Computer Security

Opening Question

What is Internet / Computer Security?

• Brainstorm ideas

Today’s Agenda

• Internet Security – Fact / Fiction• Anti-Virus, Malware, Spyware – what’s the

difference? How do I get rid of them?– Free vs. Purchased Programs

• Passwords – how to create strong passwords

What is a Computer Virus?

Let’s watch a video from How Stuff Works

Internet Security Myths

Taken from: http://techchunks.com/technology/top-

10-internet-safety-myths-debunked/

1. Web is safe as I’ve never been hit by malware

According to the Sophos report, many web users may not even know if they are under constant malware attack. The attacks are designed to steal personal information and passwords or use your machine for distributing spam, malware or inappropriate content without your knowledge.

2. Only p0rn sites are dangerous

If you think only p0rn and g@mbling sites are home to hackers, here’s a reason to worry. The majority of infected sites are websites that you trust and visit almost daily. The report says, hijacked trusted sites represent more than 83% of malware hosting sites.

3. Only naive users get hit by viruses

Being a computer expert is not a sure shot formula to prevent you from falling victim to any cyber attack. Many attacks happen silently without any user involvement. Malware from drive-by downloads happens automatically without any user action, other than visiting the site. Therefore, it doesn’t matter what level of computer expertise you may have.

4. I can only get infected if I download files

Most malware infections now occur through a “drive-by” download. Hackers inject the malicious code into the actual Web page content, then it downloads and executes automatically within the browser as a by-product of simply viewing the Web page.The malware is typically part of a professional exploit kit marketed and sold to hackers that leverages known exploits in the browser, operating system or plug-ins to infect the computer and download more malware. And this happens without a user having to do anything other than visit a hijacked Web site.

5. Firefox, or Chrome, is more secure than Internet Explorer

There is no fool-proof browser that can prevent you from falling prey to hackers’ trap. All browsers are equally at risk because all browsers are essentially an execution environment for JavaScript, which is the programming language of the Web and therefore used by all malware authors to initiate an attackIn addition, many exploits leverage plug-ins such as Adobe Acrobat reader software, which runs across all browsers. Although the more popular browsers may get more publicity about unpatched exploits, it’s the unpublicized exploits you should be most concerned about.

6. Lock icon in the browser means it’s secure

When the lock icon appears in the browser, many of us believe we are opening a secure site. This is because the lock icon indicates there is an SSL encrypted connection between the browser and the server to protect the interception of personal sensitive information. However, the report says it does not provide any security from malware.In fact, it’s the opposite because most Web security products are completely blind to encrypted connections: it’s the perfect vehicle for malware to infiltrate a machine. There have been many cases where hackers emulate bank, credit card sites complete with spoofed SSL certificates that are difficult for a user to identify as fraudulent.

7. Installing Antivirus Software is Sufficient

Antivirus software is a commonly known requirement for Internet security. However, the myth that antivirus installed is all that is needed for protection is dangerous for Internet surfers. Installing antivirus software is the start of Internet security. Constant installation of the latest virus definition files is required. Most reputable antivirus software has monthly updates for definition files. Download them to ensure the computer can recognize newest threats.

8. Nothing Valuable is on the Computer

Even a laptop used for minor editing and writing can lead to stolen information. Although the user can often forget about it, casual use of a computer can also lead to identity theft. If the computer has a network card, and it’s used for Internet connectivity, it can lead to a breach on the machine’s security. Some users only use a computer for email retrieval. Email is a point for hackers to send phishing emails that can lead to the theft of passwords for banking and finance websites.

9. Hackers Only Target Specific People

This is a common thought for home users. Several scripts are available that allow others to find security holes on a computer. These people are called “script kiddies.” Script kiddies run common programs that find the security issues on machines that don’t have the latest security patches. For the best protection, purchase an antivirus program that protects against all types of hack attacks.

What happens when a computer has a virus

This shaky video shows a virus in action

So, where do we start?

• Make sure your Operating System (OS) is up-to-date– Windows Automatic Updates

• Update your browser and all plug-ins (Flash, Java, PDF Reader, etc.)

• Install Firewall– Windows comes with a firewall program (Security

Centre in XP / Action Centre in Vista & 7)– Most routers/modems have built-in firewalls

Firewall

• Firewalls prevent malware from reaching your machine through your network. They don't prevent things you control, like downloads or email, but rather stop attempts to connect to or infiltrate your machine without your knowledge or participation.

Anti-virus

• Anti-virus programs scan for viruses and related malware by examining the files on your system for patterns of data that have been identified as being viruses. On some regular basis the database of patterns the programs use is updated to contain the latest information on known viruses.

Anti-spyware

• Anti-spyware programs monitor your system as you use it for behaviours that are known to be spyware-related. For example, an anti-spyware program might trap attempts to change your browser home page, or attempts to install software that starts automatically.

Phishing

• The bad guys, or "phishers", create an email that looks VERY much like an official email from some important entity, like eBay, MSN, Paypal, or perhaps a bank. The email asks you to visit some site that also looks very official and proper. At that site you're then prompted to enter all your personal information, typically in the guise of "verification".

• Legitimate businesses never ask you for your private information via email.

• Never click a link in the email itself. If you need to check, type the address yourself into the browser / search engine

Keylogger

• A keylogger is spyware that “logs” or records your keystrokes or other activites on your machine. When you type in your user name and password to a website, the keystrokes are recorded, the information is saved, and these are made available to the hacker that put the keylogger on your computer. Keylogger programs can even take screen captures as you click your mouse, rendering many (if not most) attempts at bypassing keyloggers ineffective.

Internet Security Suites

• "Internet security suites" are, in essence, bundles of two or more of the basics above, and typically also include additional security software or shortcuts as well. For example, one extremely popular internet security suite contains all three: anti-virus, anti-spyware and a firewall, as well as calling out "phishing" protection, keylogger protection, website reputation information, email and download monitoring, spam filtering, parental controls and even throws in some PC performance tools to boot.

To Do List

• Install an Anti-Virus / Anti-Spyware Program– Microsoft Security Essentials, AVG Anti-Virus,

Avast Free Antivirus, Avira Antivirus, Notron AntiVirus 2012

CNET

• CNET is a website that has lots of software free to download– Be aware while all software is free to download,

some are trail versions of paid software which expire after period of time

• http://download.cnet.com/windows/security-software/

To Pay or Not To Pay

• Free– No Technical Support– Some of Ads– Gets same protection update (virus definitions) as paid versions– Customize level of protection using a variety of programs

• Paid– More features including parental controls, identity thief

protection, and real-time monitoring – All-In-One – one program does everything (also, one program

does everything and no program is perfect)– The more a program does, the more resources is uses

If Virus kill my computer…

…you’ll have to take your computer to a professional

ORYou can try and do it yourself.

Passwords

• Most security breaches are from easily hackable passwords. o Think of leaked photos, massive security

• All the software & hardware won’t make a difference if you’ve got a bad password

Password - Don’t

• Don’t use a dictionary word (a word that can be found in the dictionary, like “book” or “computer”)

• Don’t use the same password for everything• Avoid writing down passwords– If you have to write down your password, don’t

tape on the monitor, under the keyboard, or on top of the desktop

Password - Do

• Include numbers, capital letters, & non-alphanumeric characters (e.g. &, %, #,!)

• choose a memorable catchphrase, quotation, or easy-to-remember saying, and take the first letter from each word.– If the Shoe Fits, Wear It: itsfwi– I think, therefore I am: ittia

• Lengthen your password by adding the website name or computer software name to the base phrase– For gmail: itsfwiGmail

Password - Do

• Swap one or more of the password letters with a non-alphabetic character, and then purposely including uppercase and lowercase letters within the password– itsfwiGm@il

• If you are using different passwords for differents websites, you can do yourself a favor by rotating portions of your passwords every few weeks

Password Managers

• A password manager is software that helps a user organize passwords and PIN codes.

• Typically, the software has a local database that holds the encrypted password data for secure logon onto computers, networks, web sites, and application data files.

• Access all passwords using a Master Password/Passphrase

Popular Password Managers

• KeePass• LastPass• 1Password• RoboForm• SplashID

five best password managers

Password Managers

• What are the positive reasons for using a password manager?

• What are the negative reasons for using a password manager?

Rating a PasswordOK Password Better Password Excellent Password

LadyGagaIsBizarre LGGiB LGGiBgm@il

doctorhouseisajerk DHiaJ! DHiaJ!gm@il

Ihateliverandonions IhLaOforDinner 1hLafDgm@il

Allblacksrugby ABRworldcup2011 ABRwc2011gm@il

kitty 1Kitty 1Ki77y

Create the Best Possible Password

• Using the “Password – Do’s” create 3 password for different logins (email, computer, and bank)

• Using the “Password – Don’t” think of the top 10 worst possible passwords

Top 25 Worst Passwords

1) password2) 1234563) 123456784) qwerty5) abc1236) monkey7) 12345678) letmein9) trustno1

10)dragon11)baseball12)11111113)iloveyou14)master15)sunshine16)ashley17)bailey18)passw0rd

19)shadow20)12312321)65432122)superman23)qazwsx24)michael25)Football

Mobile Security

• Smart Phones can get viruses as well!• Open (non-secure) Wi-Fi hotspots can be very

dangerous• Never connect to “Free Wireless” networks.

Breeding ground for hackers, virus, and criminals

• Never do any banking over open Wi-Fi.

Final Thoughts

• Don’t mean to scare• If you follow some simple rules while on the

Internet the likelihood of getting any virus goes down dramatically

• Keep programs up-to-date, run your antivirus & anti-spyware programs regularly

• Don’t download files from unknown sources• Be careful of files ending in “.exe”• Be aware of what sites you’re visiting