Kaspersky Anti-Hacker is a personal firewall that is designed to safeguard a
computer running a Windows operating system. It protects the computer against
unauthorized access to its data and external hacker attacks from the Internet or
an adjacent local network.
Kaspersky Anti-Hacker:
• Monitors the TCP/IP network activity of all applications running on your
machine. If it detects any suspicious actions, the program notifies you and
if required, blocks the suspect application from accessing the network.
This allows you to preserve confidential data on your machine. For example, if a Trojan tries to transmit any data from your computer, Kaspersky
Anti-Hacker will block this malware from accessing the Internet.
• The SmartStealth™ technique makes it difficult to detect your computer
from outside. As a result, hackers will lose the target and all their attempts
to access your computer will be doomed to fail. Besides, this allows for
prevention of the DoS (Denial of Service) attack of all types. At the same
time you will not feel any negative influence of this mode while working on
the Web: the program provides conventional transparency and accessibility of the data.
• Blocks the most common hacker network attacks by permanently filtering
the incoming and outgoing traffic, and also notifies the user about any
such attacks.
• Monitors for attempts to scan your ports (these attempts are usually followed by attacks), and prohibits any further communication with the attacking machine.
• Allows you to review the list of all established connections, open ports,
and active network applications, and if required, lets you terminate unwanted connections.
Kaspersky Anti-Hacker 7
• Allows you to secure your machine from hacker attacks without special
configuration of program settings. The program allows simplified management by choosing one of five security levels: Block all, High, Medium, Low, Allow all. By default the program starts with the Medium level, which
is a training mode that will automatically configure your security system
depending on your responses to various events.
• Allows flexibility of security system configuration. In particular, you can set
the program to filter network operations into wanted and unwanted, and
you can configure the Intrusion Detection System.
• Allows you to log certain security-related network events to various special-purpose logs. If required, you can define the detail level of the log entries.
The program may be used as a separate software product or as an integral
component of various Kaspersky Labs solutions.
Attention!!! Kaspersky Anti-Hacker does not protect your computer from
viruses and malicious programs that can destroy and/or corrupt your
data. It is advised that you use Kaspersky Anti-Virus Personal for this
purpose.
1.2. What’s new in v. 1.5
New features of version 1.5
The new version of this program:
• supports operations with ADSL modems;
• completely supports Stealth mode (tests passed at www.pcflank.com);
• is able to detect new network attacks: SmbDie, Helkern, and Lovesan;
• allows definition of port ranges for packet filtering and application rules;
• is more easy to configure right after installation without any degradation of
the computer security level – the most frequently used applications are allowed by default to establish network connections strictly according to
their types;
8Kaspersky Anti-Hacker
• has an improved graphic interface: supports XP style under Windows XP;
the rule handling lists can be resized; to add a new rule you can use the
<Ins> key.
1.3. Distribution Kit
What is in the Distribution kit License agreement.
1.3.1. What Is in the Distribution Kit
The distribution kit includes:
• A sealed envelope containing installation CD with software files for the
product
• This user guide
• Key diskette or key file on the installation CD
• License agreement
Before you unseal the CD envelope, be sure to review the license
agreement thoroughly.
1.3.2. License Agreement
The License Agreement (LA) is a legal agreement between you (either an
individual or a single entity) and the manufacturer (Kaspersky Labs Ltd.)
describing the terms on which you may employ the anti-virus product which you
have purchased.
Please ensure you read all the terms of the LA!
If you do not agree to the terms of this LA, Kaspersky Labs is not willing to
license the software product to you and you should return the unused product to
your Kaspersky Anti-Virus dealer for a full refund, making sure the envelope
containing the CD (or diskettes) is sealed.
Kaspersky Anti-Hacker 9
By unsealing the envelope you agree to all the terms of the LA.
1.4. Information in the Book
Issues covered in this documentation
This book contains information on how to install, customize and manage
Kaspersky Anti-Hacker.
The book is divided into the following chapters:
Chapter Summary
Kaspersky Anti-Hacker What is Kaspersky Anti-Hacker? Items in the
distribution kit and information in this book.
Installing and Removing the
Software
Starting Work How to start working with the software product.
Kaspersky Anti-Hacker –
Preventing Hacker Attacks
Running the Program Screening the main program window and
Enabling the Security
System and Defining its
Settings
Viewing Performance
Results
Appendix А. Kaspersky
Labs Ltd.
Appendix В. Index Glossary of the terms used in this
System requirements. How to install the
software.
Example of the security system configuration.
Operating principles of the software product.
Main terms, and tasks to be accomplished by
the product.
working with its items.
How to enable the security system. Defining the
security settings - rules for applications and
datagram filtering rules.
Reviewing the logs - network attacks,
application activity and packet filtering.
Reviewing the list of open ports, established
connections, and active network applications.
Information about Kaspersky Labs Ltd. Contact
data.
documentation.
10Kaspersky Anti-Hacker
Chapter Summary
Appendix С. Frequently
Asked Questions
Answers to frequently asked questions.
1.5. Conventions
Conventions used in this book
In this book we use a number of conventions to emphasize various important
parts of the documentation.
Convention Meaning
Bold font
Note.
Attention!
To start the program, follow
these steps:
1. Step 1.
Menu titles, commands, window titles,
dialog elements, etc.
Additional information, notes.
Critical information.
Actions that must be taken.
2. …
Task:
Solution
Example of a user defined task to be
accomplished using this program.
Solution of the task.
Kaspersky Anti-Hacker 11
1.6. Help Desk for Registered Users
Services provided by Kaspersky Labs
to registered users
Kaspersky Labs offers a large service package enabling its registered customers
to employ Kaspersky Anti-Hacker more efficiently.
If you register and purchase a subscription you will be provided with the following
services for the period of your subscription:
• New versions of this software product, provided free
• Phone and e-mail support advising on matters related to installation, con-
figuration and management of this software product
• Information about new products from Kaspersky Labs and about new
computer viruses (for those who subscribe to the Kaspersky Labs newsletter)
Kaspersky Labs does not provide information related to management
and use of your operating system, and associated technologies.
CHAPTER 2. INSTALLING AND
REMOVING THE SOFTWARE
2.1. Hardware and Software
Requirements
System requirements to be met in
order to run the program
In order to run Kaspersky Anti-Hacker you need a system that meets the
following requirements:
• Preinstalled Microsoft Windows operating system version 98/ME/NT
4.0/2000/XP
• To install under Microsoft Windows NT 4.0/2000/XP, you must be authorized administrator
• Supported TCP/IP protocol
• Local network (Ethernet) or dial-up connection (standard or ADSL-
modem)
• Microsoft Internet Explorer (minimum 5.0 , 5.5 (SP 2) or higher recommended)
• At least 50 Mb of free space for the program files and extra space for the
program logs
• To run under Windows® 98/Me/NT 4.0, you must have:
• Intel Pentium® processor of 133MHz or higher under Windows
98 or Windows NT 4.0
• Intel Pentium® processor of 150MHz or higher under Windows
Me
Installing and Removing the Software 13
• 32 Mb RAM
• Preinstalled Service Pack v. 6.0 or higher under Windows
NT 4.0 Workstation
• To run under Windows 2000, you must have:
• Intel Pentium® processor of 133MHz or higher
• 64 Mb RAM
• To run under Windows XP, you must have:
• Intel Pentium® processor of 300MHz or higher
• 128 Mb RAM
2.2. Installing
Step-by-step installation. Setup
Wizard
Run the Setup.exe program from the CD to start the program installation. The
setup wizard operates in dialog mode. Every dialog box contains a certain set of
buttons allowing management of the setup. The main buttons are:
• OK – to accept actions
• Cancel – to cancel action(s)
• Next – to move one step forward
• Back – to move one step backward
Before installing Kaspersky Anti-Hacker please quit all programs
running on your computer.
Step 1. Read general information
The first dialog box of the setup wizard (see fig. 1) contains general information
about the Kaspersky Anti-Hacker package.
14Kaspersky Anti-Hacker
Step 2. Read the license agreement
The License Agreement dialog box (see fig. 2) contains the agreement text.
Read it carefully and press Yes if you agree to the license agreement terms.
Otherwise, press No to abort the setup.
Fig. 1. The first dialog box of the setup wizard
Step 3. Input user information
Fig. 3. The Customer Information dialog box
Fig. 2. The License Agreement dialog box
Enter the user information in the
Customer Information dialog box
(see fig. 3). Enter the appropriate
data in the User Name field and the
Company Name field. By default the
information for these fields is taken
from the Windows registry.
Installing and Removing the Software 15
Step 4. Select the folder the program will be installed to
In the Choose Destination
Location dialog box (see fig. 4),
select the installation folder where
the Kaspersky Anti-Hacker
program components will be
installed. The folder must be
defined in the Destination Folder
field. To do this, press Browse
and indicate the folder path in the
Choose Folder standard dialog
box.
Fig. 4. The Choose Destination Location
dialog box
Step 5. Input the program group name in the Start\Programs
menu
Define the folder name in the
Select Program Folder dialog
box (see fig. 5) for the Kaspersky
Anti-Hacker icon to appear in the
standard Program menu. Press
Next.
Fig. 5. The Select Program Folder dialog box
Step 6. Define paths to the key files*
In the Key File dialog box (see fig. 6), you must define the key file name (the
*.key file) and the path.
16Kaspersky Anti-Hacker
If the file is located in the setup
folder, its name will be displayed in
the list of key files to be installed.
If the key file is located in a
different folder, press Add and
define the key file name and the
path in the Select Key File
standard dialog box. If required,
the program may simultaneously
use several key files.
Fig. 6. The Key File dialog box
It is advised that you check the Select Key Association checkbox. In this case
you will be able to install new key files by double-clicking on their names. If you
leave the box unchecked you will have to copy a key file to the shared files folder
in order to install it.
The Key File is your personal key that contains the following housekeeping data,
essential for Kaspersky Anti-Hacker to apply all its features:
• Your version vendor information (company name, addresses, telephone
numbers)
• Support information (Name and location of support services)
• Product release date
• Name and number of the license
• License period of validity
Step 7. Copying files to the hard drive
Read the setup information in the Start Copying Files dialog box (see fig. 7). If
you need to change any settings, you must return to the appropriate wizard box
by pressing the Back button. If the setup information is correct, press Next. The
program will start copying files to the hard disk. Progress is indicated by the
progress bar in the Setup Status dialog box (fig. 8).
Installing and Removing the Software 17
Fig. 7. The Start Copying Files dialog box
Fig. 8. The Setup Status dialog box
Step 8. Completing setup
Upon completion of the Kaspersky Anti-Hacker package installation the
Completing Setup Wizard dialog box appears on the screen (see fig. 9).
To complete the installation you
must restart your system. Check the
Yes, I want to restart my
computer now box to restart your system right away, or the No, I will
restart my computer later box to
postpone the restart. Press the
Finish button to finish the
installation.
Fig. 9. The Completing Setup Wizard dialog
box
18Kaspersky Anti-Hacker
2.3. Removing the Program
Removing the program from your
computer
To remove the Kaspersky Anti-Hacker program follow these steps:
1. Press the Start button in the bottom left corner of your Windows
desktop and point to Programs.
2. Point to the program group that corresponds to your Kaspersky AntiHacker installation. The default name of this program group is
Kaspersky Anti-Hacker, but you may have changed it during the
installation. Then point to Kaspersky Anti-Hacker Uninstall.
3. If you wish to uninstall Kaspersky Anti-Hacker, press Yes in the
confirmation box. If you change your mind, cancel the uninstall process
by pressing the No button.
To add/remove the program you can use the Add/Remove Programs
icon in the MS Windows Control Panel.
CHAPTER 3. STARTING WORK
How to start working with the
software product. Example of
security system configuration
As soon as you install the program and restart your computer the security system
is activated. In fact, from this very moment, Kaspersky Anti-Hacker is monitoring
for attacks against your machine and attempts by your applications to interact via
a local network or the Internet.
After you enter the system you begin to work as usual. When no network
connection is established, the security system on your machine is indicated only
by the
appear on your screen. In this window, you may review information about the
current security level and change this level if required (for details of the program
main window refer to subchapter 5.3 on page 29). By default the Medium level is
enabled. This level allows you to configure your security system conversationally.
In most cases you will not have to configure the system yourself: the most
frequently used applications are allowed by default to establish network
connections strictly according to their type. However sometimes you will have to
configure your security system manually. Let’s review the corresponding
example:
icon in the system tray. If you click on it, the program main window will
Task: Suppose your computer is connected to the Internet, and
you start Microsoft Internet Explorer and enter
www.kaspersky.com in the address field. The following message
will appear on your screen: Create a rule for IEXPLORER.EXE
(see fig. 10).
In the upper area of this dialog box you will see the icon for the
application concerned, its name (in this case Microsoft Internet
Explorer), the site address
used to establish the connection. To review more details about
this application, you just have to click on the underlined link (see
fig. 11).
The required network connection will not be established until you
select how to handle this application activity. To do this, you must
respond to the message on your screen.
www.kaspersky,com, and the port to be
20Kaspersky Anti-Hacker
Fig. 10. Self-training dialog box of the security
system
Fig. 11. Information about the
connection to be established
Follow these steps:
1. Select the Allow activity of this application according to its type option button and Web browser (IE, Netscape...) from the
drop-down list.
2. Press ОК.
After this, Kaspersky Anti-Hacker will allow Microsoft Internet Explorer
to establish the connection. In addition, the application will be allowed to
establish other connections in accordance with its type.
As you have probably noticed, there are three options in the Create a rule for IEXPLORER.EXE dialog box:
• Allow activity of this application according to its type (the option you
selected in the example above) – allows only network communication that
is compliant with the specified application category. Select the required
category from the drop-down list below the option button. You can allow
any activity of this application by selecting Allow all from the drop-down
list.
Starting Work21
• Block any network activity of this application – blocks the specified
application from any kind of network activity including the described operation.
• Customize the rule – allows you to specify the operations that will be al-
lowed for this application. If you select this option button and click ОК, the
rule wizard window will appear on your screen. Use the rule wizard to define requirements for the operations to be allowed for this application (for
details of the rule wizard see subchapter 6.3.2 on page 49).
If you are not sure which option to select, use the Allow once or the Block once
buttons at the bottom of the dialog box. Later on you will be able to monitor the
application behavior and decide which option to select.
If you close the training window by pressing the
right corner, the operation at issue will be blocked this time.
button in its upper-
In this way you can conversationally configure your computer security system in
an appropriate way.
To review the list of defined rules, select Application rules from the
Service menu or press the
button in the main window toolbar.
We recommend that you use the Medium level for the first few weeks after
program installation. This will allow the program to automatically configure your
security system depending on your responses to various network events. Create
the rules allowing standard network operations.
When the training period is over, you can switch the program to the High level,
and secure your computer against any unauthorized network events and hacker
attacks. However, remember the newly installed applications will by default be
disabled from accessing the local network and/or the Internet. To teach your
Kaspersky Anti-Hacker to handle these new applications you will have to switch it
back to Medium or manually define the appropriate rule for these applications.
CHAPTER 4. KASPERSKY ANTI-
HACKER – PREVENTING
HACKER ATTACKS
4.1. Kaspersky Anti-Hacker
Operating Principles
How does Kaspersky Anti-Hacker
operate? Application rules. Packet
filtering rules. Intrusion Detection
System.
Kaspersky Anti-Hacker protects your computer from network attacks and
preserves your confidential data. To do this, Kaspersky Anti-Hacker monitors all
network operations on your computer. There are two types of network operation:
• Operations on the application level (high-level). At this level, Kaspersky
Anti-Hacker analyses activity of network applications, including web
browsers, mail programs, file transferring programs and others.
• Operations on the packet level (low-level). At this level, Kaspersky AntiHacker analyses data packet sent/received by your netcard or modem.
You work with Kaspersky Anti-Hacker by creating special filtering rules for
network operations. Some filtering is performed automatically by the Intrusion
Detection System, which can detect port scanning, DOS attacks, etc., and can
then block the assaulter. In addition, you can define your own filtering rules to
reinforce protection of your machine.
For every type of network operation there are separate lists of Kaspersky AntiHacker rules.
• Application rules. Here you can select the required application and allow
an activity that is compliant with the application type. You can define any
number of rules for every application, as required. If any network activity
not meeting conditions of the rule is detected on your machine, the program will notify you and allow you to block the unwanted action (if Me-
dium level is enabled). In order to define the simplest rule for an application, you can simply select its type from the drop-down list (for details see
subchapter 6.3.2.1 on page 49). To define a more complicated rule, you
can specify the remote services and addresses allowed for this application.
• Packet filtering rules allow or block network packets sent or received by
your machine. These rules review the packet header (the protocol used,
the port numbers, the IP addresses etc.), and take decisions on the basis
of this data. These rules are applied to all network applications running on
your machine. For example, if you create a rule to block a certain IP address, all network communications to this address will be prohibited.
Packet filtering rules have a higher priority than application rules, i.e.
these rules are instigated first. For example, if you create a rule to block
all incoming and outgoing data packets, then the program will apply no
application rules while filtering data packets.
4.2. Security Levels
What security levels are supported
by Kaspersky Anti-Hacker?
The program allows you to select one of the following security levels:
• Allow all – disables the security system on your machine. When this level
of security is selected, any network activity is allowed on your machine.
• Low – allows network activity of all applications except those explicitly
prohibited by user defined application rules.
• Medium – notifies you about network events related to your applications
and allows you to configure your security system for optimal performance.
If a network application on your computer tries to connect to the local
network or the Internet, the training mode will be activated. The application and the network operation details will be displayed on your screen.
On the basis of this data the program will prompt you to select one of the
following courses of action: to allow or to block this event once, to completely block activity of this application, to allow the application activity according to its type, or to define additional network communication settings.
Depending on your answer, the program will create a rule for this application that will subsequently be applied by the program automatically.
• High – prohibits network activity for all applications except for those ex-
plicitly allowed by user defined application rules. When this security level
24Kaspersky Anti-Hacker
is enabled, the program training dialog box does not appear on your
screen, and all attempts to establish connections not defined in the user
rules are blocked.
Remember that all applications installed after you switch to this
security level are by default disabled from accessing the Internet
or the local network.
• Block all – disables your computer from accessing the Internet or the lo-
cal network. This level creates a situation in which all attempts to establish connection via the Internet or the local network are blocked as if your
computer is physically disconnected.
With the High, Medium or Low level enabled you can set the
supplementary security tool – Stealth mode (see subchapter 5.6 on
page 33). This mode allows only the network activity initiated by you, all
other types of activity (remote access to your machine, checking of your
machine using the ping utility and so on) are prohibited, if not explicitly
allowed by the user rules.
Actually it means that you computer becomes "invisible" from the
external environment. Hackers lose the target and all their attempts to
access your computer are doomed to fail. Besides, this allows for
prevention of the DoS (Denial of Service) attack of all types.
At the same time you will not feel any negative influence of this mode
while working on the Web: Kaspersky Anti-Hacker allows the network
activity initiated from your machine.
Attention! The intrusion detection system is enabled for all security
levels except for Allow all. However, if required, you can manually
disable it (see subchapter 6.5.1 on page 69).
4.3. Recommended Settings
How to select proper security levels,
and define rules for various
situations?
What components of Kaspersky Anti-Hacker should be used and what security
level should be selected? The answer depends on the task you want to
accomplish.
Task 1. How to protect your data from external attacks via the
Internet?
The following are two of the main methods used by hackers to steal
or corrupt user data via the Internet: penetration into a target computer system using computer software errors, and infection of a target
computer by Trojans.
If you learn about an error in one of the programs installed on your
machine, be sure to create a blocking rule for this application. It is
advised that you create a complex blocking rule (see
subchapter 6.3.2.1 on page 49) that will take into account features of
this error.
Suppose your computer is infected by a Trojan via a diskette or by
email, and the malicious program attempts to send some data via the
Internet. Kaspersky Anti-Hacker will easily preserve your data by
blocking this operation (at the High level), or by issuing an
appropriate notification (at the Medium level).
Attention!!! Kaspersky Anti-Hacker does not protect your computer
from viruses and malicious programs.
For example, a Trojan may use a standard mail program on your
computer to send out your confidential data. In this case Kaspersky
Anti-Hacker will not be able to prevent the action. Moreover, if your
computer is infected by a virus or a malicious program, your data may
simply be destroyed and the computer may become a virus source. In
this case Kaspersky Anti-Hacker may only partially eliminate consequences of the infection. To effectively protect your system from viruses and malicious programs it is advisable that you use the
Kaspersky Anti-Virus Personal/Personal anti-virus program in combination with Kaspersky Anti-Hacker. Also, we recommend that you
create application rules allowing your computer applications to engage in activity strictly according to their type. It is also advisable that
you use the list of application rules to assign those types of activities
to the applications that strictly correspond to operations allowed for
these applications. This way, the risk of unauthorized network operations performed on your machine will be minimized.
Suppose, you learn that your computer is constantly attacked by a
remote machine.
Task 2. How to block attacks from certain Internet addresses?
You may prohibit your computer from communication with certain
remote addresses by configuring appropriate packet filtering rules.
For example, in figure 12 you can see a rule blocking communication
with the 111.111.111.111 address.
To prevent from such situations, it is advisable that you keep your
Intrusion Detection System enabled.
26Kaspersky Anti-Hacker
Fig. 12. The rule blocking communication with certain unreliable addresses
For example, you may use Kaspersky Anti-Hacker to block banner
display on web pages. To do this, create a packet filtering rule to block
communication with web sites from where the banners are usually
downloaded (for example, linkexchange.ru).
Suppose you are afraid of attacks from the local network or want to
protect your personal data from thieves.
Task 3. You must monitor operations on the local network
The computer communicates with a local network at the operating system level, therefore it is not always possible to identify the application
involved. In this case you must create an appropriate packet filtering
rule to secure your data.
In order to simplify configuration of the security system, Kaspersky AntiHacker preinstalls some packet filtering rules allowing communication
via the local network. By default the local network is allowed. However,
you can redefine the default packet filtering rules to completely block
access to the local network, or allow it only for certain computers.
CHAPTER 5. RUNNING THE
PROGRAM
How to start the program? The
program main window and its items.
Exiting the program.
5.1. Starting the Program
Kaspersky Anti-Hacker is started automatically as soon as you enter your
operating system. If you close the program, you can manually start it again.
To start Kaspersky Anti-Hacker, follow these steps:
1. Press the Start button in the bottom left corner of your Windows
desktop and point to Programs.
2. Point to the program group that corresponds to your Kaspersky AntiHacker installation. The default name of this program group is
Kaspersky Anti-Hacker, but you may have changed it during
installation. Then point to Kaspersky Anti-Hacker.
3. Left click on the
and select Open Kaspersky Anti-Hacker from the menu on your
screen.
The Kaspersky Anti-Hacker main window will appear on your screen (see
subchapter 5.3 on page 29).
You may also start the program directly from its directory. To do this,
start Windows Explorer and go to the Kaspersky Anti-Hacker directory
(the default program directory is C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker). Double-click on the KAVPF.exe file
located in this directory.
icon that appears in your system tray, or right click it
28Kaspersky Anti-Hacker
5.2. System Menu
Icon in the system tray.
System menu.
After the program is started, the icon appears in the system tray.
By right clicking on this icon you can display the system menu (see fig. 13). The
system menu includes the following commands:
Table 1
Menu !commands Function
(The command allows you to:)
Open Kaspersky Anti-Hacker…
Security level
About Kaspersky Anti-Hacker ...
Exit
Fig. 13. System menu
Display the program main window.
Switch to another security level:
Block all, High, Medium, Low, Allow
all. For details about the security
levels see subchapter 4.2 on page 23.
Display an information box with
program details and information about
the keys used.
Unload the program from computer
memory.
Running the Program 29
5.3. Main Window
When the program is started, the main window appears on your screen (see
fig. 14). The Kaspersky Anti-Hacker main window allows you to select the current
security level, to review the current status of your security system, to change the
packet filtering settings, and to review/configure the program logs.
Fig. 14. The Kaspersky Anti-Hacker main window
The Kaspersky Anti-Hacker main window includes the following items:
• Menu
• Toolbar
• Workspace
• Status bar
Loading...
+ 67 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.