HOME
TOPICS
ABOUT ME
MAIL

 
Windows tips: Someone sitting at another keyboard far from your home or office could break into your computer over the Internet unless you turn off one of the most common features of Windows, File and Print Sharing. Part 1.
   technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

The dangers of File and Print Sharing over the Internet


April 19, 1998

By Al Fasoldt
Copyright © 1998, The Syracuse Newspapers

   My brother Bob and I are both running Windows 98, and we both use all the Internet features of the new operating system. But sometimes knowing about a feature is not the same as finding out about it first hand.
   Case in point: His PC. I'll call it Bertha. That's not the real name. I won't tell you what the real name of his PC is -- the name he gave it when he created a two-PC network in his family room a week ago -- for a reason that will be obvious shortly.
   Bob sent me an e-mail message asking if I'd like to download a new program from his personal ftp server. A personal ftp server, if you have never heard of one, is a file-exchange program running on a personal computer connected to the Internet. An ftp server lets other computer users log onto that PC and both upload and download programs, so a personal ftp server is one that is designed for light-duty use -- letting your friends and relatives log onto your computer, for example.
   To do that, you have to know the address of the ftp server. Most of us who have Internet accounts don't have a permanent address (called an IP address), so the person who runs the personal ftp server has to e-mail the current IP address to others so they can use it to log on.
   To connect to an ftp server of any kind, you need an ftp program. That is, you used to need an ftp program. Under Windows 98, you just open a file-and-folder window (any window that shows the contents of a folder) and type the IP address of a remote computer into the address line at the top of the window. Normally, that address line shows the path and name (the pathname, to be technical) of a folder on your hard drive. Typing in something like 255.22.231.01 -- that's a fake address, so don't try it -- into the address line and pressing Enter turns your Windows 98 file-and-folder window into something else. It turns it into a window onto any PC, anywhere, on any network that is connected to the Internet.
   You may be losing the point if you've never tried Internet Explorer 4.0 or Windows 98. (IE 4.0 has some of these features already.) Any normal window that shows a folder on your hard drive turns into a window that shows the folders on another computer just by typing in the IP address or the permanent URL name of that computer. (To see what I mean, those of you running Windows 98 should open a normal folder and type ftp://ftp.dreamscape.com/ to log onto a full-time ftp server immediately.
   Follow this next part carefully. Windows 98 caches (stores for a period of time) the IP numbers of computers you connect to and matches them up to their computer names. These are not domain names -- not "microsoft.com" or "syracuse.com" -- but actual names users give their PCs when they set up networking in Windows. (Computers have to have names when they are networked in Windows.)
   So when I typed the IP address of my brother's Internet-based PC into the folder's address line, Windows 98 quickly logged onto his PC and stored away for future reference the name "Bertha" as the so-called "friendly name" for the PC I was connecting to.
   I navigated through his folders and found the file I wanted to download. I clicked on it and dragged it to one of my own folders. When the download was finished, I closed the folder window, which closed the connection to his PC.
   That's when everything got really interesting. Imp that I am, I opened another folder window and typed "Bertha" in the address line. In less than a second I saw his folders appear in my window. I saw his drives and his printer. I told Windows I wanted to use his printer as my secondary printer, and my operating system began installing all the necessary printer drivers from his PC.
   I created a few new folders on one of his drives. I dragged a funny image of the family, tweaked to make it seem our aunt was a twin, over to one of the new folders and let it go. I left him a note in another folder.
   He was away from home at the time, helping our dad celebrate his 87th birthday. If he had been home, he would have croaked. I was cruising through his PC at will, and I could have been anyone. I could have wiped out file after file, folder after folder. I could have disabled his PC so badly it would have never run again without a full reinstallation of Windows.
   Of course, I didn't. But anyone who wanted to could have.
   That's because of the way Windows handles File and Print Sharing. Anyone who has this feature turned on for the PC's Internet connection is asking for a lot of trouble. Your PC is exposed to anyone who finds your PC's address.
   Luckily, File and Print Sharing is easy to turn off. We'll see how to do that, and how to optimize it for your own legitimate uses, next week.