Computer & Internet Safety

Computer & Internet Safety

David Greenop & Rob Richardson

Saxilby U3A Science & Technology Group

Why This Talk

We have became very dependent on information and communications technologies, we are also becoming increasingly vulnerable to a plague of what has come to be called "malware". None of us are safe!

Content

What is MalwareHistorical PerspectiveThe different types of Malware attacksWhy our computers are vulnerableWhat protection do we need?Computer & Internet Safety AdviceHow to protect our online identitySocial Networking

What is Malware

The generic expression Malware (Malicious) is used to mean any form of hostile, intrusive, or annoying software program designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to computer resources, and other abusive behaviour.

What is MalwareSpecifically:computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, crimeware, root kits,Botnets.

Scale of Malware Problem

New Malware programs are growing at 400% per year, there are over 1.5 million known programs.

Its is no longer young idealistic hackers but criminal gangs using sophisticated technologies to beat the anti-malware programs.

Viruses17%

Worms8%

Adware2%

Backdoor2%

Spyware0%

Others1%

Trojan Horses

70%

Chart Title

From Panda Security March 2011

Mathematician John von Neumann postulated that a computer program could reproduce itself.

He demonstrated this without the aid of computers, constructing the first self-replicating automata with pencil and graph paper

Theory of self-reproducing automata - 1949

ENIAC (Electronic Numerical Integrator And Computer) was the first general-purpose electronic computer

“Creeper virus” written by Bob Thomas in 1971 whilst working on Arpanet. It was an experimental, self-replicating program that infected DEC PDP-10 mini-computers. Someone else wrote a program to detect and delete it, called the “reaper".

"Elk Cloner" written in 1981 by Richard Skrenta (age 15) was the first computer virus to appear "in the wild“. It attached itself to the Apple DOS 3.3 operating system and spread via floppy disk.

Early Computer Viruses

"I'm the creeper, catch me if you can!“

With the arrival of the IBM PC running MS DOS in 1981 there followed a big increase in viruses mostly spread by floppy disks.

Viruses spread by infecting programs stored on floppy disks, or installed themselves into the disk boot sector.

By the late 1980s, there was a big in increase in Trojan horse malware driven by the increase in Bulletin board systems, modem use, and software sharing and the Internet

Early Computer Viruses

In the mid-1990’s macro viruses become common.

Most of these viruses are written in the scripting languages for Microsoft Office programs such as Word and Excel and spread by infecting documents and spreadsheets.

Microsoft Outlook & Outlook Express where particularly vulnerable and viruses installed when opening attachments.

Many could also spread to Apple Macintosh computers.

MS Office Macro Viruses

Internet & Web breeding ground of MalwarePopularity of the Internet from

early 1990’s facilitated the spread of malware

Security not implicitly built into Internet & Web protocols at start

Infections on webpage'sPoorly written computer codeAppearance of object

orientated code & API’sGlobal Predominance of

Windows operating systemIgnorance of users & unsafe

activities

Step 1: A virus must be permitted to execute code and write to memory

Step 2: Virus attaches itself to executable files that may be part of legitimate programs

Step 3: User launches an infected program and the virus' code will be executed simultaneously

Step 4: The virus stays active in the background and infects new hosts

Infection Strategies

Like biological viruses there are fast & slow infections depending on perpetrators objectives!

Viruses can be attached to many file formats including pictures which a user opens unaware.

In order to replicate:

Anti-Virus Software Strategies

1. Virus signatures: Scan for strings of viral code in memory and files and then compare against a database of known virus "signatures".

2. Heuristic algorithm: This method uses common virus behaviours to identify an intruder. This method can detect novel viruses that anti-virus security firms have yet to create a signature for.

Two most common form of anti-virus protection:

Whose Winning the Malware War?

Stealth: anti-virus programs themselves can become a vector for spreading infections.

Encryption: simple encryption used to encipher the virus. - the virus consists of a small decrypting module and an encrypted copy of the virus code

Self-modification: to avoid detection viruses rewrite themselves completely each time they infect new files

Malware creators are using increasingly sophisticated viruses and new vectors of infection.

Vulnerability of operating systems to Malware

No Operating System is Totally Secure

What Malware Protection is required?

Is Free Software any good?

Resident ShieldAnti- Virus scannerEmail ScannerAnti-spywareRootkit scannerAdware scannerSafe web browsingFirewall

Computer & Internet Safety Advice

Good PracticesBroadband

EquipmentComputer

HousekeepingEmailWeb browsingPasswordsAway from homeE-commerceYour on-line identity


Turn your computer off if not in use

Secure User Accounts with passwords

Install Anti-virus & firewall software

Set Windows for Automatic Updates

Close applications when you finish

Regular computer housekeeping

Good Practices


Use a home wired / wireless router with NAT & firewall

Change Admin passwordsUse wireless security,

preferably WPA optionConsider turning on

“Guest Network” if available

Only use trusted Wi-Fi outside the home

Broadband


Check that anti-virus, firewall software is up to date

Check operating system updates are installed

Check for updates to web browser

Run anti-virus & malware scanner

Run cleanup program to remove temp files and check registry

Backup important data files

Housekeeping


Avoid using Outlook or Outlook Express

Consider using on-line email accounts or clients like Eudora, Mozilla Thunderbird

Turn off HTML e-mail Don't trust the "From" address.Delete spam without reading it. Don't trust unsolicited e-mailsDon't open messages with file

attachments Don't open cartoons, videos and

similarNever click web links in e-mailsNever send personal details, bank

account info, usernames, passwords etc. by email.

Email


Don’t use a password based on personal details

For high-security web sites such as banks, create random passwords > 8 characters and write them down

Keep your passwords as if a valuable

Don't let web browsers store passwords for you.

Never type a password you care about, such as for a bank account, into a non-SSL encrypted page.

Consider using a secure “Password Safe” on your computer.

Passwords


Use Firefox, Opera, Safari in preference to Internet Explorer

Block pop-up windowsAlways check web addressDon’t let browsers store

passwordsCheck for SSL padlock if on

secured encrypted sites – banks etc,

Think before providing personal information

Web Browsing


Do not have personalised information on device

Ensure user access is password protected.

Do have a personal firewall installed.

Ensure that peer-to-peer wireless networking is turned off.

Do not trust Wi-Fi hotspots – some free access ones are there to invade and snatch data from your computer.

Think before putting somebody's USB memory sticks or SD cards into your computer

Away From Home


Online Auction sites – ebayBuying:

Check the reviews of sellersAsk yourself whether the price is

reasonable – fraud!Use a PayPal account – do not use

bank transfersCheck thoroughly the sellers terms

& conditions.Selling:

Remember Ebay is not a car boot-sellYou are committing to a contract of

sell and your reputation is at riskYou may liable for tax

E-Commerce


How much information should I share on-line?

Social NetworkingManaging&

securing your personal online information profile

Your Identity On-Line

Thank You&

Remember

Documents

Computer & Internet Safety