QBasic Lab

Document Sample
QBasic Lab Powered By Docstoc
					                                              This Week ...

                                              • QBasic Programming
           Computer Science 1                        Input and formatted display
               Week 7                         • Computer Concepts
                                                     Phishing
                                                     Firewalls
                                                     Anti-                 Anti-
                                                      Anti-Spyware and Fake Anti-Spyware
                                                     Legality of Spyware

                                                                            QBasic Lab

                                                            The Security-related Lab

Lab: Security                                 The Lab Questions

• Objectives
   use your QBasic knowledge                 •                   y protected from Viruses
                                                  How well are they p
   create an evaluation program              •   How well are they protected from Spyware
   interview another student                 •   How well are they protected from Phishing
• Your Program                                •   How well are their files organized
     inputs a name and five numbers
                                              •   How often do they backup their files
     gives the user a security "score"

Remember ...

• Turn your program & your output
     To Lab 6 in SacCT

• If you do not turn in your program,
  you will not get credit!

                                            E-Mail Phishing

                          Phishing &                                       e-
                                            • Internet scam that comes as e-mail
                                            • Pretends to be a legitimate website
                           Privacy               warns that you have to change a password
                                                 send money to keep your "account" active
                                            • Often will display:
                                                                                         e-
                                                  link – which can be used to verify your e-mail
               Scams in your Inbox               attachment – often spyware or worse

Sample E-Mail

Your account is about to expire!

To keep your account active, please                            
follow the link below and enter your                                      is NOT eBay!
account information.

 How Do They Get My                                                             How Do They Get My
 E-Mail?                                                                        E-Mail?

 • Searching the Internet                                                       • Website Subscriptions
       special software browses the Internet                                                                     e-
                                                                                      some websites will sell your e-mail to spammers
       this software is known as a "spider"                                         ... or they might spam you themselves
       they search: public forums, websites, etc...                            • Black Market
 • Where your e-mail is found...                                                           e-
                                                                                      many e-mail addresses are bought and sold
       can help them create an online profile                                       they could be sold by a website or another
       e.g. a website about dogs                                                     spammer

 Getting Your Name                                                              Getting Your Name

• If your e-mail contains your name ...
   software can get your first and/or last name                                • Website links
   the resulting junk mail will use your name                                     naturally,
                                                                                    naturally websites put the name of the person
   it can look legit – "Hey Joe, long time buddy!"                                          e-
                                                                                    with the e-mail link
                                                                                   their spider records this information
• Examples
    Joe Gunchy                                             • Examples
    Stewie                                       Contact Joe Gunchy
    Griffen                                                                          Send an e-mail to Eric Cartman

 Phishing Sites

• Estimated by Harvard and Cambridge
         75.8% of phishing sites are hosted on
          compromised servers.

   State of Internet Security, Q1-Q2, 2009
   Websense Security Labs


                                                           • System software
                           Firewalls                            protects access to your computer on a network
                                                                sometimes built into specialized Internet hardware
                                                           • Windows 7 SP2 has a built-in firewall
                                                                however, still need to properly set up!
      Protecting Yourself from Invasion

Types of Protection                                        Windows Firewall

• Incoming                                                 • Came with Windows 7 Service Pack 2
   protect access coming in to your computer
                                                           • Built into Windows OS
   stops remote hackers and worms
• Outgoing                                                 • Only has incoming protection
   protect access going out from your computer               spyware    can still send your data!
   can stop spyware from sending data                        Microsoft   argues that spyware might destroy
   can stop your computer from spreading worms                  the firewall – so outgoing is not needed

Zone Alarm

• License:
   freeware for the limited version
   commercial "Pro" version has additional features

• Has both incoming and outgoing protection                                                          17,254
• Works with Windows 95, 98, ME, XP, Vista,
  and 7
• Website:

Zone Alarm Alerts

                                                          What are Cookies?
                                                          • A small text file saved on your computer
                                                               created by your web browser
                             Internet                          only visible to the site that created them
                                                          • They are used legitimately to
                             Cookies                           keep you logged onto a website
                                                                                                   authentication,
                                                                maintain temporary session data for authentication, site
                                                                preferences, shopping cart contents, identifier for a
                                                                server-       session,
                                                                server-based session, or any function that can be
        Delicious Little Annoyances                             accomplished through storing text data

Threat of Cookies                                         Making the Cookies

• By saving data in cookies ...                           • Delete cookies on a regular basis
   affiliated sites can track your browsing habits            it will log you out of websites
   this cannot damage your computer                           but, it gets rid of the tracking cookies
• Not as dangerous as Spyware                                     third-
                                                          • Block third-party cookies
   although this is a form of spying                        websites often embed advertisements
   you do not suffer the effects of spyware                 often stored on another server –it sends a cookie
   only your browsing habits can be watched                 Firefox and Internet Explorer can block these

                                                                   Organizing Your

                                                Making Sure You Don't Lose Anything

Use Descriptive                               Don't Change File
Names                                         Extensions

• Descriptive names ...                       • By default, Windows...
     tell you more about it's contents            does not display extensions
     you might have to find the file              Folder Options can show them
      years after you created it              • If extensions are changed...
• Examples:                                      they will be considered a different
   "essay.doc" is not good                       type of file
   "CSc 1 – Essay.doc" is good                  you won't be able to open them

Keep Files Organized                          Write-
                                              Write-Protect Files

• Use folders to keep related files           • You can protect files from
  together                                      b i changed
                                                being h        d
• Create a hierarchy
                                              • Excellent for important files
   folder for each semester
   folder for each class                     • To Do This:
   etc ...                                       right-
                                                 right-click onthe file
• You can find files easily                      check the   "Read Only" box


                                                               Ways to Protect Your Computer

Backup Your Data                                        Backup Your Data
Often                                                   Often

• Why?                                                  • Backup depending ...
         can     will,
    data can, and will be lost                             upon how much data you can afford to lose
   this can be caused by viruses, by
                           viruses,                        whenever you complete something "major"
    mistake, hardware failure, etc ....                    once a week should be good enough
• Storage Media                                         • Store backups in a safe place
   Flash drive                                              different location from your computer
   CD-ROM (recommended)                                     be careful – you don't want it stolen

Install Anti-Spyware                                    Create Disposable
Software                                                E-Mails

• Why?                                                           e-
                                                        • Public e-mail address
   you need to get rid of the malicious software          many websites require you to register
   afterwards, you can work on your security              sometimes they send junk mail
• Good Anti-Spyware software
       Anti-                                                                            e-
                                                           never use your name in this e-mail
   Spybot Search & Destroy                                        e-
                                                        • Personal e-mail address
   Ad-Aware                                                          e-
                                                              use this e-mail for family and friends
   Microsoft Windows Defender                               do not post this on the Internet – EVER

Read the End User                                         Optional:
License Agreement                                         Install a Firewall

• Why?                                                    • Why?
   sometimes you give up your rights                        prevent worms and hackers
   sometimes the "find print" is                            firewalls will alert you to access attempts
    malicious                                             • Do this after you have removed spyware
• Be weary of free software                                    for a while, you can trust any outgoing attempts
   too good to be free                                        in a couple days, you should have no warnings
   borderline legal                                      • Good free firewalls: ZoneAlarm

                                  You will get lots
                                  of these at first

                                                          Legal or Illegal?

                          Legality of                                  g     y                g
                                                          • It would logically seem to be illegal
                           Spyware                        • However, some spyware companies
                                                             use the law to protect themselves
                                                             they also use the law to attack opponents
                                                             they even argue their actions are just
 How the Law, and You, are Manipulated

Computer Fraud &                                             When You Install
Abuse Act                                                    Spyware ...

• It is illegal to gain unauthorized access                  • You often ...
   to obtain financial data                                      sign an agreement
                                                                  gives the spyware access to
   to obtain data from interstate or foreign
                                                                   you privacy and data
                                                             • Spyware companies argue
• This would seem to apply to the Internet                        this gives consent
• However, users actually give them access!                       this makes spyware legal

End User License                                             EULA Be Careful...

• End User License Agreement (EULA)                          • Be careful
   contract between the user and software distributor          spyware    may be hidden deep in the legalese
   most software titles have one
                                                                many    states treat this as a contract
• Often it is agreed to during installation
   most people ignore it or don't read it in detail
                                                             • Without knowing it, you can ...
   spyware companies know this                                 legally allowspyware to take your data
   an agreement is hidden deep in the legalese                 give up any right to sue for damages

                                                                                    Deliberate misuse of
                                                                                     product title field
                                     Did you read

                                                                              State of Internet Security
                                                                              Websense Security Labs, Q1-Q2, 2009

                                                                              • Web security
                                                                                                th      f li i         b it           t      th
                                                                                      233% growth iin # of malicious web sites iin llast 6 months
                                                                                      and 671% growth in last year.
                                                    WHAT?                            77% of web sites with malicious code are legitimate sites
                                                                                      that have been compromised.
                                                                                     61% of the top 100 sites either hosted malicious content
                                                                                      or contained a masked redirect to malicious sites.

State of Internet Security                                                    State of Internet Security
Websense Security Labs, Q1-Q2, 2009                                                                   Q1-
                                                                              Websense Security Labs, Q1-Q2, 2009

• Email security
       87 7% of email messages were spam.
        87.7% f       il                                                      • Data security
       85.6% of all unwanted emails contained links to spam                                                                      data-
                                                                                      37% of malicious Web/HTTP attacks included data-
        sites and/or malicious web sites.                                             stealing code.
       Shopping remained the leading topic of spam (28%),                                   data-
                                                                                      57% of data-stealing attacks are conducted over the Web.
        followed by cosmetics (18.4%), medical (11.9%) and
        education (9.5%).

State of Internet Security                                                    Trends
Websense Security Labs, Q1-Q2, 2009

• Web security landscape                                                      • Malware attacks on social networks
       Top 100 most visited Web sites: “social network”, or                  • Social engineering
        “search” sites.                                                       • Smartphone and mobile devices as target
       The next million most visited Web sites: current events,                for hackers
        news sites (regional or genre-focused).
       The “long tail” of the Internet is populated by personal              • Botnet
        sites: blogs, small business sites.

   Each category has its own unique security challenges.


• Be very careful what you install
• Read the End User License Agreement
     you can legally allow spyware to take your data
     you can give up any right to sue for damages
• Remember, it is your computer
   you can do anything you want with it
   but, it is your responsibility


                         Anti-Spyware                        • Specialized software
                                                                   designed to remove spyware
                         Applications                          
                                                                  protect the computer from spyware
                                                             • Free software is available
                                                                  from industry leaders
   Software Designed to Stop Spyware                                   non-
                                                                   from non-profit organizations

Lavasoft Ad-Aware

• Aesthetically appealing
• Very easy to use
• Has a free version
     free version must be run manually
     the pay version is even better
• Works with Windows 2000, XP, Vista
• Website:

Spybot - Search &

• Can "immunize" your system
• Free
     started as a student project by Patrick Kolla
     supported by donations
• Has won several awards
• Works with Windows 95, 98, ME, XP, Vista
• Website:

                                                           Microsoft Windows

                                                           • System software
                                                                prevents spyware from being installed
                                                                protects your computer's settings
                                                           • Built in to Windows Vista
                                                              version can be downloaded for XP
                                                              will not work with other operating systems
                                                           • Website:

                                                           Microsoft Windows
                                                           Defender Alerts

                                                                                            That gets your

Commercial                                                   Commercial
Applications                                                 Applications

• Anti-Spyware                                               • SpyCatcher
  Trend Micro                                                 AvanQuest
• PestPatrol                                                 • Spyware Doctor
  Computer Associates                                         PC Tools
• Spy Sweeper                                                • SpyWare Killer Pro
  Webroot Software                                            Cosmi


                                                                       Wolves in Sheep's Clothing

Fake Anti-Spyware                                                 Anti-
                                                             Fake Anti-Spyware

• Spyware companies know:                                    • They are Trojans
   people want to remove their software                          pretend to help the user
   people will buy or download anti-spyware software             but perform malicious actions
• Danger ...                                                 • What they typically do
                       anti-
    some create fake anti-spyware applications                  give false positives – fake spyware alerts
   these are officially called "rogue anti-spyware"            download new software – often spyware
   if you install them, you will be infested!                  try to convince user to buy the "full" version

Example Trojan                                      A Few Rogue

                                                    •   AntiVirus-
                                       LIES!        •   PAL Spyware Remover
                                                    •   PSGuard
                                                    •   SpyAxe
                                                    •   SpywareQuake
                                                    •   SpywareStrike
                                                    •   Spy Sheriff

A Few Rogue                                         SpywareQuake /
Applications                                        VirusBurst Trojan

•   SpyTrooper                                                     anti-
                                                    • DANGER: fake anti-spyware software
•   SpyBan
                                                    • What is does
•   Spyware Stormer
•   SpyWiper                                             attacks your computer with a worm / trojan
•   VirusBurst                                           displays fake warning windows
•   WinFixer                                             gives false positives

•   WorldAntiSpy                                         tries to convince users to buy the "full" version

            DANGER – Malware Website


                                       SpySheriff /
                                       SpyTrooper Trojan

                                       • DANGER: fake anti-spyware software
                                       • What is does
                                          false positives – ludicrous results!
                                          has the user download additional software
                 Try to get the           tries to convince users to buy the "full" version
                 victim to pay         • Has a fake site that mimic's Microsoft's

DANGER – Malware Website                            DANGER – Malware Website


SpyAxe / Spyware                            SpyAxe / Spyware
Strike Trojan                               Strike Trojan

• DANGER: fake anti-spyware software        • What is does
• Affiliated products                          changes your wallpaper
   SpyStrike                                  warns about installed spyware ... that it installed!
   TopAntiSpy                                 false positives
   Pot.SpyAxe                                 has the user download additional software

• Related to the ZToolbar Spyware              tries to convince users to buy the "full" version

                                                         DANGER – Malware Website
   Scared yet?

           DANGER – Malware Website
                                            World Anti-Spy

                                            • DANGER: fake anti-spyware software
                                            • What is does
                                                         pop-
                                                displays pop-up windows
                                               hijacks the desktop
                                               false positives
                                               tries to convince users to buy the "full" version

DANGER – Malware Website        WinFixer Trojan

                                • DANGER: fake anti-spyware software
                                • Related to the When-U Spyware
                                • What is does
                                             pop-
                                    displays pop-up windows
                                   downloads software
                                   false positives
                                   tries to convince users to buy the "full" version

DANGER – Malware Website        In Summary ...

                                • Be VERY careful what you download
                                   some   of the software is dangerous
                                   many   applications are Trojans
                                • Trust ONLY the following free software:
                                   Ad-Aware
                                   Spybot   Search and Destroy


Shared By: