Docstoc

Practice Safe Computing

Document Sample
Practice Safe Computing Powered By Docstoc
					Or, how to keep our computing resources safe for everyone! Ken Wallace Trans-Lucid Business Systems www.trans-lucid.com

Practice Safe Computing



Beware of the Bundled Software
–

Adware


–

Spyware


Software that is financially supported (or financially supports another program) by displaying ads when you're connected to the Internet. Gathers your personal information and interests as you surf in order to send you targeted advertising. Stand-alone programs that secretly monitor your online activity and access sensitive personal data, relaying it back to someone else for their benefit, not yours!

Problems
    

Nuisance vs. Danger Spam “Old-School” Malware (Malicious Software)
– – –

More New School Malware


Beware of the Bundled Software
–

Browser hijacking software


Viruses, worms and Trojans Adware and Spyware

“New School” Malware Innocent, naïve, or careless user behavior
Risk vs. Reward, “The Curious Racoon”

…and More Problems
     

Some New School Malware Culprits
 GAIN  Hotbar  GameSpy Arcade  Ezula  WeatherCast  BonziBuddy  Cydoor  TOPicks  BargainBuddy

Advertising software that modifies your browser settings (e.g., default home page, search bars, toolbars), creates desktop shortcuts, and displays intermittent advertising pop-ups. Once a browser is hijacked, the software may also redirect links to other sites that advertise, or sites that collect Web usage information.

Social Engineering Backdoor creation Email address theft Embedded e-mail engines Exploiting product vulnerabilities (especially MS) Exploiting new Internet technologies (IM & P2P) Time wasted Resources wasted
– –

Spam
 

Some New School Malware Symptoms
       

Bandwidth Storage

 

Old School Malware
Virus
–

Infected

A malicious program that infects a carrier to selfreplicate A malicious program that replicates across a network without a carrier, and sometimes without any user action A program which does not self-replicate, and appears to be valuable but has an unexpected consequence



Worm
–

Poor system performance, especially while connected to the Internet. Computer stops responding more frequently. Computer takes longer to start up. Browser closes unexpectedly or stops responding. Performing a search from a search page provides results on a different site. Clicking a link does nothing or goes to a unrelated Web site. Browser home page changes to a different site and may not be able to be reset. Pop-up advertising windows appear when the browser is not open or over Web pages that do not normally have pop-ups.



Trojan
–

More New School Malware Symptoms
  

New School Malware

Additional toolbars are added to the browser. Web pages are automatically added to list of favorites. Desktop icons are automatically added to the desktop.





  

When you start your computer, or when your computer has been idle for many minutes, your Internet browser opens to display Web site advertisements. When you use your browser to view Web sites, other instances of your browser open to display Web site advertisements. You cannot start a program. When you click a link in a program, the link does not work. Components of Windows or other programs no longer work.

– –

For XP & Win2k, only run as Administrator when needed Use antivirus software

Protect Yourself , concl.


Protect your computer
– – – – – – –

Anatomy of an Attack


Attack Vector
–
  

How the “bad guys” get the “bad stuff” in
Email Web browsers Worms



Exploitation Vector
–

 Naïve Users –

“social engineering”

Update antivirus and OS regularly Check for spyware, adware and others Disable unnecessary services on Win2000 & XP Disable File and Printer Sharing on Windows 9x, ME, 2000, and XP. Or if you MUST have file and printer sharing active, then Use STRONG passwords for file shares, and Restrict Null-Session Access on Windows 2000, and XP*

How the “bad stuff” works

Protect One Another
      

Defense In Depth Helpful Resources

–

Avoid email attachments Don’t respond to unsolicited email Don’t download files unnecessarily Limit your surfing to relevant web sites Check your files for viruses Read dialog boxes before clicking Research & fix problems or symptoms immediately Secure your accounts
– –

Browser and Mail client Anti-adware/spyware
– – –

Firefox browser and Thunderbird email client from http://www.mozilla.org Ad-aware from http://www.lavasoftusa.com Spybot Search and Destroy from http://www.safernetworking.org/ CWShredder and Kill2Me from http://www.spywareinfo.com/~merijn/downloads.ht ml



Protect Yourself
  

More Helpful Resources


Strong password changed regularly Imagine right now if it all was gone This is the most important point in this entire presentation. There is no combination of security hardware and software that can protect you from yourself!

Backup your important stuff
–

More Anti-adware/spyware
–

Don’t be naïve or careless

SpywareBlaster (prevents spyware from being installed) from http://www.spychecker.com/program/spywareblast er.html AVG from http://www.grisoft.com

 

Antivirus
–

Protect Yourself , cont.


Spyware/AdWare/Malware FAQ and Removal Guide
–

Protect your computer
– – – – –

Don’t use Internet Explorer (Firefox is a great alternative) Don’t use Outlook Express (Thunderbird is a great alternative) For broadband connections, use a NAT router For broadband, consider a personal firewall For dialup, use a personal firewall

Christian Wagner http://www.io.com/~cwagner/spyware.html

Very Un-Helpful Resources

–

Anti-adware/spyware to stay away from!
SpyKiller, XoftSpy, SpyCatcher, SpyGuard, Spyware Nuker, SpyHunter, Warnet, Virtual Bouncer, AdProtector, Spyware Remover

(from BulletproofSoft), SpyFerret, SpyGone, Stop-Sign, SpyBan, SpyAssault, SpyBouncer, SpyDoctor, SpyBlocs/eBlocs, NoAdware, PAL Spyware Remover, and SpyAssassin (aka "Ada-Ware") are all either of very dubious quality or known malware sources themselves. Stay away!



Call or email me right away if you get into trouble

Further Reading on Adware/Spyware
 

 

Doxdesk parasites article and listing http://www.doxdesk.com/parasite/ highly recommended The CWS Chronicles http://www.spywareinfo.com/~merijn/cwschronicles.ht ml Merijn's constant fight against the ever-evolving CoolWebSearch trojan, to keep CWShredder up-todate SimplyTheBest's spyware pages http://www.simplythebest.net/info/spyware.html CounterExploitation's spyware pages http://www.cexx.org/adware.htm

Further Reading on Adware/Spyware
  

 

Bazooka's adware database http://www.kephyr.com/spywarescanner/library/index.p html SpyBot FAQ - http://www.safernetworking.org/index.php?page=faq Eric Howe's monster list of privacy & security resources https://netfiles.uiuc.edu/ehowes/www/main-nf.htm Spybot Forums at Net-Integration - http://forums.netintegration.net/ AdAware forums - http://www.lavasoftsupport.com/
This list from Christian Wagner, http://www.io.com/~cwagner/spyware.html

“I Can’t fix it, if I don’t know its broke”
     

Become an informed surfer Be street-smart while you’re online Resist the shiny stuff Look into computer problems or performance changes immediately Lock-down your PC Scan frequently


				
DOCUMENT INFO