Hackers Also James Bond's Goldeneye has a few hacking scenes in it.

Alright. I'll try my best to answer the questions:

1) Yes, you can rely on the free programs. As long as a malware destroyer and an AntiVirus do it's job, it's fine. Doesn't matter what AntiVirus you pick (free or commercial) it will still do the same job. And yes, malware can be installed with these applications in place. Both of these help protect the computer but it is not fool-proof. Malware and virus scanners only updates when it finds an unknown virus. In other words, SpyB and AVA will always be one step behind the virus creators. Another safeguard against malware is a firewall. Windows does supply one but it is fairly basic. I recommend ZoneAlarm (downloaded at www.download.com) as a firewall, it's quite good.



2)Usually, hackers will not target one computer but big ones from a large company or organisation (Whitehouse, Microsoft, Pentagon etc). Pretty much the only safeguards are to have a good firewall and scan for malware and viruses every so often (maybe about once every 1-2 weeks).



Hope that helps.



PS: If you think you want to change malware and virus scanners, use AVG AntiVirus and Lavasoft AdAware.

How to Detect a Hacker Attack



Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same time, a misconfiguration in one of the system components or even a backdoor from an earlier attack.



Due to this, detecting hacker attacks is not an easy task, especially for an inexperienced user. This article gives a few basic guidelines to help you figure out either if your machine is under attack or if the security of your system has been compromised. Keep in mind just like with viruses, there is no 100% guarantee you will detect a hacker attack this way. However, there's a good chance that if your system has been hacked, it will display one or more of the following behaviours.



Windows machines:



Suspiciously high outgoing network traffic. If you are on a dial-up account or using ADSL and notice an unusually high volume of outgoing network (traffic especially when you computer is idle or not necessarily uploading data), then it is possible that your computer has been compromised. Your computer may be being used either to send spam or by a network worm which is replicating and sending copies of itself. For cable connections, this is less relevant - it is quite common to have the same amount of outgoing traffic as incoming traffic even if you are doing nothing more than browsing sites or downloading data from the Internet.

Increased disk activity or suspicious looking files in the root directories of any drives. After hacking into a system, many hackers run a massive scan for any interesting documents or files containing passwords or logins for bank or epayment accounts such as PayPal. Similarly, some worms search the disk for files containing email addresses to use for propagation. If you notice major disk activity even when the system is idle in conjunction with suspiciously named files in common folders, this may be an indication of a system hack or malware infection.

Large number of packets which come from a single address being stopped by a personal firewall. After locating a target (eg. a company's IP range or a pool of home cable users) hackers usually run automated probing tools which try to use various exploits to break into the system. If you run a personal firewall (a fundamental element in protecting against hacker attacks) and notice an unusually high number of stopped packets coming from the same address then this is a good indication that your machine is under attack. The good news is that if your personal firewall is reporting these attacks, you are probably safe. However, depending on how many services you expose to the Internet, the personal firewall may fail to protect you against an attack directed at a specific FTP service running on your system which has been made accessible to all. In this case, the solution is to block the offending IP temporarily until the connection attempts stop. Many personal firewalls and IDSs have such a feature built in.

Your resident antivirus suddenly starts reporting that backdoors or trojans have been detected, even if you have not done anything out of the ordinary. Although hacker attacks can be complex and innovative, many rely on known trojans or backdoors to gain full access to a compromised system. If the resident component of your antivirus is detecting and reporting such malware, this may be an indication that your system can be accessed from outside.

Unix machines:



Suspiciously named files in the /tmp folder. Many exploits in the Unix world rely on creating temporary files in the /tmp standard folder which are not always deleted after the system hack. The same is true for some worms known to infect Unix systems; they recompile themselves in the /tmp folder and use it as 'home'.

Modified system binaries such as 'login', 'telnet', 'ftp', 'finger' or more complex daemons, 'sshd', 'ftpd' and the like. After breaking into a system, a hacker usually attempts to secure access by planting a backdoor in one of the daemons with direct access from the Internet, or by modifying standard system utilities which are used to connect to other systems. The modified binaries are usually part of a rootkit and generally, are 'stealthed' against direct simple inspection. In all cases, it is a good idea to maintain a database of checksums for every system utility and periodically verify them with the system offline, in single user mode.

Modified /etc/passwd, /etc/shadow, or other system files in the /etc folder. Sometimes hacker attacks may add a new user in /etc/passwd which can be remotely logged in a later date. Look for any suspicious usernames in the password file and monitor all additions, especially on a multi-user system.

Suspicious services added to /etc/services. Opening a backdoor in a Unix system is sometimes a matter of adding two text lines. This is accomplished by modifying /etc/services as well as /etc/ined.conf. Closely monitor these two files for any additions which may indicate a backdoor bound to an unused or suspicious port.

AVG and Avast are both pretty good anti-virus solutions. As long as you aren't constantly going on shady websites then they should keep you pretty well protected. Same goes for free spyware programs.



Not sure about number 2, though. I don't know much about hacking so I can't help you.

Most likely It'll have a virus on it

No,I think spybot is mainly about preventing changes to the registry etc. i don't find it useful against spyware, and avast sucks. if u want free antiviruses, u could try getting the trial version of every major antivirus like kaspersky, nod32, etc, until the new versions come up, but don't get free antiviruses. they're useful if u don't get in troublesome sites, but if u're a person who gets viruses everyday like i do, then they become unuseful.



Abt that botnet computers, to see if ur computer is hacked, u could try the following, go to start-run-cmd-ipconfig/all. then see how many IPs are. if there are more than one, then it's probably hijacked, there might also be more than two, but they could beof programs u installed, and not of hackers, so be careful, so for IPs that are similar to urs.

1 No program is 100% reliable when it comes to protecting you. Sometimes you allow the malware to infect your computer by executing something that you think is harmless and then you have instructed your computer to do as it is told. Install the malware.



2 Chances are you are not going to know that your computer has been turned into a bot.

Besides the damage that a bot does is to another computer. A bot is used to attack web servers for Denial of Service attacks and things like that. The bot just uses your computer and internet connection to accomplish this...yours and thousands of others.

To be absolutley sure that you have a clean computer you would need to reload it from scratch.

What I do is load the OS and drivers and Updates and get all my programs loaded with their updates installled. Then I ghost the system drive to another drive. If I ever have any problems I just backup my data real quick and revert back to the ghost image. Then I am back to using a freshly loaded computer. It only takes about 20 minutes. I love it.



Check out Norton Ghost

http://www.symantec.com/norton/products/overview.jsp?pcid=br&pvid=ghost14

1 - No, we cannot rely on those tools. Many tools are helpful, yes, but no tool is ever 100% effective. The most powerful tool is common sense. Ie. don't go clicking on spam/popup/chain email links, don't run programs from email or downloads unless you're 100% certain of what it is and what it does, etc. Nothing too mind-blowing.



2 - Many people seem to think slow computers or random errors are sure signs of being "hacked" or "infected". But the truth is, the majority of these cases are really just errors or problems in the system (many times, from the user installing a bunch of crap software; and in some cases, a bunch of crappy, redundant, or even malicious security software). The whole idea of attacking a PC is for that attack to go unnoticed. So in other words, there are really no sure signs of being infected or "hacked", since the best attacks are designed to not be detected (if they're not detected, they can't be fixed).



The best defence is prevention. Ie use common sense. Use a firewall (and only one). Use anti-malware (but only one that runs residently). Use anti-virus (again, more than one can be installed and scan on a schedule, but don't have more than one running residently). These programs will also mostly take care of existing invaders. If they don't though, the safest option is to format and try again.