Presentation on theme: "David Greenop & Rob Richardson Saxilby U3A Science & Technology Group."— Presentation transcript:
David Greenop & Rob Richardson Saxilby U3A Science & Technology Group
Why This Talk We have became very dependent on information and communications technologies, we are also becoming increasingly vulnerable to a plague of what has come to be called "malware". None of us are safe!
Content What is Malware Historical Perspective The different types of Malware attacks Why our computers are vulnerable What protection do we need? Computer & Internet Safety Advice How to protect our online identity Social Networking
What is Malware The generic expression Malware (Malicious) is used to mean any form of hostile, intrusive, or annoying software program designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, gain unauthorized access to computer resources, and other abusive behaviour.
What is Malware Specifically: computer viruses, worms, Trojan horses, spyware, dishonest adware, scareware, crimeware, root kits, Botnets.
Scale of Malware Problem New Malware programs are growing at 400% per year, there are over 1.5 million known programs. Its is no longer young idealistic hackers but criminal gangs using sophisticated technologies to beat the anti-malware programs. From Panda Security March 2011
Mathematician John von Neumann postulated that a computer program could reproduce itself. He demonstrated this without the aid of computers, constructing the first self-replicating automata with pencil and graph paper Theory of self-reproducing automata ENIAC (Electronic Numerical Integrator And Computer) was the first general-purpose electronic computer
Creeper virus written by Bob Thomas in 1971 whilst working on Arpanet. It was an experimental, self-replicating program that infected DEC PDP-10 mini- computers. Someone else wrote a program to detect and delete it, called the reaper". "Elk Cloner" written in 1981 by Richard Skrenta (age 15) was the first computer virus to appear "in the wild. It attached itself to the Apple DOS 3.3 operating system and spread via floppy disk. Early Computer Viruses "I'm the creeper, catch me if you can!
With the arrival of the IBM PC running MS DOS in 1981 there followed a big increase in viruses mostly spread by floppy disks. Viruses spread by infecting programs stored on floppy disks, or installed themselves into the disk boot sector. By the late 1980s, there was a big in increase in Trojan horse malware driven by the increase in Bulletin board systems, modem use, and software sharing and the Internet Early Computer Viruses
In the mid-1990s macro viruses become common. Most of these viruses are written in the scripting languages for Microsoft Office programs such as Word and Excel and spread by infecting documents and spreadsheets. Microsoft Outlook & Outlook Express where particularly vulnerable and viruses installed when opening attachments. Many could also spread to Apple Macintosh computers. MS Office Macro Viruses
Internet & Web breeding ground of Malware Popularity of the Internet from early 1990s facilitated the spread of malware Security not implicitly built into Internet & Web protocols at start Infections on webpage's Poorly written computer code Appearance of object orientated code & APIs Global Predominance of Windows operating system Ignorance of users & unsafe activities
Step 1: A virus must be permitted to execute code and write to memory Step 2: Virus attaches itself to executable files that may be part of legitimate programs Step 3: User launches an infected program and the virus' code will be executed simultaneously Step 4: The virus stays active in the background and infects new hosts Infection Strategies Like biological viruses there are fast & slow infections depending on perpetrators objectives! Viruses can be attached to many file formats including pictures which a user opens unaware. In order to replicate:
Anti-Virus Software Strategies 1. Virus signatures: Scan for strings of viral code in memory and files and then compare against a database of known virus "signatures". 2. Heuristic algorithm: This method uses common virus behaviours to identify an intruder. This method can detect novel viruses that anti- virus security firms have yet to create a signature for. Two most common form of anti-virus protection:
Whose Winning the Malware War? Stealth: anti-virus programs themselves can become a vector for spreading infections. Encryption: simple encryption used to encipher the virus. - the virus consists of a small decrypting module and an encrypted copy of the virus code Self-modification: to avoid detection viruses rewrite themselves completely each time they infect new files Malware creators are using increasingly sophisticated viruses and new vectors of infection.
Vulnerability of operating systems to Malware No Operating System is Totally Secure
What Malware Protection is required? Is Free Software any good? Resident Shield Anti- Virus scanner Scanner Anti-spyware Rootkit scanner Adware scanner Safe web browsing Firewall
Computer & Internet Safety Advice Good Practices Broadband Equipment Computer Housekeeping Web browsing Passwords Away from home E-commerce Your on-line identity
Computer & Internet Safety Advice Turn your computer off if not in use Secure User Accounts with passwords Install Anti-virus & firewall software Set Windows for Automatic Updates Close applications when you finish Regular computer housekeeping Good Practices
Computer & Internet Safety Advice Use a home wired / wireless router with NAT & firewall Change Admin passwords Use wireless security, preferably WPA option Consider turning on Guest Network if available Only use trusted Wi-Fi outside the home Broadband
Computer & Internet Safety Advice Check that anti-virus, firewall software is up to date Check operating system updates are installed Check for updates to web browser Run anti-virus & malware scanner Run cleanup program to remove temp files and check registry Backup important data files Housekeeping
Computer & Internet Safety Advice Avoid using Outlook or Outlook Express Consider using on-line accounts or clients like Eudora, Mozilla Thunderbird Turn off HTML Don't trust the "From" address. Delete spam without reading it. Don't trust unsolicited s Don't open messages with file attachments Don't open cartoons, videos and similar Never click web links in s Never send personal details, bank account info, usernames, passwords etc. by .
Computer & Internet Safety Advice Dont use a password based on personal details For high-security web sites such as banks, create random passwords > 8 characters and write them down Keep your passwords as if a valuable Don't let web browsers store passwords for you. Never type a password you care about, such as for a bank account, into a non-SSL encrypted page. Consider using a secure Password Safe on your computer. Passwords
Computer & Internet Safety Advice Use Firefox, Opera, Safari in preference to Internet Explorer Block pop-up windows Always check web address Dont let browsers store passwords Check for SSL padlock if on secured encrypted sites – banks etc, Think before providing personal information Web Browsing
Computer & Internet Safety Advice Do not have personalised information on device Ensure user access is password protected. Do have a personal firewall installed. Ensure that peer-to-peer wireless networking is turned off. Do not trust Wi-Fi hotspots – some free access ones are there to invade and snatch data from your computer. Think before putting somebody's USB memory sticks or SD cards into your computer Away From Home
Computer & Internet Safety Advice Online Auction sites – ebay Buying: Check the reviews of sellers Ask yourself whether the price is reasonable – fraud! Use a PayPal account – do not use bank transfers Check thoroughly the sellers terms & conditions. Selling: Remember Ebay is not a car boot-sell You are committing to a contract of sell and your reputation is at risk You may liable for tax E-Commerce
Computer & Internet Safety Advice How much information should I share on-line? Social Networking Managing& securing your personal online information profile Your Identity On-Line