There are pieces of information about you all around the globe and every time you sit down to surf or chat, use instant messenger or e-mail, you increase the chances of that information falling into the hands of someone who will know just what to do with it. Do I have your attention? Good. Because this article is about a product that can help you make their job a lot more difficult.
Setup
The first step is to go to your favorite software reseller, such as CompUSA or Staples, and purchase a product called GhostSurf 2005. From a company called Tenebril, this awesome program lets you hide your identity online as well as clean up any tracks on your computer. Although this program is only for Windows, I'll show you later how to allow other computers on your SoHo network - including Linux, Unix, or Mac OS X boxes - to use it as well.
I suggest you go ahead and get the Platinum Edition. On Tenebril's website, it goes for $50, but I got my copy at Staples for just twenty. The extra ten bucks or so gets you ad blocking, spyware detection, and an encrypted file vault for your sensitive files.
Just put the CD into your CDROM drive and the installation wizard should start automatically. If not, run the setup.exe program from the CDROM by either right-clicking on the Start button, choosing Explore, navigating to your CDROM drive, and double-clicking setup.exe or by going to Start --> Run and typing in the name of your CDROM drive, plus setup.exe (e.g., D:setup.exe).
After the usual installation process consisting of the EULA, install path, Start menu folder name selection, desktop shortcut choices, &etc., you will see a screen with a summary of your selections. If everything looks alright, then click next, otherwise, you can hit the back button and change whatever you need to change. For most purposes, the default selections should suffice. Once the install is complete, you will have to restart your computer, which should be done automatically by the installation wizard.
When you start up GhostSurf for the first time, you will have to enter an e-mail address and the license key (which you can get from the envelope the CDROM came in – it should have the letters “ST” and then some numbers). Then, you'll be ready to configure GhostSurf to work for you.
How It Works
GhostSurf is a proxy, plain and simple. A proxy is a program (although in a company setting, it is sometimes a physical server) that runs on your PC and acts as a traffic cop, standing between your computer and the Internet. All traffic that goes in and out passes through the proxy. GhostSurf runs in the background. You can see it in Task Manager as Proxy.exe and in the System Tray as a small, green, evil-looking eye. You can right-click on this eye and open the GhostSurf main window, the Privacy Control Center, the Ad Armor window (with Platinum Edition only), or the Proxy Information window.
First, we'll take a look at the regular features that are available in both GhostSurf 2005 and GhostSurf 2005 Platinum – the Privacy Control Center and the Tracks Cleaner. Then, we'll check out the Platinum only features – Ad Armor, Spy Catcher, and Personal Data Vault. Finally, I'll show you some advanced configurations which will help you get the most out of your newly acquired anonymity.
Privacy Control Center
The Privacy Control Center is where you can set up your privacy level. There are four levels of privacy:
Normal – This setting is no different than using your regular Internet connection without GhostSurf.
Anonymous – This setting blocks cookies so websites can't track you.
Invisible – This setting blocks cookies and routes all of your traffic through Tenebril's anonymous hubs, thus hiding your IP address.
Secure – This setting does the same stuff as the Invisible setting with the added benefit of encrypting the data you send out of your computer.
In addition, there are lots of ways to fine-tune GhostSurf to make it behave just the way you want. If you click on the Special Sites tab, you can add sites that you want to be exempt from your settings. This comes in handy as some sites don't work well when running GhostSurf (like most webmail sites) because they rely on cookies for authentication.
The Traffic tab is my favorite. The Traffic tab lets you see the traffic that passes through GhostSurf from your computer to the Internet, as well as check out the modifications GhostSurf makes to the data and how it anonymizes your information. GhostSurf doesn't keep a history of the data but if you open up the Privacy Control Center and click on the Traffic tab, then surf the Web, you'll be able to watch all the traffic in real time. For you security-savvy folks out there, no you cannot modify this information, you can only observe. So if you're looking for a way to change your referrer or user agent headers, you will need something else. That doesn't mean you can't use GhostSurf, though. I'll get into advanced configurations later. The really cool thing about this tab is that it lets you double-click an entry and see the actual cookie or request and it lets you select an entry and, by clicking the Whois button, do a whois query on the site in question. As if that's not enough, you can type any site name you want into the dialog box and perform a whois query right there! Awesome!
The Add-Ons tab lets you extend GhostSurf's capabilities with tools such as Anonymous Instant Messaging, IRC, and News, as well as an Encryption Pack. The Options tab lets you configure things like automatic startup, automatic redirection of all Internet Explorer data through GhostSurf (so you don't have to manually configure IE to use GhostSurf as a proxy), and what personal information you want GhostSurf to remove.
Tracks Cleaner
Most people don't realize it, but your computer keeps track of every site you visit, search you conduct, file you open, and lots more. Hackers, spyware, and other users of your computer can see this information and use it maliciously. Tracks Cleaner lets you clean all of these digital breadcrumbs with a couple clicks of your mouse. To get to the Tracks Cleaner window, right-click on the GhostSurf icon in the System Tray and choose Open GhostSurf, then click the Tracks Cleaner icon.
There are too many options to go over each and every one, so I'll just cover the basics, plus some stuff that may be hard to understand. The Wipe Now window allows you to clean up all of your tracks with just one click. This is all most people will ever need to use. The rest of the options are mainly just ways to fine-tune the wipe process and are, for the most part, self-explanatory.
The most advanced part of Tracks Cleaner is the Strength section. Most people will never need to use this and if you don't understand what you're doing, I strongly suggest that you don't. Having said that, let me give you a brief rundown of the options available.
First, there are Quick Wipe (normal pass), Quick Wipe (random pass), and Stop Undelete Tools. Quick Wipe (normal pass) is the default and it overwrites the data with zeros. Quick Wipe (random pass) overwrites the data with random bits. Stop Undelete Tools overwrites the data twice – once with zeros and once with random bits. The description claims that this will stop recovery software, but this is true only if the term “recovery software” is used very loosely to describe basic, garden variety undelete tools and totally omits any serious data forensics software. However, even though these options won't be able to stop a data forensics professional from recovering part or all of those wiped files, it does make it very hard for the average data snoop to recover your files. Average users, any of these options should be fine for you. However, if you are a spy, druglord, professional hacker, or have any reason to suspect that the feds will be looking at your hard drive in the near future, these options are not for you.
Next are the really fun options for the super paranoid. NAVSO P-5239-26(RLL) and NAVSO P-5239-26(MFM) are both the same thing except that the RLL version is for IDE hard drives and the MFM version is for SCSI drives. If you don't know what IDE and SCSI means, then you will be better off with the previously mentioned algorithms. This algorithm will give a data forensics professional a very serious run for the money. NAVSO stands for NAVy Security Operations and these two wipe algorithms were developed by the US Navy to satisfy their secure data destruction needs. Enough said.
DOD 5220.22-M was developed by the Department of Defense and uses seven passes. Overkill, you say? Well, it was developed with the intention of preventing both software and hardware recovery. In a face off between this algorithm and a data forensics pro, the smart money is on the algorithm. However, if this is still not enough for you, you can always use the DOD 5220.22-M's evil twin – the Super DOD 5220.22-M algorithm. This thirteen pass method sandwiches the regular DOD 5220.22-M method between two three pass sweeps and exceeds the Department of Defense's own standards. Again, enough said.
Then, there is Schneider's Algorithm, which any computer science student who took a course in crypto should recognize – it's right out of the Handbook for Applied Cryptography. For anyone who hasn't had the pleasure of reading this massive, mind-bending book on how to torture yourself with mathematics, Schneider's Algorithm overwrites data once each with two hex values, 0xFF then 0x00, then overwrites five more times with random data. A very good algorithm.
Finally, there is Gutmann's algorithm, which removes all magnetic trace of the data. Short of taking your hard drive out to an Air Force bombing range right before a training exercise, this and the Super DOD 5220.22-M algorithm are the two best ways of making sure all that incriminating evidence never comes back to haunt you.
Ad Armor
With Ad Armor, you can block or allow advertisements, ActiveX controls, Flash autoplay, script errors, and lots of other stuff. It's all pretty much self-explanatory. The only thing I'd like to point out is that, just like I mentioned earlier about stopping cookies, some sites may require one or more of these components in order to work properly. However, Ad Armor is highly customizable and you can easily add or remove blocking from any site.
Spy Catcher
Spy Catcher monitors your PC for spyware, hacker tools (such as trojans), and other malicious software. Again, it's very user-friendly. Some cool things about this tool are its ability to scan your PC's memory as well as its registry and hard drive, and it's ability to let the user allow certain programs that may come up as being spyware but are actually something the user wants there, such as WeatherBug.
Personal Data Vault
The Personal Data Vault lets you store sensitive files, passwords, and private web favorites to a special, encrypted location. Unlike most encryption utilities, it's very easy to use in its guise as a file manager into which you can simply drag and drop your secret files. It also has the ability to back up your entire vault to CD or DVD and to shred your private files using the same wipe algorithms discussed earlier. The only thing I don't like about this tool is that it doesn't state anywhere what encryption algorithm is used and it doesn't allow the user to select a specific algorithm.
Advanced Tricks
Most users will simply run GhostSurf on their computer and that's pretty much all they really need. However, if you're like me, you probably have a SoHo (small office/home office) network set up at home. If so, there are some additional things you can do to make GhostSurf sit, roll over, and play dead.
You can have GhostSurf automatically route all Internet Explorer traffic without having to do any manual configuration. However, if you are one of the many consumers who are fed up with IE's (in)security and are using a third-party browser, such as Mozilla, FireFox, or Opera, then you'll have to manually configure your browser to use GhostSurf. To do so, just go to your preferences dialog box and look for something that says Proxy. Enter the loopback address (127.0.0.1) where it asks for host or IP address and the number 7212 where it asks for a port. You can also do the same thing for your e-mail client and instant messaging client.
If you have more than one computer hooked up to a router or hub, and you want to use the Windows box (running GhostSurf) as a proxy, open a command prompt on the computer running GhostSurf, type ipconfig, and hit enter. You should see an IP address like 192.168.1.105. Use this address in the client configuration for the applications which you want to use the proxy, along with the same port number as before (7212). You may be able to configure the operating system in general to use the Windows/GhostSurf box as a proxy, as well. In SuSE Linux, open up YaST, choose Network Services, then Proxy and use the same information as above.
A cool trick that I tried which is of interest to information security buffs is configuring Nikto to use the Windows/GhostSurf box as a proxy. Just go to the install directory and look for a file called config.txt. Open it up in your favorite editor and look for a commented-out line called Proxy. Uncomment the two lines that require the IP address and port, fill them in with the appropriate information, leave the two lines asking for username and password commented out, save, and fire up Nikto. Now you see me, now you don't - happy hacking!
Finally, GhostSurf has some advanced configurations available in the form of
.ini files. By hacking these files, you could make GhostSurf behave any way you want. However, if you do this, don't expect any help from Tenebril. If things get ugly, you may find yourself resorting to an uninstall/reinstall.
Conclusion
I wouldn't use the data vault at all, simply because I don't know how it encrypts the files and it won't let me choose my own algorithm. Until Tenebril steps up its game in that department, I'll continue using PGP. Also, I wonder if the lack of a username and password for clients could be exploited (even though it's a moot point if behind a properly configured router/firewall and you're the only user)? However, all things considered, Tenebril's GhostSurf is useful, user-friendly, and most importantly – it works. I am very happy and consider this to be one of my best twenty dollar purchases of all time.
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|