computer science 1 week 7. this week... qbasic programming qbasic programming input and formatted...

Computer Science 1Week 7

This Week ...This Week ...

• QBasic ProgrammingQBasic Programming Input and formatted displayInput and formatted display

• Computer ConceptsComputer Concepts PhishingPhishing Firewalls Firewalls Anti-Spyware and Anti-Spyware and FakeFake Anti-Spyware Anti-Spyware

Software Software Legality of SpywareLegality of Spyware

QBasic LabQBasic Lab

The Security-related LabThe Security-related Lab

Lab: SecurityLab: Security

• ObjectivesObjectives use your QBasic knowledgeuse your QBasic knowledge create an evaluation programcreate an evaluation program interview another studentinterview another student

• Your ProgramYour Program inputs a name and five numbers (scores)inputs a name and five numbers (scores) gives the user a security "score"gives the user a security "score"

The Lab QuestionsThe Lab Questions

• How well are they protected from VirusesHow well are they protected from Viruses• How well are they protected from SpywareHow well are they protected from Spyware• How well are they protected from Phishing How well are they protected from Phishing • How well are their files organizedHow well are their files organized• How often do they backup their filesHow often do they backup their files

Remember ...Remember ...

• Turn your program Turn your program && your output your output To Lab 6 in SacCTTo Lab 6 in SacCT

• If you do not turn in your program, If you do not turn in your program, you will not get credit!you will not get credit!

Phishing & Phishing & PrivacyPrivacy

Scams in your InboxScams in your Inbox

E-Mail PhishingE-Mail Phishing

• Internet scam that comes as e-mailInternet scam that comes as e-mail• Pretends to be a legitimate websitePretends to be a legitimate website

warns that you have to change a passwordwarns that you have to change a password send money to keep your "account" activesend money to keep your "account" active

• Often will display:Often will display: link – which can be used to verify your e-maillink – which can be used to verify your e-mail attachment – often spyware or worseattachment – often spyware or worse

Sample E-MailSample E-Mail

Your account is about to expire!

To keep your account active, please follow the link below and enter your account information.

202.149.196.236is NOT eBay!

202.149.196.236is NOT eBay!

ForgeryForgery

How Do They Get My How Do They Get My E-Mail?E-Mail?

• Searching the InternetSearching the Internet special software browses the Internetspecial software browses the Internet this software is known as a this software is known as a "spider""spider" they search: public forums, websites, etc...they search: public forums, websites, etc...

• Where your e-mail is found...Where your e-mail is found... can help them create an online profilecan help them create an online profile e.g. a website about dogse.g. a website about dogs

How Do They Get My How Do They Get My E-Mail?E-Mail?

• Website SubscriptionsWebsite Subscriptions some websites will sell your e-mail to spammerssome websites will sell your e-mail to spammers ... or they might spam you themselves... or they might spam you themselves

• Black MarketBlack Market many e-mail addresses are bought and soldmany e-mail addresses are bought and sold they could be sold by a website or another they could be sold by a website or another

spammerspammer

Getting Your NameGetting Your Name

• If your e-mail contains your name ...If your e-mail contains your name ... software can get your first and/or last namesoftware can get your first and/or last name the resulting junk mail will use the resulting junk mail will use youryour name name it can look legit – it can look legit – "Hey Joe, long time buddy!""Hey Joe, long time buddy!"

• ExamplesExamples [email protected] [email protected] Joe Gunchy Joe Gunchy [email protected] [email protected] Stewie Stewie

GriffenGriffen

Getting Your NameGetting Your Name

• Website linksWebsite links naturally, websites put the name of the person naturally, websites put the name of the person

with the e-mail linkwith the e-mail link their spider records this informationtheir spider records this information

• ExamplesExamples Contact Contact Joe GunchyJoe Gunchy Send an Send an e-maile-mail to Eric Cartman to Eric Cartman

Phishing SitesPhishing Sites

• Estimated by Harvard and CambridgeEstimated by Harvard and Cambridge 75.8% of phishing sites are hosted on 75.8% of phishing sites are hosted on

compromised servers. compromised servers.

State of Internet Security, Q1-Q2, 2009State of Internet Security, Q1-Q2, 2009Websense Security LabsWebsense Security Labshttp://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf

FirewallsFirewalls

Protecting Yourself from InvasionProtecting Yourself from Invasion

FirewallsFirewalls

• System software System software protects access to your computer on a networkprotects access to your computer on a network sometimes built into specialized Internet hardwaresometimes built into specialized Internet hardware

• Windows 7 SP2 has a built-in firewallWindows 7 SP2 has a built-in firewall however, still need to properly set up!however, still need to properly set up!

Types of ProtectionTypes of Protection

• Incoming Incoming protect access coming protect access coming inin to your computer to your computer stops remote hackers and wormsstops remote hackers and worms

• OutgoingOutgoing protect access going protect access going outout from your computer from your computer can stop spyware from sending datacan stop spyware from sending data can stop your computer from spreading wormscan stop your computer from spreading worms

Windows FirewallWindows Firewall

• Came with Windows 7 Service Pack 2Came with Windows 7 Service Pack 2• Built into Windows OSBuilt into Windows OS• OnlyOnly has incoming protection has incoming protection

spyware can still send your data!spyware can still send your data! Microsoft argues that spyware might destroy Microsoft argues that spyware might destroy

the firewall – so outgoing is not neededthe firewall – so outgoing is not needed

Zone AlarmZone Alarm

• License:License: freeware for the limited versionfreeware for the limited version commercial "Pro" version has additional featurescommercial "Pro" version has additional features

• Has Has bothboth incoming and outgoing protection incoming and outgoing protection• Works with Windows 95, 98, ME, XP, Vista, and Works with Windows 95, 98, ME, XP, Vista, and

77• Website: Website: www.zonealarm.comwww.zonealarm.com

17,25417,254

Zone Alarm AlertsZone Alarm Alerts

InternetInternetCookiesCookies

Delicious Little AnnoyancesDelicious Little Annoyances

What are Cookies?What are Cookies?

• A small text file saved on your computerA small text file saved on your computer created by your web browsercreated by your web browser only visible to the site that created themonly visible to the site that created them

• They are used legitimately toThey are used legitimately to keep you logged onto a websitekeep you logged onto a website maintain temporary session data for maintain temporary session data for authenticationauthentication, , site site

preferencespreferences, , shopping cartshopping cart contents, identifier for a contents, identifier for a server-based sessionserver-based session, or any function that can be , or any function that can be accomplished through storing text dataaccomplished through storing text data

Threat of CookiesThreat of Cookies

• By saving data in cookies ...By saving data in cookies ... affiliated sites can track your browsing habitsaffiliated sites can track your browsing habits this cannot damage your computerthis cannot damage your computer

• Not as dangerous as SpywareNot as dangerous as Spyware although this is a form of spyingalthough this is a form of spying you do not suffer the effects of spywareyou do not suffer the effects of spyware only your browsing habits can be watchedonly your browsing habits can be watched

Making the Cookies Making the Cookies CrumbleCrumble

• Delete cookies on a regular basisDelete cookies on a regular basis it will log you out of websitesit will log you out of websites but, it gets rid of the tracking cookiesbut, it gets rid of the tracking cookies

• Block third-party cookiesBlock third-party cookies websites often embed advertisements websites often embed advertisements often stored on another server –it sends a cookieoften stored on another server –it sends a cookie Firefox and Internet Explorer can block theseFirefox and Internet Explorer can block these

Organizing Your Organizing Your FilesFiles

Making Sure You Don't Lose AnythingMaking Sure You Don't Lose Anything

Use Descriptive Use Descriptive NamesNames

• Descriptive names ...Descriptive names ... tell you more about it's contentstell you more about it's contents you might have to find the file you might have to find the file

yearsyears after you created it after you created it• Examples:Examples:

"essay.doc""essay.doc" is is notnot good good "CSc 1 – Essay.doc""CSc 1 – Essay.doc" is good is good

Don't Change File Don't Change File ExtensionsExtensions

• By default, Windows...By default, Windows... does not display extensionsdoes not display extensions Folder Options can show themFolder Options can show them

• If extensions are changed...If extensions are changed... they will be considered a different they will be considered a different

typetype of file of file you won't be able to open themyou won't be able to open them

Keep Files OrganizedKeep Files Organized

• Use folders to keep related files Use folders to keep related files togethertogether

• Create a hierarchyCreate a hierarchy folder for each semesterfolder for each semester folder for each classfolder for each class etc ...etc ...

• You can find files easilyYou can find files easily

Write-Protect FilesWrite-Protect Files

• You can protect files from You can protect files from being changedbeing changed

• Excellent for important filesExcellent for important files• To Do This:To Do This:

right-click on the fileright-click on the file check the "Read Only" boxcheck the "Read Only" box

Security Security ChecklistChecklist

Ways to Protect Your ComputerWays to Protect Your Computer

Backup Your Data Backup Your Data OftenOften

• Why?Why? data can, and will, be lostdata can, and will, be lost this can be caused by viruses, by this can be caused by viruses, by

mistake, hardware failure, etc ....mistake, hardware failure, etc ....• Storage MediaStorage Media

Flash driveFlash drive CD-ROM (recommended)CD-ROM (recommended)

Backup Your Data Backup Your Data OftenOften

• Backup depending ...Backup depending ... upon how much data you can upon how much data you can afford to loseafford to lose whenever you complete something "major"whenever you complete something "major" once a weekonce a week should be good enough should be good enough

• Store backups in a safe placeStore backups in a safe place different location from your computerdifferent location from your computer be careful – you don't want it stolenbe careful – you don't want it stolen

Install Anti-Spyware Install Anti-Spyware SoftwareSoftware

• Why?Why? you need to get rid of the malicious softwareyou need to get rid of the malicious software afterwards, you can work on your securityafterwards, you can work on your security

• Good Anti-Spyware softwareGood Anti-Spyware software Spybot Search & DestroySpybot Search & Destroy Ad-AwareAd-Aware Microsoft Windows DefenderMicrosoft Windows Defender

Create DisposableCreate DisposableE-MailsE-Mails

• Public e-mail addressPublic e-mail address many websites require you to registermany websites require you to register sometimessometimes they send junk mail they send junk mail nevernever use your name in this e-mail use your name in this e-mail

• Personal e-mail addressPersonal e-mail address use this e-mail for family and friendsuse this e-mail for family and friends do do notnot post this on the Internet – EVER post this on the Internet – EVER

Read the End User Read the End User License AgreementLicense Agreement

• Why?Why? sometimes you give up your rightssometimes you give up your rights sometimes the "find print" is sometimes the "find print" is

maliciousmalicious• Be weary of free software Be weary of free software

too good to be freetoo good to be free borderline legalborderline legal

Optional:Optional:Install a FirewallInstall a Firewall

• Why?Why? prevent worms and hackersprevent worms and hackers firewalls will alert you to access attemptsfirewalls will alert you to access attempts

• Do this Do this afterafter you have removed spyware you have removed spyware for a while, you can trust any for a while, you can trust any outgoingoutgoing attempts attempts in a couple days, you should have no warningsin a couple days, you should have no warnings

• Good free firewalls: ZoneAlarmGood free firewalls: ZoneAlarm

You will get lots of these at first

You will get lots of these at first

Legality of Legality of SpywareSpyware

How the Law, and You, are ManipulatedHow the Law, and You, are Manipulated

Legal or Illegal?Legal or Illegal?

• It would It would logicallylogically seem to be illegal seem to be illegal• However, some spyware companiesHowever, some spyware companies

use the law to protect themselvesuse the law to protect themselves they also use the law to attack opponentsthey also use the law to attack opponents they even argue their actions are justthey even argue their actions are just

Computer Fraud & Computer Fraud & Abuse ActAbuse Act

• It is It is illegalillegal to gain unauthorized access to gain unauthorized access to obtain financial datato obtain financial data to obtain data from interstate or foreign to obtain data from interstate or foreign

communication communication • This would This would seemseem to apply to the Internet to apply to the Internet• However, users However, users actuallyactually give them access! give them access!

When You Install When You Install Spyware ...Spyware ...

• You often ...You often ... sign an agreementsign an agreement gives the spyware access to gives the spyware access to

you privacy and datayou privacy and data• Spyware companies argueSpyware companies argue

this gives consentthis gives consent this makes spyware legalthis makes spyware legal

End User License End User License AgreementAgreement

• EEnd nd UUser ser LLicense icense AAgreement (EULA)greement (EULA) contract between the user and software distributorcontract between the user and software distributor most software titles have onemost software titles have one

• Often it is agreed to during installationOften it is agreed to during installation most people ignore it or don't read it in detailmost people ignore it or don't read it in detail spyware companies know thisspyware companies know this an agreement is hidden deep in the legalesean agreement is hidden deep in the legalese

EULA Be Careful...EULA Be Careful...

• Be carefulBe careful spyware may be hidden deep in the legalesespyware may be hidden deep in the legalese many states treat this as a contractmany states treat this as a contract

• Without knowing it, you can ...Without knowing it, you can ... legally allow spyware to take your datalegally allow spyware to take your data give up any right to sue for damagesgive up any right to sue for damages

Did you read this?

Did you read this?

Deliberate misuse of product title field

Deliberate misuse of product title field

WHAT?WHAT?

State of Internet Security State of Internet Security Websense Security Labs, Q1-Q2, 2009Websense Security Labs, Q1-Q2, 2009http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf

• Web securityWeb security 233% growth in # of malicious web sites in last 6 months 233% growth in # of malicious web sites in last 6 months

and 671% growth in last year. and 671% growth in last year. 77% of web sites with malicious code are legitimate sites 77% of web sites with malicious code are legitimate sites

that have been compromised.that have been compromised. 61% of the top 100 sites either hosted malicious content 61% of the top 100 sites either hosted malicious content

or contained a masked redirect to malicious sites. or contained a masked redirect to malicious sites.


• Email securityEmail security 87.7% of email messages were spam. 87.7% of email messages were spam. 85.6% of all unwanted emails contained links to spam 85.6% of all unwanted emails contained links to spam

sites and/or malicious web sites.sites and/or malicious web sites. Shopping remained the leading topic of spam (28%), Shopping remained the leading topic of spam (28%),

followed by cosmetics (18.4%), medical (11.9%) and followed by cosmetics (18.4%), medical (11.9%) and education (9.5%).education (9.5%).


• Data securityData security 37% of malicious Web/HTTP attacks included data-37% of malicious Web/HTTP attacks included data-

stealing code. stealing code. 57% of data-stealing attacks are conducted over the Web. 57% of data-stealing attacks are conducted over the Web.


• Web security landscapeWeb security landscape

Top 100 most visited Web sites: “social network”, or “search” Top 100 most visited Web sites: “social network”, or “search” sites.sites.

The next million most visited Web sites: current events, news The next million most visited Web sites: current events, news sites (regional or genre-focused). sites (regional or genre-focused).

The “long tail” of the Internet is populated by personal sites: The “long tail” of the Internet is populated by personal sites: blogs, small business sites. blogs, small business sites.

Each category has its own unique security challengesEach category has its own unique security challenges ..

Trends Trends

• Malware attacks on social networksMalware attacks on social networks• Social engineeringSocial engineering• Smartphone and mobile devices as target Smartphone and mobile devices as target

for hackersfor hackers• Botnet Botnet

SummarySummary

• Be Be veryvery careful what you install careful what you install• Read the End User License AgreementRead the End User License Agreement

you can legally allow spyware to take your datayou can legally allow spyware to take your data you can give up any right to sue for damagesyou can give up any right to sue for damages

• Remember, it is Remember, it is youryour computer computer you can do anything you want with ityou can do anything you want with it but, it is your responsibilitybut, it is your responsibility

•Awareness of different types of malware•File organization and backup•Make sure anti-malware software up to date•Careful about file attachment to emails•Be careful about websites to visit

Anti-Spyware Anti-Spyware ApplicationsApplications

Software Designed to Stop SpywareSoftware Designed to Stop Spyware

Anti-Spyware Anti-Spyware ApplicationsApplications

• Specialized softwareSpecialized software designed to remove spywaredesigned to remove spyware protect the computer from spywareprotect the computer from spyware

• Free software is availableFree software is available from industry leadersfrom industry leaders from non-profit organizationsfrom non-profit organizations

Lavasoft Ad-AwareLavasoft Ad-Aware

• Aesthetically appealingAesthetically appealing• Very easy to useVery easy to use• Has a free versionHas a free version

free version must be run manuallyfree version must be run manually the pay version is even betterthe pay version is even better

• Works with Windows 2000, XP, VistaWorks with Windows 2000, XP, Vista• Website: Website: www.lavasoft.comwww.lavasoft.com

Spybot - Search & Spybot - Search & DestroyDestroy

• Can "immunize" your systemCan "immunize" your system• Free Free

started as a student project by Patrick Kolla started as a student project by Patrick Kolla supported by donationssupported by donations

• Has won several awardsHas won several awards• Works with Windows 95, 98, ME, XP, VistaWorks with Windows 95, 98, ME, XP, Vista• Website: Website: www.safer-networking.www.safer-networking.orgorg

Microsoft Windows Microsoft Windows DefenderDefender

• System softwareSystem software prevents spyware from being installedprevents spyware from being installed protects your computer's settingsprotects your computer's settings

• Built in to Windows VistaBuilt in to Windows Vista version can be downloaded for XPversion can be downloaded for XP will not work with other operating systemswill not work with other operating systems

• Website: Website: www.microsoft.comwww.microsoft.com

Microsoft Windows Microsoft Windows Defender AlertsDefender Alerts

That gets your attention!

That gets your attention!

Commercial Commercial ApplicationsApplications

• Anti-SpywareAnti-SpywareTrend MicroTrend Micro

• PestPatrolPestPatrolComputer AssociatesComputer Associates

• Spy SweeperSpy SweeperWebroot SoftwareWebroot Software

Commercial Commercial ApplicationsApplications

• SpyCatcher SpyCatcher AvanQuestAvanQuest

• Spyware DoctorSpyware DoctorPC ToolsPC Tools

• SpyWare Killer ProSpyWare Killer ProCosmiCosmi

FakeFakeAnti-SpywareAnti-Spyware

Wolves in Sheep's ClothingWolves in Sheep's Clothing

FakeFake Anti-Spyware Anti-Spyware ApplicationsApplications

• Spyware companies know:Spyware companies know: people want to remove their softwarepeople want to remove their software people will buy or download anti-spyware softwarepeople will buy or download anti-spyware software

• Danger ...Danger ... some create some create fakefake anti-spyware applications anti-spyware applications these are officially called these are officially called "rogue anti-spyware""rogue anti-spyware" if you install them, you will be infested!if you install them, you will be infested!

FakeFake Anti-Spyware Anti-Spyware

• They are TrojansThey are Trojans pretend to help the userpretend to help the user but perform malicious actionsbut perform malicious actions

• What they typically doWhat they typically do give give false positivesfalse positives – fake spyware alerts – fake spyware alerts download new software – often spywaredownload new software – often spyware try to convince user to buy the "full" versiontry to convince user to buy the "full" version

Example TrojanExample Trojan

LIES!LIES!

A Few A Few Rogue Rogue ApplicationsApplications

• AntiVirus-Gold AntiVirus-Gold • PAL Spyware RemoverPAL Spyware Remover• PSGuard PSGuard • SpyAxe SpyAxe • SpywareQuakeSpywareQuake• SpywareStrike SpywareStrike • Spy Sheriff Spy Sheriff

A Few A Few Rogue Rogue ApplicationsApplications

• SpyTrooper SpyTrooper • SpyBan SpyBan • Spyware Stormer Spyware Stormer • SpyWiper SpyWiper • VirusBurstVirusBurst• WinFixerWinFixer• WorldAntiSpy WorldAntiSpy

SpywareQuake / SpywareQuake / VirusBurst VirusBurst TrojanTrojan

• DANGER:DANGER: fakefake anti-spyware software anti-spyware software• What is doesWhat is does

attacks your computer with a worm / trojanattacks your computer with a worm / trojan displays fake warning windowsdisplays fake warning windows gives false positivesgives false positives tries to convince users to buy the "full" versiontries to convince users to buy the "full" version

DANGER – Malware WebsiteDANGER – Malware Website

False Positives

False Positives

Try to get the victim to pay

Try to get the victim to pay

SpySheriff / SpySheriff / SpyTrooper SpyTrooper TrojanTrojan

• DANGER:DANGER: fakefake anti-spyware software anti-spyware software • What is doesWhat is does

false positives – ludicrous results!false positives – ludicrous results! has the user download additional softwarehas the user download additional software tries to convince users to buy the "full" versiontries to convince users to buy the "full" version

• Has a fake site that mimic's Microsoft's Has a fake site that mimic's Microsoft's

False Positives!

False Positives!

SpyAxe / Spyware SpyAxe / Spyware Strike Strike TrojanTrojan

• DANGER:DANGER: fakefake anti-spyware software anti-spyware software • Affiliated productsAffiliated products

SpyStrikeSpyStrike TopAntiSpyTopAntiSpy Pot.SpyAxe Pot.SpyAxe

• Related to the ZToolbar SpywareRelated to the ZToolbar Spyware

SpyAxe / Spyware SpyAxe / Spyware Strike Strike TrojanTrojan

• What it doesWhat it does changes your wallpaperchanges your wallpaper warns about installed spyware warns about installed spyware ... ... that it installed!that it installed! false positivesfalse positives has the user download additional softwarehas the user download additional software tries to convince users to buy the "full" versiontries to convince users to buy the "full" version

Scared yet?Scared yet?

World Anti-SpyWorld Anti-SpyTrojanTrojan

• DANGER:DANGER: fakefake anti-spyware software anti-spyware software • What it doesWhat it does

displays pop-up windowsdisplays pop-up windows hijacks the desktophijacks the desktop false positivesfalse positives tries to convince users to buy the "full" versiontries to convince users to buy the "full" version

WinFixer WinFixer TrojanTrojan

• DANGER:DANGER: fakefake anti-spyware software anti-spyware software • Related to the When-U SpywareRelated to the When-U Spyware• What it doesWhat it does

displays pop-up windowsdisplays pop-up windows downloads softwaredownloads software false positivesfalse positives tries to convince users to buy the "full" versiontries to convince users to buy the "full" version

In Summary ...In Summary ...

• Be Be VERYVERY careful what you download careful what you download some of the software is dangeroussome of the software is dangerous many are Trojansmany are Trojans

• Trust Trust ONLYONLY the following free software: the following free software: Ad-AwareAd-Aware Spybot Search and DestroySpybot Search and Destroy

computer science 1 week 7. this week... qbasic programming qbasic programming input and formatted...

Documents