Defensive Computing avoiding dangerous computing practices

1
Defensive Computingavoiding dangerous
computing practices

• Wichita Public Library
• Rex Cornelius Electronic Resources
• Webliography online at
• http//www.wichita.lib.ks.us/Researchers/Defensive
  Computing.htm

2
Computer Viruses and Worms

• Programs designed to infect other computers.

3
Malware

• software designed to infiltrate or damage a
  computer system without the owner's informed
  consent.
• Computer viruses, Worms, Trojan horses,
• Rootkits, Spyware, Hijackers, dishonest Adware,
  Crimeware.

4
Remote Administration Programs

• Back Doors
• Rootkits
• allow other people to access and
• control your computer

5
Distributed Denial of Service

• Being an intermediary for an attack on another
  computer.

6
You can be a spammer!

• Some Trojans function as a mail forwarder, and
  allow the attacker to transmit spam through the
  infected system.

7
Holding the bag

• A remote administrator can use your computer to
  store illegal materials.

8
Keyloggers

• Capture and record user keystrokes to obtain
  passwords or encryption keys

9
AdWare, SpyWare, Browser Hijacking

• Adware - Software that supports itself or another
  program by displaying ads.
• Spyware - Software that gathers and transmits
  information without your knowledge.
• Hijacking software - Advertising software
  programs that change the settings of your browser
  without your knowledge.

10
AdWare, SpyWare, MalWare, ScumWare.

• Currently the biggest threat to personal
  computing.
• Virus-like symptoms.
• Earthlink 29 million spyware-related files on
  the 1 million computers
• Microsoft 50 of computer crashes
• Google 450,000 sites that install malicious code

11
Who is in charge!?!
You
12
Patches

• Keep all applications patched to the most recent
  level
• Operating system
• Internet Browsers
• Email programs
• Word Processors
• Spreadsheets
• All Microsoft Products!

13
Use Virus Protection Software

• Use anti-virus software on all Internet-connected
  computers.
• Be sure to keep your anti-virus software
  up-to-date.
• Use automatic updates of virus definitions when
  available.

14
Unprotected File Shares

• can be exploited by intruders

15
Running Programs

• Dont run a program unless you know its from a
  trusted source.
• Never run programs of unknown origin
• Never transfer programs of unknown origin

16
Remove AdWare

• Scan with a removal tool often.
• Ad Aware
• Spybot
• MS Malicious Software Removal Tool

17
Use a Firewallor Router

• Network device
• Linksys, Netgear, etc.
• Personal firewall software
• ZoneAlarm
• Outpost Firewall Pro
• Windows Firewall

18
Social Engineering

• techniques used to manipulate people into
  performing actions or divulging confidential
  information.

19
Email Spoofing

• An e-mail message can appear to come from one
  source when it was sent from another.

20
Email Attachments

• Never open unknown e-mail attachments. Know the
  source.
• Before opening any e-mail attachments, be sure
  your virus definitions are up-to-date
• You can save the file to your disk and scan the
  file using your antivirus software

21
Phishing

• Messages designed to gather confidential
  information.

22
Requests for Info
Never send confidential information by
e-mail Credit card numbersPasswords Never trust
links sent by e-mail. Service Providers will
never ask for your username or password.
23
Hidden File Extensions

• Disguise malicious programs
• LOVE-LETTER-FOR-YOU.TXT.vbs
• AnnaKournikova.jpg.pif

24
Cybersquatting
Using a domain name with bad faith intent to
profit from the goodwill of a trademark belonging
to someone else.
Typosquatting
A form of cybersquatting which relies on mistakes
such as typographical errors made by Internet
users when inputting a website address into a web
browser.
25
Drive-by-Downloads
Download of spyware, a computer virus or any kind
of malware that happens without knowledge of the
user. Drive-by downloads may happen by visiting a
website, viewing an e-mail message or by clicking
on a deceptive popup window.
26
securitycartoon.com
27
New Tools

• Windows Firewall
• Malicious Software Removal Tool
• Google Warnings (StopBadware.org)
• McAfee SiteAdvisor - Free plug-in

28
Warnings at Google
from StopBadware.org
29

• McAfee Site Advisor

30
Online Shopping

• ShopSafe is a free service that allows you to
  create a temporary card number each time you make
  an online purchase. This number links directly to
  your credit card account number but keeps your
  card number private and protected.

31
Consider Alternatives

• Choose another Web Browser
• Firefox, Opera
• Choose another e-Mail program
• Eudora, Thunderbird
• Use a Web Mail service
• gmail.com, mail.com, everyone.net

32
Turn off your Computer!

• Disconnect from any network when its not in use

33
Have a Plan!

• Make regular backups of critical data
• Flash Drive, Floppy Disk
• External Hard Drive
• Another Hard Drive or Partition
• CD-R / CD-RW
• Another PC on a network

34
Plan for the worst!

• Create an emergency boot disk.
• Remember, before you have a security event.
• Save all program media.

35
Hope for the Best!

• The Internet is still a wonderful information
  resource.
• Take precautions, but use and enjoy Internet
  access!

Links are online athttp//www.wichita.lib.ks.us/
Researchers/DefensiveComputing.htm