and the internet, and if you turn it off, this ?learning?, in the form of routing tables, is forgotten and has to be relearned (which will happen ok, but the router performance is slightly degraded as the router is ?relearning? and rebuilding it?s routing tables). When the cable or DSL modem is turned off, it loses it?s connection to the network and it?s DHCP IP address ?lease?. It, too, will reacquire these, but the process can take several minutes to several tens of minutes. Also, if you have or ever get Internet telephone service, you will lose your phone service if you turn off your cable modem or router. So, in general, the modem (cable or dsl) and the router should just be left on all the time. They draw very little power, so power consumption is not a significant consideration here either.

2. Now, about someone being able to hack into your computer: We need to make that effectively impossible, all the time, no matter what you are doing. Security is established primarily with a combination of four elements: NAT (network address translation), encryption, firewalls and resource permissions. It?s unsafe to operate on the Internet without all of these in place, although there are lots of Internet users who operate without any of them. Here is what they are and how to set them up:

a. NAT (network address translation) gives your computer a ?private? IP address rather than a ?public? IP address. [all IP addresses beginning with 192.168 are ?private?; there are a few other private address blocks as well (most significantly 169.254), but 192.168 is the one that is universally used]. Private IP addresses are ?invisible? to the internet and CANNOT be accessed from ?outside? except in response to an inquiry that you have sent out. This alone protects you immensely from most hacking attempts. How do you get NAT? Well, normally, simply using a router -- at all -- gives you NAT. That?s why, in my view, everyone should use a router, even if they are not sharing an internet connection and otherwise don?t need a router. Window?s own ICS (internet connection sharing) and some other software programs (which are really ?software routers?) also provide NAT, but with routers as cheap as they are, the best way to get NAT is just to use a hardware router (note, routers provide the ability to turn NAT off, often in a feature called ?DMZ?. It goes without saying that you really don?t want to do this without a very good reason). NAT is on by default, so you don?t have to do anything beyond simply using a router to have this protection.

b. Encryption: When you use a wireless router, we want all transmissions ?encrypted? (scrambled) so that only computers with the correct ?key? can decode and use the wireless connection. This is essential if you are using a wireless router or access point: It?s just irresponsible and asking to be hacked to operate without encryptions, ALTHOUGH THAT IS THE OUT-OF-BOX DEFAULT FOR ALMOST ALL WIRELESS ROUTERS. This is where people get into trouble: It takes some effort to get encryption turned on and working (the exact process is specific to the hardware models that you have), and sometimes the effort is substantial and often it is beyond the ability of some residential home users, so they skip it. And as a consequence, their networks are ?open? to anyone with a WiFi card who is within range (and with a high gain antenna directional antenna, ?within range? can be up to a few miles). You MUST turn on encryption if you use a wireless internet connection. If you can?t do it yourself, you really need to pay a tech support service to make a house call and setup encryption on your home wireless network. [None of this applies to wired networks.]

Note that there are two encryption systems, WEP and WPA (and WPA has a few additional sub-variants). WEP is the older and weaker of the two technologies, and you should always use WPA unless some of the equipment in the network only supports WEP. WEP can be ?hacked?, but not by your typical neighbor (unless they are a real geek). Hacking WEP takes enough time, effort, knowledge and skill that it is unlikely to actually happen unless someone has a specific motive to hack a specific target. Since that?s not usually the case for most home users, WEP is probably ?good enough? for most people. But WPA is supported by all new production products, it is far more secure and it?s free, so if you have it, by all means use it.

c. Firewalls: With regard to your wireless network being hacked, the built-in firewall in Windows XP Service Pack 2 is adequate to block intruders, and it?s pretty much zero-configuration and hassle-free. It?s not the strongest firewall that you can get, and it doesn?t block unwanted outgoing traffic (which you would only have after you become ?infected? by some ?malware?), but that is a separate discussion. The XP SP2 firewall is good enough to secure your wireless network against hacking from outside. If you have XP and have not upgraded to SP2, by all means do so. It was a huge improvement in operating system security.

d. Resource permissions: Anyone on a network can only generally access resources (logical disk drives, printers, etc.), which you designate as ?shared?. So the obvious point here is don?t share anything unless you have a reason to do so. That way, even if someone does get into your wireless network, they generally won?t be able to access non-shared resources. Of course, if you have multiple computers (a laptop and a desktop, for example), you likely will want to share some resources so that all of your own computers can access some of the same files and printers. That?s fine ... it?s the whole reason for having these kinds of networks and shared resources ... but at the same time, let?s not wantonly share things when there is no reason to do so.

e. One other item worth mentioning is that most wireless routers support ?MAC address filtering?. This is a feature where you give the router a list of computers (actually the MAC addresses of the wireless network cards) that are allowed to access your network, and the wireless router blocks all other network cards. There?s nothing wrong with using this and it does increase your security somewhat, but like WEP, it can be hacked, and in this case hacked fairly easily, so it?s no substitute for any of the other measures. The security that it seems to offer, although useful against casual intruders, is less than it at first appears to be.

3. If you have a choice between a wired and a wireless connection, always choose wired. It?s faster, it?s more reliable, it?s more secure and it?s usually lower cost (excluding the cost of initially running the wires).

I?d like to be able to give you specific, step-by-step instructions for configuring all of these items, however they are unique to each network and the particular hardware models of equipment (routers and network cards) being used, so I can?t do that (also, it would be too long). There are some excellent sites on the web that deal with home networking and configuration, plus of course the manufacturer?s sites for the hardware that you are using. One of the better sites is , look for their ?troubleshooting and tutorials?, there are other similar sites as well. And don?t ignore various tech support documents available from most of the large manufacturers that tell you exactly how to configure various specific models of their equipment.

I hope that this answers your question.

Submitted by: Barry W of North Canton, Ohio.



Well, the answers to these questions are straightforward and simple.

1) If you leave your wireless broadband router on all the time, and you don't use a firewall, anyone can hack into it while your computer is on. Unless you configure the system to allow the router to turn the computer on at will. At other times, using ANY Microsoft Office product while on the Internet is not a good idea. The trick here is to use an internet solution you have to activate and deactivate: not one that turns itself on when you turn your computer on. I have seen way to many DSL "on all the time" modems that cause havoc for their owners--and I am usually the guy they call to fix the problems they are having with hackers. Bottom line: I nearly always have to reinstall their operating system and all their programs, and explain why I cannot restore their data if they haven't backed up in a while. This is a big problem with home systems. Hackers are out there, and they WILL exploit Windows and Microsoft Office if you stay on the Internet all day--even if you only use your computer for a couple of hours. If it is connected to the Internet at startup, and you leave it on all day and night, you are only asking for trouble.

2) The answer is yes. It isn't so much that a hacker can get through the Windows firewall, it is the lame-brained way that firewall is designed. The Windows firewall will prevent most hackers from boring through it, but it won't let stop these same hackers from sending you an e-mail. E-mails can have spyware or trojans embedded in them, which can contact Internet servers. If a hacker knows you are using Windows firewall, all he or she has to do is send you an infected e-mail, which contacts their Internet server and they have a secret passage into your computer. Every other good firewall prevents unauthorized access both into your computer and out of your computer: Microsoft's Windows Firewall only protects the incoming threats, not the outgoing. In my opinion, MS firewall gives a fresh new meaning to the idea of the "trojan horse." Avoid this firewall at all costs: us a different one that blocks unauthorized incoming and outgoing threats. Avoid it like the plague or you will be plagued with problems--especially if you are using XP.

3) Any wired connection is safer than a wireless connection. Hackers have to connect to the Internet to get access to the phone lines, but they can drive around in a car with a notebook or a phone and can access any local wireless transmissions, and they can do this largely undetected. They will try to see if you have set the appropriate passwords on your wireless devices, and will check to see if you have activated a firewall. If not (and this is the most common scenario for home and business wireless computing), they can and will access your network. The good news is that, if you read and follow the advice of your wireless components' documentation, you can prevent most of these wireless hackers from gaining access to your system. Frequently change your passwords: make them at least 6-8 characters long, and include random numbers and characters between the letters. For instance, if your password is "kingkong", add random numbers and characters in between the letters, like this: "k2!i5n8@g1k4$o3n&7g." Just use a scheme for figuring out where to put the numbers and the characters.

Hope this helps.

Submitted by: Erin A.



As high speed internet gets installed into more and more homes the question of security is becoming a huge problem. You asked three very popular questions. I am by no means a certified computer tech but I have built the last three computers I have owned and I have talk to so called "Techies" a lot. I know enough to ask the right people the right questions. Let me try and give you some answers from an average Joe.

Five rules of safe internet use are #1 Antivirus, #2 Firewall, #3 Antispyware, #4 Turn off File Sharing, #5 Use WEP on a wireless router.

The answer to all three of your questions have one thing in common. With a high speed or broadband connection you are connected to the internet all the time. If you use IE or AOL or MSN or some other program to access the internet your computer is still connected even if these programs are closed. The internet is always there waiting for you to start up one of them. I use MSN and, like a lot of people, I leave it up and running all the time. The single most important thing you can do to slow down or stop the casual hacker is to shut off "File Sharing". If you aren't sure how to do this just Google it.

1. The short answer to this is: If your computer is actually shut down and turned off you are safe. Even though almost all motherboards have a feature called "Wake on Lan" which allows you to bring the computer out of sleep mode with a signal sent over the internet. This feature is usually disabled by default so I wouldn't worry about it. To change it you have to get into the BIOS or Setup. Don't mess with the BIOS if you don't know what you are doing. If you follow all the steps here you will be about as safe as you need to be. When the computer is up and running you need to have some basic security software running. #1 Antivirus that is updated at least monthly if not weekly. Keep it running in the background and run a separate scan when you update it. #2 A firewall. This can be Windows Firewall or some other but it needs to be running and setup properly. Most firewall programs will install with a minimum security level that should be ok. Your Cable or DSL modem probably has a very good firewall built into it as well. Strangely I have found these firewalls disabled in all the Cable/DSL modems I've helped people install. You can get help with tuning these settings on from your Broadband Suppliers Tech Support. Changing firewall settings can be like reading Greek if you haven't done it before. Windows firewall is not that great. Get either one of the many free ones available or pay for one. There are reviews of both kinds on the internet. #3 An Antispyware Program. This is optional but you should at least have one installed and keep it updated. Run it once a week or get one that runs in the background. I run AVG Antivirus/Firewall and Adaware Antispyware as well as my DSL Modem/Router Firewall. I have disabled Windows Firewall. With all these in place you are in pretty good shape. Remember that even if you are only running Word you are still connected to the internet in the background. You need to have your antivirus and firewall running at all times.

Just a quick note: A good firewall needs to learn which programs on your computer can access the internet. They're pretty good at it but for a couple weeks you will be inundated with requests from the firewall in the form of little pop up messages the first time you run a program after the firewall is installed. If you aren't sure if the program should be allowed then block it when the message pops up. You can always go back and change it. A good firewall filters information coming in and going out. A trojan or a virus may get into your system and try to access the internet so it can send private information back to its creator. Most hackers don't want to mess with your files anymore they want information. You need to keep the hackers out and if they get in with a virus or a worm or a trojan you need to keep it from sending information out.

2. Anyone that really wants to get into your computer will find a way. What you want is a reasonable level of security. Windows Firewall isn't the greatest and probably is the easiest to get around for a lot of reasons. As I said before, get a decent Firewall and keep it running in the background.

3. Wireless is always going to be less secure than wired. Wireless Internet is a great way to allow more than one computer to share your internet connection without running a bunch of wires and wireless internet use is exploding. If you drive a half mile down almost any street with a laptop and a wireless card you will probably find a half dozen wireless signals that allow you to get on the internet right from the seat of your car. Using a persons wireless signal to access the internet isn't the same as being connected directly to their computer but it's dangerously close. Going wireless adds another layer to the security problem. If you are going to use wireless then at least enable an encryption feature called "WEP" on your wireless router. This feature will require anyone trying to use your signal to have a password or "Key" to get on. Just like any password you should make it hard to figure out and change it once in a while. Once again you can get help on WEP from the manufacturer of your wireless router or from your ISP.

Five rules of safe internet use are #1 Antivirus, #2 Firewall, #3 Antispyware, #4 Turn off File Sharing, #5 Use WEP on a wireless router.

Submitted by: Lee P.



Hi Kumar,

An interesting set of questions we all have to consider when we go broadband (I'm assuming that is what you have).

This is a brief answer - some of our colleagues will likely fill in much more of the technical details.

Generally, there isn't a problem with leaving your router on all the time - indeed, here in the UK, many of the broadband ISPs require you to leave it, or the modem, switched on all the time. My cable provider does a "heartbeat check" to the modem, to ensure that their side of the network is up and running. But I do power off my PC when I'm not using it - the "greenies" like it that way <g> - saves on the power bills too! If you have a separate modem and router, you should probably leave the modem on and turn off the router when you aren't using it.

Could hackers break in even if you aren't using the internet? The short answer is yes - a connection exists between your PC and the internet as long as it is connected to the web. It's a whole lot easier to break in if you are browsing, or especially using IM, but even is you are not, you will likely have open ports even when you are not online. Your firewall should be able to stop this, always assuming you have set the rules appropriately. Many combines modem routers have onboard hardware firewalls and these can be set up to block your unwanted traffic. However, the sad fact is that if a hacker really, really wants to get at your machine, he'll probably succeed eventually.

If this is a real concern to you, when you are working on the PC and don't need the internet, you could pull the Ethernet plug on the back if it's wired, or turn off the wireless card if wireless, or some personal software firewalls, ZoneAlarm, for instance, have a button to instantly disable internet activity, both in and out.

But your best protection is to ensure you have up to date and properly configured firewall, anti-virus and anti-spyware products installed. There are too many to mention and different people have different views on the best. Some websites, such as Brian Livingstone's Windows Secrets Newsletter (recently merged with Fred Langa's Langalist) maintain a recommend list of security portfolios for home use.

"Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?" Actually, if it isn't properly configured, ANY firewall can be hacked. Some are easier to configure, than others, I like ZoneAlarm but that is personal preference. The weakness in XP Windows firewall is that it is one way only, it blocks incoming traffic but not outgoing traffic. Don't get me wrong, it's better than nothing but there are much better options, some free. Supporters of the XP firewall used to say that you don't need to worry about outbound traffic since you originate it but that isn't necessarily so. If a trojan has got into your machine, it may be keylogging and you would prefer to know when it was trying to send your passwords back to the hacker! Windows Vista has addressed this point and has a two way firewall. My advice to you is to get one of the third party two way firewalls for XP and disable XP's own firewall (you only run one or they will fight!). Better yet, if you can afford it or there is one in your router, use a hardware firewall as well.

"From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?" The simple answer is yes. Once a connection is established, there is no difference, the issue is how does the hacker establish the connection? For a wired network, unless you are one of the secret government agencies, the only way to access a wired network is to physically plug in an Ethernet cable - you might notice someone coming into your house and plugging in a cable! I'm not sure about those devices that plug into a mains electricity outlet and use the mains wires in the house as the network - I've never used one but the power cables run right back to the power company so it may be possible to hook in.

With a wireless network, you are effectively moving your network ports anywhere the wireless signal can reach, into your neighbour's house or into the street etc. It won't be as obvious if anyone is trying to hook in. You can make a wireless network almost as good as wired but the access is still an issue. You should use encryption, use WPA2 if your network supports it. WEP *Wired Equivalent Protection" isn't - it's a very weak encryption system, it will stop the casual hacker but not anyone who knows what they are doing. Whatever encryption you use, longer keys are better - use the longest your equipment supports.

The other problem with wireless networks is that the equipment is invariably sold with all the security options disabled to make it easy to set up. Do remember to turn them all on once you have it set up, your router of access point manual will explain how. Briefly, change the SSID from the default setting to something that only you are likely to know - treat it like a password if you like - something you know that nobody will guess. You have to include this in all the machines you want to be able to connect - if you don't know the SSID, you can't get in. Also turn off SSID broadcasting. This is designed to let you see what networks are available in your vicinity you might want to connect to - you don't want one of them to be yours! Again, you set the SSID in each PC you want to connect and it will specifically look for that SSID but won't be able to see it unless it asks for the specific name. And finally use MAC filtering in the router/access point. Each network interface card, wired or wireless, has a unique MAC address - you'll find it on the bottom of the card usually or the documentation that came with it. By using MAC filtering, your router/access point will only accept connection via the MAC addresses you have specified in the table. There are ways and means to "spoof" MAC addresses but the casual wardriver likely wouldn't know how - it takes a determined and knowledgeable hacker. It would be inappropriate to go into it here.

That's a very simple explanation. When you have the time, you'll find lots of material on the web that explains how all this stuff works.

Good luck and secure networking.

Submitted by: Sav. M. of the United Kingdom



The questions you have seem to be quite common amongst those looking to set up a home network, so you are in good company here.

To answer your first question, it is advisable that when you turn your computer off, you switch off all connected peripherals as well, and this includes the wireless router, if only to save electricity. It is definitely possible that someone can hack into your computer to view your network shares or even the contents of your hard drive through the wireless network, or simply leech onto your internet connection.

People who go around trying to do this are known as wardrivers. The act is called wardriving. Fortunately, most of these people only intend to use your internet connection rather than hack into your computer. I would say, in fact, that the chance of being hacked via a wireless connection is not substantially greater than that of being hacked through a completely wired connection if you take the correct precautions to secure your computer. This is because most hackers work from a remote location and wireless or no wireless, attacks like these affect you the same way.

So how would you go about securing your wireless network? The first step is to ensure that your router supports a WPA 128-bit or better standard of encryption. WEP is far less secure than WPA and equivalent standards, and can be cracked with some determination and some free time (in 2005, the FBI managed to do it with publicly available tools in under five minutes!), but is of course preferable to nothing. To find out what encryption protocols your router and wireless cards support, look on the box or the manual that came with your wireless hardware. WPA, which stands for WiFi Protected Access, uses a strong 128-bit or higher variable encryption key to protect your data. This means that the key, which is a string of characters used to encrypt and decrypt your data, is both harder to crack and is changed frequently to thwart hackers who do manage to get your encryption key, since after a couple of minutes the current key will be rendered useless, having been replaced by a new one. Consult your router's manual to learn how to set up a network with WPA protection.

You should also seek information in your documentation to find out how to disable SSID broadcasting. In a typical wireless setup, the SSID, or Service Set Identifier, is constantly being broadcast from the router to allow computers in range to identify your wireless network and connect to it without a hassle. If all of your computers are set to automatically identify your router and connect to it, this is an unnecessary security risk. Of course, a determined hacker can instantly retrieve information about your wireless network from the information being sent through it, but this simple step can make your network harder prey to catch, and therefore less frequently attempted to be exploited. Procedures vary amongst manufacturers and wireless adapters, so look in your manuals.

As for your second question, the reply can be both yes or no. Firstly, you must understand that software is only part of the picture. There is no firewall that is invulnerable from hacks and there is no firewall that cannot be rendered useless by improper configuration or usage. That said, a properly configured firewall will probably mean that hackers will have a much harder time penetrating your defences and will hopefully desist in search of easier prey. Still, many security experts will tell you that the Windows Firewall is woefully inadequate when it comes to protecting you from the many threats your computer faces. I would not disagree, but if you have to live with Windows Firewall, learn how to make full use of it. Most importantly, it must be on. If you have Windows XP Service Pack 2, this is the case by default. If you don't, download it now; it's worth the hassle. And while you're at that, get Internet Explorer 7, or better, Firefox or Opera. This goes a great way to helping you secure your online experience, patching many vulnerabilities that have cropped up over the years. To check your Windows Firewall configuration, go to the Control Panel, and select Windows Firewall if you're in Classic view, or Security Centre and then Windows Firewall if you're in Category view. Ensure that it is on and under the Advanced tab your Internet connection is checked. During normal usage of your computer, you may encounter a prompt from Windows Firewall, declaring that it has blocked an application and asking if it should have allowed it. Do NOT immediately click on Unblock! Check that it is a trusted program before doing so. If you're unsure, search the Internet for the name that appears on the prompt to verify its identity. If the search positively identifies the program as spyware (some spyware have the same executable files as legitimate programs, so don't assume on the first negative result that you are infected), immediately run a spyware scan (or several) to neutralise or eliminate the threat.

A better option for added security would be to install a third-party firewall, most of which are by far more robust and secure than Windows Firewall. ZoneAlarm's Firewall is one of the most established products in the market, and the firewall that comes with your security suite is probably also sufficiently competent. However, if it's ZoneAlarm you're after, you will want to get the Pro edition, since the free edition is simply too limited in options and functionality, but if you find no need for the advanced features, the free edition is fine.

Another excellent firewall is the Comodo Firewall, which I have personally used for some time. I find it extremely vigilant, and nothing slips past its watchful eye, to the point where you could almost call it paranoid. A first time user will probably be scared out of his wits when he sees the multiple warnings that Comodo Firewall spawns on the screen. In an hour of usage I can easily receive 5 to 10 prompts from it, each of which contain anywhere from 1 to 20 separate alerts. If you're not very technically-inclined or just low on patience, I advise you to look elsewhere. A quick search for "best free firewall" produces hundreds of useful reviews and comparisons that you can skim through to get a general idea of which product to use. If you're still unconvinced of your safety, you could always hire a professional, or just ask your friendly local geek or hacker to do some penetration testing for you, which means that you authorise them to attempt to break into your network to see how safe it is, and find out more about what you need to do to secure it.

Just to say a little about your last question, since I've somewhat covered most of what there is to be said earlier. From a security viewpoint, a properly looked after encrypted wireless connection is just as safe as a wired connection. In fact, the encryption features that wireless affords you could make it even more secure than your wired connection, if we're talking within your own network. Outside of that, the Internet infrastructure's the same regardless of how you connect to it, you are exposed to the same vulnerabilities, and you have no control over that.

However, a wireless connection can make both your network and your browsing experience safer, not only because it encrypts the data going around your network, but also because setting up a wireless network often prompts and forces you to find out more from others about network security, for the fear of being compromised. To take yourself as an example, your doubts about the safety of a wireless network have not only brought you information about that, but have also incited you to find out more about related topics such as firewalls. This will eventually go a long way to helping you protect yourself from online threats. Don't forget that you're not alone in your confusion, and there are many online and offline resources to aid you in your attempt to learn more about protecting yourself. Finally, if you constantly remain vigilant about network security, and continue to seek out more information about securing your network, you will find that in time to come it will become second nature, and the least of your worries. Good luck, and happy surfing.

Submitted by: Huang J.



To clarify your questions step-by-step:

1. It is perfectly fine to leave your wireless broadband connection on all the time. The security risk you are experiencing is highest when browsing the Internet and checking your mail, not when you are using applications such as Word or PowerPoint. Now, someone could hack into your computer any time when you are connected to the Internet, whether you are browsing the Web, checking your e-mail or using PowerPoint. Most of the time, however, hackers will attempt to grab control of your computer and files through viruses - usually executable files which you will mistakenly download to your PC. Other times, the hacker might use a security hole in your browser to execute scripts on your computer. In the first case, the best way to protect yourself is to be aware of the potential risks when browsing the Web, downloading files and opening e-mail attachments, and always making sure that you fully trust any website that requests to install software on your computer before allowing it to do so. Be sure that each time you run an executable file on your computer, it came from a trusted source. I personally had 2-3 problems with viruses on my computer, and in all instances the cause was a suspicious file that I had downloaded from a non-trusted website. To avoid problems related to security holes in your browser, I recommend using a trusted browser, versus one that is known for lacking security such as Microsoft Internet Explorer, the default browser in Windows. I have been using Mozilla Firefox nearly since its first stable release, and it has proven very stable and secure. Also, Firefox reduces the ability to install malicious software on your computer, which in turn increases security.

2. As far as my experience with Windows XP installed on a home computer, I never had any problems with the firewall integrated into Windows XP. Of course, someone will almost always be able to hack into your computer, regardless of the firewall you have installed - whether it is into your home computer or your bank. However, firewalls make it harder for hackers to get through. I have used only the integrated firewall since I moved to Windows XP, without any other additional software installed, and never had a problem. What you need to do, however, is to always keep your Windows installation up to date using Windows' Automatic Updates, as security holes which need to be "patched", or repaired, are found in the system every once in a while, and they are the best way for any hacker to grab hold of your computer.

3. Finally, a wired connection is safer than a wireless connection. However, if you use a wireless connection (I do use one at home), and you want to protect your network, it is recommended that you do encrypt your data with a 128-bit WEP encryption key. Once again, there are ways that hackers can get around this, mostly on high-usage networks because of the properties of the WEP encryption method, but for a simple home network it is still a very efficient solution. Also, I do recommend that you limit access to your network to your computers only, by listing the physical network card address (MAC address) of each on the appropriate configuration page of your router.

To conclude, there is no "perfect set-up", but you can very efficiently secure your home network and computer without the need to restart your Internet connection each time you want to browse the Web, or to pay for expensive firewall or anti virus software and the associated subscription costs. The best method against any attack is learning about the security risks and what methods hackers use to get control of your computer, and be cautious whenever using any Internet-related software.

Submitted by: Konrad B.



Hi Kumar.

Good Questions all three.

1. Is it OK to leave my wireless broadband router on all the time, even when I switch of the computer or other times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

This is an important question because the convenience to having your connection live all the time may of lower priority then privacy and protection. So turning off your router or modem can be an easy way to stay safe. Many routers offer features that allow you to control Internet access in many different ways, by time, machine or user as just a few examples. You may not need the Internet or want others to access it from a particular PC or time of day and night. Most can be set to disconnect upon inactivity but this can be misleading in that your PC may run services that will call to your router to reconnect, sometimes often. It could be as easy as just a short-cut to your desktop leading to your router or modem disconnect page to speed access to these controls. Likewise, if your modem, router, PC or laptop has a wireless access built in, this can be turned off when not in use to minimize risk. Encryption and shielding can be useful with wireless for higher security levels. More features are being offered commonly now that allow further user control over access like firewalls and filters so check into the particular equipment for your setup and turn off any service not needed and attempt to block incoming connections unless you require access to your system remotely.

times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

This is sort of a question on its own because it's important to note that interaction with "running" the programs user interface, in other words starting a program, is not a requirement in order for the code to be hacked. So just having it installed becomes a risk if this occurs. Fortunately this won?t happen often but is becoming more common as a way to "hack" crack your PC's. Hackers can use these programs that keep resident processes running from startup on order to be more user friendly. So information created by these types of program and the code itself can be manipulated just like any other file if you are cracked. It can sometimes become a way in as well for hackers by giving away some cool free-ware program that attracts the user into downloading and installing, so this becomes a case (typical case) a socially engineered crack with you becoming the way in. So think carefully before downloading the cool new free-ware you just saw out here, you could be opening the door yourself. I've even seen this occur with an on-line stock trading program in one client case.

2. Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?

This firewall has come under a lot of fire but I feel it?s better than none at all. If you?re using a router (as you indicated above) you probably have one built into it as well along with the filters I mentioned before. These all together can be fine tuned by you to become more secure on and off the web. The more you learn, the safer you will become. Don?t rely on programs to over come your lack of knowledge, it can?t be done really. You choose what you do on the web, don't be careless and let them in by being click happy as novices tend to be. Most importantly and the point I wish to make here is no matter which firewall you use, use one and get to know it as you can count on the hackers knowing it down to its flaws. I currently use three firewalls at different points in my network as I always feel two opinions are better then one. BUT altogether I think one firewall is better then all the other programs meant to detect and clean any form of Mal-ware (code used to crack, or hacked within a program already on your computer) code out here. Having one you can trust and use effectively becomes the key here.

3. From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?

Encryption (any level) adds to the security of your network without question but it as well can be cracked "hacked" too. The key here is that a wireless access to your network is independent of your Internet access altogether. One can be used to gain advantage over other, but they should not be considered common with regards to your question here. In other words, your computer may be accessible through the routers wireless access point (or your computer through wireless cards and built in point to point configurations meant to be easy if nothing else to change and control, even remotely) so turn it off in times its not needed and encrypt to the highest level you can. Wire it if possible it is safer and possibly more reliable; faster anyway. Just remember that a wireless access to your router can occur even without the Internet connection AND as it happens wireless can be a bigger risk then the Internet threat as the convenience built into networking gear. If someone connects into your wireless router, they will be considered a safe connection by many firewalls and routers for convenience and this increases the risks so the wireless side of your network should be considered outside like the Internet as far as security is concerned, even encrypted. But a higher risk. Wireless portable devices of any kind can carry infectious code around unknowingly to other wireless networks without help in some cases.

So the bottom line becomes basically, if you don't need it, don't install it or un-install it or just turn it off when not needed. BUT more importantly don't leave your security in the hands of some code writer. Take it upon yourself to practice safe computing.

Happy Surfin all and take care.

Submitted by: Mark O.



It is really a personal preference whether you leave the modem/router on or turn it off. Personally, I never turn my router and modem off, purely due to the significant start up time. When you turn the equipment on, the device must locate a DHCP server (to assign you an IP address) and usually authenticate you. Once this is done, your router will need to obtain the information from the modem to provide a gateway to the outside world. For me, this takes about 2-3 minutes and if I wanted to do that every day then why bother with broadband. Second, if you have more than one PC (or a networked Tivo like I do) then you will eventually need to have an "always on" network.

Regarding security: It is technically true that a permanently on gateway would potentially allow intruders into your network. However, the risk becomes significantly lower when you are using a router because your PC is essentially on a different network than the modem. Your PC's IP is usually something like 192.168.1.XXX while the modem is on something like 162.XXX.XXX.XXX. Basically, the intruder would have to traverse two networks in order to reach your PC. Although it is possible, frankly they aren't going to bother with the effort. The average intruder is looking for easy access to an unguarded PC, they aren't going to dig through two networks in the hope that they will find a PC with an open port with something valuable enough to steal. And that is what they are looking for, an open port. They aren't going to log in like a user and use a mouse to click through your file system. It is just too much work when the intruder doesn't even know if there is something valuable to be found. This I have confirmed with an internet security firm. Any intruder with the level of skill and motivation to complete the task is more interested in a corporate network, not a home PC.

This doesn't mean it is impossible. In fact, right now I am sure there are dozens of people swearing at me who are sure they have been hacked. But trust me, you have about the same chance of being hacked via your broadband router that you do of winning the state lottery. It is very improbable.

However, people do win the state lottery and therefore people are also hacked. This is why firewalls are not unnecessary. Firewalls, and even full security suites are well worth the money. For the cost, you are not only protected against intruders but also viruses and the much more likely trojan horse. These happy little critters come from less than reputable sites and can transmit your personal information to unknown parties. A good suite will watch traffic coming from your PC in addition to what comes into it. I personally use Trend Micro's security suite. For ~$50 a year (for 3 PCs) it is well worth the money to ensure a safe internet experience and give you a little piece of mind.

Good luck.

Submitted by: Whitewolf



Q1. Is it OK to leave my wireless broadband router on all the time, even when I switch of the computer or other times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

A1. If you have your wireless router set up to send out a beacon with it's SSID... THEN NO, it is NOT OK to leave it on all the time because you're advertising your service to everybody within the wireless range of your router that you are an access point. If however, you turn OFF the beacon feature (which only some vendors offer), then you'll be safer, but whether you'll be completely safe or not depends on how securely you have your wireless router set up. Several good things to use are MAC address filtering (can be spoofed, but that's why this should be used in combination with other measures), strong VPN encryption (AES) with certificate authentication along with MAC filtering IS safe enough to leave it on 24 hours but I still would recommend turning off the beacon.

The worry here is NOT whether they can hack into your computer as much as whether they can gain access to your broadband router. Once they have access to that, they might be able to hack into your computer depending on the security setting of both your broadband router as well as your PC and it's security appliances and settings. They can however use your broadband router to send out their malware, spyware and SPAM over your broadband router internet connection which might bring lawsuits against you even though it's illegal to use your wireless device without your permission.

Q2. Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?

Chances of getting hacked even with a firewall are a possibility... regardless of which firewall you use, but most especially by the one provided with Win XP. I would recommend ZoneAlarm Pro with tight security settings, but even then... can anybody ever claim 100% safety using any firewall? But ZoneAlarm Pro is a lot better at protecting your PC than Microsoft's WinXP Firewall hands down.

Q3. From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?

YES. Mostly because one must have physical cable/hub access to your wired connection to gain access to your network where as with wireless, any drive by hacker looking for an internet access point might be able crack your system... even if you use encryption. I guess the probability of that would be your wireless security settings and the type of encryption used. (i.e. Weak encryption doesn't stop hackers, but strong authentication and strict security rules go a long way in keeping out intruders.)

Submitted by: Walter B.




2 things to remember while you are reading this. 1) Nothings is perfect. 2) Least of all these pointers.

1. Is it OK to leave my wireless broadband router on all the time, even when I switch of the computer or other times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

To make it safer, enable the security settings. And, when given a choice, make smart ones.

a) Use the best encoding the router offers.
b) Only allow access to devices with known MAC addresses.
c) Do not use an SSID name that broadcasts any personal information.
For example family's name.
d) Use pass word protection to access the rounter.
e) Pick encoding and access pass words NOT in the dictionary or phone book!
e) Choose a router with these types of features.

(Note: There are many more things that can be listed here. But they my be beyond the casual user's understanding. When I am in doubt, I usually turn on all security. If something doesn't work (an instant messenger for instance), I'll research it and open up my network as needed.)

Remember, what you want is the hardest router to break into on the block. Just like you want the hardest car to break into at the shopping mall.

And, yes, it is possible to get broken into even when you are not browsing the Internet. To prevent this, keep up a good fire wall (security settings, virus programs and intelligent decisions when browsing, downloading & reading e-mail) so they can not get in in the first place!

2. Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?

It should be harder. But remember, that is what you want. Also remember to check for and obtain updates to security software.

3. From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?

Yes, unless you don't trust the people you live with :-). And it will probably be faster as well. You can "sniff" a wired network. But you must first gain physical access. You can "sniff" a wireless one as well, but you should have turned on some type of encoding to make it difficult.

Take this away...

Notice I never said impossible. It is the nature of security. The harder you make it the more secure you will be.

And then comes the editorial...

Security through obscurity is a saying many times repeated. Putting money in the mattress is an example. However, this example is so well known it's hardly the safest option. The Windows operating system reminds me of a mattress. I will not say it is because it is less secure then other operating systems. But I will say it is just about as common as a mattress. So if you were a cracker where would you strike?

So, have you tried Linux? Some would say by its nature, Linux is more secure. Why? Consider this: Linux has always been a multiple user operating system. It has always had to consider security among 2 or more people using the computer at the same time. Worst (or better) yet, Linux has done this on college campuses around the world. Remember when you were in college?

If you think Linux is not an option for you because of its complexity, consider a Mac running OS-X.

Submitted by: Anonymous



My name is Manas, & I am an engineering student. I think I can solve your 3 questions satisfactorily. Here are the questions & their answers.

1. Is it OK to leave my wireless broadband router on all the time, even when I switch of the computer or other times when I use other programs such as Word or PowerPoint, rather than Internet. Could some one able to hack into my computer files even when I am not browsing the Internet?

Ans: It is absolutely ok if you leave your router ON all the time(unless you are ready to pay bill for electricity & router communication charges if any!). A web network is a same thing as an electrical network. Unless you are connected to internet, nobody can hack your computer. It is assumed that your computer is virus/spyware free from the beggining. Because connecting to internet via ISP is a two way process. First you request connection & then you get it. Unless you don't request you won't get it(Although few spywares are able to dial connections on their own).

2. Will someone able to hack into my computer if I use the standard firewall provided with Windows XP?

Ans: Unfortunately YES! There are few (not quiet few, many are there!)types are viruses, trojans which may get a sneak into your computer. As firewall prevents only unauthorized access, if you click on some stuff on net, it will pass on it's cookie to your computer which may disguise your firewall as authentic entry. But it may carry infection with it(This is what generally happens with spam mail. Unless you don't click it won't spread infection.). I myself got into trouble many a times! The case is same with hacking. The only thing changes is the intruding material. It is many a times "spyware ".

3. From the security point of view, is a wired Internet broadband connection safer than wireless broadband connection via a home wireless router which is encrypted?

Ans: Nothing is safer if you don't use it wisely. If your concerns regarding this questions are related to hacking through net access, then I tell no connection is much secure. If you think that some might hack your PC without net access(like in Hollywood movies), standing roadside, tracing your radio signals & tracking/decoding them, then I will suggest that it is not that simple. As I am from electrical faculty, I know how it is difficult.


If my information seems to be misleading or confusing, please feel free to let me know about it. Hope you are satisfied with my answers.


Submitted by: Manas P.



The router itself is always vulnerable if you have not taken step to secure it. MAC filtering and WEP or WAP should be enabled. Turning off the the SSID broadcast (service set identifier, how the router and the device identify each other) will help to keep others from finding you router. You know the SSID, others don't need to know it.

The bigger problem is leaving the devices on. As they showed at the Black Hat Conference, all wireless is not secure. Some wireless cards even enable ADHOC (peer to peer wireless) by default. That means that the entire time that you laptop is on, it is calling out to would be hackers "here I am". Any connection in an airport or a Starbucks is asking for your data to be compromised. Even if you use high encryption, a potential identity thief just needs to capture your entire session, take it home and put it on a high end system and run it against all known encryption schemes and eventually it will be cracked. If a thief wants it bad enough, they CAN get it.

Wired vs wireless is another debate. Theoretically, when you are wired to the ISP, you should be secure. That's if your computer has all of the proper defenses enabled, virus scan, anti-spyware, strong passwords, up to date software, etc.. But any other device on the same wired network has the potential to be a sniffer or a false router. Wireless opens the possibility of spoofing a connection, which makes wired a little more secure, but it's just like driving the freeway, you trust the drivers around you. You assume that they will stay in their own lanes.

The problem with the internet is that the potential hacker/thief does not have the fear of physical harm as a checkoff to keep them in their internet lanes. Just like the speeders and lunatics encountered on the roads, there are always those who think that they are above the law.

Submitted by: Larry W.



1. Yes, it's ok to leave it on when your computer is turned off. When your computer is on it doesn't matter what programs you use or what you are doing on your computer, hackers can try to get in anytime they feel like it as long as you have an active connection. I work in an IT department and when I look at the firewall log on our security server we usually get thousands of attempts per day from unwanted people trying to scan our connection. If you are using a router I'm assuming you have a DSL or Cable connection which is an always on connection that will allow people (hackers) to try various ports on your computer. If they find an open port they may be able to exploit it as a way to get in.

2. The firewall provided by Microsoft will provide SOME protection but it is not the best option. Knowledgeable hackers will find it easy to get past that firewall and if they don't already know how it's very likely that they can look it up on the internet as there are many hacker information pages and utility programs out there. If you are really worried about security I would recommend ZoneLabs product; ZoneAlarm.

3. The short answer is yes. A wired connection is only safer if you are worried about people in your area hacking your network (the hacker would have to receive a signal from your router). A wired connection does not provide any addition security if you are only worried about hackers out on the net. I'm a computer technician and I use a 128-bit WEP key which provides more security then the average hacker can get passed. If your router is setup with a key that is just your last name (or some other short password) I highly recommend you change it to something long and very random. A 128-bit key can still be hacked using the right equipment & software. I saw a light weight, water proof, hard cased laptop that a man plans on selling to the military that can hack any connection in seconds. People like this guy are actually quite rare and although he has the ability, it is unlikely he would use it against you. The bottom line; as long as you use a good security key the average Joe and even the average hacker will have a difficult time getting onto your network.

Submitted by: Derek A.



1. I assume you're talking about a router that also functions as your cable/dsl modem. So long as your computer has no ports open to the internet, you are minimally safe. Your modem should ideally be set to "stealth" mode, meaning all of your ports are hidden from the internet and aren't responding to unsolicited queries. There's an excellent test and explanation of all these issues at the "Shield's Up!" site: . When your computer is powered down you're completely safe. When you're doing something local like word processing you can make yourself safer by closing your lan connection to the modem (try the lan icon in your start tray) so that you're not connected to the internet. So long as you're stealthed and have no open ports, it shouldn't matter. If the lan connection to the modem is open and any of your ports are responding to pings acknowledging their existence the bad guys will find you, even if you're not web browsing. They will be probed by the bad guys even if they are properly closed. If any are open, you're in big trouble!

2. The standard Windows firewall cannot withstand attacks from cleverly packaged viruses, worms, or trojans that are allowed to enter with normal internet or email traffic such as web pages or email attachments. The Windows firewall should be set to maximize its effectiveness, mainly checking the "don't allow exceptions" option. The issue of open, closed, and stealthed ports involves settings on the modem; some commercial firewall softwares such as McAfee also give more control over traffic.

3. A wired connection is theoretically always safer than a wireless connection, but if the choice is between encrypted wireless or unencrypted wired traffic the result may be a wash. The real issue is whether the network is locked down with passwording, ports are closed to unsolicited outside traffic, and all evidence of its existence is hidden from the outside internet through stealthing. If these conditions are met you will be safe from outside invaders, but not from attacks launched from within by malware brought through the ports with your permission (the subject of a new discussion...)

Submitted by: Richard K.



OK for your first question, it is OK to leave your router on when you aren't using it. From what I know there aren't any routers with an off button or sleep mode. Remember that your router will be broadcasting its signal all the time.

If you use the standard firewall in Windows XP then people can still hack your computer. Pretty much no matter what you do you can get hacked unless if you are always off the Internet. However, the firewall will make it much harder to get hacked and your computer will probably alert you off anyone trying to access your computer.

For your last question, a wired connection would be much safer. This is because anyone can access your router since it's broadcasting all the time. You can set up passwords and things (WEP, WPA etc.) that restrict access to everyone but the people that know the password. Remember that people can still "see" your router but they won't be able to send or receive information from your connection to the Internet or your computer. A wired connection is only connected to your computer and therefore will have no outside connections.

A few last things: Many routers now have additional firewalls to protect your computer and your connection. You can also restrict access to IP addresses and ports.

A wired connection is best for computers that are close together and sharing the connection but wireless is more convenient since you can generally use them anywhere within 400 feet or more ( Wireless 802.1 G). Other wireless protocols (ie. A or B) usually don't have that much distance as manufacturers opt for the faster of the three I just stated.

If you want faster connections and more distance you can try Pre-N but it's still in a sort of beta form.

If you have anymore questions you can send me an e-mail. I'll probably respond pretty quickly.

PS. I have a wireless G router and it's great. It was pretty easy to set up manually so you should try it. It's best for laptops or places where you can't or don't want to run cables.

Submitted by: Chris F.


continuation of honorable mentions can be found here:
Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.