This document discusses various topics relating to computer and internet security. It defines common cyber threats like viruses, malware, spyware and provides tips on using antivirus software, firewalls, and strong passwords to enhance security. Specific myths about internet safety are debunked, such as thinking certain browsers are more secure or that only downloads can infect a device. Overall, the document stresses the importance of maintaining updated software, using caution online, and employing security measures like unique, complex passwords to help protect devices and information.
3. Today’s Agenda
• Internet Security – Fact / Fiction
• Anti-Virus, Malware, Spyware – what’s the
difference? How do I get rid of them?
– Free vs. Purchased Programs
• Passwords – how to create strong passwords
4. What is a Computer Virus?
Let’s watch a video from
How Stuff Works
6. 1. Web is safe as I’ve never been hit by
malware
According to the Sophos report, many web
users may not even know if they are under
constant malware attack. The attacks are
designed to steal personal information and
passwords or use your machine for
distributing spam, malware or inappropriate
content without your knowledge.
7. 2. Only p0rn sites are dangerous
If you think only p0rn and g@mbling sites are
home to hackers, here’s a reason to worry. The
majority of infected sites are websites that
you trust and visit almost daily. The report
says, hijacked trusted sites represent more
than 83% of malware hosting sites.
8. 3. Only naive users get hit by viruses
Being a computer expert is not a sure shot
formula to prevent you from falling victim to
any cyber attack. Many attacks happen silently
without any user involvement. Malware from
drive-by downloads happens automatically
without any user action, other than visiting
the site. Therefore, it doesn’t matter what
level of computer expertise you may have.
9. 4. I can only get infected if I download
files
Most malware infections now occur through a “drive-
by” download. Hackers inject the malicious code into
the actual Web page content, then it downloads and
executes automatically within the browser as a by-
product of simply viewing the Web page.
The malware is typically part of a professional exploit
kit marketed and sold to hackers that leverages known
exploits in the browser, operating system or plug-ins to
infect the computer and download more malware. And
this happens without a user having to do anything
other than visit a hijacked Web site.
10. 5. Firefox, or Chrome, is more secure
than Internet Explorer
There is no fool-proof browser that can prevent you
from falling prey to hackers’ trap. All browsers are
equally at risk because all browsers are essentially an
execution environment for JavaScript, which is the
programming language of the Web and therefore used
by all malware authors to initiate an attack
In addition, many exploits leverage plug-ins such as
Adobe Acrobat reader software, which runs across all
browsers. Although the more popular browsers may
get more publicity about unpatched exploits, it’s the
unpublicized exploits you should be most concerned
about.
11. 6. Lock icon in the browser means it’s
secure
When the lock icon appears in the browser, many of us
believe we are opening a secure site. This is because the
lock icon indicates there is an SSL encrypted connection
between the browser and the server to protect the
interception of personal sensitive information. However,
the report says it does not provide any security from
malware.
In fact, it’s the opposite because most Web security
products are completely blind to encrypted connections:
it’s the perfect vehicle for malware to infiltrate a machine.
There have been many cases where hackers emulate bank,
credit card sites complete with spoofed SSL certificates that
are difficult for a user to identify as fraudulent.
12. 7. Installing Antivirus Software is
Sufficient
Antivirus software is a commonly known
requirement for Internet security. However, the
myth that antivirus installed is all that is needed
for protection is dangerous for Internet surfers.
Installing antivirus software is the start of
Internet security. Constant installation of the
latest virus definition files is required. Most
reputable antivirus software has monthly updates
for definition files. Download them to ensure the
computer can recognize newest threats.
13. 8. Nothing Valuable is on the
Computer
Even a laptop used for minor editing and writing
can lead to stolen information. Although the user
can often forget about it, casual use of a
computer can also lead to identity theft. If the
computer has a network card, and it’s used for
Internet connectivity, it can lead to a breach on
the machine’s security. Some users only use a
computer for email retrieval. Email is a point for
hackers to send phishing emails that can lead to
the theft of passwords for banking and finance
websites.
14. 9. Hackers Only Target Specific People
This is a common thought for home users.
Several scripts are available that allow others
to find security holes on a computer. These
people are called “script kiddies.” Script
kiddies run common programs that find the
security issues on machines that don’t have
the latest security patches. For the best
protection, purchase an antivirus program
that protects against all types of hack attacks.
15. What happens when a computer has a
virus
This shaky video shows a virus in action
16. So, where do we start?
• Make sure your Operating System (OS) is up-
to-date
– Windows Automatic Updates
• Update your browser and all plug-ins (Flash,
Java, PDF Reader, etc.)
• Install Firewall
– Windows comes with a firewall program (Security
Centre in XP / Action Centre in Vista & 7)
– Most routers/modems have built-in firewalls
17. Firewall
• Firewalls prevent malware from reaching your
machine through your network. They don't
prevent things you control, like downloads or
email, but rather stop attempts to connect to
or infiltrate your machine without your
knowledge or participation.
18. Anti-virus
• Anti-virus programs scan for viruses and
related malware by examining the files on
your system for patterns of data that have
been identified as being viruses. On some
regular basis the database of patterns the
programs use is updated to contain the latest
information on known viruses.
19. Anti-spyware
• Anti-spyware programs monitor your system
as you use it for behaviours that are known to
be spyware-related. For example, an anti-
spyware program might trap attempts to
change your browser home page, or attempts
to install software that starts automatically.
20. Phishing
• The bad guys, or "phishers", create an email that looks
VERY much like an official email from some important
entity, like eBay, MSN, Paypal, or perhaps a bank. The
email asks you to visit some site that also looks very
official and proper. At that site you're then prompted
to enter all your personal information, typically in the
guise of "verification".
• Legitimate businesses never ask you for your private
information via email.
• Never click a link in the email itself. If you need to
check, type the address yourself into the browser /
search engine
21. Keylogger
• A keylogger is spyware that “logs” or records
your keystrokes or other activites on your
machine. When you type in your user name and
password to a website, the keystrokes are
recorded, the information is saved, and these are
made available to the hacker that put the
keylogger on your computer. Keylogger programs
can even take screen captures as you click your
mouse, rendering many (if not most) attempts at
bypassing keyloggers ineffective.
22. Internet Security Suites
• "Internet security suites" are, in essence,
bundles of two or more of the basics above, and
typically also include additional security software
or shortcuts as well. For example, one extremely
popular internet security suite contains all three:
anti-virus, anti-spyware and a firewall, as well as
calling out "phishing" protection, keylogger
protection, website reputation information, email
and download monitoring, spam filtering,
parental controls and even throws in some PC
performance tools to boot.
23. To Do List
• Install an Anti-Virus / Anti-Spyware Program
– Microsoft Security Essentials, AVG Anti-Virus,
Avast Free Antivirus, Avira Antivirus, Notron
AntiVirus 2012
24. CNET
• CNET is a website that has lots of software
free to download
– Be aware while all software is free to download,
some are trail versions of paid software which
expire after period of time
• http://download.cnet.com/windows/security-
software/
25. To Pay or Not To Pay
• Free
– No Technical Support
– Some of Ads
– Gets same protection update (virus definitions) as paid
versions
– Customize level of protection using a variety of programs
• Paid
– More features including parental controls, identity thief
protection, and real-time monitoring
– All-In-One – one program does everything (also, one
program does everything and no program is perfect)
– The more a program does, the more resources is uses
26. If Virus kill my computer…
…you’ll have to take your computer to a
professional
OR
You can try and do it yourself.
27. Passwords
• Most security breaches are from easily
hackable passwords.
o Think of leaked photos, massive security
• All the software & hardware won’t make a
difference if you’ve got a bad password
28. Password - Don’t
• Don’t use a dictionary word (a word that can
be found in the dictionary, like “book” or
“computer”)
• Don’t use the same password for everything
• Avoid writing down passwords
– If you have to write down your password, don’t
tape on the monitor, under the keyboard, or on
top of the desktop
29. Password - Do
• Include numbers, capital letters, & non-
alphanumeric characters (e.g. &, %, #,!)
• choose a memorable catchphrase, quotation, or
easy-to-remember saying, and take the first letter
from each word.
– If the Shoe Fits, Wear It: itsfwi
– I think, therefore I am: ittia
• Lengthen your password by adding the website
name or computer software name to the base
phrase
– For gmail: itsfwiGmail
30. Password - Do
• Swap one or more of the password letters
with a non-alphabetic character, and then
purposely including uppercase and lowercase
letters within the password
– itsfwiGm@il
• If you are using different passwords for
differents websites, you can do yourself a
favor by rotating portions of your passwords
every few weeks
31. Password Managers
• A password manager is software that helps a
user organize passwords and PIN codes.
• Typically, the software has a local database
that holds the encrypted password data for
secure logon onto computers, networks, web
sites, and application data files.
• Access all passwords using a Master
Password/Passphrase
32. Popular Password Managers
• KeePass
• LastPass
• 1Password
• RoboForm
• SplashID
five best password managers
33. Password Managers
• What are the positive reasons for using a
password manager?
• What are the negative reasons for using a
password manager?
35. Create the Best Possible Password
• Using the “Password – Do’s” create 3
password for different logins (email,
computer, and bank)
• Using the “Password – Don’t” think of the top
10 worst possible passwords
37. Mobile Security
• Smart Phones can get viruses as well!
• Open (non-secure) Wi-Fi hotspots can be very
dangerous
• Never connect to “Free Wireless” networks.
Breeding ground for hackers, virus, and
criminals
• Never do any banking over open Wi-Fi.
38. Final Thoughts
• Don’t mean to scare
• If you follow some simple rules while on the
Internet the likelihood of getting any virus goes
down dramatically
• Keep programs up-to-date, run your antivirus &
anti-spyware programs regularly
• Don’t download files from unknown sources
• Be careful of files ending in “.exe”
• Be aware of what sites you’re visiting