Docstoc

QBasic Lab

Document Sample
QBasic Lab Powered By Docstoc
					                                              This Week ...

                                              • QBasic Programming
           Computer Science 1                        Input and formatted display
               Week 7                         • Computer Concepts
                                                     Phishing
                                                     Firewalls
                                                     Anti-                 Anti-
                                                      Anti-Spyware and Fake Anti-Spyware
                                                      Software
                                                     Legality of Spyware




                                                                            QBasic Lab


                                                                Security-
                                                            The Security-related Lab




Lab: Security                                 The Lab Questions


• Objectives
   use your QBasic knowledge                 •                   y protected from Viruses
                                                  How well are they p
   create an evaluation program              •   How well are they protected from Spyware
   interview another student                 •   How well are they protected from Phishing
• Your Program                                •   How well are their files organized
     inputs a name and five numbers
                                              •   How often do they backup their files
     gives the user a security "score"




                                          1
Remember ...



• Turn your program & your output
     To Lab 6 in SacCT

• If you do not turn in your program,
  you will not get credit!




                                            E-Mail Phishing


                          Phishing &                                       e-
                                            • Internet scam that comes as e-mail
                                            • Pretends to be a legitimate website
                           Privacy               warns that you have to change a password
                                                 send money to keep your "account" active
                                            • Often will display:
                                                                                         e-
                                                  link – which can be used to verify your e-mail
               Scams in your Inbox               attachment – often spyware or worse




       E-
Sample E-Mail

                                                                                     Forgery
Your account is about to expire!

To keep your account active, please                                      202.149.196.236
follow the link below and enter your                                      is NOT eBay!
account information.




                                        2
 How Do They Get My                                                             How Do They Get My
 E-Mail?                                                                        E-Mail?

 • Searching the Internet                                                       • Website Subscriptions
       special software browses the Internet                                                                     e-
                                                                                      some websites will sell your e-mail to spammers
       this software is known as a "spider"                                         ... or they might spam you themselves
       they search: public forums, websites, etc...                            • Black Market
              e-
 • Where your e-mail is found...                                                           e-
                                                                                      many e-mail addresses are bought and sold
       can help them create an online profile                                       they could be sold by a website or another
       e.g. a website about dogs                                                     spammer




 Getting Your Name                                                              Getting Your Name

          e-
• If your e-mail contains your name ...
   software can get your first and/or last name                                • Website links
   the resulting junk mail will use your name                                     naturally,
                                                                                    naturally websites put the name of the person
   it can look legit – "Hey Joe, long time buddy!"                                          e-
                                                                                    with the e-mail link
                                                                                   their spider records this information
• Examples
   joegunchy@csus.edu  Joe Gunchy                                             • Examples
   stewiegriffen@worlddomination.com  Stewie                                       Contact Joe Gunchy
    Griffen                                                                          Send an e-mail to Eric Cartman




 Phishing Sites

• Estimated by Harvard and Cambridge
         75.8% of phishing sites are hosted on
          compromised servers.

                               Q1-
   State of Internet Security, Q1-Q2, 2009
   Websense Security Labs
   http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf




                                                                            3
                                                           Firewalls


                                                           • System software
                           Firewalls                            protects access to your computer on a network
                                                                sometimes built into specialized Internet hardware
                                                                                 built-
                                                           • Windows 7 SP2 has a built-in firewall
                                                                however, still need to properly set up!
      Protecting Yourself from Invasion




Types of Protection                                        Windows Firewall


• Incoming                                                 • Came with Windows 7 Service Pack 2
   protect access coming in to your computer
                                                           • Built into Windows OS
   stops remote hackers and worms
• Outgoing                                                 • Only has incoming protection
   protect access going out from your computer               spyware    can still send your data!
   can stop spyware from sending data                        Microsoft   argues that spyware might destroy
   can stop your computer from spreading worms                  the firewall – so outgoing is not needed




Zone Alarm


• License:
   freeware for the limited version
   commercial "Pro" version has additional features

• Has both incoming and outgoing protection                                                          17,254
• Works with Windows 95, 98, ME, XP, Vista,
  and 7
• Website: www.zonealarm.com




                                                       4
Zone Alarm Alerts




                                                          What are Cookies?
                                                          • A small text file saved on your computer
                                                               created by your web browser
                             Internet                          only visible to the site that created them
                                                          • They are used legitimately to
                             Cookies                           keep you logged onto a website
                                                                                                   authentication,
                                                                maintain temporary session data for authentication, site
                                                                preferences,
                                                                preferences, shopping cart contents, identifier for a
                                                                server-       session,
                                                                server-based session, or any function that can be
        Delicious Little Annoyances                             accomplished through storing text data




Threat of Cookies                                         Making the Cookies
                                                          Crumble

• By saving data in cookies ...                           • Delete cookies on a regular basis
   affiliated sites can track your browsing habits            it will log you out of websites
   this cannot damage your computer                           but, it gets rid of the tracking cookies
• Not as dangerous as Spyware                                     third-
                                                          • Block third-party cookies
   although this is a form of spying                        websites often embed advertisements
   you do not suffer the effects of spyware                 often stored on another server –it sends a cookie
   only your browsing habits can be watched                 Firefox and Internet Explorer can block these




                                                      5
                                                                   Organizing Your
                                                                        Files

                                                Making Sure You Don't Lose Anything




Use Descriptive                               Don't Change File
Names                                         Extensions

• Descriptive names ...                       • By default, Windows...
     tell you more about it's contents            does not display extensions
     you might have to find the file              Folder Options can show them
      years after you created it              • If extensions are changed...
• Examples:                                      they will be considered a different
   "essay.doc" is not good                       type of file
   "CSc 1 – Essay.doc" is good                  you won't be able to open them




Keep Files Organized                          Write-
                                              Write-Protect Files


• Use folders to keep related files           • You can protect files from
  together                                      b i changed
                                                being h        d
• Create a hierarchy
                                              • Excellent for important files
   folder for each semester
   folder for each class                     • To Do This:
   etc ...                                       right-
                                                 right-click onthe file
• You can find files easily                      check the   "Read Only" box




                                          6
                                                                                     Security
                                                                                     Checklist

                                                               Ways to Protect Your Computer




Backup Your Data                                        Backup Your Data
Often                                                   Often

• Why?                                                  • Backup depending ...
         can     will,
    data can, and will be lost                             upon how much data you can afford to lose
   this can be caused by viruses, by
                           viruses,                        whenever you complete something "major"
    mistake, hardware failure, etc ....                    once a week should be good enough
• Storage Media                                         • Store backups in a safe place
   Flash drive                                              different location from your computer
    CD-
   CD-ROM (recommended)                                     be careful – you don't want it stolen




        Anti-
Install Anti-Spyware                                    Create Disposable
Software                                                E-Mails

• Why?                                                           e-
                                                        • Public e-mail address
   you need to get rid of the malicious software          many websites require you to register
   afterwards, you can work on your security              sometimes they send junk mail
• Good Anti-Spyware software
       Anti-                                                                            e-
                                                           never use your name in this e-mail
   Spybot Search & Destroy                                        e-
                                                        • Personal e-mail address
    Ad-
   Ad-Aware                                                          e-
                                                              use this e-mail for family and friends
   Microsoft Windows Defender                               do not post this on the Internet – EVER




                                                    7
Read the End User                                         Optional:
License Agreement                                         Install a Firewall

• Why?                                                    • Why?
   sometimes you give up your rights                        prevent worms and hackers
   sometimes the "find print" is                            firewalls will alert you to access attempts
    malicious                                             • Do this after you have removed spyware
• Be weary of free software                                    for a while, you can trust any outgoing attempts
   too good to be free                                        in a couple days, you should have no warnings
   borderline legal                                      • Good free firewalls: ZoneAlarm




                                  You will get lots
                                  of these at first




                                                          Legal or Illegal?


                          Legality of                                  g     y                g
                                                          • It would logically seem to be illegal
                           Spyware                        • However, some spyware companies
                                                             use the law to protect themselves
                                                             they also use the law to attack opponents
                                                             they even argue their actions are just
 How the Law, and You, are Manipulated




                                                      8
Computer Fraud &                                             When You Install
Abuse Act                                                    Spyware ...

• It is illegal to gain unauthorized access                  • You often ...
   to obtain financial data                                      sign an agreement
                                                                  gives the spyware access to
   to obtain data from interstate or foreign
                                                                   you privacy and data
    communication
                                                             • Spyware companies argue
• This would seem to apply to the Internet                        this gives consent
• However, users actually give them access!                       this makes spyware legal




End User License                                             EULA Be Careful...
Agreement

• End User License Agreement (EULA)                          • Be careful
   contract between the user and software distributor          spyware    may be hidden deep in the legalese
   most software titles have one
                                                                many    states treat this as a contract
• Often it is agreed to during installation
   most people ignore it or don't read it in detail
                                                             • Without knowing it, you can ...
   spyware companies know this                                 legally allowspyware to take your data
   an agreement is hidden deep in the legalese                 give up any right to sue for damages




                                                                                    Deliberate misuse of
                                                                                     product title field
                                     Did you read
                                         this?




                                                         9
                                                                              State of Internet Security
                                                                                                      Q1-
                                                                              Websense Security Labs, Q1-Q2, 2009
                                                                              http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf




                                                                              • Web security
                                                                                                th      f li i         b it           t      th
                                                                                      233% growth iin # of malicious web sites iin llast 6 months
                                                                                      and 671% growth in last year.
                                                    WHAT?                            77% of web sites with malicious code are legitimate sites
                                                                                      that have been compromised.
                                                                                     61% of the top 100 sites either hosted malicious content
                                                                                      or contained a masked redirect to malicious sites.




State of Internet Security                                                    State of Internet Security
                        Q1-
Websense Security Labs, Q1-Q2, 2009                                                                   Q1-
                                                                              Websense Security Labs, Q1-Q2, 2009
http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf        http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf




• Email security
       87 7% of email messages were spam.
        87.7% f       il                                                      • Data security
       85.6% of all unwanted emails contained links to spam                                                                      data-
                                                                                      37% of malicious Web/HTTP attacks included data-
        sites and/or malicious web sites.                                             stealing code.
       Shopping remained the leading topic of spam (28%),                                   data-
                                                                                      57% of data-stealing attacks are conducted over the Web.
        followed by cosmetics (18.4%), medical (11.9%) and
        education (9.5%).




State of Internet Security                                                    Trends
                        Q1-
Websense Security Labs, Q1-Q2, 2009
http://securitylabs.websense.com/content/Assets/WSL_Q1_Q2_2009_FNL.pdf


• Web security landscape                                                      • Malware attacks on social networks
       Top 100 most visited Web sites: “social network”, or                  • Social engineering
        “search” sites.                                                       • Smartphone and mobile devices as target
       The next million most visited Web sites: current events,                for hackers
                                  genre-
        news sites (regional or genre-focused).
       The “long tail” of the Internet is populated by personal              • Botnet
        sites: blogs, small business sites.

                                             challenges.
   Each category has its own unique security challenges.




                                                                         10
Summary


• Be very careful what you install
• Read the End User License Agreement
     you can legally allow spyware to take your data
     you can give up any right to sue for damages
• Remember, it is your computer
   you can do anything you want with it
   but, it is your responsibility




                                                             Anti-
                                                             Anti-Spyware
                                                             Applications

                         Anti-
                         Anti-Spyware                        • Specialized software
                                                                   designed to remove spyware
                         Applications                          
                                                                  protect the computer from spyware
                                                             • Free software is available
                                                                  from industry leaders
   Software Designed to Stop Spyware                                   non-
                                                                   from non-profit organizations




         Ad-
Lavasoft Ad-Aware


• Aesthetically appealing
• Very easy to use
• Has a free version
     free version must be run manually
     the pay version is even better
• Works with Windows 2000, XP, Vista
• Website: www.lavasoft.com




                                                        11
Spybot - Search &
Destroy

• Can "immunize" your system
• Free
     started as a student project by Patrick Kolla
     supported by donations
• Has won several awards
• Works with Windows 95, 98, ME, XP, Vista
           www.safer-networking.org
• Website: www.safer-networking.org




                                                           Microsoft Windows
                                                           Defender

                                                           • System software
                                                                prevents spyware from being installed
                                                                protects your computer's settings
                                                           • Built in to Windows Vista
                                                              version can be downloaded for XP
                                                              will not work with other operating systems
                                                           • Website: www.microsoft.com




                                                           Microsoft Windows
                                                           Defender Alerts



                                                                                            That gets your
                                                                                              attention!




                                                      12
Commercial                                                   Commercial
Applications                                                 Applications

  Anti-
• Anti-Spyware                                               • SpyCatcher
  Trend Micro                                                 AvanQuest
• PestPatrol                                                 • Spyware Doctor
  Computer Associates                                         PC Tools
• Spy Sweeper                                                • SpyWare Killer Pro
  Webroot Software                                            Cosmi




                                                                                          Fake
                                                                                      Anti-
                                                                                      Anti-Spyware

                                                                       Wolves in Sheep's Clothing




     Anti-
Fake Anti-Spyware                                                 Anti-
                                                             Fake Anti-Spyware
Applications

• Spyware companies know:                                    • They are Trojans
   people want to remove their software                          pretend to help the user
                                anti-
   people will buy or download anti-spyware software             but perform malicious actions
• Danger ...                                                 • What they typically do
                       anti-
    some create fake anti-spyware applications                  give false positives – fake spyware alerts
                                        anti-
   these are officially called "rogue anti-spyware"            download new software – often spyware
   if you install them, you will be infested!                  try to convince user to buy the "full" version




                                                        13
Example Trojan                                      A Few Rogue
                                                    Applications

                                                    •   AntiVirus-
                                                        AntiVirus-Gold
                                       LIES!        •   PAL Spyware Remover
                                                    •   PSGuard
                                                    •   SpyAxe
                                                    •   SpywareQuake
                                                    •   SpywareStrike
                                                    •   Spy Sheriff




A Few Rogue                                         SpywareQuake /
Applications                                        VirusBurst Trojan

•   SpyTrooper                                                     anti-
                                                    • DANGER: fake anti-spyware software
•   SpyBan
                                                    • What is does
•   Spyware Stormer
•   SpyWiper                                             attacks your computer with a worm / trojan
•   VirusBurst                                           displays fake warning windows
•   WinFixer                                             gives false positives

•   WorldAntiSpy                                         tries to convince users to buy the "full" version




            DANGER – Malware Website




                                                                                            False
                                                                                           Positives




                                               14
                                       SpySheriff /
                                       SpyTrooper Trojan

                                                      anti-
                                       • DANGER: fake anti-spyware software
                                       • What is does
                                          false positives – ludicrous results!
                                          has the user download additional software
                 Try to get the           tries to convince users to buy the "full" version
                 victim to pay         • Has a fake site that mimic's Microsoft's




DANGER – Malware Website                            DANGER – Malware Website




                                                                               False
                                                                             Positives!




                                  15
SpyAxe / Spyware                            SpyAxe / Spyware
Strike Trojan                               Strike Trojan

                  anti-
• DANGER: fake anti-spyware software        • What is does
   ff
• Affiliated products                          changes your wallpaper
   SpyStrike                                  warns about installed spyware ... that it installed!
   TopAntiSpy                                 false positives
   Pot.SpyAxe                                 has the user download additional software

• Related to the ZToolbar Spyware              tries to convince users to buy the "full" version




                                                         DANGER – Malware Website
   Scared yet?




           DANGER – Malware Website
                                                   Anti-
                                            World Anti-Spy
                                            Trojan

                                                           anti-
                                            • DANGER: fake anti-spyware software
                                            • What is does
                                                         pop-
                                                displays pop-up windows
                                               hijacks the desktop
                                               false positives
                                               tries to convince users to buy the "full" version




                                       16
DANGER – Malware Website        WinFixer Trojan


                                                 anti-
                                • DANGER: fake anti-spyware software
                                                 When-
                                • Related to the When-U Spyware
                                • What is does
                                             pop-
                                    displays pop-up windows
                                   downloads software
                                   false positives
                                   tries to convince users to buy the "full" version




DANGER – Malware Website        In Summary ...


                                • Be VERY careful what you download
                                   some   of the software is dangerous
                                   many   applications are Trojans
                                • Trust ONLY the following free software:
                                    Ad-
                                   Ad-Aware
                                   Spybot   Search and Destroy




                           17

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:29
posted:1/10/2012
language:English
pages:17