desktop security for students - purdue university college ......spyware: defined as software that...
TRANSCRIPT
![Page 1: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/1.jpg)
Desktop Security for EveryoneDesktop Security for Everyone
Tyler Farmer Tyler Farmer –– [email protected]@microsoft.comSr. Technology Specialist IISr. Technology Specialist IIEducation Solutions GroupEducation Solutions GroupMicrosoft CorporationMicrosoft Corporation
![Page 2: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/2.jpg)
AgendaAgenda
State of the Industry todayState of the Industry todayViruses, Worms & Spies Viruses, Worms & Spies –– oh my!oh my!How to Protect YourselfHow to Protect Yourself
![Page 3: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/3.jpg)
State of the Industry TodayState of the Industry Today
![Page 4: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/4.jpg)
Threat Follows ValueThreat Follows Value
The 1950s American bank robber Willie Sutton was asked why he robbed banks. He said he robbed banks because,
“That’s where the money is.”
Today, the money is in Cyberspace
The Internet provides for criminals the two capabilities most required for the conduct of criminal activities:
Anonymity & Mobility
![Page 5: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/5.jpg)
Do The MathDo The MathSoBig virus spammed mail to over 100 million SoBig virus spammed mail to over 100 million inboxesinboxesIf 10% read the mail and clicked the link If 10% read the mail and clicked the link
= 10 million people= 10 million people
If 1% of people who went to site signed up for 3If 1% of people who went to site signed up for 3--days free trialdays free trial
= (100,000 people) x ($0.50) = $50,000= (100,000 people) x ($0.50) = $50,000
If 1% of free trials sign up for 1 yearIf 1% of free trials sign up for 1 year= (1,000 people) x ($144/yr) = $144,000/yr= (1,000 people) x ($144/yr) = $144,000/yr
![Page 6: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/6.jpg)
Opportunities Are LimitlessOpportunities Are Limitless
![Page 7: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/7.jpg)
Need Traffic? Buy it!Need Traffic? Buy it!
![Page 8: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/8.jpg)
Need A Family Business?Need A Family Business?
![Page 9: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/9.jpg)
Most attacks Most attacks occur hereoccur here
Situation: Situation: It is getting scary!It is getting scary!
Product Product shipship
VulnerabilityVulnerabilitydiscovereddiscovered
ComponentComponentmodifiedmodified
Patch Patch releasedreleased
Patch deployedPatch deployedat customer siteat customer site
Why does this Why does this gap exist?gap exist?
![Page 10: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/10.jpg)
Exploit TimelineExploit Timeline
Days From Patch to ExploitDays From Patch to ExploitThe average is now nine days The average is now nine days for a patch to be reversefor a patch to be reverse--engineeredengineeredAs this cycle keeps getting As this cycle keeps getting shorter, patching is a less shorter, patching is a less effective defense in large effective defense in large organizationsorganizations
Why does this Why does this gap exist?gap exist?
151151180180
331331
BlasterBlasterWelchia/ Welchia/ NachiNachi
NimdaNimda
2525SQL SQL
SlammerSlammer
exploitexploitcodecodepatchpatch
Days between patch and exploitDays between patch and exploit
![Page 11: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/11.jpg)
The Forensics of a VirusThe Forensics of a Virus
Vulnerability reported to us /
Patch in progress
Bulletin & patch available
No exploitExploit code in
public Worm in the world
July 1 July 16 July 25 Aug 11
ReportReportVulnerability in Vulnerability in RPC/DDOM RPC/DDOM reportedreportedMS activated MS activated highest level highest level emergency emergency response processresponse process
BulletinBulletinMS03MS03--026 delivered 026 delivered to customers to customers (7/16/03)(7/16/03)Continued outreach Continued outreach to analysts, press, to analysts, press, community, community, partners, partners, government government agenciesagencies
ExploitExploitXX--focus published focus published exploit toolexploit toolMS heightened MS heightened efforts to get efforts to get information to information to customerscustomers
WormWormBlaster worm Blaster worm discovered discovered ––; ; variants and other variants and other viruses hit viruses hit simultaneously (i.e. simultaneously (i.e. ““SoBigSoBig””))
Blaster shows the complex Blaster shows the complex interplay between security interplay between security researchers, software researchers, software companies, and hackerscompanies, and hackers
![Page 12: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/12.jpg)
Viruses, Worms & SpiesViruses, Worms & Spies
![Page 13: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/13.jpg)
Virus:Virus:
Old Old ““traditionaltraditional”” viruses usually require viruses usually require human interactionhuman interaction
You have to save it, run it, share floppy disks, You have to save it, run it, share floppy disks, etc.etc.EE--mailing a program / document, without mailing a program / document, without knowing it is infectedknowing it is infected
Typically just attach themselves to Typically just attach themselves to programs & documents, and then depend programs & documents, and then depend on humans to propagateon humans to propagateThis is changingThis is changing……
![Page 14: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/14.jpg)
Worms:Worms:
SubSub--class of Virusclass of VirusReplicated Automatically without human Replicated Automatically without human helphelpExample is eExample is e--mail address book attackmail address book attackBogs down networks and InternetBogs down networks and Internet
Think of a multiThink of a multi--level marketing company!level marketing company!
Sasser, Blaster are examplesSasser, Blaster are examples
![Page 15: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/15.jpg)
Worms:Worms:
Scary part Scary part –– you donyou don’’t have to do anything t have to do anything but turn your computer on!but turn your computer on!
![Page 16: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/16.jpg)
Trojan HorseTrojan Horse
Program that appears to be a Program that appears to be a ““goodgood””program, but isnprogram, but isn’’ttMight do what it is supposed to, plus more!Might do what it is supposed to, plus more!Some Spyware falls in this categorySome Spyware falls in this category
![Page 17: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/17.jpg)
Spyware:Spyware:
Defined as software that collects Defined as software that collects information about you.information about you.This might be OK, it might notThis might be OK, it might not
Web page collecting anonymous Web page collecting anonymous ““clickclick”” datadataRecording your bank # and passwordRecording your bank # and password
Many of these are not badMany of these are not badYou sign up for a music service, it gathers web You sign up for a music service, it gathers web site data, then sends you targeted site data, then sends you targeted advertisements that you might likeadvertisements that you might like
![Page 18: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/18.jpg)
Spyware:Spyware:
Much of it is badMuch of it is badExample: Toolbar programsExample: Toolbar programs
Once the toolbar program is installed, it can Once the toolbar program is installed, it can collect anything it wants to.collect anything it wants to.Record your keystrokes, then Record your keystrokes, then ““phone homephone home””Record websites, names & passwordsRecord websites, names & passwords
Even if you remove them, they leave Even if you remove them, they leave ““bread bread crumbscrumbs”” so that they reso that they re--install themselvesinstall themselves
![Page 19: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/19.jpg)
Spyware:Spyware:
Ever get popEver get pop--ups that constantly ask for ups that constantly ask for you to click you to click ““OKOK”” and wonand won’’t go away?t go away?This is Spyware or a virus of some sortThis is Spyware or a virus of some sort
![Page 20: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/20.jpg)
Phishing:Phishing:
Not a virus, but ways to trick you into giving Not a virus, but ways to trick you into giving up personal informationup personal informationSee See http://www.antiphishing.orghttp://www.antiphishing.org for a lot of for a lot of examplesexamples
![Page 21: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/21.jpg)
Visible link: http://signin.ebay.com/aw-cgi/eBayISAPI.dll?Verify
Called link: http://signin_ebay_com_account.rndsystems.co.kr:7308/ebay.htm
![Page 22: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/22.jpg)
![Page 23: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/23.jpg)
![Page 24: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/24.jpg)
![Page 25: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/25.jpg)
![Page 26: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/26.jpg)
![Page 27: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/27.jpg)
![Page 28: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/28.jpg)
![Page 29: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/29.jpg)
![Page 30: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/30.jpg)
![Page 31: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/31.jpg)
![Page 32: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/32.jpg)
How It SpreadsHow It Spreads
Virtually all worms and trojan horses, etc. are Virtually all worms and trojan horses, etc. are spread through espread through e--mailmailOne person gets, they tell all their friends, One person gets, they tell all their friends, they tell all they tell all theirtheir friends, etc.friends, etc.Ever seen Ever seen ““My Picture.jpg .exeMy Picture.jpg .exe””Users get tricked into clicking OKUsers get tricked into clicking OK
![Page 33: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/33.jpg)
How to Protect YourselfHow to Protect Yourself
![Page 34: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/34.jpg)
Practice Good Surfing SensePractice Good Surfing Sense
You know there are bad parts of town that You know there are bad parts of town that you donyou don’’t go to t go to The Internet is the same way The Internet is the same way –– be wary!be wary!
![Page 35: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/35.jpg)
#1 Rule#1 Rule
Never download or open something, if you Never download or open something, if you dondon’’t know what it ist know what it isEven if you know the sender by name, Even if you know the sender by name, check with them to see if they sent you check with them to see if they sent you somethingsomethingTrue companyTrue company--based ebased e--mails never send mails never send attachmentsattachments
Make sure the link actually goes to their site & not a Make sure the link actually goes to their site & not a spoofed one!spoofed one!
Only download what you trust, and even Only download what you trust, and even then be wary!then be wary!
![Page 36: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/36.jpg)
Points to PonderPoints to Ponder
Have you ever received an eHave you ever received an e--mail telling mail telling you that you have a virus?you that you have a virus?You might, or might notYou might, or might not……
Your address couldYour address could’’ve been spoofed to ve been spoofed to someone elsesomeone elseCould be a trick to get you to install some Could be a trick to get you to install some ““antianti--virusvirus”” or or ““patchpatch”” (which is really a virus itself!)(which is really a virus itself!)
![Page 37: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/37.jpg)
How to Get Secure, Stay SecureHow to Get Secure, Stay SecureStep 1 Step 1 –– DonDon’’t change Internet Explorer t change Internet Explorer ““ZoneZone””settings below settings below ““MediumMedium””Step 2 Step 2 –– DonDon’’t take downloads from strangerst take downloads from strangers
Only install what you trustOnly install what you trust““freefree”” music & file sharing programs are wide open music & file sharing programs are wide open doors for hackersdoors for hackers
Step 3 Step 3 –– Try to see if you have any issues alreadyTry to see if you have any issues alreadyDoes your browser open to a new home page, or Does your browser open to a new home page, or search page?search page?Increase in advertisements & popIncrease in advertisements & pop--ups?ups?Computer seems sluggish?Computer seems sluggish?
![Page 38: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/38.jpg)
How to Get Secure, Stay SecureHow to Get Secure, Stay Secure
Step 4 Step 4 –– Get a detect & removal tool for Get a detect & removal tool for spyware (Spybot Search & Destroy is good)spyware (Spybot Search & Destroy is good)Step 5 Step 5 –– Get some antivirus software Get some antivirus software (Norton, McAfee, etc.)(Norton, McAfee, etc.)Step 6 Step 6 –– Get a Firewall (Service Pack 2 or Get a Firewall (Service Pack 2 or some other)some other)Step 7 Step 7 –– Keep everything upKeep everything up--toto--date!date!
Windows Automatic Updates, AntiWindows Automatic Updates, Anti--virus, Spywarevirus, Spyware
![Page 39: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/39.jpg)
What is Microsoft Doing to Help?What is Microsoft Doing to Help?
Block HTML in eBlock HTML in e--mail by defaultmail by default.EXE, .BAT, etc files are blocked.EXE, .BAT, etc files are blockedWarnings when eWarnings when e--mail is sent automaticallymail is sent automaticallyBehavior Blocking technologiesBehavior Blocking technologiesService Pack 2 on Windows XPService Pack 2 on Windows XP
Firewall, popFirewall, pop--up blocker, othersup blocker, others
Working with Law EnforcementWorking with Law EnforcementReward moneyReward money
$250,000 for $250,000 for SasserSasser paid!paid!
![Page 40: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/40.jpg)
ResourcesResourcesGeneralGeneralhttp://www.microsoft.com/securityhttp://www.microsoft.com/security
ConsumersConsumershttp://www.microsoft.com/protecthttp://www.microsoft.com/protect
IT ProfessionalsIT Professionalshttp://www.microsoft.com/technet/securityhttp://www.microsoft.com/technet/security
Patch ManagementPatch Managementhttp://www.microsoft.com/technet/security/topics/patchhttp://www.microsoft.com/technet/security/topics/patch
Info on Virus, Worms, etc.Info on Virus, Worms, etc.http://www.microsoft.com/athome/security/viruses/virus101.mspxhttp://www.microsoft.com/athome/security/viruses/virus101.mspx
Info on SpywareInfo on Spywarehttp://www.microsoft.com/athome/security/spyware/devioussoftwarehttp://www.microsoft.com/athome/security/spyware/devioussoftware.mspx.mspxhttp://www.microsoft.com/windowsxp/using/security/expert/honeycuhttp://www.microsoft.com/windowsxp/using/security/expert/honeycutt_spytt_spyware.mspxware.mspx
![Page 41: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/41.jpg)
Now for the Gentle Q&ANow for the Gentle Q&A……
![Page 42: Desktop Security for Students - Purdue University College ......Spyware: Defined as software that collects information about you. This might be OK, it might not Web page collecting](https://reader036.vdocuments.mx/reader036/viewer/2022070809/5f087dac7e708231d4224598/html5/thumbnails/42.jpg)
© 2004 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.