Recently, I was a participant in a spontaneous discussion about hacking, viruses, and other malicious things that happen to computers because of total dillholes who have too much time on their hands. One other participant suggested that the easiest way to secure your internet connection is to reformat your computer if you suspect that someone has been doing dillhole things like reading your email or installing viruses on your computer. This suggestion is literally terrible for several reasons, the first of which is that this doesn’t actually fix the problem at all. This blog post will be about what you can do to secure your computers and other devices while you surf the web. For the sake of transparency, I’m not an expert, but I don’t have to be. This blog post will not make you an expert, either, but you’ll definitely be smarter than a majority of internet users by the end of it.
First off, I’d just like to say that unless you’re secretly the DEA, a person of significant status in the Department of Homeland Security, or possibly the Crime Minister of Canada (whoops! Prime!), your risk of being hacked by anyone who knows what they are doing is legitimately trivial. If you are, like me, just a random person who uses the internet to browse and send emails, fuck around on Facebook and Twitter, and occasionally become super-educated about random topics of interest, the only people who will ever attempt to hack you are people who know precisely who you are. You are, like me, what’s called a casual user, and are really almost literally never facing the legitimate threat of a professional hack at any time in your casual use of the intertrons. And for the record, those who know who you are and would either threaten or resort to hacking you are totally dillholes for even thinking about it, because the most they could accomplish by doing so is making you personally feel violated in terms of your privacy, and generally uncomfortable. In reality, so few people even know what hacking means or can be used to accomplish, so most dillholes use hacking (or the mere threat of hacking, in the case of incompetent dillholes) as a way to intimidate people they know who, for whatever particularly childish reason, they just don’t like and want to scaremonger. Hacking is also illegal, even in the case of whistle blowers whose work is quite literally critical on either a national or international platform, so most dillholes won’t actually risk it on someone for whom violating civil rights will accomplish nothing but fulfilling a personal vendetta. Legitimate hacking of casual users is just an incredible waste of talent, skill, energy, time, and electrons. This cannot be understated.
What is Hacking?
Hacking is basically performing a break and enter on someone’s computer, a network of computers, or a server (which you can think of as like a network of networks), without even being in the same room. Hacking can even be done by legitimate hackers on computers that are turned off at the time, so long as the router or modem that provides access to the internet to that particular computer is still a) connected to the internet, and b) turned on. This is a pretty important detail, and one which I will expand upon further down in this piece of writing. Hacking is used to view files on the target computer, and that includes sensitive or confidential information which can then be outright stolen. After all, what would the point be in this day and age, if not to steal sensitive or confidential information? As mentioned obliquely above, sometimes hacking has been used by whistle blowers to expose egregious violations of civil rights or international law. Other times, hacking is used to grossly misrepresent individual people, companies, and/or corporations. For instance, if I recall correctly, anonymous hackers have targeted the Westboro Baptist Church at least once, for the explicit purpose of taking over their website, doing major editing, and making terrific fun of this hate group for all the internet to see. Finally, there are the dillholes who use hacking to violate the privacy of people who are known to them who just made them mad enough to compel them to spend several hours making their target(s) feel miserable. Though it is entirely possible for a person who has hacked a computer to install a virus (more on what this is immediately below) on the computer they have hacked, this is not generally the way that people get viruses on their computers. This is especially true for casual users.
What is a Computer Virus?
A computer virus is usually a relatively simple program, or small and uncomplicated file, that is running on your computer from the moment it is turned on, and generally producing a pain in the ass. Most viruses cause major inconveniences, significantly slow your computer down, or annoy the snot out of you with unexpected behaviours such as causing random windows to pop open unexpectedly or even persistently redirecting you to particular websites demanding you purchase something to make it go away. Most viruses do not delete information you have stored on your computer or any devices you have plugged into your computer, and most viruses do not do particularly malicious things such as deleting files that make your operating system (e.g., Windows 7) work. Unfortunately, useless dillholes have written and continue to write virus files to generate just about every possible problem under the glow of your computer’s screen, but fortunately for all of us, most of these files can be avoided by simply not downloading them. Probably 99% of viruses that infect computers have been voluntarily downloaded and allowed to run by the person who is most inconvenienced by it. For example, the only time I ever infected a computer myself, I was using a chat program and clicked a web link from one of my contacts that had my email address in it, just out of curiosity. A window then popped up asking me if I’d like to “run” a file that ended with the letters “exe” (this was a computer running a Windows operating system), and against my better judgement, I clicked yes. I spent several days trying to undo what I had accomplished in the space of about ten seconds of not thinking. And this is more or less the way that a vast majority of people get viruses on their computers. Unless you are deliberately seeking and installing a program, you can avoid almost all viruses simply by not doing what I did during that ten seconds that I will never again repeat for the rest of my life.
What is Reformatting?
Reformatting refers to wiping all or most of the information off of the main source of permanent memory that lives inside your computer. In other words, you’re destroying all of your files — and all of the ones you haven’t created yourself (i.e., the operating system, or the very complex reason you are able to interact with a computer at all unless you’re just using it as a paperweight) — and the result of this process is a box of permanent memory with absolutely nothing on it. Truth be told, it could have just been called “erasing everything”, but the geeks who are responsible for the special language of computing probably wouldn’t find that very satisfying. Reformatting is generally followed by reinstalling the entire operating system, or your computer will just have to enjoy a life of servitude as your most expensive paperweight, because with nothing written on its permanent memory, it doesn’t do anything any more except activate the screen for nothing but a blinking white line on a black background. Reformatting is sometimes used to “fix” a computer when a maliciously horrible virus has deleted a file that makes everything stop working, but this is an absolute last resort “fix” for the immediately obvious reason that you’re kissing all of your personal files goodbye and starting over from scratch. It can also create problems in the permanent memory that lives inside your computer, which can then slow it down when it is back up and running, or, if a computer is repeatedly reformatted and it’s done wrong or interrupted unexpectedly, can even kill it for good. Worst of all, reformatting does absolutely nothing to address your vulnerability to a dillhole hacker, because they aren’t getting into your computer through that permanent memory. That’s just what they were looking at once they got in—and that’s assuming they ever did get into your computer, and weren’t just particularly lucky in guessing either your password or the answers to your security questions for access to your emails or Facebook.
How Does a Hacker Get Into a Computer?
As mentioned obliquely above, a hacker accesses a computer through the internet—that means “cracking” the security on the router and/or modem (i.e., the box your computer is using to talk and listen to the internet for you). Both routers and modems translate electronic signals back and forth between your computer and the computers that run the websites you want to look at, and a hacker pretty much snatches the stream of information going back and forth to follow it back to you. If you use a modem, that usually means finding you directly through a cable service or telephone connection. If you’re using a router, which will be the case for everyone who is accessing the internet wirelessly, that usually means finding you first through radio signals in the air (e.g., from next door), then tricking the router to let the hacker look at all the computers and devices that are using the router to surf. A lot of internet service providers now provide a combination modem and router all in one box to their customers, because they recognize how unhappy people are with the idea that they are unable to protect themselves from privacy violations by total dillholes. Of course, it is also true that a lot of internet service providers are saving extraordinary amounts of money by providing these modem-and-router-all-in-one-boxes, because they have obviously been getting phone calls for years already from distressed customers with little to no understanding of how to secure their internet connection, or even from incredibly frustrated people like me who, for example, have the skill set but for some reason can’t make a brand new router and the internet service provider’s modem talk to each other to provide access to the internet service that is still being billed whether or not I can actually use it. People also tend to have more computers and devices that can access the internet combined, per household, than even just a couple years ago. Generally speaking, internet service providers will only issue one modem per household, which can actually mean as few as one computer accessing the internet at a time if you don’t also have a router. That gives internet service providers another reason to make these modem-routers for everyone (because otherwise most people just won’t pay for the service any more).
What is the Difference Between a Modem and a Router?
Basically, the difference between a modem and a router is that a modem gives you a direct connection to the internet without any security features, but a router is designed to patrol the traffic between the internet and your computer—basically so dillholes can’t steal your files or write viruses for you on your computer. A router is serving the function of what’s called a firewall, whereas a modem is just giving your computer access to the internet. If you don’t have a router (or combination modem/router), or you’re not sure if you do, you can actually install a program on your computer that more or less does the same thing. Years ago, and even during the event I described above that I spent all of ten seconds not thinking and wound up spending consecutive several days trying to undo my error in judgement, I used a free firewall program called Zone Alarm (here’s where you can look at the latest free version of Zone Alarm as of this piece of writing), which would alert me whenever something that appeared strange was trying either to reach into my computer or send information out to the internet. A window would pop up on the bottom right-hand corner of the screen asking me for permission, and the Ten Seconds Without Thinking event was no exception. Had I just clicked “deny”, I could have spared myself a lot of trouble and wasted time, because the firewall program would have stopped the virus before it did anything to my computer—and that’s exactly what you want a firewall to do. Windows also has its own “firewall”, but it’s a piece of garbage that just slows the computer down to accomplish absolutely nothing overall, so I personally turn it off as soon as I finish getting Windows installed on a computer. A router is doing the very same policing job, but it’s doing it before anything has reached your computer, and unlike a program that you can download from the internet, it’s going to be very hard, if not impossible, for most dillholes to crack. This is especially true if you know how to use it, which is what the rest of this blog post is going to teach you, for beginner level internet security that’s plenty good enough for most casual users.
How do I Begin to Use my Router or Combination Modem/Router?
Every router and combination modem/router has what’s called a default IP address (this is a web address just like google.ca, but it’s a string of numbers instead), a default username (to log into the IP address website), and a default password. These are always located somewhere in print directly on the router or modem/router, usually in the form of a sticker (though I’ve bought a small army of routers over the past several years, and all of them had these things embossed on the router’s hard plastic casing instead of slapped on with a sticker). This allows you to access the programming in the device through a website, where you can make a few important adjustments to protect yourself and your information. It’s kind of like the device has its very own web-based program stored on it, and you can log in to tell it more rules for how to patrol your internet connection. In the event that you change the wrong thing and your router suddenly starts interfering with you accessing your own internet service, you can manually reset the program (usually with a clearly marked reset button on the side of the device, which you can press and hold down with a pen or paper clip), and it will go back to all of its default settings—in other words, you don’t have to “reformat and reinstall” the router. If something goes sideways, you can be back to step one in a matter of minutes with no trouble at all.
You will need:
- an ethernet cable (it’s usually blue, about a quarter inch thick, and it has what looks like a telephone jack on both ends which is too big to plug into the telephone socket in your wall — all routers come with one, and usually internet service providers leave you an extra one as well)
- a computer near the router or combination modem/router that you can plug this cable into (i.e., smartphones are like handheld computers, but they can’t do this job) while it is also plugged into the device
- an active internet service
- a piece of paper and a pen
- about 20-30 minutes of spare time
You are going to learn:
- very basic encryption, and what exactly that even means
- MAC address filtering, and what in the world that means
Once you locate your default IP address, default username, and default password for the router or router/modem, try opening a new tab or window on your internet browser, and type the default IP address into the address bar. You’ll see a login page, and this is where you’ll be using your default username and password, unless the router or router/modem has been told at some point in its use by someone else that it has a new username and/or password, which you will hopefully know about already. If you are successful in logging in, you’re going to see a lot of things you can change or look at, such as the number of users that can be accessing the router at once (my small army of routers always allowed 50 by default). I encourage you at this point in this piece of writing to just take a few minutes to explore the device’s general settings and wireless security or firewall settings without actually changing anything yet. There are usually some pretty advanced settings options too, but these tend to apply to people whose routing needs are pretty specific, and maybe a little beyond casual use.
What you’re looking for are things like “SSID” and “SSID Broadcast”, which refer to the name of the wireless network your router makes for you, and whether or not you want it to be visible to people who are in your neighbourhood—some people have a lot of fun with naming theirs and keeping them deliberately visible, such as by calling it “FBISurveillanceVan” or something silly like that. You may also see some mumbo jumbo about channels, which refers to the frequency at which the wireless network is broadcast, and can be changed if there is a lot of interference from other routers on the same frequency, though most are set to “automatic” by default. You’ll probably also be able to find the page where you can see a huge bunch of blank boxes under a heading that says something like “MAC Address Filtering” — I’ll get into what that does shortly — or the page where you can generate or enter what’s called an encryption “passkey”. I’m going to talk about encryption first, before making suggestions for how to use this feature.
What is Encryption and Very Roughly How do I Start Using it?
Encryption is a way to disguise the information being broadcast and received by your router or router/modem, so if some dillhole finds a way to tap into the stream, all they can see is meaningless strings of symbols, numbers, and/or letters, instead of whatever it is you’re actually doing. It’s taking the information and putting it into code, in other words. A combination modem/router is extremely likely to be doing this for you already without the need for you to log into its program and tell it how to do this. If you are using a device provided to you by your internet service provider, and it has a default network name (and username) like EDE27D and a default password like 184320, this is a device that is already using encryption and password protection to protect you as a matter of default. Your work on that front is already done, and you can relax.
If, however, you’re using a router that has a default username like “admin” and a default password like “password”, this is a device that is capable of using encryption and password protection, but you have to set it up yourself before it will start doing that for you. Use the ethernet cable to connect your computer to the router, which will also need to be connected to the internet service provider’s modem if it is not the same device. Otherwise, every time you adjust a setting and hit the save button, you’ll have to wait for your computer to reconnect to the network (and it simply won’t reconnect if you change the encryption settings without updating your computer to use those settings), and then you’ll have to log back in again each time you want to make another adjustment to a setting. Once you’re plugged in and logged in to the website, you’ll probably find the option to change the name of the router from “admin” to whatever floats your boat, and to change the login password from “password”, under a heading like “user settings” or “management”. If you do this first, you will need to log back in after hitting the save button.
Usually, you can find the encryption settings on the router’s web program under a heading like “firewall settings” or “wireless security”. All routers and modem/routers have multiple encryption options for you to choose from, and they will generally include WEP and WPA/WPA2 or WPA Personal. I suggest using WPA/WPA2 or WPA Personal (whichever is available to you — these are the same thing), based on the urging of a geek friend who said it was way more secure than WEP, because it adds an extra thingie at the end of the passkey, that changes automatically on a regular interval, which your router and computer sort out themselves anyway but just makes it that much harder for dillholes and hackers alike. If you decide to go with WPA/WPA2 or WPA Personal, and you are given the option/prompted to choose either AES or TKIP, I suggest picking TKIP based on that same conversation with a geek. Many routers also have a field for a “passkey generator” (which may or may not only be accessible when you’ve selected WEP, but you can change that to WPA/WPA2 or WPA Personal if you want, after creating a passkey). The way a passkey generator works is you type in something that makes sense to you, like “icanhascheeseburger”, and it spits out a string of letters and numbers like “1359bad2bff22cccc4e373”. If your router or router/modem doesn’t have one of these generators, or you’re not sure, you can play around with this one online until you find a passkey that you want to use. Passkeys are case-sensitive, so if you type it in using capital letters in the router’s website, you’ll have to use capital letters when you’re typing it in on your computer’s wireless settings. The passkey is essentially a nonsense password composed entirely of letters and numbers that you program your router to ask for from every computer that tries to talk to it. No passkey, no internet. Simple as that. Once you pick a passkey, it’s best to just write it down so that it’s easier to enter it into each device that will be accessing the router. When you finish saving your new passkey, try accessing the network from any device, using the passkey as the password when prompted for it.
What is MAC Address Filtering and Very Roughly How do I Start Using it?
Way, way up in the beginning of this post, I said that reformatting a computer won’t solve the problem of getting hacked, and I said I would explain why that is further down. This is that point of the blog post.
Every piece of your computer that can communicate with a modem, router, or combination modem/router has what’s called a physical address, or MAC address. I don’t know why in the world it appears to be named after a cosmetics company, but that’s beside the point. No matter what operating system you use, and no matter how many times you’ve reformatted your computer to try and “fix” it after getting hacked (whether or not you actually were), the physical address of each of those parts doesn’t change. And every single computer has its own unique set of MAC addresses for all of its different parts. The MAC address of whichever part of the computer it is you are using to communicate with your routing device to access the internet is unique to you. It literally tells a hacker who you are, even though to them, you might be BF:34:A0:3E:01:01 rather than the dramatically more intuitive Mr. John Smith of Memphis (in case you can’t tell, I’m completely making up a lot of these examples of encryption keys, MAC addresses, and names as I go along). If you are just using a modem to connect to the internet, the only means you have to protect yourself (other than vigilance with what you click) is through a firewall program. But if you are using either a router or a combination modem/router, you can use MAC filtering to protect yourself from unwanted wireless users trying to access your router — by either barring specific physical addresses from your router (i.e., particularly persistent neighbours with too much time on their hands), or by barring everyone but specific physical addresses (i.e., you) from your router. I personally prefer barring everyone but the computers and devices I personally authorize. It takes all of 5 minutes maximum to add a new MAC address to the list, and I know with certainty who the only people ever accessing the router wirelessly are, leaving the only way I know for someone to “hack” into my computer being breaking directly into my house and browsing it from where I’d usually be sitting.
If you have multiple computers and other devices that will be accessing the router wirelessly, and you do decide to opt for MAC filtering, it’s easiest to keep all the MAC addresses straight if you write them all down on a piece of paper with a word or a name next to each MAC to remind you of who or what each one was. Sometimes the list doesn’t stay in the order that you added the devices to the list, as many routers appear to prefer to list them in alphabetic or numerical order once they are all saved, and that can cause some confusion if and when you want to take one off later (e.g., when you sell a computer or your smartphone dies). You can usually find the MAC filtering option under “wireless security” or “firewall settings”; but occasionally MAC filtering is listed as its own category of settings, as though separate and distinct from wireless security, or it is listed somewhere under “advanced settings” — especially with combination modem/routers. Some routers have a feature that will detect your wireless MAC for you (i.e., MAC cloning) from every computer you log into the website from. I’ve personally never used it because it’s easy to retrieve this information directly from each computer:
- If you’re using Windows, hit the start button, click run, and type in “ipconfig/all” without quotation marks. A huge blurb of stuff will result. You’re looking for the line that says “WLAN”. Congratulations to you as soon as you find it among probably 3 to 4 options total. Write down that physical/MAC address.
- If you’re using Ubuntu, open your system settings, double-click network, then click wireless. Your wireless MAC is displayed. Ta-daaaaa. Write it down.
- If you’re using Macintosh, it’s more or less the same deal as with Ubuntu, but you’re looking for the “physical address” for “airport”. Here’s a webpage about it from someone who clearly uses Mac, unlike myself. Disco. Write it down.
When you have a complete list of all the MAC addresses you want to allow, you can turn MAC filtering on in your router’s settings, then select the option to “filter all MACs except for the following”, and carefully enter each of those MAC addresses into their own boxes. They don’t have to be in any particular order. When you finish and save your changes, just you and those you know will be able to use your wireless network whenever it is broadcasting. A hacker or particularly talented dillhole might be able to figure out your passkey, but if you’re filtering every MAC out except your own, they still won’t be able to get an answer from your router. You don’t even need to make any adjustments to your computer’s wireless settings once you change this setting on your router or modem/router.
Congratulations. I’m Serious.
You are now way smarter and better skilled than most dillholes, and they can’t threaten you with “hacking your computer” any more, because you’re protected. If you use diligence about how you browse the internet, like I do, you won’t even need antivirus software. I haven’t used it for several years, and I don’t have any problems with my computers unless the physical parts wear down from being overworked over the course of several years. And if you pick good passwords and security answers, and keep them to yourself, you won’t have to worry about having your email “hacked”. I encourage you to go forth and share what you’ve learned with other people so that they can protect their civil liberties too. Maybe you’ll even learn something I haven’t figured out yet, and before you know it, you’ll be schooling someone like me.