CIT-18 Home http://www.c-jump.com/CIT18/CIT18syllabus.htm
Malware
virus
worm
logic bomb (time bomb)
Defense against malware
What virus can do
display unwanted info
cause computer to slow down, reboot, crash...
cause loss of data files
hijack computer to gain remote control with intent to
upload/download files
send/receive emails (spam)
spread more viruses
Other things viruses do:
consume harddrive space
modify security settings to allow outside access
damage the harddrive
install/uninstall/damage programs
One virus per hour is born...
Viruses attach themselves to a host:
executable file .exe
MS Office documents .doc, .xls, etc.
script files, such as .vbs .js .jse .vbe .vbs .wsf
web pages, .htm, html,, or similar extensions with "ht" suffix
Ways of virus spreading:
CD-ROM, DVD, web, individual files, thumb drives, email attachments.
IM file attachments and links.
Antivirus software license expires...
...computer gets virus-infected
Virus reads email address book entries...
...and begins to send emails with its own attachment
People receive email from a known sender (you!)
Email says please download and open attachment...
...the virus spreads...
Businesses, E-mail hosting companies, and ISPs constantly combat viruses.
Similar to viruses, but do not need a "host" file to spread.
Worms spread themselves, constantly replicating.
Computer runs really slow...
...All dangers brought by viruses apply to the worms the same way.
In the past...
malware (computer viruses) spread along with stuff found on floppy disks.
Today: internet, file and software download, malicious web sites.
Logic bombs are often planted by malicious users.
Social engineering
Password guessing
Brute force password attacks
Dictionary password attacks
Physical computer theft
Sufficient length: 8+ characters, much longer passwords recommended...
Complexity (random characters are best)
Password paradox:
strong passwords are hard to memorize by a user;
even harder with multiple passwords...
ABC, QWERTY, 123, ...
word(s) found in English or foreign language dictionary
first and last names (personal, celebrity, public and historic figures...)
birth dates
any pieces of personal information (SSN#, DOB, etc.)
usernames (that is, computer login names)
anything sorter than 8 characters...
Lack of corporate policy
Same password used by multiple accounts
Storing passwords in clear text files or on paper.
Not changing passwords every month
Mix of letters + numbers + punctuation + ALT+key (special characters)
Not so easy to guess.
30-day change rule, 12 months max...
Unique password for each account.
If you decided to store passwords in a file - strong encryption is highly recommended!
(keep usernames in a separate place; perhaps on paper...)
Software patches/updates
Antivirus software
Strong authentication (username+password)
Document -- Folder -- Harddrive -- Thumbdrive encryption
Sending encrypted email attachments
Internet transactions with websites providing valid digital certificates.
When exchanging or storing
data files with sensitive information
executable programs (especially free or downloaded from file sharing networks)
device drivers
audio and video codecs
browser plugins
downloaded ActiveX controls
Java applets and JAR archives
Types of updates:
Critical
Important
Moderate
Low
Update methods:
Automatic
Manual Download
Notify me
Turned off
Write a paper about one particular computer in your control. It could be your personal desktop or laptop, or a computer assigned to you at your workplace. For each item below, provide a paragraph with your answer.
Describe the type of computer you are using: what model, what version of the operating system, etc. How many users are using the machine? Does everybody have the same account or multiple login accounts?
Do you think your computer is currently infected by a virus? If yes, what makes you suspect its presence?
Do you know of any potential vulnerability in your desktop security?
Is all software properly licensed?
Is your computer at a secure location? Could it potentially be stolen? Could you improve its physical security?
What is your software update method? When was the last time your computer got an update?
What kind of antivirus are you using? Does it have a valid license? Is your antivirus capable to show a history of potential threats on your computer? Could you provide an example of a threat that was resolved by your antivirus program?
Do you have a strong password? On a scale 1 to 5 (5 being the strongest) how would you rate your current password? Do you think you have any passwords/accounts that may require your immediate attention?
Do you have any personal information on your computer? Are your files encrypted? Do you think there is enough information on your computer to steal your identity? Hint: think people names, account names and numbers, SSN#, DOB,... Think about computer use in personal finance, tax preparation, FAFSA application, etc.
Submit your document via e-mail attachment sent to:
Igor Kholodov
, Igor.Kholodov@bristolcc.edu