Presentation on theme: "Computer & Internet Safety"— Presentation transcript:
1Computer & Internet Safety David Greenop & Rob RichardsonSaxilby U3A Science & Technology Group
2Why This Talk None of us are safe! We have became very dependent on information and communications technologies, we are also becoming increasingly vulnerable to a plague of what has come to be called "malware".None of us are safe!Why This Talk:In this talk we will explore how to keep ourselves and our computers safe from unwanted intrusions and subsequent problems.Using computers and other devices connected to the Internet is now just any ordinary part of our lives.When I talk about computers I include many other devices that we use today like our smart phones, game consoles. Anything which has a processor in it is potentially at risk - perhaps even your new smart washing machine!As we became more and more dependent on information and communications technology, we are also becoming increasingly vulnerable to a plague of what has come to be called "malware".Malware is a catch all term we use for all these malicious and unwanted programs.
3Content What is Malware Historical Perspective The different types of Malware attacksWhy our computers are vulnerableWhat protection do we need?Computer & Internet Safety AdviceHow to protect our online identitySocial NetworkingContentThe talk will take about 45 to 60 minutes .There is some light weight technical stuff to give you some feel for the issues and we hope put into perspective why protection and good practices are important.Rob will cover the last two items – online identity and Social Networking. Time permitting he go on-line and demonstrate how you can manage your privacy settings in Facebook.Please ask questions for clarification during the presentation. If necessary we will write down questions for answering later.This is a big area and I’m only an amateur so we may not be able to know the answer to all your questions.
4What is MalwareThe generic expression Malware (Malicious) is used to mean any form of hostile, intrusive, or annoying software program designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to computer resources, and other abusive behaviour.What is MalwareAs I have already said Malware is a catch all term for all malicious and unwanted programs.Specifically programs that:Attempt to intrude into your network and computersUse resources without your permissionDisrupt or take over the running of your computerSteal information, data - private informationChange the way your computer functionsExhibit abusive behaviour
5What is Malware Specifically: computer viruses, worms, Trojan horses, spyware,dishonest adware,scareware,crimeware,root kits,Botnets.Computer Virus: a program that can self-replicate but needs user assistanceWorms: self-replicating program, that uses a computer network to send copies of itself to other computers on the network possibly without user interventionTrojan horses: programs that masquerades as a benign application but steals information or harms the system; can create a back door on your computer allow remote control. Trojan horses do not replicate themselves.Spyware: spyware gets on a system through deception of the user or through exploitation of software vulnerabilities. It can monitor what a user does.Root kits: A rootkit is software that gains continued privileged access to a computer while actively hiding in the operating system functionality or some other applications.Adware: Unwelcomed Adware is software which automatically plays, displays, or downloads advertisements to a computer. The object of the Adware is to generate revenue for its author. Some adware may come with integrated spyware.Scareware: Is scam software with malicious payloads sold to consumers via certain unethical marketing practices. Being telephoned to say your computer has a virus and you need to download their software. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.Crimeware: Commonly known as Spam, Phishing & page jacking masquerading as a trustworthy entity to steal personal information. Designed through social engineering or technical stealth to perpetrate identity theft in order to access a computer user's online accounts at financial services companies and online retailers for the purpose of taking funds from those accounts and completing unauthorized transactions that enrich the thief controlling.Botnets: a collection of infected computers or bots that have been taken over by hackers and use IRC channels to remotely control peoples computers . used the bots to steal passwords, log keystrokes, and hide their identity, used to launch spam & DOS attacks
6Scale of Malware Problem New Malware programs are growing at 400% per year, there are over 1.5 million known programs. Its is no longer young idealistic hackers but criminal gangs using sophisticated technologies to beat the anti-malware programs.Nobody really how many malware programs there out there in the wilds of the InternetThe UK Serious Organised Crime Agency (Soca) has recently shown that collecting credit card information along with the card users personal information is big business for crime gangs. American Visa Debit cards go for $8 & American Express $10. Whilst European credit cards can demand $40 each. They sell in their millions.The crimes are committed by gangs based all over the world, particularly Eastern Europe and the Far East.The recent break into the Sony’s Online gaming network and the suspected stealing of millions of peoples personal & financial information demonstrates how vulnerable we all are.For large business this a continued headache.DDOS – denial of service from Botnets and the likelihood that many companies are blackmailed to keep their web sites free from attack.Why has this happened?From Panda Security March 2011
7Theory of self-reproducing automata - 1949 Mathematician John von Neumann postulated that a computer program could reproduce itself.He demonstrated this without the aid of computers, constructing the first self-replicating automata with pencil and graph paperAlong with Alan Turing John Von Neumann is one of the fathers modern programmable computing.The idea of self replicating pieces of software is embedded in the theoretical foundations of computing.It is a specific realisation of a more generalised theory of self replicating machines. The basis for DNA replication!I’ve not seen the pencil & paper example but remember the Life Game of early 1970’s which used graph paper and a set of simple rules to generate pictures of complex behaviour including self replication.ENIAC (Electronic Numerical Integrator And Computer) was the first general-purpose electronic computer
8Early Computer Viruses “Creeper virus” written by Bob Thomas in whilst working on Arpanet. It was an experimental, self-replicating program that infected DEC PDP-10 mini-computers. Someone else wrote a program to detect and delete it, called the “reaper"."Elk Cloner" written in 1981 by Richard Skrenta (age 15) was the first computer virus to appear "in the wild“. It attached itself to the Apple DOS 3.3 operating system and spread via floppy disk.So it is not surprising that young researchers attempted to realise replicating programs on their computers.Arpanet was the precursor to the Internet and funded by DARPA the US Defence Advanced Research Projects Agency. Arpanet was a packet data communication network that high resilience to surviving a nuclear attack. The TCP / IP data protocols were invented for Arpanet.Bob Thomas “Creeper” virus was contained with the laboratory. However Richard Skrenta’s “Elk Cloner” is the first known virus to go wild on a network.Incidentally an infected computer would display a short poem on every 50th boot:Elk Cloner: The program with a personalityIt will get on all your disksIt will infiltrate your chipsYes, it's Cloner!It will stick to you like glueIt will modify RAM tooSend in the Cloner!"I'm the creeper, catch me if you can!“
9Early Computer Viruses With the arrival of the IBM PC running MS DOS in 1981 there followed a big increase in viruses mostly spread by floppy disks.Viruses spread by infecting programs stored on floppy disks, or installed themselves into the disk boot sector.By the late 1980s, there was a big in increase in Trojan horse malware driven by the increase in Bulletin board systems, modem use, and software sharing and the InternetThere were micro-computers prior to the appearance of the IBM PC but the majority of computing was done on mainframe computers.The IBM PC changed the nature of the game – it democratised computing both for businesses and in the home. Its open systems architecture meant that there was a surge in the number and type of software applications and hardware peripherals available for it.With programming languages available too it became possible for anyone, particularly young people to write and experiment with different types of program behaviour, including viruses.You could at that time obtain DIY virus construction kits – “Script Kiddies”.Initially most virus propagated via infected floppy disks. At that time the PC would boot from a floppy which had the operating system installed on it, so it was easy to add additional code.Latter the appearance on dial-in bulletin boards (Kicks) and home produced shareware all helped to pass on viruses.Then Internet access moved out of the Universities and we see the setting up of ISP’s giving anyone with a modem the capability to connect worldwide.
10MS Office Macro Viruses In the mid-1990’s macro viruses become common.Most of these viruses are written in the scripting languages for Microsoft Office programs such as Word and Excel and spread by infecting documents and spreadsheets.Microsoft Outlook & Outlook Express where particularly vulnerable and viruses installed when opening attachments.Many could also spread to Apple Macintosh computers.During the 1990’s we have the developing of a perfect storm of computer vulnerability:Microsoft induces Windows 95, based upon the old vulnerable DOS operating system rather than the more secure NT.Plus Microsoft not seeing the growth and implications of the Internet, hence vulnerability of Win 95.The developing monoculture of millions of PC’s worldwide connected via an Internet with open protocols and little security protection.The growth of Microsoft Office as the de-facto integrated business computing suite. But put together from third party software and underpinned by object orientated programming and scripting.The result was thousands of what were called “Macro” viruses written in scripting language and able to piggy back on MS Office documents such as Word & Excel.These “Macro” virus could exploit vulnerabilities in Windows 95.Because Apple Macintosh computers also ran MS Office, these computers also became vulnerable.The Microsoft policy of integrating Outlook and Internet Explorer deep into the operating system made attachments and web browsing particularly vulnerable to malware.
11Internet & Web breeding ground of Malware Popularity of the Internet from early 1990’s facilitated the spread of malwareSecurity not implicitly built into Internet & Web protocols at startInfections on webpage'sPoorly written computer codeAppearance of object orientated code & API’sGlobal Predominance of Windows operating systemIgnorance of users & unsafe activitiesSo this perfect storm of vulnerable operating system, software and network plus ignorance on the part of users was the perfect breeding ground for malware and what's more new business opportunities for criminal behaviour.This was lead by “Spam” all you need is:Million of address – stolen from people Outlook address bookThousands of compromised computers connected to the Internet that you controlMalware Trojans / macros that send out s from infected computers selling some product to unaware users. It costs nothing to send out 10 million s say.Perfect example of “economy of scale” to get returns because if only 0.1% are fooled by a 10 million out that's 100,000 who reply and if you sell them something for £20.00 then you can net £200,000 – in one day perhaps!What's more you would have captured their credit card details as well.This when malware moved from idealistic hackers to criminal activities.Of course this also good news for the companies providing anti-malware protection!
12Infection Strategies In order to replicate: Step 1: A virus must be permitted to execute code and write to memory Step 2: Virus attaches itself to executable files that may be part of legitimate programs Step 3: User launches an infected program and the virus' code will be executed simultaneously Step 4: The virus stays active in the background and infects new hostsViruses can be divided into two types based on their behaviour when they are executed:Non-resident viruses - stays in memory after it executes and after its host program is terminated immediately search for other hosts that can be infected, infect those targets, and finally transfer control to the application program they infected.Resident viruses - only are activated when an infected application runs, do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.This type 2 is particularly a problem for anti-virus software programs because by their nature these programs have to open and scan all files. So the virus, still in memory, will infect the files as they are scanned. The anti-virus program will return a non-infected message although the files are now infected.Like biological viruses there are fast & slow infections depending on perpetrators objectives!Viruses can be attached to many file formats including pictures which a user opens unaware.
13Anti-Virus Software Strategies Two most common form of anti-virus protection:Virus signatures: Scan for strings of viral code in memory and files and then compare against a database of known virus "signatures".Heuristic algorithm: This method uses common virus behaviours to identify an intruder. This method can detect novel viruses that anti-virus security firms have yet to create a signature for.The main strategies for anti-virus software is to scan every file on your computer for traces of virus code, using a signature which a unique finger print of the virus.The programs that do this are very efficient at scanning, they are looking for patterns of computer bytes.Many viruses have very similar pieces of code so generic families of signature code is used.Heuristic scanning is more complicated and uses more of your computer resources. You will find it as an option you turn on in most popular anti-virus programs.A heuristic algorithm is a set of behaviour rules which the antivirus program looks for in the code that your computer is executing. For example it might see that code in memory is continually writing itself to a part of your hard drive or perhaps unusual Internet ports are being opened on your computer and messages sent.If you have a anti-virus resident shield installed on your computer it is likely to be using heuristic techniques to monitor what you computer is doing. But of course this uses up your computer processing resources and slows down your computer.Anti-malware programs take a long time to run because of the number of files that need to be scanned, including USB & network storage devices as well as the number of unique signatures that now exist.
14Whose Winning the Malware War? Malware creators are using increasingly sophisticated viruses and new vectors of infection.Stealth: anti-virus programs themselves can become a vector for spreading infections.Encryption: simple encryption used to encipher the virus. - the virus consists of a small decrypting module and an encrypted copy of the virus codeSelf-modification: to avoid detection viruses rewrite themselves completely each time they infect new filesWhose Winning the Malware War? My guess from reading around is that its not security companies providing our anti-malware protection and running the Internet Malware Alert centres / laboratories – playing catch-up!With money from criminal activities there is a big increase in expert malware being written. Also a lot of open knowledge transfer from academic institutions on creating code by using genetic algorithms. I would not surprised if there were not criminal labs setup to create / grow malware.Anti-virus programs now use encryption to check themselves prior to installing and running.The structures of viruses are becoming more complicated and no longer consist of static code. Embedded encryption is used to randomise the virus signature to make it invisible to anti-virus scanners. The viruses can also self modify their code, some will copy pieces of code from applications they infect into themselves each time they infect. A lot is being learnt from biological viruses.There is also what is called a blended threat which bundles some of the worst aspects of viruses, worms, Trojan horses and malicious code into one single threat and uses server and Internet vulnerabilities to initiate, then transmit and also spread an attack.The Stuxnet worm, found, last year, had aspects of this feature and particularly targeted a common programmable controller made by Siemens and used in all sorts of public & private industrial infrastructures. It is reported to have infected and caused the failure of 900 of Iran's gas centrifuges!Who wrote this, and let it lose? Is this legal Cyberwar? Are we going to be collateral damage?
15Vulnerability of operating systems to Malware Windows is still more vulnerable than Mac OSX or the common Linux distributions.Windows 7 is much more secure than earlier versions and Microsoft now provide acceptable anti-virus, firewall and malicious software scanning and removal programs. But the weakness is their implementation of user accounts. If you want to install software you have to have an administration account – people choose this as the default account – hence the vulnerability as people click through all the warning windows that come up on the screen.Mac OSX & Linux are derived from the Unix operating system whose system architecture builds in multiple security features (because it was once a multi-terminal user system). The most important is the Root or Super User account. To install programs that require operating system level access you have to use this account – and you will be prompted for admin passwords even when using this account. Good practice is you do not use Root user as your default user account. Also many programs can be run under Mac OSX & Linux without actually being installed ion the Windows sense.Because of its security & being open source software most of the Internet is run by servers powered by Linux – Apache web server.I have mentioned Android, Google's, Unix based Smartphone & tablet operating system because it has become vulnerable to Apps written by third parties that can open vulnerabilities to malware. This why Apple checks & certifies its Apps.There are a few virus aimed at Mac OSX & Linux but they are very rare and you would to be involved in their installation.No Operating System is Totally Secure
16What Malware Protection is required? Resident ShieldAnti- Virus scannerScannerAnti-spywareRootkit scannerAdware scannerSafe web browsingFirewallWell if you are running Mac OSX or Linux you probably do not require any anti- malware installed on your computer. However if you run a home network with Windows machines having one installed is a good idea as you can move an infected file between computers – Sophos for Mac & Bitdefender for Linux.You really do need:A resident shieldscanner if you use a mail clientAnti-virus & Rootkit scannerFirewallMost of the other features are add-ons the anti-virus companies offer to differentiate their products and provide “Total Security”.All the well known anti-virus programs are resident programs, running all the time.You only need one of these running – do not install more than one.It is good practice to install an additional malware scanning program that is not permanently resident such as Spybot – do not install its Teatimer if you already have a resident shield running.AVG is my favourite and its free version includes all the necessary protection other than a firewall. Use Zone Alarm free for the fire wall.Is Free Software any good?
17Computer & Internet Safety Advice Good PracticesBroadband EquipmentComputer HousekeepingWeb browsingPasswordsAway from homeE-commerceYour on-line identityWe have produced a handout for you to take way that summaries this section of the talk.I suggest following as many of these advice as possible will help protect yourself and your computer.Use Handout as reference.
18Computer & Internet Safety Advice Good PracticesTurn your computer off if not in useSecure User Accounts with passwordsInstall Anti-virus & firewall softwareSet Windows for Automatic UpdatesClose applications when you finishRegular computer housekeeping
19Computer & Internet Safety Advice BroadbandUse a home wired / wireless router with NAT & firewallChange Admin passwordsUse wireless security, preferably WPA optionConsider turning on “Guest Network” if availableOnly use trusted Wi-Fi outside the home
20Computer & Internet Safety Advice HousekeepingCheck that anti-virus, firewall software is up to dateCheck operating system updates are installedCheck for updates to web browserRun anti-virus & malware scannerRun cleanup program to remove temp files and check registryBackup important data files
21Computer & Internet Safety Advice Avoid using Outlook or Outlook ExpressConsider using on-line accounts or clients like Eudora, Mozilla ThunderbirdTurn off HTMLDon't trust the "From" address.Delete spam without reading it.Don't trust unsolicited sDon't open messages with file attachmentsDon't open cartoons, videos and similarNever click web links in sNever send personal details, bank account info, usernames, passwords etc. by .
22Computer & Internet Safety Advice PasswordsDon’t use a password based on personal detailsFor high-security web sites such as banks, create random passwords > 8 characters and write them downKeep your passwords as if a valuableDon't let web browsers store passwords for you.Never type a password you care about, such as for a bank account, into a non-SSL encrypted page.Consider using a secure “Password Safe” on your computer.
23Computer & Internet Safety Advice Web BrowsingUse Firefox, Opera, Safari in preference to Internet ExplorerBlock pop-up windowsAlways check web addressDon’t let browsers store passwordsCheck for SSL padlock if on secured encrypted sites – banks etc,Think before providing personal information
24Computer & Internet Safety Advice Away From HomeDo not have personalised information on deviceEnsure user access is password protected.Do have a personal firewall installed.Ensure that peer-to-peer wireless networking is turned off.Do not trust Wi-Fi hotspots – some free access ones are there to invade and snatch data from your computer.Think before putting somebody's USB memory sticks or SD cards into your computer
25Computer & Internet Safety Advice E-CommerceOnline Auction sites – ebayBuying:Check the reviews of sellersAsk yourself whether the price is reasonable – fraud!Use a PayPal account – do not use bank transfersCheck thoroughly the sellers terms & conditions.Selling:Remember Ebay is not a car boot-sellYou are committing to a contract of sell and your reputation is at riskYou may liable for tax
26Computer & Internet Safety Advice Your Identity On-LineHow much information should I share on-line?Social NetworkingManaging& securing your personal online information profile