Surf the Internet worry-free by eliminating the security issues of NetBIOS in Windows 95, 98 and Me systems.

If you have a 24-7 broadband Internet connection, you probably know that firewalls are essential to protecting your Windows 95, 98 or Me system from malicious attacks. But what if you dial in to the Internet from a stand-alone Windows 95, 98, or Me system via a 56K modem? You might still need to be concerned with protecting your system.

Hidden in your system is an API that could be jeopardising your computer's security when you're connected to the Internet. If this API, called NetBIOS, is bound to the TCP/IP protocol (the protocol that you use to connect to the Internet), you're leaving your computer wide open to a potential attack.

In this article, I'll introduce you to this NetBIOS problem and show you how you can quickly eliminate this security hole for stand-alone Windows 95, 98 and Me systems. As I do, I'll provide you with some sources for additional information on this problem.

The trouble with NetBIOS

NetBIOS has a long history in networking and was first put into use in 1985 by IBM.

When Microsoft came out with its first Windows-based network operating systemâ€"Windows For Workgroupsâ€"they used an adapted version of NetBIOS for Windows and called it NetBEUI. Microsoft chose to use NetBEUI as the primary protocol for its networking software because it was very small and extremely efficient for small LANs consisting of between 20 and 200 computers. One of the things that made NetBEUI so great was the ease with which resources could be named, shared, and accessed in a workgroup (or peer-to-peer) network.

As the Internet and the World Wide Web burst on the scene, computers all over the world could easily connect to one another using the TCP/IP protocol, HTML, and browsing software such as Internet Explorer or Netscape Navigator. On the surface, users could interact with the Internet via their browsers; behind the scenes, their Windows-based systems used TCP/IP.

TCP/IP is the only protocol required to interact with the Internet. When you install TCP/IP on your Windows system, chances are good that NetBIOS and its wide-open file and printer sharing features, tag along by default. When this happens, chances are that you're leaving the backdoor open and don't even know it.

Leaving NetBIOS enabled thus means that your computer could potentially be sharing your hard drive on the Internet. In addition, all the files on your hard drive containing personal information are available to anyone who knows how to track this unlocked backdoor.

Finding unlocked backdoors on the Internet

Before we get into the details of locking backdoors, let's take a look at the situation from other end of the spectrumâ€"how does an outside user find the backdoor to your system?

It's all too easy to think that malicious users are only interested in breaking into computers owned by big corporations. You probably think your little computer on the huge Internet wouldn't even appear as a blip on the enemy's radar. However, that's far from the truth.

There are lots of little programs called scanners that are designed to traverse the Internet and specifically look for resources inadvertently shared over the Internet by NetBIOS and Windows' "File and Printer Sharing" feature. Once a scanner locates such a computer on the Internet, a malicious user can then attempt to access your files and see what they can find.

The scary part of this intrusion is that it occurs in the background and you may never even know it.

Locking the backdoor

As I explained, the unlocked backdoor problem is caused by NetBIOS unnecessarily tagging along with the TCP/IP protocol when you're connected to the Internet.

In technical terms, you would say that NetBIOS is bound to TCP/IP. Fortunately, you can unbind NetBIOS from TCP/IP. When you do, the backdoor is locked, and you can still surf the Internet without fear that someone is lurking through your files.

If you're using the original release of Windows 95 (build 950), locking the door is actually quite easy due to Windows 95's lack of sophistication. All you have to do is locate the file Vnbt.386 and rename it as anything you want, such as Vnbt.out.

If you're running Windows 95 OSR2, Windows 98, Windows 98 SE or Windows Me, the procedure is a bit more complex. First, you need to make sure that NetBEUI is installed on your system otherwise the procedure won't work. You can check to see if NetBEUI is installed by opening the Network dialog box in the Control Panel. Scroll through the components list on the Configuration tab. If you see NetBEUI listed, then you're ready to proceed.

If you don't see NetBEUI listed, click the Add button. When you see the Select Network Component type dialog box, select Protocol, and click Add again. Now, in the Select Network Protocol dialog box, select Microsoft in the Manufacturers list and NetBEUI in the Network Protocol list. Finally, click OK and insert the Windows CD when you're prompted to do so.

To complete the task, return to the Network dialog box and select your Dial-Up Networking adapter and then click the Properties button. Next, select the Bindings tab and clear all the check boxes except for the one marked TCP/IP Dial-Up Adapter.

At this point, you're ready to unbind NetBIOS from TCP/IP. To do so, return to the Network dialog box. This time, select the TCP/IP protocol that's bound to your Dial-Up Networking adapter from the list and click the Properties button. You should then see a message box that contains a warning. You can ignore this and click OK.

When you see the TCP/IP Properties dialog box, click the Bindings tab. Clear all the check marks from any check boxes that appear in the list. By clicking OK, Windows will display another warning message and prompt you to select at least one component. However, just click No. Finally, close the Network dialog box and reboot your system when you're prompted to do so.

Verifying the procedure

Once your system reboots, you may want to verify that the procedure was successful.

To make sure that NetBIOS is unbound from TCP/IP, return to the Network dialog box. From here, select the TCP/IP protocol that's bound to your Dial-Up Networking adapter and click the Properties button. When you see the warning message box, click OK to continue.

As the TCP/IP Properties dialog box pops up, click the NetBIOS tab. You should now see that the "I want to enable NetBIOS over TCP/IP" check box is clear. At this point, click Cancel twiceâ€"once to close the TCP/IP dialog box, and once to close the Network dialog box. Doing so will ensure that you don't accidentally enable something.

Now, you can surf the Internet without fear that the backdoor is unlocked and that someone is lurking through your files.

Copyright © 2009 CBS Interactive, a CBS Company. All Rights Reserved.
ZDNET is a registered service mark of CBS Interactive. ZDNET Logo is a service mark of CBS Interactive.