280 likes | 566 Views
Security, Privacy and Ethics. Chapter 14 in Discovering Computers 2000 (Shelly, Cashman and Vermaat). Viruses. Not all programs that cause damage are viruses Computer viruses share two characteristics with their biological counterparts
E N D
Security, Privacy and Ethics Chapter 14 in Discovering Computers 2000 (Shelly, Cashman and Vermaat)
Viruses • Not all programs that cause damage are viruses • Computer viruses share two characteristics with their biological counterparts • they require a host; they are not complete programs but pieces of code that become attached to (infect) another program • they replicate (copy) themselves
Types • boot sector infector: virus affecting the boot program (recall that booting is loading the operating system) • program or file infector: attaches to a program (typically has a .exe or .com extension)
Types (cont.) • macro virus: • a macro is a small program that automates repeated tasks in an application (like Word or Excel) • a macro virus is a macro used to cause damage • example: Melissa, I love you • be wary of the .vbs and .js extensions
Bombs and worms • A logic bomb is designed to cause its damage only when a particular condition is met, a special case is a time bomb which goes off at a particular time • e.g. the Michelangelo virus • a worm does not attach itself to another program but fills one’s disk space (memory) with copies of itself
Protection • do not download and run software of questionable origin • install and run an anti-viral utility such as Norton Anti-virus on floppies and on hard drives • Update it frequently • do not have a floppy in the A drive when starting (booting) the computer • disable macros of unknown origin
Unauthorized access and use • Unauthorized access: logging on and using a computer without consent • hacker: one who gains unauthorized access to computers • Unauthorized use: sometimes the user is legitimate but the activity is not, e.g. playing games or downloading certain material or receiving/sending private email at work
Protection against unauthorized access • passwords • should be relatively long • should be a combination of letters and numbers (and symbols if allowed) • should be something you can remember and nobody else can guess • should not be shared • should be committed to memory and not written down on or near the PC
More on passwords • Windows NT (2000) has better password protection than Windows 95 because it was designed as a genuine multi-user operating system • For extra protection, add a password at the BIOS level
Other examples • ATM cards are used to authenticate users and to identify which accounts (files) he or she has access to; there is typically a password or personal identification number (PIN) as well • biometric devices: fingerprint or retina scanner, voice recognition, etc. • better protection • more expensive
Cryptography • one way to secure data, be it in storage or in transit, is encryption • Encryption coverts information in its usual readable form (called plaintext) to information in an encoded, unreadable form (called cyphertext) • PGP (Pretty Good Privacy) program: a good encrypter that works with most email systems
Keys • a key is a formula that encodes information • Single key cryptography uses one key; i.e. encryption and decryption method known to sender and receiver • Public-key cryptography uses two keys: • public key: anyone can have used to encrypt • private key: only you have, used to decrypt
Digital signature • use this process in reverse • you can use your private key to encrypt a message • then anyone with your public key can decrypt it • BUT he or she knows who sent it • encryption and digital signatures are what makes secure transactions over the net possible
Encryption controversy • Government should have control over encryption, i.e. be able to decode it • PRO: aid FBI and such in fight against espionage, terrorism, drugs, etc. • CON: if government has this capability, there are those who will use it illegally; it’s no security at all
Gone but not forgotten • Deleting a file is not the end of it • Remember to empty the recycle bin • Even emptying the recycle bin or reformatting a disk does not completely eliminate your information • Only when the disk space is written over is the information truly disposed of
YOU’RE NOT PARANOID THEY REALLY ARE WATCHING YOU!
Data mining • data mining is collecting information available on a person or group of people • often done for targeted marketing • once a tedious chore, now easily done with computers • They’ll know you by your social security number
Your Privacy Quotient • (from PC World Sept. 1998) • Registered to vote • Bought a house • Had a baby • Owned substantial stock in a company • Given more than $50 to a campaign • Had your dog vaccinated for rabies • Taken out a permit for a yard sale • Paid a fine for an overdue library book
Privacy Quotient (cont.) • Gotten a parking ticket • Participated in a phone survey • Mailed in a warranty card • Entered a contest or sweepstakes • Used your ATM card for any purchase • Rented a movie • Subscribed to a magazine
At work • Electronic supervision: the computer at work can be used to keep track of your activity and/or productivity • email at work is not private; unless explicitly stated otherwise your employer can look at your email • the LAN manager can easily look at your files
The Cookie Monster • a cookie is information about your having visited a web site stored in YOUR computer • you can eliminate or block future cookies • browsers typically keep a list of sites visited, sometimes saved from session to session • it requires work to cover your surfing tracks
Software Piracy • “buying” software does not entitle the purchaser to copy and distribute, doing so is called “software piracy” • Billions of dollars every year, especially rampant in Asia • Public domain: software you are free to use in any way, you should still credit the source
More • Site license: permission for a school or company to run software from a network so one does not need a license for each computer • Plagiarism: claiming another’s work as your own, it may be code, research, writing, music, etc.
References • Discovering Computers 2000 (Shelly, Cashman and Vermaat) • Information Technology: The BreakingWave (Curtin, Foley, Sen, Morin) • PC World, Sept. 1998