Kaspersky Lab KASPERSKY ANTI-HACKER 1.5 User Manual

KASPERSKY LABS
Kaspersky Anti-Hacker 1.5
USER GUIDE
KASPERSKY ANTI-HACKER 1.5
User Guide
Kaspersky Labs Ltd.
Revision date: April 2004
Contents
CHAPTER 1. KASPERSKY ANTI-HACKER.................................................................. 6
1.1. Introduction ............................................................................................................ 6
1.2. What’s new in v. 1.5 .............................................................................................. 7
1.3. Distribution Kit........................................................................................................ 8
1.3.1. What Is in the Distribution Kit ......................................................................... 8
1.3.2. License Agreement......................................................................................... 8
1.4. Information in the Book ......................................................................................... 9
1.5. Conventions......................................................................................................... 10
1.6. Help Desk for Registered Users ......................................................................... 11
CHAPTER 2. INSTALLING AND REMOVING THE SOFTWARE.............................. 12
2.1. Hardware and Software Requirements.............................................................. 12
2.2. Installing ............................................................................................................... 13
2.3. Removing the Program ....................................................................................... 18
CHAPTER 3. STARTING WORK .................................................................................19
CHAPTER 4. KASPERSKY ANTI-HACKER – PREVENTING HACKER
ATTACKS ................................................................................................................... 22
4.1. Kaspersky Anti-Hacker Operating Principles ..................................................... 22
4.2. Security Levels .................................................................................................... 23
4.3. Recommended Settings...................................................................................... 24
CHAPTER 5. RUNNING THE PROGRAM .................................................................. 27
5.1. Starting the Program ...........................................................................................27
5.2. System Menu....................................................................................................... 28
5.3. Main Window ....................................................................................................... 29
5.4. Menus .................................................................................................................. 30
5.5. Toolbar................................................................................................................. 32
5.6. Workspace........................................................................................................... 33
4 Kaspersky Anti-Hacker
5.7. Status Bar ............................................................................................................ 34
5.8. Context Menu ...................................................................................................... 34
5.9. Rule Wizards ....................................................................................................... 34
5.10. Changing and Saving Interface Settings .......................................................... 35
5.11. Exiting the Program........................................................................................... 37
CHAPTER 6. ENABLING THE SECURITY SYSTEM AND DEFINING ITS
SETTINGS.................................................................................................................. 38
6.1. Enabling the Security System and Selecting the Security Level ....................... 38
6.1.1. Enabling the Security System ...................................................................... 38
6.1.2. Selecting the Security Level ......................................................................... 40
6.1.3. Network Event Warning................................................................................ 41
6.1.4. Training Window (Medium Level) ................................................................ 42
6.1.5. The Executable Module Substitution Warning ............................................ 43
6.2. How the Program Responds to Attack ............................................................... 45
6.3. Customizing Application Rules ........................................................................... 46
6.3.1. Managing the Rule List................................................................................. 46
6.3.2. Adding a New Rule....................................................................................... 49
6.3.2.1. Step 1. Customizing the Rule................................................................ 49
6.3.2.2. Step 2. Rule Conditions ......................................................................... 53
6.3.2.3. Step 3. Additional Actions...................................................................... 59
6.4. Customizing Packet Filtering Rules .................................................................... 60
6.4.1. Managing the Rule List................................................................................. 60
6.4.2. Adding a New Rule....................................................................................... 63
6.4.2.1. Step 1. Rule Conditions ......................................................................... 63
6.4.2.2. Step 2. Rule Name and Additional Actions........................................... 67
6.5. Intrusion Detection System ................................................................................. 69
6.5.1. Intrusion Detector Settings ........................................................................... 69
6.5.2. The List of Detectable Attacks...................................................................... 70
CHAPTER 7. VIEWING PERFORMANCE RESULTS................................................ 73
7.1. Viewing the Current Status ................................................................................. 73
7.1.1. Active Applications........................................................................................ 73
Contents 5
7.1.2. Established Connections.............................................................................. 77
7.1.3. Open Ports.................................................................................................... 80
7.2. Using the Logs..................................................................................................... 83
7.2.1. Displaying the Logs Window........................................................................ 83
7.2.2. The Logs Window Layout............................................................................. 84
7.2.2.1. Menus..................................................................................................... 84
7.2.2.2. Report Table .......................................................................................... 84
7.2.2.3. Tabs........................................................................................................ 85
7.2.3. Selecting the Log .......................................................................................... 85
7.2.3.1. Security Log ...........................................................................................85
7.2.3.2. Application Activity ................................................................................. 86
7.2.3.3. Packet Filtering ...................................................................................... 87
7.2.4. Defining Log Settings ................................................................................... 88
7.2.5. Saving the Log to a File................................................................................ 89
APPENDIX A. INDEX .................................................................................................... 90
APPENDIX B. FREQUENTLY ASKED QUESTIONS ................................................. 91
APPENDIX C. KASPERSKY LABS LTD...................................................................... 92
C.1. Other Kaspersky Lab's Products........................................................................ 93
C.2. Contact Information............................................................................................. 96
CHAPTER 1. KASPERSKY ANTI-
HACKER
1.1. Introduction
What is Kaspersky Anti-Hacker?
Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a computer running a Windows operating system. It protects the computer against unauthorized access to its data and external hacker attacks from the Internet or an adjacent local network.
Kaspersky Anti-Hacker:
Monitors the TCP/IP network activity of all applications running on your machine. If it detects any suspicious actions, the program notifies you and if required, blocks the suspect application from accessing the network. This allows you to preserve confidential data on your machine. For exam­ple, if a Trojan tries to transmit any data from your computer, Kaspersky Anti-Hacker will block this malware from accessing the Internet.
The SmartStealth™ technique makes it difficult to detect your computer from outside. As a result, hackers will lose the target and all their attempts to access your computer will be doomed to fail. Besides, this allows for prevention of the DoS (Denial of Service) attack of all types. At the same time you will not feel any negative influence of this mode while working on the Web: the program provides conventional transparency and accessibil­ity of the data.
Blocks the most common hacker network attacks by permanently filtering the incoming and outgoing traffic, and also notifies the user about any such attacks.
Monitors for attempts to scan your ports (these attempts are usually fol­lowed by attacks), and prohibits any further communication with the at­tacking machine.
Allows you to review the list of all established connections, open ports, and active network applications, and if required, lets you terminate un­wanted connections.
Kaspersky Anti-Hacker 7
Allows you to secure your machine from hacker attacks without special configuration of program settings. The program allows simplified man­agement by choosing one of five security levels: Block all, High, Medium, Low, Allow all. By default the program starts with the Medium level, which is a training mode that will automatically configure your security system depending on your responses to various events.
Allows flexibility of security system configuration. In particular, you can set the program to filter network operations into wanted and unwanted, and you can configure the Intrusion Detection System.
Allows you to log certain security-related network events to various spe­cial-purpose logs. If required, you can define the detail level of the log en­tries.
The program may be used as a separate software product or as an integral component of various Kaspersky Labs solutions.
Attention!!! Kaspersky Anti-Hacker does not protect your computer from viruses and malicious programs that can destroy and/or corrupt your data. It is advised that you use Kaspersky Anti-Virus Personal for this purpose.
1.2. What’s new in v. 1.5
New features of version 1.5
The new version of this program:
supports operations with ADSL modems;
completely supports Stealth mode (tests passed at www.pcflank.com);
• is able to detect new network attacks: SmbDie, Helkern, and Lovesan;
allows definition of port ranges for packet filtering and application rules;
is more easy to configure right after installation without any degradation of
the computer security level – the most frequently used applications are al­lowed by default to establish network connections strictly according to their types;
8 Kaspersky Anti-Hacker
has an improved graphic interface: supports XP style under Windows XP; the rule handling lists can be resized; to add a new rule you can use the <Ins> key.
1.3. Distribution Kit
What is in the Distribution kit ­License agreement.
1.3.1. What Is in the Distribution Kit
The distribution kit includes:
A sealed envelope containing installation CD with software files for the product
This user guide
Key diskette or key file on the installation CD

License agreement

Before you unseal the CD envelope, be sure to review the license agreement thoroughly.
1.3.2. License Agreement
The License Agreement (LA) is a legal agreement between you (either an individual or a single entity) and the manufacturer (Kaspersky Labs Ltd.) describing the terms on which you may employ the anti-virus product which you have purchased.
Please ensure you read all the terms of the LA!
If you do not agree to the terms of this LA, Kaspersky Labs is not willing to license the software product to you and you should return the unused product to your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope containing the CD (or diskettes) is sealed.
Kaspersky Anti-Hacker 9
By unsealing the envelope you agree to all the terms of the LA.
1.4. Information in the Book
Issues covered in this documentation
This book contains information on how to install, customize and manage Kaspersky Anti-Hacker.
The book is divided into the following chapters:
Chapter Summary
Kaspersky Anti-Hacker What is Kaspersky Anti-Hacker? Items in the
distribution kit and information in this book.
Installing and Removing the Software
Starting Work How to start working with the software product.
Kaspersky Anti-Hacker – Preventing Hacker Attacks
Running the Program Screening the main program window and
Enabling the Security System and Defining its Settings
Viewing Performance Results
Appendix А. Kaspersky Labs Ltd.
Appendix В. Index Glossary of the terms used in this
System requirements. How to install the software.
Example of the security system configuration.
Operating principles of the software product. Main terms, and tasks to be accomplished by the product.
working with its items.
How to enable the security system. Defining the security settings - rules for applications and datagram filtering rules.
Reviewing the logs - network attacks, application activity and packet filtering. Reviewing the list of open ports, established connections, and active network applications.
Information about Kaspersky Labs Ltd. Contact data.
documentation.
10 Kaspersky Anti-Hacker
Chapter Summary
Appendix С. Frequently Asked Questions
Answers to frequently asked questions.
1.5. Conventions
Conventions used in this book
In this book we use a number of conventions to emphasize various important parts of the documentation.
Convention Meaning
Bold font
Note.
Attention!
To start the program, follow
these steps:
1. Step 1.
Menu titles, commands, window titles, dialog elements, etc.
Additional information, notes.
Critical information.
Actions that must be taken.
2. …
Task:
Solution
Example of a user defined task to be accomplished using this program.
Solution of the task.
Kaspersky Anti-Hacker 11
1.6. Help Desk for Registered Users
Services provided by Kaspersky Labs to registered users
Kaspersky Labs offers a large service package enabling its registered customers to employ Kaspersky Anti-Hacker more efficiently.
If you register and purchase a subscription you will be provided with the following services for the period of your subscription:
New versions of this software product, provided free
Phone and e-mail support advising on matters related to installation, con-
figuration and management of this software product
Information about new products from Kaspersky Labs and about new computer viruses (for those who subscribe to the Kaspersky Labs news­letter)
Kaspersky Labs does not provide information related to management and use of your operating system, and associated technologies.
CHAPTER 2. INSTALLING AND
REMOVING THE SOFTWARE
2.1. Hardware and Software Requirements
System requirements to be met in order to run the program
In order to run Kaspersky Anti-Hacker you need a system that meets the following requirements:
Preinstalled Microsoft Windows operating system version 98/ME/NT
4.0/2000/XP
To install under Microsoft Windows NT 4.0/2000/XP, you must be author­ized administrator
Supported TCP/IP protocol
Local network (Ethernet) or dial-up connection (standard or ADSL-
modem)
Microsoft Internet Explorer (minimum 5.0 , 5.5 (SP 2) or higher recom­mended)
At least 50 Mb of free space for the program files and extra space for the program logs
To run under Windows® 98/Me/NT 4.0, you must have:
Intel Pentium® processor of 133MHz or higher under Windows
98 or Windows NT 4.0
Intel Pentium® processor of 150MHz or higher under Windows Me
Installing and Removing the Software 13
32 Mb RAM
Preinstalled Service Pack v. 6.0 or higher under Windows
NT 4.0 Workstation
To run under Windows 2000, you must have:
Intel Pentium® processor of 133MHz or higher
64 Mb RAM
To run under Windows XP, you must have:
Intel Pentium® processor of 300MHz or higher
128 Mb RAM
2.2. Installing
Step-by-step installation. Setup Wizard
Run the Setup.exe program from the CD to start the program installation. The setup wizard operates in dialog mode. Every dialog box contains a certain set of buttons allowing management of the setup. The main buttons are:
OK – to accept actions
Cancel – to cancel action(s)
Next – to move one step forward
Back – to move one step backward
Before installing Kaspersky Anti-Hacker please quit all programs running on your computer.
Step 1. Read general information
The first dialog box of the setup wizard (see fig. 1) contains general information about the Kaspersky Anti-Hacker package.
14 Kaspersky Anti-Hacker
Step 2. Read the license agreement
The License Agreement dialog box (see fig. 2) contains the agreement text. Read it carefully and press Yes if you agree to the license agreement terms. Otherwise, press No to abort the setup.
Fig. 1. The first dialog box of the setup wizard
Step 3. Input user information
Fig. 3. The Customer Information dialog box
Fig. 2. The License Agreement dialog box
Enter the user information in the Customer Information dialog box (see fig. 3). Enter the appropriate data in the User Name field and the Company Name field. By default the information for these fields is taken from the Windows registry.
Installing and Removing the Software 15
Step 4. Select the folder the program will be installed to
In the Choose Destination Location dialog box (see fig. 4),
select the installation folder where the Kaspersky Anti-Hacker program components will be installed. The folder must be defined in the Destination Folder field. To do this, press Browse and indicate the folder path in the Choose Folder standard dialog box.
Fig. 4. The Choose Destination Location
dialog box
Step 5. Input the program group name in the Start\Programs
menu
Define the folder name in the Select Program Folder dialog box (see fig. 5) for the Kaspersky Anti-Hacker icon to appear in the standard Program menu. Press Next.
Fig. 5. The Select Program Folder dialog box
Step 6. Define paths to the key files*
In the Key File dialog box (see fig. 6), you must define the key file name (the *.key file) and the path.
16 Kaspersky Anti-Hacker
If the file is located in the setup folder, its name will be displayed in the list of key files to be installed.
If the key file is located in a different folder, press Add and define the key file name and the path in the Select Key File standard dialog box. If required, the program may simultaneously use several key files.
Fig. 6. The Key File dialog box
It is advised that you check the Select Key Association checkbox. In this case you will be able to install new key files by double-clicking on their names. If you leave the box unchecked you will have to copy a key file to the shared files folder in order to install it.
The Key File is your personal key that contains the following housekeeping data, essential for Kaspersky Anti-Hacker to apply all its features:
Your version vendor information (company name, addresses, telephone numbers)
Support information (Name and location of support services)
Product release date
Name and number of the license
License period of validity
Step 7. Copying files to the hard drive
Read the setup information in the Start Copying Files dialog box (see fig. 7). If you need to change any settings, you must return to the appropriate wizard box by pressing the Back button. If the setup information is correct, press Next. The program will start copying files to the hard disk. Progress is indicated by the progress bar in the Setup Status dialog box (fig. 8).
Installing and Removing the Software 17
Fig. 7. The Start Copying Files dialog box
Fig. 8. The Setup Status dialog box
Step 8. Completing setup
Upon completion of the Kaspersky Anti-Hacker package installation the Completing Setup Wizard dialog box appears on the screen (see fig. 9).
To complete the installation you must restart your system. Check the
Yes, I want to restart my computer now box to restart your system right away, or the No, I will restart my computer later box to
postpone the restart. Press the Finish button to finish the installation.
Fig. 9. The Completing Setup Wizard dialog
box
18 Kaspersky Anti-Hacker
2.3. Removing the Program
Removing the program from your computer
To remove the Kaspersky Anti-Hacker program follow these steps:
1. Press the Start button in the bottom left corner of your Windows desktop and point to Programs.
2. Point to the program group that corresponds to your Kaspersky Anti­Hacker installation. The default name of this program group is Kaspersky Anti-Hacker, but you may have changed it during the installation. Then point to Kaspersky Anti-Hacker Uninstall.
3. If you wish to uninstall Kaspersky Anti-Hacker, press Yes in the confirmation box. If you change your mind, cancel the uninstall process by pressing the No button.
To add/remove the program you can use the Add/Remove Programs icon in the MS Windows Control Panel.
CHAPTER 3. STARTING WORK
How to start working with the software product. Example of security system configuration
As soon as you install the program and restart your computer the security system is activated. In fact, from this very moment, Kaspersky Anti-Hacker is monitoring for attacks against your machine and attempts by your applications to interact via a local network or the Internet.
After you enter the system you begin to work as usual. When no network connection is established, the security system on your machine is indicated only
by the appear on your screen. In this window, you may review information about the current security level and change this level if required (for details of the program main window refer to subchapter 5.3 on page 29). By default the Medium level is enabled. This level allows you to configure your security system conversationally. In most cases you will not have to configure the system yourself: the most frequently used applications are allowed by default to establish network connections strictly according to their type. However sometimes you will have to configure your security system manually. Let’s review the corresponding example:
icon in the system tray. If you click on it, the program main window will
Task: Suppose your computer is connected to the Internet, and you start Microsoft Internet Explorer and enter www.kaspersky.com in the address field. The following message will appear on your screen: Create a rule for IEXPLORER.EXE (see fig. 10).
In the upper area of this dialog box you will see the icon for the application concerned, its name (in this case Microsoft Internet Explorer), the site address used to establish the connection. To review more details about this application, you just have to click on the underlined link (see fig. 11).
The required network connection will not be established until you select how to handle this application activity. To do this, you must respond to the message on your screen.
www.kaspersky,com, and the port to be
20 Kaspersky Anti-Hacker
Fig. 10. Self-training dialog box of the security
system
Fig. 11. Information about the
connection to be established
Follow these steps:
1. Select the Allow activity of this application according to its type option button and Web browser (IE, Netscape...) from the drop-down list.
2. Press ОК.
After this, Kaspersky Anti-Hacker will allow Microsoft Internet Explorer to establish the connection. In addition, the application will be allowed to establish other connections in accordance with its type.
As you have probably noticed, there are three options in the Create a rule for IEXPLORER.EXE dialog box:
Allow activity of this application according to its type (the option you
selected in the example above) – allows only network communication that is compliant with the specified application category. Select the required category from the drop-down list below the option button. You can allow any activity of this application by selecting Allow all from the drop-down list.
Starting Work 21
Block any network activity of this application – blocks the specified
application from any kind of network activity including the described op­eration.
Customize the rule – allows you to specify the operations that will be al-
lowed for this application. If you select this option button and click ОК, the rule wizard window will appear on your screen. Use the rule wizard to de­fine requirements for the operations to be allowed for this application (for details of the rule wizard see subchapter 6.3.2 on page 49).
If you are not sure which option to select, use the Allow once or the Block once buttons at the bottom of the dialog box. Later on you will be able to monitor the application behavior and decide which option to select.
If you close the training window by pressing the right corner, the operation at issue will be blocked this time.
button in its upper-
In this way you can conversationally configure your computer security system in an appropriate way.
To review the list of defined rules, select Application rules from the
Service menu or press the
button in the main window toolbar.
We recommend that you use the Medium level for the first few weeks after program installation. This will allow the program to automatically configure your security system depending on your responses to various network events. Create the rules allowing standard network operations.
When the training period is over, you can switch the program to the High level, and secure your computer against any unauthorized network events and hacker attacks. However, remember the newly installed applications will by default be disabled from accessing the local network and/or the Internet. To teach your Kaspersky Anti-Hacker to handle these new applications you will have to switch it back to Medium or manually define the appropriate rule for these applications.
CHAPTER 4. KASPERSKY ANTI-
HACKER – PREVENTING HACKER ATTACKS
4.1. Kaspersky Anti-Hacker Operating Principles
How does Kaspersky Anti-Hacker operate? Application rules. Packet filtering rules. Intrusion Detection System.
Kaspersky Anti-Hacker protects your computer from network attacks and preserves your confidential data. To do this, Kaspersky Anti-Hacker monitors all network operations on your computer. There are two types of network operation:
Operations on the application level (high-level). At this level, Kaspersky Anti-Hacker analyses activity of network applications, including web browsers, mail programs, file transferring programs and others.
Operations on the packet level (low-level). At this level, Kaspersky Anti­Hacker analyses data packet sent/received by your netcard or modem.
You work with Kaspersky Anti-Hacker by creating special filtering rules for network operations. Some filtering is performed automatically by the Intrusion Detection System, which can detect port scanning, DOS attacks, etc., and can then block the assaulter. In addition, you can define your own filtering rules to reinforce protection of your machine.
For every type of network operation there are separate lists of Kaspersky Anti­Hacker rules.
Application rules. Here you can select the required application and allow an activity that is compliant with the application type. You can define any number of rules for every application, as required. If any network activity not meeting conditions of the rule is detected on your machine, the pro­gram will notify you and allow you to block the unwanted action (if Me-
Kaspersky Anti-Hacker – Preventing Hacker Attacks 23
dium level is enabled). In order to define the simplest rule for an applica­tion, you can simply select its type from the drop-down list (for details see subchapter 6.3.2.1 on page 49). To define a more complicated rule, you can specify the remote services and addresses allowed for this applica­tion.
Packet filtering rules allow or block network packets sent or received by your machine. These rules review the packet header (the protocol used, the port numbers, the IP addresses etc.), and take decisions on the basis of this data. These rules are applied to all network applications running on your machine. For example, if you create a rule to block a certain IP ad­dress, all network communications to this address will be prohibited.
Packet filtering rules have a higher priority than application rules, i.e. these rules are instigated first. For example, if you create a rule to block all incoming and outgoing data packets, then the program will apply no application rules while filtering data packets.
4.2. Security Levels
What security levels are supported by Kaspersky Anti-Hacker?
The program allows you to select one of the following security levels:
Allow all – disables the security system on your machine. When this level of security is selected, any network activity is allowed on your machine.
Low – allows network activity of all applications except those explicitly prohibited by user defined application rules.
Medium – notifies you about network events related to your applications and allows you to configure your security system for optimal performance. If a network application on your computer tries to connect to the local network or the Internet, the training mode will be activated. The applica­tion and the network operation details will be displayed on your screen. On the basis of this data the program will prompt you to select one of the following courses of action: to allow or to block this event once, to com­pletely block activity of this application, to allow the application activity ac­cording to its type, or to define additional network communication settings. Depending on your answer, the program will create a rule for this applica­tion that will subsequently be applied by the program automatically.
High – prohibits network activity for all applications except for those ex- plicitly allowed by user defined application rules. When this security level
24 Kaspersky Anti-Hacker
is enabled, the program training dialog box does not appear on your screen, and all attempts to establish connections not defined in the user rules are blocked.
Remember that all applications installed after you switch to this security level are by default disabled from accessing the Internet or the local network.
Block all – disables your computer from accessing the Internet or the lo- cal network. This level creates a situation in which all attempts to estab­lish connection via the Internet or the local network are blocked as if your computer is physically disconnected.
With the High, Medium or Low level enabled you can set the supplementary security tool – Stealth mode (see subchapter 5.6 on page 33). This mode allows only the network activity initiated by you, all other types of activity (remote access to your machine, checking of your machine using the ping utility and so on) are prohibited, if not explicitly allowed by the user rules. Actually it means that you computer becomes "invisible" from the external environment. Hackers lose the target and all their attempts to access your computer are doomed to fail. Besides, this allows for prevention of the DoS (Denial of Service) attack of all types. At the same time you will not feel any negative influence of this mode while working on the Web: Kaspersky Anti-Hacker allows the network activity initiated from your machine. Attention! The intrusion detection system is enabled for all security levels except for Allow all. However, if required, you can manually disable it (see subchapter 6.5.1 on page 69).
4.3. Recommended Settings
How to select proper security levels, and define rules for various situations?
What components of Kaspersky Anti-Hacker should be used and what security level should be selected? The answer depends on the task you want to accomplish.
Task 1. How to protect your data from external attacks via the Internet?
Kaspersky Anti-Hacker – Preventing Hacker Attacks 25
The following are two of the main methods used by hackers to steal or corrupt user data via the Internet: penetration into a target com­puter system using computer software errors, and infection of a target computer by Trojans.
If you learn about an error in one of the programs installed on your machine, be sure to create a blocking rule for this application. It is advised that you create a complex blocking rule (see subchapter 6.3.2.1 on page 49) that will take into account features of this error.
Suppose your computer is infected by a Trojan via a diskette or by email, and the malicious program attempts to send some data via the Internet. Kaspersky Anti-Hacker will easily preserve your data by blocking this operation (at the High level), or by issuing an appropriate notification (at the Medium level).
Attention!!! Kaspersky Anti-Hacker does not protect your computer from viruses and malicious programs.
For example, a Trojan may use a standard mail program on your computer to send out your confidential data. In this case Kaspersky Anti-Hacker will not be able to prevent the action. Moreover, if your computer is infected by a virus or a malicious program, your data may simply be destroyed and the computer may become a virus source. In this case Kaspersky Anti-Hacker may only partially eliminate conse­quences of the infection. To effectively protect your system from vi­ruses and malicious programs it is advisable that you use the Kaspersky Anti-Virus Personal/Personal anti-virus program in combi­nation with Kaspersky Anti-Hacker. Also, we recommend that you create application rules allowing your computer applications to en­gage in activity strictly according to their type. It is also advisable that you use the list of application rules to assign those types of activities to the applications that strictly correspond to operations allowed for these applications. This way, the risk of unauthorized network opera­tions performed on your machine will be minimized.
Suppose, you learn that your computer is constantly attacked by a remote machine.
Task 2. How to block attacks from certain Internet addresses?
You may prohibit your computer from communication with certain remote addresses by configuring appropriate packet filtering rules. For example, in figure 12 you can see a rule blocking communication with the 111.111.111.111 address.
To prevent from such situations, it is advisable that you keep your Intrusion Detection System enabled.
26 Kaspersky Anti-Hacker
Fig. 12. The rule blocking communication with certain unreliable addresses
For example, you may use Kaspersky Anti-Hacker to block banner display on web pages. To do this, create a packet filtering rule to block communication with web sites from where the banners are usually downloaded (for example, linkexchange.ru).
Suppose you are afraid of attacks from the local network or want to protect your personal data from thieves.
Task 3. You must monitor operations on the local network
The computer communicates with a local network at the operating sys­tem level, therefore it is not always possible to identify the application involved. In this case you must create an appropriate packet filtering rule to secure your data. In order to simplify configuration of the security system, Kaspersky Anti­Hacker preinstalls some packet filtering rules allowing communication via the local network. By default the local network is allowed. However, you can redefine the default packet filtering rules to completely block access to the local network, or allow it only for certain computers.
CHAPTER 5. RUNNING THE
PROGRAM
How to start the program? The program main window and its items. Exiting the program.
5.1. Starting the Program
Kaspersky Anti-Hacker is started automatically as soon as you enter your operating system. If you close the program, you can manually start it again.
To start Kaspersky Anti-Hacker, follow these steps:
1. Press the Start button in the bottom left corner of your Windows desktop and point to Programs.
2. Point to the program group that corresponds to your Kaspersky Anti­Hacker installation. The default name of this program group is Kaspersky Anti-Hacker, but you may have changed it during installation. Then point to Kaspersky Anti-Hacker.
3. Left click on the and select Open Kaspersky Anti-Hacker from the menu on your screen.
The Kaspersky Anti-Hacker main window will appear on your screen (see subchapter 5.3 on page 29).
You may also start the program directly from its directory. To do this, start Windows Explorer and go to the Kaspersky Anti-Hacker directory (the default program directory is C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker). Double-click on the KAVPF.exe file located in this directory.
icon that appears in your system tray, or right click it
28 Kaspersky Anti-Hacker
5.2. System Menu
Icon in the system tray. System menu.
After the program is started, the icon appears in the system tray.
By right clicking on this icon you can display the system menu (see fig. 13). The system menu includes the following commands:
Table 1
Menu !commands Function
(The command allows you to:)
Open Kaspersky Anti-Hacker…
Security level
About Kaspersky Anti-Hacker ...
Exit
Fig. 13. System menu
Display the program main window.
Switch to another security level:
Block all, High, Medium, Low, Allow all. For details about the security
levels see subchapter 4.2 on page 23.
Display an information box with program details and information about the keys used.
Unload the program from computer memory.
Running the Program 29
5.3. Main Window
When the program is started, the main window appears on your screen (see fig. 14). The Kaspersky Anti-Hacker main window allows you to select the current security level, to review the current status of your security system, to change the packet filtering settings, and to review/configure the program logs.

Fig. 14. The Kaspersky Anti-Hacker main window

The Kaspersky Anti-Hacker main window includes the following items:
Menu
Toolbar
Workspace
Status bar
Loading...
+ 67 hidden pages