2. 2
Nowadays, everyone has computers, digital
data, online identity and account credentials.
Not everyone is serious about security.
But malicious hackers are constantly looking for
weaknesses of their prey in order to
successfully execute their malicious activities on
the internet.
In this session, we’ll examine our common
mistakes and how hackers exploit that mistakes.
Let us think likes HACKERS!
Introduction
8. 8
Access Control
Work-Related Information
company information
(structure, process, systems)
corporate email
business applications access
business servers access
business documents
customer information
vendor information
Personal-Related Information
personal information
personal emails
online banking
social networking
personal documents
personal photos
your dirty little secrets
Welcome!
This lesson will highlight the common mistake and misconception on how we secure our computer against potential attackers from malicious attackers. Most of us feel that we are in state of security due to we have password and antivirus software.
However, we are not secure as we think. Actually we are so vulnerable to be compromised by malicious attackers. By completing this lesson, we will be equipped with the defensive techniques to secure our computer.
It is expected to get ready with the following requirement before commencing the lesson:
Turn on the computer and ensure internet access is available
Identify the operating system (OS type, version, service pack) e.g. Windows XP SP3
make sure the antivirus is turn on
Now, let secure the computer!
In the digital world era, we ought to have some degree of engagement in the digital world. Inevitably we have digital identity, digital data and online accounts that need to be secured from online dangers. Sad but true, not everyone is serious about security.
The notion of ‘no one wants to hack us’ is completely untrue in the midst of cyber criminals monetize their malicious activities in multibillion dollars underground economy. Username and password of online account, personal details and banking information can be sold in underground market. Believe it or not.
Let us think likes hackers in order to understand the common security vulnerabilities in our computers. Think likes hackers and not like typical computers users. Hackers target the vulnerable computers and they do not bother who we are – high social status, top position or highly educated.
The threats are real!
To kick start our brains, it is recommended to have quick glance on what is operating system and Microsoft Operating System products.
To know about operating system, please check the following website
List of Operating System - http://en.wikipedia.org/wiki/List_of_operating_systems
Operating System - http://en.wikipedia.org/wiki/Operating_system
Windows Operating System - http://en.wikipedia.org/wiki/Windows
To look out Microsoft Windows products, please check the following website
Windows XP - http://windows.microsoft.com/en-US/windows/products/windows-xp
Windows Vista - http://windows.microsoft.com/en-US/windows-vista/products/home
Windows 7 - http://windows.microsoft.com/en-US/windows7/products/home
Once we completed this lesson, we will be able
to understand the common threat vectors from the hackers’ perspective
to configure the computer safely from the users’ perspective
Remember that there are two perspectives towards computer security stance
Users’ Perspective
Most users are more focused on how to use computer to do their daily tasks but not so much
about their security
Hackers’ Perspective
Hackers are constantly finding for the weakness of each components to ensure the success of
malicious attack
In this lesson, we will learn 10 basic step for protecting our computers from possible attacks by malicious attackers as well as our common mistakes and perception about computer security i.e.
configuring user account at Windows Logon
setting the strong password
ensuring up to date signature update in Antivirus Software
securing Operating System
patching up the Application
managing Patches Update
managing secure Internet Access
handling Networking Devices (wireless keyboard, web cam)
handling External Devices (USB thumb drive, CD/DVD, external HD)
ensuring safe Online Surfing
By following these 10 basic steps for protecting our computers, we minimize our risks to be potential target of malicious attackers.
Secure the Computer #1 - Windows Logon
The first and foremost in protecting our computers, we need to configure three important settings in our operating system i.e.
logon screen
screen saver
user management
To setting up this windows logon, please refer to this control panel menu
user account menu - Control Panel\User Accounts
select the submenu
- Change your account picture
- Add or remove user accounts
- Change your Windows password
The importance of logon screen at Windows start up is very critical!
We can categorize the computer users into
administrator - this user account allows super-user privilege i.e. install, remove, delete, modify
owner - this user account only read, write but not super-user privilege
guest - this user account has limited privilege compared to owner and administrator
Bear in mind that we do not
guest user to access our data except only us to have that privilege on our computer
allow unauthorized installation, uninstallation or delete from our computer
unauthorised access to our computer with our permission
In the event of unattended computer, we do not want other people can easily access our computer without our permission. Therefore it is recommended to have password-protected screen saver.
We can leave our computer with peace of mind.
Commonly we have two main reasons to do this settings
to protect our data from theft, tampering
no malicious software being installed by someone who access our computer with permission
Remember just press Ctrl, Alt and Delete buttons simultaneously to lock the screen.
If our computers do not have password protected at windows logon and screen saver, malicious attackers can easily access our computer.
Our precious data inside the computer has potential value from the eye of malicious attackers. It can be categorized into
work related information
personal related information
Do secure our data!
Let assume that malicious attacker access our computer, he/she will able to install software keylogger to logs all our keystroke on the keyboard.
The Keylogger allows you to secretly track all activities from all computer users and automatically receive logs to a desire e-mail.
Keylogger can be categorized into
software-based keylogger
hardware-based keylogger
For further information, please refer to this link
Keylogging - http://en.wikipedia.org/wiki/Keystroke_logging
Hardware keylogger - http://en.wikipedia.org/wiki/Hardware_keylogger
To manage user accounts that have been created, please refer to control panel menu
user account menu - Control Panel\User Accounts
select the submenu
- Change your account picture (personalization preferences)
- Add or remove user accounts (to add or remove different users)
- Change your Windows password (to create different password for each account)
Refresher note
administrator - this user account allows super-user privilege i.e. install, remove, delete, modify
owner - this user account only read, write but not super-user privilege
guest - this user account has limited privilege compared to owner and administrator
Secure the Computer #2 - Password
Now we continue with second defensive technique i.e. managing our passwords. Generally there are two kinds of password protection
operating system-based password e.g. windows logon based on user account
file-based password - password-protected PDF document
online account password - Gmail account
It is vital for us to know on how we manage these types of passwords in order to secure our accounts and personal data.
Questions: 1) How many accounts that we have at the moment?
2) Do we know how strong our password’ strength?
3) Do we manage our account properly?
In general, we, sometime, believe that we already secured since we have a password. Think again!
Let examine our password’s strength.
The strength of a password depends on the different types of characters that we use, the overall length of the password, and whether the password can be found in a dictionary. It should be 8 or more characters long.
To check our password’s strength, please open up this website
Microsoft’ s Password Checker - https://www.microsoft.com/security/pc-security/password-checker.aspx
This password checker does not collect, store, or transmit information. The security of the passwords typed into this password checker is similar to the security of the password we enter when we log on to Windows. The password we enter is checked and validated on our computer. It is not sent over the Internet.
For further references about managing password, please refer to these websites
Create Strong Password - http://www.microsoft.com/security/online-privacy/passwords-create.aspx
Change Your Windows Password - http://windows.microsoft.com/en-US/windows7/Change-your-Windows-password
IMPORTANT MESSAGE – Do not use the same username and password for all accounts!
Why?
The malicious attackers are always use three types of password attacks:
password guessing - to guess the password based on common password, target info
password cracking - to use password hacking tool to crack the algorithm based on system specs
pass-the-hash - to use OS hashing information to crack the algorithm
In this case, if one of our account has been compromised (e.g. Gmail account), malicious attacker would probably to guess other popular account by using the same username and password. It’s very dangerous indeed.
There are many information on the internet on how to secure our password
Google - https://accounts.google.com/PasswordHelp
Facebook - http://www.facebook.com/pages/Password-strength/110289669021489
LifeHacker - http://lifehacker.com/5445101/your-passwords-arent-as-secure-as-you-think-heres-how-to-fix-that
Do read them!
If we do not care about our password, there is always someone do care i.e. malicious attackers!
Avoid the same mistake.
To learn more on hackable password, please refer to this infographic- http://dailyinfographic.com/top-hackable-passwords-infographic
Secure the Computer #3 - Antivirus Software
It is BIG mistake to assume that we are secure because of we have antivirus software installed in our computer. Are we sure?
Lets examine these three scenarios:
our antivirus software has outdated virus signature
our antivirus software has been corrupted by smart malware to turn of f antivirus software from
running properly
our antivirus software has limited security protection coverage to secure from other source of
potential attacks
It is recommended to change our mindset and perception about antivirus.
For further references about antivirus, please refer to these websites
Antivirus Software - http://en.wikipedia.org/wiki/Antivirus_software
List of Antivirus Software - http://en.wikipedia.org/wiki/List_of_antivirus_software
List of Computer Viruses - http://en.wikipedia.org/wiki/List_of_computer_viruses
In general, there are three types of antivirus software
free edition antivirus software - limited protection coverage and basically trial use but no time
limits or expiry date on this free edition antivirus.
commercial edition antivirus software - to scan, remove and protect with comprehensive
coverage and usually with extra functionality compared to free edition antivirus software
online scanner edition - to scan the computers from remote server and no virus removal
Another note, do not assume that the virus attack only happen in Windows platform! There is virus attacks on other platforms such as Linux, Mac OS X as well as mobile phones.
To choose the right antivirus software, we need to consider which antivirus would suit for our needs and not because of it is free!
The following consideration factors might help us to choose the right antivirus software:
operating system - Windows. Mac OS X, Linux or mobile OS
antivirus protection - file antivirus, web antivirus, email antivirus, social network antivirus etc
memory use - how much antivirus memory use utilization to perform its functions
computer performance – does antivirus affect overall performance?
To know more about antivirus comparison, please visit these websites:
Antivirus Ranking - http://anti-virus-software-review.toptenreviews.com/
Best Antivirus for 2012 - http://www.pcmag.com/article2/0,2817,2372364,00.asp
Antivirus Performance Tests - http://www.antivirusware.com/testing/performance/
Choose wisely!
It is advisable to scan our computer by using third party antivirus and not antivirus that we installed inside our computer.
Why?
Maybe our antivirus have been ‘malfunctioned’ due to outdated virus signature or corrupted by newest antivirus . Therefore when we scan our computer, the result shows 0 infections.
Lets try these online scanners to double check on virus infection inside our computer.
There are numbers of online scanners on the internet:
BitDefender - http://www.bitdefender.com/scanner/online/free.html
ESET - http://www.eset.com/us/online-scanner/
Kaspersky Lab - http://www.kaspersky.com/virusscanner
TrendMicro - http://housecall.trendmicro.com/
F-Secure - http://www.f-secure.com/en/web/labs_global/removal/online-scanner
Avast - http://onlinescan.avast.com/
Windows operating system (Windows XP, Vista and Windows 7) provides the security dashboard in order to ensure the our computer is in the state of good security protection.
Windows Security Center indicates four different security setting need to be alerted by computer users
Firewall - choose Windows Firewall or antivirus firewall
Automatic Updating - to update newest patches from Microsoft Update
Malware Protection - to update newest virus signatures
Other Security Settings - to configure internet security settings and user account control
To open Windows Security Center, click Windows Start > Control Panel > Security > Check this computer’s security status
Make sure that it’s all green in all settings (Firewall, Automatic Updating, Malware Protection and Other Settings).
It is important for us to ensure our virus signature to be updated.
Every new virus creation, the antivirus developer need to identify these viruses by creating virus signature. These virus signatures need to be updated in local database of our antivirus software so that we can be protected against these newest viruses .
No point having antivirus with outdated virus signature. Please update virus signature, now!
Secure the Computer #4 - Operating System
Most of Windows users has one of these three major Windows operating system i.e.
Windows XP - http://en.wikipedia.org/wiki/Windows_XP
Windows Vista - http://en.wikipedia.org/wiki/Windows_vista
Windows 7 - http://en.wikipedia.org/wiki/Windows_7
Depending on these operating system, we need to secure our operating system in term of
service pack installation
validate genuine product for Windows operation system and Microsoft Office
searching out Microsoft support for technical security and operational references
To learn more about Windows operating systems
Windows XP - http://windows.microsoft.com/en-MY/windows/help/windows-xp
Windows Vista - http://windows.microsoft.com/en-MY/windows-vista/help
Windows 7 - http://windows.microsoft.com/en-MY/windows7/help
Service Pack Center includes three major release of Windows operating systems i.e.
Windows XP (has three service packs i.e. SP1, SP2 and SP3)
Windows XP Service Pack 3 (SP3) is an important update that includes previously released
security, performance, and stability updates for Windows XP.
Windows Vista (has two service packs i.e. SP1 and SP2)
Windows Vista Service Pack 2 (SP2) includes support for new types of hardware and emerging
hardware standards and includes all of the updates that have been released since SP1.
Windows 7 (has only one service pack i.e. SP1)
Windows 7 Service Pack 1 (SP1) is an important update that includes previously released security,
performance, and stability updates for Windows 7. Installing SP1 helps keep Windows 7 up to
date.
To know more about Windows service center, please refer to these websites
Service Pack Center - http://windows.microsoft.com/en-MY/windows/downloads/service-packs
Windows XP (SP3) - http://windows.microsoft.com/en-MY/windows/help/learn-how-to-install-windows-xp-service-pack-3-sp3
Windows Vista (SP2) - http://windows.microsoft.com/en-MY/windows-vista/Learn-how-to-install-Windows-Vista-Service-Pack-2-SP2
Windows 7 (SP1) - http://windows.microsoft.com/en-MY/windows7/learn-how-to-install-windows-7-service-pack-1-sp1
Genuine Windows is published by Microsoft, properly licensed, and supported. With genuine Windows you get access to support, updates, and downloads to help to get the most from our PC. Whereas, Genuine Microsoft Office provides unique value, ongoing updates, and enhancements from Microsoft that counterfeit versions of Office do not.
To start validation of Genuine Windows and Office, please visit this website - http://www.microsoft.com/genuine/validate/
To learn more about Microsoft genuine products, please visit these websites:
Genuine Windows - http://windows.microsoft.com/en-us/windows/genuine
Genuine Office - http://office.microsoft.com/en-us/products/benefits-of-genuine-office-HA010205597.aspx
Windows Genuine Advantage - http://en.wikipedia.org/wiki/Windows_Genuine_Advantage
What to look for - http://www.microsoft.com/en-us/howtotell/Software.aspx#Packaging
How to report - https://www.microsoft.com/en-us/howtotell/cfr/Report.aspx
Microsoft Fixit Center
Automatically diagnose and repair common software problems in Windows, Internet Explorer or other Microsoft products with Microsoft Fix it solutions. Microsoft Fix it Center makes getting support easier than ever because automatic troubleshooters solve the issues we have now and prevent new ones.
To diagnose and repair by using Microsoft Fixit, please visit this website - (http://support.microsoft.com/fixit/)
Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it's no longer supported or sold. Knowing key dates in this lifecycle helps us make informed decisions about when to upgrade or make other changes to our software.
End of sales refers to the date when a particular version of Windows is no longer shipped to retailers or Original Equipment Manufacturers (OEMs). Examples of OEMS are Dell and Toshiba - PC manufacturers who often preinstall Windows software. When a version of Windows reaches its end of sales date, it's a good time to think about upgrading.
(Windows XP - June 30, 2008 , Windows Vista - October 22, 2010 , Windows 7 - To be determined )
End of support refers to the date when Microsoft no longer provides automatic fixes, updates, or online technical assistance. Without Microsoft support, we will no longer receive security updates that can help protect our PC from harmful viruses, spyware, and other malicious software that can steal our personal information.
(Windows XP - April 14, 2009, Windows Vista - April 10, 2012 , Windows 7 - To be determined )
To explore about Microsoft Support and Lifecycle Information, please visit these website
Microsoft Support - http://support.microsoft.com/
Microsoft Lifecycle Information - http://support.microsoft.com/gp/lifeselect
Secure the Computer #5 - Application
In order to perform specific functions such as word processing, spreadsheet or other tasks, we need to install the appropriate application software based on operating systems. For instance, if we need to develop presentation slide, we need to install Microsoft PowerPoint (Windows OS) or Keynote (Mac OS X). These applications are not just office-related tasks but it also include utility software, gaming, social networking application as well.
These application could be purchased from retail store or online store. However some of us would prefer to use illegal application software in order to use these application. Morally, it’s wrong and unethical to do such behaviour.
To learn about application software, please visit these websites
Computer Software - http://en.wikipedia.org/wiki/Computer_software
Application Software - http://en.wikipedia.org/wiki/Application_software
Utility Software - http://en.wikipedia.org/wiki/Utility_software
To purchase the application software, there are many online store on the internet that sells these application. The lists are as follows:
Microsoft Store Online - http://www.microsoftstore.com/store/msstore/en_US/home
Mac App Store - http://www.apple.com/mac/app-store/
Android Market - https://market.android.com/
Chrome Web Store - https://chrome.google.com/webstore/category/home
Windows Phone Market Place - http://www.windowsphone.com/en-US/marketplace
Blackberry App World - http://us.blackberry.com/apps-software/appworld/
Buy the original application software to get continuous support and other updates from software developer.
Software cracking is the modification of application software to remove or disable features which are considered undesirable by the computer user cracking the software, usually related to copyright protection, trial/demo version, serial number, hardware key, date checks. Therefore the computer users will enjoy the full benefit as if they purchased the software application.
However most of cracked software applications are bundled with malicious code in the installation files. Watch out!
The rogue security software may then attempt to entice the user into purchasing a service or additional software by:
Alerting the user with the fake or simulated detection of malware
Displaying an animation simulating a system crash and reboot
Prevent anti-malware programs from running, disable automatic updates and block access
websites of anti-malware vendors.
To learn more about rogue antivirus, please refer to these websites;
Rogue antispyware - http://en.wikipedia.org/wiki/Rogue_AntiSpyware
Rogue Security Software - http://en.wikipedia.org/wiki/Rogue_security_software
Microsoft Rogue Security Software & Fake Virus Alert - http://www.microsoft.com/security/pc-security/antivirus-rogue.aspx
Potentially Unwanted Application (PUA) is a term used to describe applications that, while not malicious, are generally considered unsuitable for business networks. The major PUA classifications are:
adware - http://en.wikipedia.org/wiki/Adware
dialer - http://en.wikipedia.org/wiki/Dialer
non-malicious spyware - http://en.wikipedia.org/wiki/Spyware
remote administration tools
hacking tools
Important advice: Potentially Unwanted Program may be bundled with other free software during installation file. Be caution when installing free software and please read before do any click when installing the software.
Secure the Computer #6 - Patches Updates
A patch is a piece of software designed to fix problems with, or update a application software or its supporting data. This includes fixing security flaws and other bugs and improving the usability and performance.
There are three types of patch updates
operating system (service packs and patch updates)
Microsoft products (windows update)
Non Microsoft products (third party update)
Let examine on how to update these patches on our computer.
Microsoft Download Center is one stop center to download all Microsoft products ranging from computer and games to mobile phone. These downloads can be categorized into
compatibility and converters
service packs
security updated and tools
clip arts and templates
drivers
extension
IT professional resources
developer resources
Take time to explore the Microsoft Download Center.
Let check our computer.
Open Windows Update windows - Control Panel\Security\Windows Update and update any updates if available
To learn more about Windows updates, please refer to these websites:
Windows Updates - http://en.wikipedia.org/wiki/Windows_Update
Bear in mind that Microsoft updates their products only by using Windows Update. In our computers, there are also third-party application software which is non Microsoft products. Therefore, we leave non Microsoft products in unpatched status.
Therefore, it is recommended to install Secunia Personal Software Inspector (Secunia PSI). The Secunia PSI program allows users to view any out of date programs installed on a user's computer. It also allows the user to quickly and easily upgrade to new and secure versions of applications installed on a computer.
To download Secunia PSI, please refer to this website http://secunia.com/vulnerability_scanning/personal/
Have a time to scan unpatched application software and update them.
Secure the Computer #7 - Internet Access
Previously we’ve learnt on how to protect our computers by applying these security configurations
activating Windows Firewall
installing antivirus software with up-to-date virus signature
updating service packs, patches updates
managing user accounts with strong passwords
The next lesson, we will learn on how to surf the internet by knowing the safe location for access internet whether wired network, wireless network or other people’s computer.
If we access the internet via wired network such as office network by using our computer, the odds to be compromised are relatively low due to office networks are
well-maintained with network security defensive devices implemented within network perimeter
managed by IT professional and security professional
Therefore we are not susceptible to possible attacks from the internet such as web application attacks, virus and malware and remote code execution.
If we access internet via wireless network (public hotspots or any organisation hotspots), the odds to be compromised are relatively high due to wireless networks suffer from many flaws such as
no encryption & weak encryption being used to encrypt wireless data
spoofed wireless access points employed by wireless attacker to trick the wireless users
It is recommended that we do not
login any online accounts while using wireless networks
do not perform any financial transaction
Watch out when we at wireless hotspots!
Secure the Computer #8 - Networking Devices
Another potential threats are wireless keyboard and webcam devices. These devices could be hacked by malicious attackers. To illustrate the security impacts on these devices
when we type using wireless keyboard, every keystroke will be send wirelessly to the computer
and these wireless data can be intercepted by malicious attackers. Consequently, our data can be
reconstructed by using packet analyzer. Just imagine if we log on the online account, the malicious
attacker will obtain our account credentials.
malicious attacker could turn on our webcam remotely without our permission or consent and
it’s just we have been exposed to internet visually. OMG!
Question: Do we have wireless keyboard or webcam?
The team of Dreamlab Technologies has hacked two wireless keyboards from Microsoft. Dreamlab warns that it is possible to “sniff” the keyboard strokes that are made. What this means is that it is possible to capture and decrypt keystrokes, meaning that user names, passwords, bank details or confidential correspondence can be very easily copied.
To know more about wireless Microsoft keyboard, please visit this website - https://www.dreamlab.net/files/articles/27_Mhz_keyboard_insecurities.pdf
An antivirus company, Sophos has warned computer users about a worm that has the capability to use webcams to spy on them in their home or workplace.
The W32/Rbot-GR worm (also known as the "Peeping Tom" worm) spreads via network shares, exploiting a number of Microsoft security vulnerabilities, installing a backdoor Trojan horse as it travels.
Once installed on an infected computer remote malicious attacker can easily gain access to the information on the PC's hard drive and steal passwords, as well as turn on webcam to spy on them. Dangerous, hah?
Secure the Computer #9 - External Devices
Malicious software including virus can spread through external devices i.e. thumb drives, external hardisk and CD/DVD. Most of us are do not scan these devices when we plug in to our computers. Depending on our antivirus features, we ought to scan these devices before using them.
Please ensure that antivirus software’s virus signature is up-to-date!
The main purpose of Autorun is to provide a software response to hardware actions that we start on a computer.
During AutoPlay, the Autorun.inf file from the media is parsed. This file specifies which commands the system runs.
If we enable the settings to disable AutoPlay, we can disable AutoPlay on a CD drive, on removable media drives, on all drives.
Because malicious code may be executed without our knowledge or consent, we may want to disable this feature for security concerns.
Secure the Computer #10 - Online Surfing
To secure our online surfing experience, we need to ensure the following steps
securing our web browser by updating the newest version web browser
do not visiting at malicious website
beware of phishing website
Please open Windows Security Center, click Windows Start > Control Panel > Security > Check this computer’s security status - make sure all green!
Refresher:
Windows Security Center indicates four different security setting need to be alerted by computer users
Firewall - choose Windows Firewall or antivirus firewall
Automatic Updating - to update newest patches from Microsoft Update
Malware Protection - to update newest virus signatures
Other Security Settings - to configure internet security settings and user account control
Browser is our main interface to locate, retrieve and also display content on the world wide web (WWW) including web pages, images, video and other files. The browser is the client application run on a computer that contacts the Web server and requests information. The web server sends the information back to the Web browser which displays the results on the computer or other Internet-enabled device that supports a browser.
It is recommended to update our browser to the newest version of browser in order to mitigate the web browser attacks by the malicious attacker. Please check the following website:
Internet Explorer - http://windows.microsoft.com/en-MY/internet-explorer/products/ie/home
Mozilla Firefox - http://www.mozilla.org/en-US/firefox/new/
Apple Safari - http://www.apple.com/safari/
Google Chrome - https://www.google.com/chrome
Note: Some of web browsers have automatic update features. For sake of our own security, please verify our web browser is up-to-date version.
For information about web browser, please refer to these websites
What Browser? - http://www.whatbrowser.org/en/
Web Browser - http://en.wikipedia.org/wiki/Web_browser
To set preferences i.e. never save password no Autofill features
open Preferences (Personal Stuff ) Menu - chrome://settings/personal
choose ‘Never save password’
never choose ‘Enable Autofill to fill out web forms in a single click’
To clear all browsing history, download history, cache, cookies and Autofill,
open Clear Browsing Data Menu - chrome://settings/clearBrowserData
choose all items
press ‘Clear Browsing Data’
Be aware that malicious software is often installed without our knowledge or permission when we visit these sites, and can include programs that delete data on our computer, steal personal information such as passwords and credit card numbers, or alter our search results.
Two types of warning messages provided by Google Search Engine and Mozilla Firefox
Google Warning Message
The following warning message appears beneath the title of search results Google identified as
sites that may install malicious software on our computer: "This site may harm your computer.“
If we click the title of the result, we'll be shown a page with the following warning message at
the top rather than being taken immediately to the webpage in question:"Warning - visiting this
web site may harm your computer!"
Mozilla Firefox Warning Message
Firefox 3 or later contains built-in Phishing and Malware Protection to help keep us safe online.
These features will warn us when a page we visit has been reported as a Web Forgery of a
legitimate site (sometimes called “phishing” pages) or as an Attack Site designed to harm your
computer (otherwise known as malware).
For more information on these types of sites, please visit this website - http://www.stopbadware.org/home/badware
Web Forgery (also known as “Phishing”) is a form of identity theft that occurs when a malicious Web site impersonates a legitimate one in order to trick us into giving up sensitive information such as passwords, account details, or credit card numbers. Phishing attacks usually come from email messages that attempt to lure us into updating our personal information on fake, but very real looking, Web sites.
To know more about phishing, please visit these websites
Phishing - http://en.wikipedia.org/wiki/Phishing
Anti Phishing Working Group - http://www.antiphishing.org/
Get free security software against fast-moving, invisible threats, and hacked web sites. Download free AVG LinkScanner and get additional layer of security.
AVG LinkScanner has two key features that protect us:
Surf-Shield scans pages behind their links before we click on them. It does the same thing every
time we enter a web address into your browser. If the page is infected, it simply prevents us from
opening it.
Search-Shield scans your Google, Yahoo! and Bing search results and places a safety rating next to
each link, letting we know which sites can be trusted and which are to be avoided.
To download AVG LinkScanner, please visit this website - http://linkscanner.avg.com/
In summary, we’ve learnt 10 basic step for protecting our computers from possible attacks by malicious attackers as well as our common mistakes and perception about computer security i.e.
Windows Logon
to set username and password for three types of users i.e. administrator account (super user)
our account and guest account
Password
to verify the password’s strength and set the strong password based on the recommendation
Antivirus Software
to install the comprehensive protection antivirus and update virus signature
Operating System
to verify the genuine operating system software and office suite application, update service pack
Application
to identify the original application, cracked application, rogue application and potential unwanted
application
Patches Update
to update Microsoft product and other application patches
Internet Access
to identify threats while accessing the internet in three scenarios (wired network, wireless
network and other computer)
Networking Devices
to identify threats of networking devices: wireless keyboard, web cam
External Devices
to identify threats of external devices: USB thumb drive, CD/DVD, external HD
Online Surfing
to identify threats in web browser and malicious website
Act Now! Secure the computer.
To learn and not to do is time-wasting effort!
Please ensure the security state of computers i.e. netbook, laptop and desktop are in the good shape by following ten basic steps of protection our computers that we have learnt in this lessons.
Action Items (Security Checklist)
Windows Logon
Password
Antivirus Software
Operating System
Application
Patches Update
Internet Access
Networking Devices
External Devices
Online Surfing
