Opening QuestionWhat is Internet / Computer Security?• Brainstorm ideas
Today’s Agenda• Internet Security – Fact / Fiction• Anti-Virus, Malware, Spyware – what’s the difference? How do I get rid of them? – Free vs. Purchased Programs• Passwords – how to create strong passwords
What is a Computer Virus? Let’s watch a video from How Stuff Works
Internet Security Myths Taken from:http://techchunks.com/technology/top- 10-internet-safety-myths-debunked/
1. Web is safe as I’ve never been hit by malwareAccording to the Sophos report, many webusers may not even know if they are underconstant malware attack. The attacks aredesigned to steal personal information andpasswords or use your machine fordistributing spam, malware or inappropriatecontent without your knowledge.
2. Only p0rn sites are dangerousIf you think only p0rn and g@mbling sites arehome to hackers, here’s a reason to worry. Themajority of infected sites are websites thatyou trust and visit almost daily. The reportsays, hijacked trusted sites represent morethan 83% of malware hosting sites.
3. Only naive users get hit by virusesBeing a computer expert is not a sure shotformula to prevent you from falling victim toany cyber attack. Many attacks happen silentlywithout any user involvement. Malware fromdrive-by downloads happens automaticallywithout any user action, other than visitingthe site. Therefore, it doesn’t matter whatlevel of computer expertise you may have.
4. I can only get infected if I download files Most malware infections now occur through a “drive- by” download. Hackers inject the malicious code into the actual Web page content, then it downloads and executes automatically within the browser as a by- product of simply viewing the Web page. The malware is typically part of a professional exploit kit marketed and sold to hackers that leverages known exploits in the browser, operating system or plug-ins to infect the computer and download more malware. And this happens without a user having to do anything other than visit a hijacked Web site.
6. Lock icon in the browser means it’s secure When the lock icon appears in the browser, many of us believe we are opening a secure site. This is because the lock icon indicates there is an SSL encrypted connection between the browser and the server to protect the interception of personal sensitive information. However, the report says it does not provide any security from malware. In fact, it’s the opposite because most Web security products are completely blind to encrypted connections: it’s the perfect vehicle for malware to infiltrate a machine. There have been many cases where hackers emulate bank, credit card sites complete with spoofed SSL certificates that are difficult for a user to identify as fraudulent.
7. Installing Antivirus Software is SufficientAntivirus software is a commonly knownrequirement for Internet security. However, themyth that antivirus installed is all that is neededfor protection is dangerous for Internet surfers.Installing antivirus software is the start ofInternet security. Constant installation of thelatest virus definition files is required. Mostreputable antivirus software has monthly updatesfor definition files. Download them to ensure thecomputer can recognize newest threats.
8. Nothing Valuable is on the ComputerEven a laptop used for minor editing and writingcan lead to stolen information. Although the usercan often forget about it, casual use of acomputer can also lead to identity theft. If thecomputer has a network card, and it’s used forInternet connectivity, it can lead to a breach onthe machine’s security. Some users only use acomputer for email retrieval. Email is a point forhackers to send phishing emails that can lead tothe theft of passwords for banking and financewebsites.
9. Hackers Only Target Specific People This is a common thought for home users. Several scripts are available that allow others to find security holes on a computer. These people are called “script kiddies.” Script kiddies run common programs that find the security issues on machines that don’t have the latest security patches. For the best protection, purchase an antivirus program that protects against all types of hack attacks.
What happens when a computer has a virus This shaky video shows a virus in action
So, where do we start?• Make sure your Operating System (OS) is up- to-date – Windows Automatic Updates• Update your browser and all plug-ins (Flash, Java, PDF Reader, etc.)• Install Firewall – Windows comes with a firewall program (Security Centre in XP / Action Centre in Vista & 7) – Most routers/modems have built-in firewalls
Firewall• Firewalls prevent malware from reaching your machine through your network. They dont prevent things you control, like downloads or email, but rather stop attempts to connect to or infiltrate your machine without your knowledge or participation.
Anti-virus• Anti-virus programs scan for viruses and related malware by examining the files on your system for patterns of data that have been identified as being viruses. On some regular basis the database of patterns the programs use is updated to contain the latest information on known viruses.
Anti-spyware• Anti-spyware programs monitor your system as you use it for behaviours that are known to be spyware-related. For example, an anti- spyware program might trap attempts to change your browser home page, or attempts to install software that starts automatically.
Phishing• The bad guys, or "phishers", create an email that looks VERY much like an official email from some important entity, like eBay, MSN, Paypal, or perhaps a bank. The email asks you to visit some site that also looks very official and proper. At that site youre then prompted to enter all your personal information, typically in the guise of "verification".• Legitimate businesses never ask you for your private information via email.• Never click a link in the email itself. If you need to check, type the address yourself into the browser / search engine
Keylogger• A keylogger is spyware that “logs” or records your keystrokes or other activites on your machine. When you type in your user name and password to a website, the keystrokes are recorded, the information is saved, and these are made available to the hacker that put the keylogger on your computer. Keylogger programs can even take screen captures as you click your mouse, rendering many (if not most) attempts at bypassing keyloggers ineffective.
Internet Security Suites• "Internet security suites" are, in essence, bundles of two or more of the basics above, and typically also include additional security software or shortcuts as well. For example, one extremely popular internet security suite contains all three: anti-virus, anti-spyware and a firewall, as well as calling out "phishing" protection, keylogger protection, website reputation information, email and download monitoring, spam filtering, parental controls and even throws in some PC performance tools to boot.
To Do List• Install an Anti-Virus / Anti-Spyware Program – Microsoft Security Essentials, AVG Anti-Virus, Avast Free Antivirus, Avira Antivirus, Notron AntiVirus 2012
CNET• CNET is a website that has lots of software free to download – Be aware while all software is free to download, some are trail versions of paid software which expire after period of time• http://download.cnet.com/windows/security- software/
To Pay or Not To Pay• Free – No Technical Support – Some of Ads – Gets same protection update (virus definitions) as paid versions – Customize level of protection using a variety of programs• Paid – More features including parental controls, identity thief protection, and real-time monitoring – All-In-One – one program does everything (also, one program does everything and no program is perfect) – The more a program does, the more resources is uses
If Virus kill my computer……you’ll have to take your computer to aprofessional ORYou can try and do it yourself.
Passwords• Most security breaches are from easily hackable passwords. o Think of leaked photos, massive security• All the software & hardware won’t make a difference if you’ve got a bad password
Password - Don’t• Don’t use a dictionary word (a word that can be found in the dictionary, like “book” or “computer”)• Don’t use the same password for everything• Avoid writing down passwords – If you have to write down your password, don’t tape on the monitor, under the keyboard, or on top of the desktop
Password - Do• Include numbers, capital letters, & non- alphanumeric characters (e.g. &, %, #,!)• choose a memorable catchphrase, quotation, or easy-to-remember saying, and take the first letter from each word. – If the Shoe Fits, Wear It: itsfwi – I think, therefore I am: ittia• Lengthen your password by adding the website name or computer software name to the base phrase – For gmail: itsfwiGmail
Password - Do• Swap one or more of the password letters with a non-alphabetic character, and then purposely including uppercase and lowercase letters within the password – itsfwiGm@il• If you are using different passwords for differents websites, you can do yourself a favor by rotating portions of your passwords every few weeks
Password Managers• A password manager is software that helps a user organize passwords and PIN codes.• Typically, the software has a local database that holds the encrypted password data for secure logon onto computers, networks, web sites, and application data files.• Access all passwords using a Master Password/Passphrase
Popular Password Managers• KeePass• LastPass• 1Password• RoboForm• SplashID five best password managers
Password Managers• What are the positive reasons for using a password manager?• What are the negative reasons for using a password manager?
Create the Best Possible Password• Using the “Password – Do’s” create 3 password for different logins (email, computer, and bank)• Using the “Password – Don’t” think of the top 10 worst possible passwords
Mobile Security• Smart Phones can get viruses as well!• Open (non-secure) Wi-Fi hotspots can be very dangerous• Never connect to “Free Wireless” networks. Breeding ground for hackers, virus, and criminals• Never do any banking over open Wi-Fi.
Final Thoughts• Don’t mean to scare• If you follow some simple rules while on the Internet the likelihood of getting any virus goes down dramatically• Keep programs up-to-date, run your antivirus & anti-spyware programs regularly• Don’t download files from unknown sources• Be careful of files ending in “.exe”• Be aware of what sites you’re visiting