270 likes | 359 Views
Computer & Internet Safety. David Greenop & Rob Richardson Saxilby U3A Science & Technology Group. Why This Talk. We have became very dependent on information and communications technologies, we are also becoming increasingly vulnerable to a plague of what has come to be called "malware".
E N D
Computer & Internet Safety David Greenop & Rob Richardson Saxilby U3A Science & Technology Group
Why This Talk We have became very dependent on information and communications technologies, we are also becoming increasingly vulnerable to a plague of what has come to be called "malware". None of us are safe!
Content • What is Malware • Historical Perspective • The different types of Malware attacks • Why our computers are vulnerable • What protection do we need? • Computer & Internet Safety Advice • How to protect our online identity • Social Networking
What is Malware The generic expression Malware (Malicious) is used to mean any form of hostile, intrusive, or annoying software program designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to computer resources, and other abusive behaviour.
What is Malware Specifically: • computer viruses, • worms, • Trojan horses, • spyware, • dishonest adware, • scareware, • crimeware, • root kits, • Botnets.
Scale of Malware Problem New Malware programs are growing at 400% per year, there are over 1.5 million known programs. Its is no longer young idealistic hackers but criminal gangs using sophisticated technologies to beat the anti-malware programs. From Panda Security March 2011
Theory of self-reproducing automata - 1949 • Mathematician John von Neumann postulated that a computer program could reproduce itself. • He demonstrated this without the aid of computers, constructing the first self-replicating automata with pencil and graph paper ENIAC (Electronic Numerical Integrator And Computer) was the first general-purpose electronic computer
Early Computer Viruses • “Creeper virus” written by Bob Thomas in 1971 whilst working on Arpanet. It was an experimental, self-replicating program that infected DEC PDP-10 mini-computers. Someone else wrote a program to detect and delete it, called the “reaper". • "Elk Cloner" written in 1981 by Richard Skrenta (age 15) was the first computer virus to appear "in the wild“. It attached itself to the Apple DOS 3.3 operating system and spread via floppy disk. "I'm the creeper, catch me if you can!“
Early Computer Viruses • With the arrival of the IBM PC running MS DOS in 1981 there followed a big increase in viruses mostly spread by floppy disks. • Viruses spread by infecting programs stored on floppy disks, or installed themselves into the disk boot sector. • By the late 1980s, there was a big in increase in Trojan horse malware driven by the increase in Bulletin board systems, modem use, and software sharing and the Internet
MS Office Macro Viruses • In the mid-1990’s macro viruses become common. • Most of these viruses are written in the scripting languages for Microsoft Office programs such as Word and Excel and spread by infecting documents and spreadsheets. • Microsoft Outlook & Outlook Express where particularly vulnerable and viruses installed when opening attachments. • Many could also spread to Apple Macintosh computers.
Internet & Web breeding ground of Malware • Popularity of the Internet from early 1990’s facilitated the spread of malware • Security not implicitly built into Internet & Web protocols at start • Infections on webpage's • Poorly written computer code • Appearance of object orientated code & API’s • Global Predominance of Windows operating system • Ignorance of users & unsafe activities
Infection Strategies In order to replicate: Step 1: A virus must be permitted to execute code and write to memory Step 2: Virus attaches itself to executable files that may be part of legitimate programs Step 3: User launches an infected program and the virus' code will be executed simultaneously Step 4: The virus stays active in the background and infects new hosts Like biological viruses there are fast & slow infections depending on perpetrators objectives! Viruses can be attached to many file formats including pictures which a user opens unaware.
Anti-Virus Software Strategies Two most common form of anti-virus protection: • Virus signatures: Scan for strings of viral code in memory and files and then compare against a database of known virus "signatures". • Heuristic algorithm: This method uses common virus behaviours to identify an intruder. This method can detect novel viruses that anti-virus security firms have yet to create a signature for.
Whose Winning the Malware War? Malware creators are using increasingly sophisticated viruses and new vectors of infection. • Stealth: anti-virus programs themselves can become a vector for spreading infections. • Encryption: simple encryption used to encipher the virus. - the virus consists of a small decrypting module and an encrypted copy of the virus code • Self-modification: to avoid detection viruses rewrite themselves completely each time they infect new files
Vulnerability of operating systems to Malware No Operating System is Totally Secure
What Malware Protection is required? • Resident Shield • Anti- Virus scanner • Email Scanner • Anti-spyware • Rootkit scanner • Adware scanner • Safe web browsing • Firewall Is Free Software any good?
Computer & Internet Safety Advice • Good Practices • Broadband Equipment • Computer Housekeeping • Email • Web browsing • Passwords • Away from home • E-commerce • Your on-line identity
Computer & Internet Safety Advice Good Practices • Turn your computer off if not in use • Secure User Accounts with passwords • Install Anti-virus & firewall software • Set Windows for Automatic Updates • Close applications when you finish • Regular computer housekeeping
Computer & Internet Safety Advice Broadband • Use a home wired / wireless router with NAT & firewall • Change Admin passwords • Use wireless security, preferably WPA option • Consider turning on “Guest Network” if available • Only use trusted Wi-Fi outside the home
Computer & Internet Safety Advice Housekeeping • Check that anti-virus, firewall software is up to date • Check operating system updates are installed • Check for updates to web browser • Run anti-virus & malware scanner • Run cleanup program to remove temp files and check registry • Backup important data files
Computer & Internet Safety Advice Email • Avoid using Outlook or Outlook Express • Consider using on-line email accounts or clients like Eudora, Mozilla Thunderbird • Turn off HTML e-mail • Don't trust the "From" address. • Delete spam without reading it. • Don't trust unsolicited e-mails • Don't open messages with file attachments • Don't open cartoons, videos and similar • Never click web links in e-mails • Never send personal details, bank account info, usernames, passwords etc. by email.
Computer & Internet Safety Advice Passwords • Don’t use a password based on personal details • For high-security web sites such as banks, create random passwords > 8 characters and write them down • Keep your passwords as if a valuable • Don't let web browsers store passwords for you. • Never type a password you care about, such as for a bank account, into a non-SSL encrypted page. • Consider using a secure “Password Safe” on your computer.
Computer & Internet Safety Advice Web Browsing • Use Firefox, Opera, Safari in preference to Internet Explorer • Block pop-up windows • Always check web address • Don’t let browsers store passwords • Check for SSL padlock if on secured encrypted sites – banks etc, • Think before providing personal information
Computer & Internet Safety Advice Away From Home • Do not have personalised information on device • Ensure user access is password protected. • Do have a personal firewall installed. • Ensure that peer-to-peer wireless networking is turned off. • Do not trust Wi-Fi hotspots – some free access ones are there to invade and snatch data from your computer. • Think before putting somebody's USB memory sticks or SD cards into your computer
Computer & Internet Safety Advice E-Commerce Online Auction sites – ebay • Buying: • Check the reviews of sellers • Ask yourself whether the price is reasonable – fraud! • Use a PayPal account – do not use bank transfers • Check thoroughly the sellers terms & conditions. • Selling: • Remember Ebay is not a car boot-sell • You are committing to a contract of sell and your reputation is at risk • You may liable for tax
Computer & Internet Safety Advice Your Identity On-Line • How much information should I share on-line? • Social Networking • Managing& securing your personal online information profile
Thank You & Remember