Docstoc

Instructor's Materials to accompany

Document Sample
Instructor's Materials to accompany Powered By Docstoc
					Discovering Computers 2007                                                              Page 1 of 32


                      Discovering Computers 2007
                                   Instructor’s Manual
                                   CHAPTER ELEVEN
               COMPUTER SECURITY, ETHICS, AND PRIVACY

OBJECTIVES
After completing this chapter, students will be able to:
 1. Describe the types of computer                       7.   Discuss the types of devices available
      security risks                                          that protect computers from system
 2. Identify ways to safeguard against                        failure
      computer viruses, worms, Trojan                    8.   Explain the options available for
      horses, denial of service attacks, back                 backing up computer resources
      doors, and spoofing                                9.   Identify risks and safeguards
 3. Discuss techniques to prevent                             associated with wireless
      unauthorized computer access and use                    communications
 4. Identify safeguards against hardware               10.    Recognize issues related to
      theft and vandalism                                     information accuracy, rights, and
 5. Explain the ways software                                 conduct
      manufacturers protect against software           11.    Discuss issues surrounding
      piracy                                                  information privacy
 6. Define encryption and explain why it               12.    Discuss ways to prevent health-related
      is necessary                                            disorders and injuries due to computer
                                                              use

INSTRUCTOR NOTES

Computer security risks, 556
LECTURE NOTES
Note ways in which people rely on computers. Define computer security risk. Differentiate
between accidental and planned security risks. Define computer crime and cybercrime. Define
hacker, cracker, and script kiddie. Differentiate between a cyberextortionist and a
cyberterrorist. Explain how hackers and crackers break into computer systems. Hackers and
crackers have a variety of motivations, from political convictions to simple curiosity. In 1996
Christopher Schanot, a 20-year-old hacker, confessed in federal court to breaking into two
national computer networks, learning secret passwords, and changing files. Schanot allegedly
was linked to the Internet Liberation Front, a group that resists commercialization of cyberspace
and claims responsibility for several high-profile computer escapades. Some computer security
experts distinguish between ―white hat‖ hackers, who often cross over to work for computer
security firms, and ―black hat‖ hackers, who invade a system for malicious or self-serving
Page 2 of 32                                   Chapter 11: Computer Security, Ethics, and Privacy


reasons. Oddly, the media does not always see ―black hat‖ hackers as bad guys. In 1983, a group
of teenage hackers allegedly broke into more than 60 business and government computers,
including Los Alamos National Laboratory and the Sloan-Kettering Memorial Cancer Center.
The press viewed these teenagers more as computer wizards than as criminals. In November of
2000, concerns were raised again when a hacker broke into software giant Microsoft. The hacker
e-mailed an attachment to an employee that, when inadvertently opened, started a program that
scanned the company’s network for passwords and sent them to an e-mail address, giving the
hacker access to source code for Microsoft software. Microsoft maintains there is no evidence
that any source code was altered, but experts fear the success of the invasion shows how
computer hacking can become a form of corporate espionage. Some organizations pay
consultants (―white hat‖ hackers) to attempt to break into their computer systems in order to
identify areas that need stronger controls. Ironically, the challenge of beating escalating
deterrents and ―impenetrable‖ security measures often motivates hackers. Using Figure 11-1, list
risks to computer security. Although computer crime seldom involves violence, it is far from a
―victimless‖ crime. Every year, computer crime costs U.S. businesses and citizens billions of
dollars.

CLASSROOM ACTIVITIES
While working through this chapter, ask students how computer users are victimized by
computer security risks and computer crime.

DISCUSSION TOPICS
Companies do not like to publicize breaches to their security systems. In one survey, however,
more than 60 percent of organizations questioned admitted to having experienced incidents of
cybercrime within the past year. Invasions were committed by curiosity seekers, pranksters,
criminals, and even terrorists. The transgressors accessed and erased confidential records, caused
airport computers to malfunction, and paralyzed hospital information systems. In response to
computer crime, a new breed of detective has emerged. The Computer Security Institute consists
of more than 5,000 cyber-sleuths whose clues are hard drives instead of footprints. Fighting
computer crime is a challenging task; because computer crime is a relatively new phenomenon,
computer detectives lack the proven crime-fighting techniques that have been used for centuries
to solve other crimes. What skills and abilities must a cyber-sleuth possess? Why? Would you be
a good computer security expert? Why or why not?

PROJECTS TO ASSIGN
Encourage students to visit the FBI Web site to read more about cybercrime, one of the FBI’s top
three priorities. Alternatively, ask students to enter the term ―hacker‖ into a Web search engine to
see the surprising number of Web sites and online resources available for hackers.

Internet and network attacks, 558
LECTURE NOTES
Explain why information transmitted over networks has a higher degree of security risk. Define
online security service. Describe the Computer Emergency Response Team Coordination
Center or CERT/CC. Mention Web Link 11-1: Computer Emergency Response Team
Coordination Center.
Discovering Computers 2007                                                           Page 3 of 32



Computer viruses, worms, and Trojan horses, 558
LECTURE NOTES
Point out how a computer virus, a worm, and a Trojan horse are different. It is predicted that
there soon will be 8,500,000 different virus strains for IBM and compatible computers. Some
famous viruses include: ARPAnet virus (1980), brain virus (1987 at the University of Delaware),
Lehigh Virus (1987 at Lehigh University), Bell Labs virus (1988), Israeli virus (1988 at Hebrew
University), MacMag virus (1988), Concept virus (1990), Green Caterpillar virus (1997), and
Melissa virus (1999). Code Red was a devastating worm that attacked hundreds of thousands of
network servers (including those of major corporations such as Microsoft), replicating itself on a
hard disk the first 19 days of each month. The name ―Trojan horse‖ comes from the ruse the
ancient Greeks used to take the city of Troy. According to the myth told by Homer, when the
Greeks were unable to breach the walls surrounding the city, the wily Odysseus had them make a
huge, hollow wooden horse in which a number of Greek warriors hid, while the rest of the
Greeks appeared to leave. Thinking the wooden horse was a parting gift, the Trojans dragged it
inside the city walls. That night, the Greeks emerged from the horse and captured Troy. Like the
Greeks hidden in what appeared to be a legitimate offering, a Trojan horse hides a malicious-
logic program in a genuine program. Define malware (or malicious software). Point out that
some programs, such as Melissa, can have characteristics of all three types of malicious-logic
programs. In 1999, the Melissa virus cost an estimated $80 million in damages. Define payload.
List symptoms of a computer infected by a virus, worm, or Trojan horse. Mention the four ways
in which viruses deliver their payloads. Some malicious-logic programs, often referred to as
―logic bombs,‖ deliver their payloads when a computer user performs a specific action. Other
malicious-logic programs, called ―time bombs,‖ deliver their payloads on a certain date. For
example, the Michelangelo virus, which destroyed data on a hard disk, delivered its payload on
March 6, Michelangelo’s birthday. Use Figure 11-2 to illustrate how a virus can spread through
an e-mail message. In May 2000, a virus called the Love Bug wreaked havoc worldwide. The
virus, which targeted Microsoft Outlook users, arrived as an attachment to e-mail messages,
often from what would appear to be a ―trusted source,‖ with the subject line, ―ILOVEYOU‖
(hence the virus’s name). When the attachment was opened, the virus sent itself to every name in
the victim’s address book, overwrote files on the victim’s hard drive, directed the victim’s
browser to a Web site that downloaded a program to steal the victim’s password, and then e-
mailed the password to the virus’s author (who eventually was discovered and arrested). Explain
why malicious-logic programs are a serious problem. Point out FAQ 11-1: How long is an
unprotected computer safe from intruders? on page 559.

DISCUSSION TOPICS
Discuss Ethics & Issues 11-1: How Should Virus Authors Be Punished? on page 558.

CLASSROOM ACTIVITIES
Although viruses can have damaging effects, some people consider certain viruses to be little
more than harmless pranks. Other users insist that there is no such thing as a ―harmless‖ virus,
because all viruses represent an unasked for intrusion into a computer system. Ask students how
they feel about ―harmless‖ viruses. Does it make any difference whether the virus infection is on
a business or personal computer? Why or why not?
Page 4 of 32                                  Chapter 11: Computer Security, Ethics, and Privacy



QUICK QUIZZES
How are a computer virus, a worm, and a Trojan horse similar? How are they different?
(Answer: A computer virus, a worm, and a Trojan horse all are malicious-logic programs that act
without a user’s knowledge and deliberately alter a computer’s operations; a computer virus
affects a computer negatively by altering the way the computer works; a worm copies itself
repeatedly, using up resources; a Trojan horse is a malicious-logic program that hides within or
looks like a legitimate program, but does not replicate itself to other computers.)

Safeguards against computer viruses, worms, and Trojan horses, 560
LECTURE NOTES
Explain that no methods guarantee a computer or network is safe from malicious-logic programs.
Consider precautions that can be taken to reduce the risk of virus infection. Define trusted
source. Point out that some viruses are hidden in macros. Explain how to protect a computer
from a macro virus. Discuss Figures 11-3a and 11-3b. Mention FAQ 11-2: Should I inform
others if my computer gets a virus, worm, or Trojan horse? on page 562. Define antivirus
program. Use Figure 11-4 to identify popular antivirus programs. Antivirus programs should be
an essential part of school computer labs. School computer lab managers should use an antivirus
program to perform virus scans on student floppy disks before use in the lab and on all lab
computers at the end of each day or before the day’s classes. Explain what an antivirus program
does. Windows XP’s antivirus utility, called Microsoft Anti-Virus, is an excellent teaching tool.
The utility checks disk drives and memory for possible infections and provides a summary. The
program also offers a list of more than 1,200 known viruses and supplies information on each
virus’s size, type, residence, and side effects. Define virus signature, or virus definition.
Explain why virus signature files need to be updated regularly. Discuss Figure 11-5. Several
online subscription services address the problem of outdated signature files. For a monthly fee,
antivirus and disk repair programs that are updated periodically can be downloaded from the
company’s Web sites. A polymorphic virus, which modifies its program code each time it
attaches itself to another program, is difficult to detect by its virus signature. Tell how to
inoculate a program file. Explain how the inoculation file helps an antivirus program detect a
virus. Some sophisticated viruses circumvent inoculation. For example, a stealth virus infects a
program file but reports the size and creation date of the original, uninfected program. Tell how
to quarantine a file. Point out how antivirus programs remove or repair infected programs and
files. Mention when the computer must be restarted. Emphasize the importance of having backup
copies of files. Encourage students to learn more about new computer-security products using
current computer magazines or the Web. Define virus hoax. Virus hoaxes and false virus alerts
can present a serious problem, causing people to ignore warnings about genuine viruses. ―It’s like
the boy who cried wolf,‖ warns Richard Power, editorial director of the Computer Security
Institute. ―There is a serious problem in cyberspace, but hyperbole takes away from the
message.‖ Point out Web Link 11-2: Virus Hoaxes on page 562. Use Figure 11-6 to list tips for
preventing virus, worm, and Trojan horse infections. Perhaps the easiest way to avoid infection
from an e-mailed virus is to do nothing — an e-mailed virus program will be an attachment to an
e-mail message and, if the attachment is not opened, the virus program will not run. Therefore,
before opening any attachment, even an attachment in an e-mail message from a friend, it is a
good idea to call the friend and ask about the source of the attachment.
Discovering Computers 2007                                                            Page 5 of 32



CLASSROOM ACTIVITIES
Ask students if they would most likely enable macros in any of the following. Why?
 A previously used floppy disk borrowed from a friend
 A shareware program found in a bin at a flea market
 Software still in shrink-wrap from a computer store
 A program downloaded from a bulletin board
If possible, encourage students to use Microsoft Anti-Virus to learn more about known viruses.
Have students use Microsoft Anti-Virus to check a floppy disk (this takes less time than checking
a hard disk) for viruses. To display a list of viruses, click Scan on the Microsoft Anti-Virus menu
bar, and then click Virus List on the Scan menu. Click any name in the list and then click the Info
button to find information about the virus.

PROJECTS TO ASSIGN
Ask students to review the Web sites of 2-3 of the popular antivirus programs listed in Figure 11-
4 and to compare their features.
One security expert estimates that there are more than 8,500,000 virus strains in existence for
IBM and IBM-compatible personal computers. Since their inception, viruses have destroyed bank
accounts, demolished hospital records, damaged parts of NASA’s systems, and devastated
programs in thousands of personal computers. A company can be ruined if its accounts
receivable files are compromised by a computer virus. In response to this challenge, several
software developers are marketing antivirus programs on the World Wide Web. Have students
visit the Web site of one of these developers to find out more about their antivirus programs.
How many antivirus programs does the developer offer? For what operating systems are they
designed? What viruses are detected? How current are the programs? How much do they cost?

Denial of service attacks, 562
LECTURE NOTES
Define denial of service attack, or DoS attack. Describe a DDoS (distributed DoS) attack.
Define zombie. Discuss FAQ 11-3: How many computers are zombies?

Back doors, 562
LECTURE NOTES
Define back door. Explain how perpetrators install and use a back door.

Spoofing, 563
LECTURE NOTES
Define spoofing and IP spoofing. Explain how perpetrators use spoofing to obtain confidential
information.

Safeguards against DoS attacks, back doors, and IP spoofing, 563
LECTURE NOTES
List the programs available to safeguard against attacks.

Firewalls, 563
Page 6 of 32                                  Chapter 11: Computer Security, Ethics, and Privacy


LECTURE NOTES
Define firewall. Tell why companies use firewalls. Discuss Figure 11-7. Explain how to
implement a firewall. Define proxy server. Note screening techniques used by firewalls.
Emphasize that all networked or online computer users should have a firewall. In the wake of
terrorist attacks on September 11, 2001, many computer experts have emphasized the importance
of network security. They point out that hacker attacks on certain key Internet servers or routers
could have a devastating effect on areas such as telecommunications, electronic finance, and
even electricity supplies. After a 1997 test by the National Security Agency, a Pentagon
spokesperson said, ―We learned that hackers could have a dramatic impact on the nation’s
infrastructure, including the power grid.‖ Fortunately, most networks have become increasingly
security conscious. Nevertheless, in addition to firewalls and encryption programs, experts
recommend that both government and industry monitor their networks more closely. Describe a
personal firewall utility. Use Figure 11-8 to identify popular personal firewall software.
Mention Web Link 11-3: Personal Firewall Software.

PROJECTS TO ASSIGN
Ask students to review the Web sites of 2-3 of the popular personal firewall applications listed in
Figure 11-8 and to compare their features.

Intrusion detection software, 564
LECTURE NOTES
Characterize intrusion detection software. Tell how intrusion detection software is utilized.

PROJECTS TO ASSIGN
Ask students to use a Web search engine to identify brands of intrusion detection software and
their common features.

Honeypots, 564
LECTURE NOTES
Define honeypot. Honeypots stem from an innovative approach to combating computer hackers,
called the Honeynet Project. The project links several computers, called honeypots, into networks
(called honeynets) that look like regular networks but are designed to invite hacker attacks. When
the network is invaded, the attack is recorded and analyzed, and the results are posted at the
project’s Web site, thus providing vital security information for network administrators. The
Honeynet Project also develops detection systems that can help predict, and prevent, hacker
attacks. In addition to its technical work, the Honeynet Project attempts to learn more about the
psychology of hackers. The project’s findings were detailed in a book entitled, Know Your
Enemy.

Unauthorized access and use, 564
LECTURE NOTES
Define unauthorized access, Define unauthorized use. List activities included in unauthorized
use. Consider the use of computers by employees for personal reasons. One manager was puzzled
when the disk space for a network he managed always was full. The mystery was solved when it
was discovered that an employee who had complained about lack of disk space had downloaded
Discovering Computers 2007                                                            Page 7 of 32


a memory-intensive golf game from the Web. Unauthorized use can cost companies and
individuals a great deal of money. After stealing personal computers from a university lab, a legal
assistant was sentenced to work for an attorney as part of his community service. The assistant
used a personal computer in the lawyer’s office to transfer almost $90,000 from the attorney’s
business account into his personal account. Only part of the money was recovered. Discuss FAQ
11-4: Why do hackers and other intruders want to access my home computer?

DISCUSSION TOPICS
What are some other examples of unauthorized access and use that students can come up with,
beyond the examples presented in the text?

PROJECTS TO ASSIGN
A 20-year-old Missouri hacker confessed that he had broken into the computer systems of two
major corporations, collected passwords, and changed files. Prosecutors connected the hacker to
the Internet Liberation Front, a group of hackers who oppose the commercialization of
cyberspace. What motivates hackers? Are they idealistic heroes, intellectual adventurers,
malicious busybodies, or high-tech thieves? Are their motivations different from those who
create computer viruses? What, if anything, should be done to deter hackers? As an extra-credit
assignment, have students prepare a report or presentation on a hacker-related book to answer
these, and some of their own, questions about hackers. Suggested titles include: The Cuckoo’s
Egg: Tracking a Spy Through the Maze of Computer Espionage (Clifford Stoll), Cyberpunk –
Outlaws and Hackers on the Computer Frontier (Katie Hafner and John Markoff), Hackers:
Heroes of the Computer Revolution (Steven Levy), and The Hacker Crackdown: Law and
Disorder on the Electronic Frontier (Bruce Sterling).

 Safeguards against unauthorized access and use, 565
 LECTURE NOTES
 Define acceptable use policy (AUP). Viewed simply as a moral code, many people feel that an
 acceptable use policy will do little to deter unauthorized access or use. When it is documented
 and explained to employees, however, an acceptable use policy provides justification for
 terminating the employment of any individuals caught using computers in an unauthorized
 manner. List other measures that safeguard against unauthorized access and use. Use Figure 11-9
 to explain the importance of disabling file and printer sharing on your computer. Bill Joy, chief
 scientist at Sun Microsystems, offers 10 general safeguards for computing:
  (1) Use antivirus software and update it frequently.
  (2) Do not allow online merchants to store your credit-card information.
  (3) Use a hard-to-guess password and change it frequently.
  (4) Use different passwords for different Web sites and applications.
  (5) Use up-to-date versions of Web browser and e-mail software.
  (6) Send credit-card numbers only to secure sites.
  (7) Confirm the site you are doing business with.
  (8) Use a security program that gives you control over cookies.
  (9) Install firewall software to screen traffic if you use DSL or a cable modem.
(10) Do not open e-mail attachments unless you know the attachment’s source.
 Mention FAQ 11-5: Are stand-alone browsers more secure?
Page 8 of 32                                   Chapter 11: Computer Security, Ethics, and Privacy



Identifying and authenticating users, 565
LECTURE NOTES
Describe an access control. Define audit trail. Although they can be kept automatically, hard
copy audit trails are considered more reliable because they are safe from remote electronic
intruders. Differentiate between identification and authentication. List the three methods of
identification and authentication. In general, the authentication techniques employed should
match the degree of risk associated with unauthorized access.

CLASSROOM ACTIVITIES
In his book, The Cuckoo’s Egg: Tracking a Spy Through the Maze of Computer Espionage,
Clifford Stoll (one of this chapter’s Technology Trailblazers on page 593) tells the fascinating
story of using an audit trail to uncover computer espionage. The story is retold in a PBS Nova
special, ―The KGB, the CIA, the Computer and Me,‖ in which Stoll plays himself. If possible,
obtain a videotape of the special to show in class. Clifford Stoll is an energetic and informative
speaker. Pacing, running, shouting, laughing, and cajoling, Stoll challenges his audience to
consider issues they may never have thought about before. ―I don’t know. This is just me,‖ Stoll
observes. ―Your job is to prove me wrong.‖ Stoll believes that, ―if we want good technology, we
have to open it up to criticism.‖ In one interview, Stoll said it is important for technologists (or
―propeller-heads‖) such as himself to consider such questions as:
 Who does not benefit from computers?
 Where are computers badly applied?
 When is the Web irrelevant?
 Why are people frustrated by computers?
 How do computers change society?
Stoll listens to everyone — both computer users and non-computer users alike. In fact, Stoll
decries the ―cult of exclusion‖ or ―techno-arrogance‖ he feels characterizes some computer users.
Stoll’s questions, and the issues he raises in Silicon Snake Oil and High Tech Heretic, could
inspire an interesting end-of-term discussion.

User names and passwords, 566
LECTURE NOTES
Define user name (or user ID) and password. Review the forms of remembered information
authentication provided for with most multiuser operating systems (user ID and password).
Discuss Figure 11-10. Consider how passwords are assigned or selected. Use Figure 11-11 to
examine the effect of increasing the length of a password. If n represents the number of
characters in a password, the number of possible character combinations is 36n (26 letters + 10
digits = 36 possible characters for each place in the password). The numbers have been rounded
in Figure 11-11. Mention general guidelines that sometimes must be followed when creating
passwords. Explain how some systems provide additional protection. Point out FAQ 11-6: How
can I protect my password? Normally, to create a difficult-to-guess password, a user should not
use:
 His or her name in any form
 The name of a family member
 All digits or all the same letter
Discovering Computers 2007                                                             Page 9 of 32


   A word contained in an English or foreign language dictionary
Although good passwords are obscure, it is important that they be memorable. Many software
programs allow users to password-protect files or data. If the password is forgotten, however,
even the software developer may not be able to help recover the protected information. Some
experts believe that forgotten passwords cause more problems than unauthorized access. When a
password is created, some systems request a memory-jogging question that can be asked if a
password is forgotten. Systems often allow only a limited number of incorrect password entries,
after which the Operation Center must be contacted to gain access. Some industries require that
employees change passwords on a monthly basis, but even the most obscure password is
valueless if a user is careless. A bank consultant, posing as an employee, found a password taped
above a terminal. He used it to transfer $12 million to his personal account. He later was arrested
when, after several drinks, he told his story to a friend who contacted the FBI. Point out that, in
addition to a user name and password, some systems require additional information randomly
chosen from a personal file.

CLASSROOM ACTIVITIES
Present students with a series of passwords and ask them to assess which ones are too simple and
which ones are the most secure.

Possessed objects, 567
LECTURE NOTES
Define possessed object. List examples of possessed objects. Discuss Figure 11-12. Define
personal identification number (PIN). Explain how PINs are used. Although a PIN is numeric,
some of the techniques and safeguards used when creating a password also can be used when
deciding on a PIN.

CLASSROOM ACTIVITIES
Ask if students have any possessed objects and for what purpose they are used.

Biometric devices, 567
LECTURE NOTES
Define biometric device. Recall how biometric devices are used. The personal characteristic
used by a biometric device sometimes is called a biometric identifier. List examples of biometric
devices. Discuss Figure 11-13. Explain why biometric devices are gaining popularity. In some
schools, fingerprint scanners have become part of the school lunch line. For children who opt to
participate, instead of paying at the lunch counter a student touches a fingerprint scanner, and the
money is deducted from an established account. The system is faster than cash, uses something
children cannot lose, prevents children on free-lunch programs from feeling embarrassed, allows
parents to specify what their children can eat (or receive a printout of what their children are
eating), and even stops the playground extortion performed by lunch-money bullies. Note
disadvantages of biometric devices. AuthenTec has developed a technology for fingerprint
scanners that reads underneath the surface of the skin. The technology is unaffected by external
factors, such as dirt, and is more accurate than competitive technologies. Point out Ethics &
Issues 11-2: Should Schools Use Biometric Devices? on page 568.
Page 10 of 32                                   Chapter 11: Computer Security, Ethics, and Privacy


CLASSROOM ACTIVITIES
Ask students if any security measures are foolproof. Because biometric devices do not transmit
an actual fingerprint (or signature or retinal scan) but instead send digital code that describes the
physical characteristic, could a device be fooled by breaking into an input line and transmitting
data that belongs to a legitimate user? Can security ever be 100 percent effective and realistic in
terms of cost? How is the necessary level of security decided?

DISCUSSION TOPICS
Discuss Looking Ahead 11-1: Three-Dimensional Facial Recognition Software — A Step
Forward for Security on page 568.

QUICK QUIZZES
As a quick review, have students visit the Discovering Computers 2007 Quiz Yourself Web page
(scsite.com/dc2007/ch11/quiz) and then click Objectives 1 – 3.

Hardware theft and vandalism, 569
LECTURE NOTES
Define hardware theft and hardware vandalism. Mention where hardware theft and vandalism
does, and does not, pose a threat. Point out why theft of mobile equipment is a more serious risk.
An insurer of personal computers reported more than 200,000 incidents of theft or robbery of
portable computers in 1995, costing almost $640 million.

PROJECTS TO ASSIGN
Notebook computers soon are expected to account for almost 40 percent of personal computer
sales. With the growing number of notebook computer users has come increasing concern about
the vulnerability of portable computers. In one year, an insurer of personal computers reported
claims for almost $1 billion worth of equipment. Among incidents reported were accidental
damage (238,000 cases), theft (208,000 cases), power surges (38,000 cases), and loss during
transit (19,000 cases). Have students visit a computer vendor and make a list of products
available to help safeguard portable computers. What is the purpose of each product? How much
does it cost? How is it used? Which products do salespeople recommend? Why? If they could
purchase only one item to protect their portable computer, what would they buy? Why?

Safeguards against hardware theft and vandalism, 569
LECTURE NOTES
Mention preventive measures that can be taken to reduce the risk of computer theft. Discuss
Figure 11-14. Consider precautions taken by mobile computer users. Metal tags typically are the
only means of hardware identification used by educational institutions, but some schools,
businesses, and individuals are opting for additional security measures. To help combat hardware
theft, Absolute Software has released a program called CompuTrace TRS. After being installed
on a computer’s hard disk, once a week the software automatically calls Absolute’s control
center. If the computer has been reported stolen, caller ID is used to track it down. The service
costs about $5 a month.
Discovering Computers 2007                                                           Page 11 of 32


Software theft, 570
LECTURE NOTES
Describe software theft. Consider types of software theft. Define software piracy. Piracy is an
expensive problem for the software industry. Estimates are that software piracy costs the industry
more than 35 percent of its business annually. The problem is not new. In 1976, Bill Gates,
founder of the one-year-old Microsoft corporation, complained in an open letter to computer
hobbyists that ―most of you steal your software.‖ He criticized the idea many hobbyists had that
―hardware must be paid for, but software is something to share,‖ and pleaded with users to ―pay
up.‖ Point out Web Link 11-4: Software Piracy.

Safeguards against software theft, 570
LECTURE NOTES
Define license agreement and single-user license agreement, or end-user license agreement
(EULA). Discuss Figure 11-15. List the rights users have, and do not have, upon acceptance of a
single-user license agreement. Explain why software piracy continues and why it is a serious
offense. Although software piracy is a worldwide problem, the problem is most acute in Asia and
Eastern Europe. In Malaysia, pirated copies of Microsoft’s Windows XP were being sold months
before the software’s official release for as little as $1.50 (compared with $199 for a licensed
home version of the operating system). In Eastern Europe, pirates control 70 percent of the
software market, often working together with organized crime. Yet, in some areas of the world,
software piracy appears to be declining, in part because of increasing efforts by the software
industry, and in part because of decreasing acceptance among the public at large. In France, for
example, it is estimated that pirated software makes up a little less than 40 percent of software
sold. This may seem like a lot, but it is only half the amount of pirated software that was sold in
France in 1990. The Software Publishers Association (SPA), together with federal marshals, have
conducted several successful raids of organizations suspected of using pirated software. Some
corporations argue that confusing (and often varying) software licensing policies, coupled with
the proliferation of personal computers (each with its own hard drive) and networked
workstations, make it difficult to comply with strict standards for legitimate software use.
Describe the Business Software Alliance (BSA). The BSA has enforcement agencies in 65
countries. Point out Web Link 11-5: Business Software Alliance on page 571. Note how software
companies have responded to software piracy. Define product activation. Software vendors
have tried several copy-protection schemes including special formatting that cannot be copied,
―key disks‖ that must be inserted to use the software, and access codes that have to be entered
each time a program is run. Unfortunately, these measures seldom deter software pirates and
often annoy legitimate users. Today, copy protection is less common. Most software companies
rely primarily on voluntary compliance and industry-wide enforcement. Discuss ways that
software costs can be reduced for organizations with large numbers of users. Point out the
policies that many organizations have governing the use of software. Companies sometimes
reduce software costs by purchasing network versions for the maximum number of users
expected to be online simultaneously. If additional users try to log on, the program rejects them.
Mention FAQ 11-7: How prevalent is software piracy? on page 571.
Page 12 of 32                                 Chapter 11: Computer Security, Ethics, and Privacy


CLASSROOM ACTIVITIES
Ask students if software piracy always is a cut-and-dried issue. Suppose a school purchases one
copy of a program and then makes copies to be used in class. Although on the face of it this
clearly is piracy, the school might argue that the software is being used for an educational
purpose and, by familiarizing them with the package, students will be more apt to purchase and
recommend the software in the future. Is the school’s action defensible? Why or why not?

PROJECTS TO ASSIGN
In 1995, software piracy cost developers more than $15 billion. The software industry lost more
than $28,900 every minute due to software theft. Rates of software piracy vary. North America’s
27 percent average was the lowest rate of piracy, while Eastern Europe’s 83 percent average was
the highest. Computer users have mixed feelings about software piracy. In one survey, 78 percent
of respondents agreed that software should not be copied illegally, but 47 percent admitted they
had done it. Have students visit the Business Software Alliance (BSA) Web site to learn more
about software piracy. How does software piracy negatively impact consumers? What are some
hot issues regarding software piracy? What is BSA’s public policy? What is the BSA software
scanner? How does BSA deal with violators of software copyright law?

Information theft, 571
LECTURE NOTES
Describe information theft. Tell how users fall victim to information theft. One troubling form
of information thievery is identification theft. According to law enforcement officials, the
Internet is the source of 30 percent of false identification documents. Using government records
and a computer in a public library, a 23-year-old felon was able to create bogus identification
documents, obtain almost $60,000 in car loans, and purchase a brand new $40,000 Honda.
Another information thief used the Internet to steal the name and social security number of an
innocent desk worker. Armed with that individual’s identity and credit history, the thief leased
three new sport utility vehicles in three days. The crook was caught only when the third
dealership ran a credit check and became suspicious about the number of purchases.

DISCUSSION TOPICS
The text states that the loss of information can cause as much damage as (if not more than)
hardware or software theft. Why is this the case? In what industries would this be particularly
true?

Safeguards against information theft, 572
LECTURE NOTES
Consider ways companies and individuals attempt to prevent information theft.

Encryption, 572
LECTURE NOTES
Define encryption and decrypt. The word ―encryption‖ comes from the Greek kryptos, meaning
hidden. Differentiate between plaintext and ciphertext. Define encryption key. Encryption keys
are not invulnerable. One security consultant discovered that, under certain conditions, an
information thief can get enough data to obtain an encryption key by measuring the amount of
Discovering Computers 2007                                                             Page 13 of 32


time it takes to scramble a message. Use Figure 11-16 to explain simple encryption methods. Use
Figure 11-17 to illustrate a sample encrypted file. Point out Web Link 11-6: Encryption. Refer
students to High-Tech Talk on page 592 for a more technical description of encryption. Describe
Pretty Good Privacy (PGP) encryption. Define digital signature and hash. Characterize 40-bit
encryption and 128-bit encryption. Describe a secure site. Security is a primary concern of most
Internet users. For years, it has been assumed that all codes eventually could be broken. Harvard
professor Michael Rabin, however, has challenged this notion with his ―hyper-encryption,‖
which allegedly is guaranteed mathematically to be unbreakable. According to Professor Rabin’s
system (which still only is in theoretical form), a satellite broadcasts a random stream of bits (0s
and 1s). The sender and receiver of a message pull bits out of the stream in a prearranged pattern.
The bits are used to scramble a message when it is sent and unscramble the message when it is
received. The random bits are not retained, however, and the random stream cannot be duplicated
or completely stored. Therefore, even if an eavesdropper accesses the coded message and the
pattern used to code it, the code still cannot be broken because the actual bits from the random
stream that were used to code the message are gone.

DISCUSSION TOPICS
Encryption protects all sorts of confidential information, from financial transactions to medical
data, from prying eyes, but it also can allow felons and terrorists to plan freely their crimes. Not
surprisingly, the U.S. government is very interested in encryption. Since the early 1990s, the
government has considered developing a standard for data encryption that would allow law
enforcement agencies, with a court order, to monitor encrypted communications. Reaction to
government proposals has been mixed. One expert says the plans are like the government
allowing you to own a safe, as long as it can keep the combination. Refer students to High-Tech
Talk on page 592 for a technical discussion about public key encryption. In recent years, a
controversy has formed about ―strong encryption,‖ in which ciphers are virtually unbreakable
without the decryption keys. While most companies and their customers view strong encryption
as a means of minimizing fraud and keeping secrets, some governments view strong encryption
as a means by which terrorists might potentially elude law enforcement. These governments,
including the U.S., want to set up a key-escrow arrangement in which those who use ciphers
would be required to provide the government with a copy of the decryption key. These keys
would be stored in a supposedly secure place, used only by authorities, and used only with a
court order. Opponents of this scheme argue that criminals could hack into the key-escrow
database and illegally obtain, steal, or alter the keys. Supporters claim that while this is a
possibility, implementing the key escrow scheme would be better than taking no action to
prevent criminals from freely using encryption/decryption. Survey your students on this topic.

Digital certificates, 573
LECTURE NOTES
Define digital certificate. Explain how digital certificates are used. Define certificate authority
(CA). Discuss Figure 11-18. Note information typically contained on a digital certificate. Point
out Web Link 11-7: Digital Certificates on page 573.
Page 14 of 32                                Chapter 11: Computer Security, Ethics, and Privacy


Secure Sockets Layer, 574
LECTURE NOTES
Define Secure Sockets Layer (SSL). Point out that SSL requires a client to have a digital
certificate. Mention that addresses of Web pages using SSL typically begin with https. Discuss
Figure 11-19.

Secure HTTP, 574
LECTURE NOTES
Describe Secure HTTP (S-HTTP). Explain why S-HTTP is more difficult to use, but more
secure, than SSL. Note applications that use S-HTTP. Define virtual private network (VPN).

CLASSROOM ACTIVITIES
To familiarize students with the sample encryption methods presented in Figure 11-16, have
them use different techniques to encode a message, and then let a classmate decipher it. Which
method is easiest to decipher? Which method is most difficult? Although computers are a
relatively new phenomenon, encryption and codes have been around for centuries. Ask students
how codes were broken before computers. Why would computers be good at ―cracking‖ codes?
How do students feel about government and data encryption? Should the government have some
control over encryption or be able to access encryption keys? Why or why not?

System failure, 574
LECTURE NOTES
Describe system failure. Tell how system failures are caused. Safeware, a leading insurer of
personal computers, released the following figures on damage to computer hardware (primarily
notebooks):
     TYPE OF INCIDENT                        NUMBER OF INCIDENTS               VALUE*
     Accidental damage                             238,000                        $191
     Miscellaneous causes                           67,000                          42
     Power surge                                    38,000                          28
     Loss or damage in transit                      19,000                          31
     Fire damage                                     7,000                            4
     Lightning surge via telephone line              5,000                            9
     Water damage                                    3,000                            2
     TOTAL                                         377,000                        $307
                                                                        (* in millions)
The power supply is an important factor when purchasing a PC for personal use, lab use, or as a
file server. Define noise, undervoltage, brownout, blackout, overvoltage (or power surge), and
spike.

Safeguards against system failure, 574
LECTURE NOTES
Explain the purpose of a surge protector (or surge suppressor). Discuss Figure 11-20. Consider
the effectiveness of surge protectors. Computers should be shut down as soon as possible after
brownouts. Subsequent multiple surges can harm the computer, even if it is connected to a surge
Discovering Computers 2007                                                          Page 15 of 32


protector. Characterize the Underwriters Laboratories (UL) 1449 standard for surge protectors.
Define Joule. Describe an uninterruptible power supply (UPS). Discuss Figure 11-21. In
addition to operating when power is completely lost, a UPS also cuts in when line conditions
become unsatisfactory due to voltage levels, spikes, or related events. The UPS provides
alternative power to permit a safe shutdown. Mention the difference between a standby UPS (or
offline UPS) and an online UPS. Point out Web Link 11-8: Uninterruptible Power Supply on
page 575. Describe a fault-tolerant computer. Consider businesses that use fault-tolerant
computers. Point out FAQ 11-8: Should I use a surge protector on electronic equipment and
appliances? on page 576.

CLASSROOM ACTIVITIES
Survey students about their use of surge protectors on their own PCs.

Backing up – the ultimate safeguard, 576
LECTURE NOTES
Define backup. Explain what it means to back up a file. Define restore. Mention media used to
store backups. Certain considerations exist for backup strategies:
 A backup should be easy to do.
 A backup should be automated and rely on as little human interaction as possible.
 Backups should be made regularly.
 There should be at least two copies of the data, stored on different media, kept at different
     locations.
 A backup should rely on standard, well-established formats.
 A backup should not use compression, as uncompressed data are easier to recover if the
     backup media are damaged or corrupted.
 A backup should be able to run without interrupting normal work.
Tell why backup copies often are kept offsite. Virus protection is important in the backup
process. If the primary data source is infected, the mirror-image backups also will be
contaminated. Explain how a full backup (sometimes called an archival backup) is different from
a selective backup. Cartridge tape devices, CD-RWs, and DVD+RWs make it much easier to
perform a full backup. It would take 4,167 floppy disks (1.44 MB) to back up a 6 GB (6,000 MB)
hard disk, not to mention the time required to insert, copy, and remove each disk. A tape backup
unit can store several megabytes per minute on a single cartridge and, best of all, can do it
without user assistance. Describe a three-generation backup policy. Define grandparent, parent,
and child. Point out where backup and restore programs are available. Windows has a Backup
utility on the Microsoft Tools submenu that can be used to back up files on floppy disks, tape, or
another network computer. Backup is crucial — in the case of a disaster, it is easier to obtain
another computer and reload backup files than it is to recreate program and data files that may
have taken months to develop. Describe an online backup service.

QUICK QUIZZES
How is a full backup different from a selective backup? (Answer: A full backup copies all of the
files in a computer; a selective backup copies only the folders and files that a user chooses to
copy.)
Page 16 of 32                                 Chapter 11: Computer Security, Ethics, and Privacy


Wireless security, 576
LECTURE NOTES
Explain why information transmitted over networks has a higher degree of security risk. Mention
techniques used to protect networks. Network security is an important issue for all companies.
Newsweek magazine offers 10 steps to better network security:
 (1) Keep passwords confidential (do not post them in a public place).
 (2) Shred sensitive material before disposing of it.
 (3) Employ physical security measures that grant access only to authorized people.
 (4) Perform background checks on personnel.
 (5) Configure firewalls and other security software correctly.
 (6) Change the default passwords set by operating systems manufacturers.
 (7) Do not allow dial-up modems at employees’ desks.
 (8) Keep servers and other valuable computers behind locked doors.
 (9) Review security logs and host-monitoring programs daily.
(10) Train employees in procedures that might keep intruders out.
Note the types of issues that have been raised by the Internet. List risks associated with large
networks and the Internet. Experts believe that some of the Internet’s security problems stem
from its basic architecture. ARPANET, the Internet’s precursor launched 30 years ago by the
U.S. Department of Defense (see the history of the Internet in Chapter 2), was designed to allow
trusted users (not the public) to share information, not to conceal it. This openness can be a
troublesome flaw, especially in light of recent attacks designed not to break into systems, but to
slow them down. In February of 2000, one or more hacker Davids temporarily felled several e-
commerce Goliaths (including Yahoo!, eBay, CNN.com, and Amazon.com) not with a single
stone, but with many stones. The hacker broke into weak server computers and stashed a
program that, at a given time, sent hundreds, even thousands, of e-mail messages to the e-
commerce giants’ servers, overloading the networks and shutting down operations. Ultimately,
the damage was minor, but the incidents proved the vulnerability of the e-commerce
marketplace. Describe war driving and war flying. Discuss Figure 11-22. Define Wired
Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and 802.11i security standards.

DISCUSSION TOPICS
The Freedom & Privacy Security Tool from Zero-Knowledge Systems uses encryption and data-
packet redistribution to remove an Internet user’s personal information, leaving only a numeric
pseudonym that makes it impossible to identify an e-mail author or monitor Web surfing habits.
Each pseudonym is unique and has its own encryption key. The Freedom software package
comes with five pseudonyms and costs $49.95. Consumer advocates and civil libertarians praise
this product, but police officers and Internet lawyers are wary. Law enforcement officials insist
that law breakers are the only people who really need the anonymity offered by Freedom.
Anonymity is not a constitutional right, and law enforcement officials feel something should be
built into the Freedom software that would permit them, with a court order, to trace the identity
of pseudonyms engaged in illegal activities. Zero-Knowledge Systems counters that controls are
built into the software, allowing them to shut down any pseudonym engaged in illegal activity.
Users always can pay to get new pseudonyms, but company officials hope that at a cost of $10
each, eventually lawbreakers will see that crime does not pay. To what extent is online
anonymity a desirable trait? Why? Should limits be imposed on anonymity online? Why or why
Discovering Computers 2007                                                         Page 17 of 32


not? Should data encryption techniques be available without limit around the world? How should
their antisocial uses by criminals be handled?

QUICK QUIZZES
As a quick review, have students visit the Discovering Computers 2007 Quiz Yourself Web page
(scsite.com/dc2007/ch11/quiz) and then click Objectives 4 – 9.

Ethics and society, 578
LECTURE NOTES
Define computer ethics. List the six frequently discussed areas of computer ethics. Use Figure
11-23 to identify issues in these areas.

CLASSROOM ACTIVITIES
Encourage students to indicate whether they believe each circumstance in Figure 11-23 is ethical
or unethical. Have them compare their determinations with classmates and discuss their
responses.

DISCUSSION TOPICS
The Web is one of the world’s largest libraries and surely the world's largest copy machine. The
global reach of the Web has added substantially to the production of an astonishing abundance of
information in digital form, as well as offering unprecedented ease of access. Creating,
publishing, distributing, and using information is easier and faster. The good news is that the
explosive growth and the wealth of knowledge brought by the Web enriches society. The bad
news is that people easily can obtain illegal copies of information or intellectual property
available on the Web without the consent of the originator. Copyright laws have been in place for
more than 200 years, but protecting intellectual property never has been an easy task. Now, the
capability to convert information into digital format easily makes it even more difficult. Will
copyright laws be changed? Should copyright laws be changed? Is it ethical to download
copyrighted music to your computer for personal use? Is it legal? Can governments enforce
copyright laws? What rights should the individual have who created the original work?

Information accuracy, 579
LECTURE NOTES
Consider the importance of information accuracy. Note questions related to responsibility for a
Web site. Today, authorship of a Web site, even authorship of a posting on a public message
board, can have legal consequences. In what have been called ―cyber smear‖ cases, an increasing
number of companies are suing their online critics for libel, especially when the derogatory
comment is posted to a stock-related Web site. These companies fear that the postings are made
to manipulate stock prices. Point out that a company providing access to information may not be
the creator of the information, and questions that arise concerning the accuracy of information.
Consider concerns about the ethics of using computers to alter output. Discuss Figure 11-24.
Explain why the National Press Photographers Association opposes any alteration of
photographic images. Before O.J. Simpson was tried for murder, a popular weekly news
magazine ran an altered picture on its cover that gave Simpson a sinister appearance. Some
Page 18 of 32                                  Chapter 11: Computer Security, Ethics, and Privacy


insisted the picture was unfair, essentially judging Simpson before he was tried. Others argued
the picture only emphasized the seriousness of the crime.

CLASSROOM ACTIVITIES
In terms of ethics, ask students if digital photo retouching is any different from traditional
retouching that photographers have done for years. If so, how? When, if ever, is retouching
acceptable? What, if any, restrictions should be placed on digital retouching?

PROJECTS TO ASSIGN
Ask students to find other misleading images on the Web like the one in Figure 11-24.

Intellectual property rights, 579
LECTURE NOTES
Define intellectual property (IP), intellectual property rights, and copyright. Mention issues
surrounding the phrase, fair use. List questions about copyright law that are not clear-cut.
Another area in which copyright law is unclear is the posting of classroom notes online. Several
note-taking services pay college students to post their classroom notes. Many colleges and
professors argue that posting classroom notes infringes on a professor’s copyright protection. In
addition, when students can get notes online, they may choose to skip class. The note-taking
services argue, however, that the posted notes are a student’s interpretation of a lecture. In the
past, courts have agreed that while handouts or lecture videotapes belong to the college or
professor, notes belong to the student who took them. Most note-taking services also accompany
online notes with a statement emphasizing the importance of attending lectures. Point out Web
Link 11-9: Digital Rights Management on page 580. Define digital rights management (DRM).
Discuss Ethics & Issues 11-3: Who Should Control the Content of Your CDs and DVDs?

CLASSROOM ACTIVITIES
Use the bulleted list of questions on page 580 to initiate a discussion on copyright. Many of the
issues presented in the text are ones with which students, as consumers of digital media and as
students in the age of the Internet, will be very familiar.

DISCUSSION TOPICS
One way that intellectual property owners protect their rights is by using technological measures,
such as ―spoofing,‖ to prevent copyright infringement. Spoofing floods a peer-to-peer music
network with fake files of a certain title. People who download the title receive a ―spoof‖ that
contains distortion, long moments of silence, or warnings about copyright law. According to the
recording industry, online music swapping has resulted in a 16 percent drop in sales, hurting both
the artists and the studios. ―One of the only ways…to deal with the peer-to-peer problem,‖ argues
the president of the Recording Industry Association of America, ―is by means of technological
measures.‖ Opponents insist that these measures could spread viruses and alienate music fans.
They argue that it is unethical to mislead Internet users and claim it can be considered hacking,
which in some countries is illegal. Should technological measures be used to protect intellectual
property rights? Why or why not? What, if anything, should be done to protect copyrighted
material online? Why?
Discovering Computers 2007                                                           Page 19 of 32


Codes of conduct, 580
LECTURE NOTES
Define an IT code of conduct. Use Figure 11-25 to illustrate a sample code of conduct.

DISCUSSION TOPICS
Many computer-related organizations and professional associations have published guidelines
pertaining to computer-related ethical conduct. These codes of conduct help determine if a
specific computer action is ethical or unethical. The adherence to and enforcement of these
guidelines is, however, an issue in many companies. Consider the following scenario: A
programmer is working on a software project for his company. The deadline for the project is
approaching quickly, and the programmer realizes he will not be able to meet the deadline. He
makes a decision to omit one of the modules he considers non-essential without informing
management. The program is released and sold to the public. It immediately crashes. Who is
responsible — the programmer or the company? Could a company code of conduct have
prevented the problem? Why or why not? If an IT professional violates a code of conduct, what
action should a company take? Termination? Leave of absence without pay? Legal action?

CLASSROOM ACTIVITIES
Ask students to identify examples within the codes listed in Figure 11-25. What would it look
like to harm another person with a computer? How could a computer be used to steal? To use
others’ intellectual property as your own? What does it mean to consider the social impact of the
programs and systems you design?

Information privacy, 580
LECTURE NOTES
Define information privacy. Explain why information privacy is a greater concern today than in
the past. Use Figure 11-26 to list techniques that can be used to safeguard personal data. A credit
bureau survey found that 78 percent of Americans either were ―very concerned‖ or ―somewhat
concerned‖ about their privacy. Many equate the growing use of computers with the increasing
loss of privacy. Scott McNeally, CEO of Sun Microsystems, raised eyebrows several years ago
when, in response to a question about whether one of the company’s products adequately
protected a user’s privacy, he replied irritably, ―You have zero privacy, anyway. Get over it.‖
Despite American’s obsession with privacy, students may be surprised to learn that the U.S.
Constitution never mentions a right to privacy. In his book The Road Ahead, Microsoft
cofounder Bill Gates notes that loss of privacy is a major concern regarding the Internet. Yet,
Gates feels the potential problem is not the availability of private information, but the abuse of
that information.

CLASSROOM ACTIVITIES
Ask how students feel about the observations of McNeally and Gates. Is there any privacy?
Should the emphasis be on restricting access to private information or on preventing
mistreatment of that information? Why?
Ask students which of the techniques in Figure 11-26 they currently practice. Which might they
be likely (or unlikely) to adopt? Why?
Page 20 of 32                                  Chapter 11: Computer Security, Ethics, and Privacy


DISCUSSION TOPICS
A popular Web site lets people construct personal Web pages for free and was proud of its
communal atmosphere. The Federal Trade Commission (FTC), however, had reservations about
the Web site’s policies. The FTC found that the Web site was selling personal information
collected from registration forms, without the permission of members. The Web site agreed to
change its policies and was not prosecuted, but critics insist this is not enough. How sternly
should companies that sell information without permission be punished? What, if any, limitations
should be placed on the type of information that can be sold? Why?

Electronic profiles, 581
LECTURE NOTES
Explain how information is collected and sold without authorization. To see how information is
shared, suggest that students use an alternate spelling of their names (for example, ―Meghan‖ or
―Meagan‖ for Megan) on a turn-around document, such as a warranty card. Students then could
keep track of how much correspondence they receive addressed to that name. Point out
arguments by supporters and critics of direct marketing. Mention that many companies allow you
to specify whether personal information is distributed. Discuss Figure 11-27. Sometimes,
concerns about the unauthorized collection and use of data are baseless. When Lexis-Nexis
started a service called P-TRAK, a database with about 300 million records, rumors flew that the
database held such personal information as an individual’s credit history, social security number,
mother’s maiden name, and so on. Many people called asking to have their names removed. In
reality, P-TRAK had little more than name, address, and telephone number. Supporters of
personal database services point out that opponents may be overlooking possible benefits. They
claim that, among other uses, the databases can be used to help:
 Trace missing children
 Find ―deadbeat parents‖ who fail to pay child support
 Locate former employees who are owed pension funds
 Track criminal suspects
 Reduce insurance rates by minimizing fraudulent claims
 Keep e-commerce safe by verifying identities
Some insist that a balance must be achieved between privacy concerns and the benefits of
information availability. In 1997, the leading providers of identification and location information
formed the Individual Reference Services Group (IRSG) to establish standards for the storing and
disseminating of personal information by member companies.

CLASSROOM ACTIVITIES
Ask students how they feel about electronic profiles and direct marketing.

DISCUSSION TOPICS
As stated in the text, supporters of direct marketing state that using data from electronic profiles
lowers overall selling costs, which lowers product prices. On the other side of the debate, critics
contend that the information from electronic profiles tells more about an individual than anyone
has a right to know. Survey students about their opinions. Alternately, ask students to take one
side of the debate or another and to prepare an argument using research from the Web.
Discovering Computers 2007                                                           Page 21 of 32


Cookies, 582
LECTURE NOTES
Define cookie. Review purposes for which cookies are used. Use Figure 11-28 to explain how
Web sites work with cookies. Describe a session cookie. Mention Web Link 11-10: Cookies. A
Web site only can read information in its own cookie file, but point out that some Web sites do
sell or trade that information. A study of 21 popular health-related sites by the California
HealthCare Foundation found most of the sites did share information, sometimes in violation of
stated privacy policies. Many advertisers were able to obtain names and addresses, and some
third parties were able to see information that site visitors believed was confidential. Explain
how a browser can be used to disable cookies. Mention FAQ 11-8: Can a Web site read data in
all the cookie files on my computer’s hard disk? For more information on cookies, students can
visit Privacy.net (privacy.net/) or Cookie Central (cookiecentral.com/) on the Web.

DISCUSSION TOPICS
Cookies enable a company’s system to track a user’s online activities. Examples of information
that a cookie can collect from a user includes the computer’s IP address; login name and
password; e-mail address; the computer’s operating system and platform; the type of and version
number of the user’s browser; the date, time, and length of time the host system was accessed;
and the pages visited while the user was online. Many consumer groups and privacy advocates
are taking legal action because of this collection of information. They contend that companies are
not doing enough to protect the privacy of Web users. As a result of several class-action lawsuits,
some online retailers, such as Amazon.com, have revamped their privacy policies. (An overview
of Amazon.com’s policy is contained on its Web site and explains what information the company
gathers, why it gathers that information, and by what means it gathers that information.) Do you
think that all online companies should be required to post their policies and explain what
information they collect and how it is used? Should this be enforced by the federal government?
Should you, as a private citizen, have the right to sue companies that collect this information for
privacy invasion? Why or why not?

Spyware and adware, 583
LECTURE NOTES
Define spyware. Tell how spyware can enter a computer. Describe adware. Emphasize the
importance of reading the license agreement and registration information when downloading
software from the Web. Note how spyware must be removed. Many creators of spyware insist
either that they do not use any information they collect, or that the information they collect is
used only when combined with data from other users. Privacy experts, however, are not
convinced. If the information is not used, they ask, then why is it collected? Define Web bug. A
Web bug, which can be a dot no bigger than one square pixel on a Web page, can be
programmed to track Web use. Senator John Edwards introduced the Spyware and Privacy
Protection Act of 2001, a bill designed to protect consumers from software that obtains data
without permission. Discuss Ethics & Issues 11-4: Should Spyware Be Legal?

CLASSROOM ACTIVITIES
Spyware can be used by merchants, advertisers, … and parents. eBlaster, a spyware program
from SpectorSoft, helps parents monitor their children’s computer activities. The program
Page 22 of 32                                   Chapter 11: Computer Security, Ethics, and Privacy


records all Web sites visited, applications used, and messages typed and then sends a report to
the parent’s e-mail address. Reports can be dispatched at designated intervals or whenever certain
words are typed. Parents even can view the screen their children are seeing. Whether eBlaster
really is spyware — that is, a program placed on a computer without the user’s knowledge — is
the parent’s decision. SpectorSoft’s president says, ―We recommend that parents inform their
kids about this.‖ Yet, eBlaster has a ―Super-Stealth‖ option that hides the program from young
computer users, and many parents take advantage of this option. These parents feel that the risks
on the Web — pornography, hate groups, chat-room predators — justify the seeming invasion of
privacy. They admit, however, to being concerned about how discovery of the deception might
affect their parent-child relationship. Ask students how they feel about eBlaster and other
spyware programs. As parents, would they use eBlaster? Why or why not? If they used eBlaster,
would they employ the ―Super-Stealth‖ option? Why or why not?

DISCUSSION TOPICS
The State of Virginia has a law that declares that ―Any person whose name, portrait, or picture is
used without having first obtained the written consent of such person…for advertising purposes
or for the purposes of trade, such persons may maintain a suit in equity against the person,
firm…‖ Citing this law, a Virginia resident recently filed a claim against a national magazine
challenging the right of the magazine to sell or rent his name and other personal information to
another publication without his express written consent. The company obtained the personal
information when the Virginia resident filled out an online registration form to obtain a free
sample copy of a magazine. When you fill out online forms or purchase an item online, the
retailer has your e-mail address and other personal information. Should these retailers be allowed
to send you marketing pieces? Should they be allowed to sell your e-mail address to others? Is
this an ethical practice? Why or why not?

Spam, 584
LECTURE NOTES
Define spam. Discuss Figure 11-29. Experts believe that spam accounts for 10 percent of e-mail
over the Internet. The experts may have underestimated — America Online (AOL) believes that
30 percent of the e-mail it delivers is unsolicited. For advertisers, the appeal of spam is that it is
inexpensive. It costs no more to e-mail thousands of spam messages than it costs to e-mail one.
Define spim and spit. Explain how e-mail filtering or an anti-spam program can be used to
reduce the amount of spam received. A number of states (including California, Washington,
Rhode Island, and Virginia) have enacted anti-spam laws. Under these laws, AOL successfully
has sued more than 40 sources of spam. Anti-spam laws also are being debated on the federal
level. Even if the laws pass, however, it will not be the end of spam, since the sources of spam
simply can move outside the country.

DISCUSSION TOPICS
Discuss Ethics & Issues 11-5: Who Should Protect You from Identity Theft? on page 584.

Phishing, 584
LECTURE NOTES
Discovering Computers 2007                                                              Page 23 of 32


Define phishing and pharming. Tell how users are caught in a phishing scam. Point out FAQ
11-10: What do I do if I have been caught in a phishing scam?

PROJECTS TO ASSIGN
Survey students about spam they may have received that tries to trick the recipient into thinking
the message is from a trusted source. If possible, show students examples of these kinds of
messages, perhaps juxtaposed with messages that are genuinely from a trusted source, asking
them to distinguish the real messages from the phishing schemes.

Privacy laws, 585
LECTURE NOTES
Use Figure 11-30 to summarize federal laws concerning information privacy. Note the common
points in these laws. While several laws imply a citizen’s right to view records, it is not always
easy to do so. A number of offices or agencies often must be contacted, and many requests
initially are rejected. States also have laws regarding information privacy. Oklahoma, for
instance, adopted a law making it a misdemeanor to break into a computer system — and a
felony if records are destroyed, copied, or altered — in an effort to make the state more attractive
to high-tech industries. Review some of the federal laws dealing specifically with computers: the
Electronic Communications Privacy Act (ECPA), the Computer Matching and Privacy Protection
Act, the Computer Fraud and Abuse Acts, and the Fair Credit Reporting Act. Mention possible
loopholes in some laws. Note the information contained in many credit reports. Currently, there
is no law requiring credit agencies to verify information or notify people when a negative item is
added to their file. Estimates of error rates in some credit files are as high as 87 percent.

CLASSROOM ACTIVITIES
Ask students if the laws listed should be strictly, or loosely, interpreted. For example, should the
Fair Credit Reporting Act only permit consumers to see their credit records, or should it be
construed as allowing consumers to see any data maintained on them? What other laws could be
loosely interpreted? How?

PROJECTS TO ASSIGN
Assign students one or two of the laws listed in Figure 11-30 and ask them to use the Web to
research the circumstances behind the law and the changes brought about by the law.

Social engineering, 586
LECTURE NOTES
Define social engineering. A common practice is for a social engineer to use the telephone or
Internet to trick people into revealing sensitive information or getting them to do something that
is against typical policies. It is generally agreed upon that ―users are the weak link‖ in security, an
observation that makes social engineering possible. A contemporary example of a social
engineering attack is the use of e-mail attachments that contain malicious payloads (that use the
victim's machine to send massive quantities of spam). After earlier malicious e-mails led
software vendors to disable automatic execution of attachments, users now have to activate
attachments explicitly for this to occur. Many users, however, will blindly click on any
attachments they receive, thus allowing the attack to work. Perhaps the simplest attack is tricking
Page 24 of 32                                        Chapter 11: Computer Security, Ethics, and Privacy


a user into thinking one is an administrator and requesting a password for ―administrative‖
purposes. Users frequently receive messages that request password or credit card information in
order to "set up their account" or "reactivate settings," which are actually phishing attacks. In
reality, administrators of computer systems rarely need to know the user's password to perform
administrative tasks.

Employee monitoring, 586
LECTURE NOTES
Define employee monitoring. Point out that using software to monitor employees is legal.
Consider policies related to reading employee e-mail. Explain why the 1986 Electronic
Communications Privacy Act does not cover internal office communications. Using computers at
work for recreational purposes, sometimes called cyber slacking, has become a pervasive
problem in the modern workplace. To bosses, cyber slacking is an expensive employee benefit.
One estimate claims that cyber slacking costs more than $1 billion a year in wasted computer
resources. A survey reported that 90 percent of respondents admitted to surfing recreational Web
sites during work. In fact, almost one-third of the time workers spend on the Web is recreational.
Here are the types of sites people visit when they are supposed to be working:

                                      Wasting Time on the Web
                                             Other
                              Shopping       14%                   General News
                                4%                                    28%


                         Sports
                          6%


                    Entertainment
                         7%
                                                                  Investment
                                    Travel
                                                                     23%
                                     8%       Pornography
                                                  10%



Millions of workers use their office computers to play games. According to a survey by
Interactive Digital Software Association, 20 percent of game players log on from work. Web
sites can be devious — some even provide a button that can be clicked to display a phony
spreadsheet if the boss walks by. To combat the misuse of time and resources, companies have
taken a variety of steps, and employee monitoring is an increasingly familiar practice. The
Privacy Foundation (out of Denver) estimates that more than 30 percent of employees who
access the Web from work are subject to office surveillance. Some companies use electronic
surveillance software that reviews all of an employee’s computer activity. Some employ
electronic filters that keep workers from using the Web for unapproved reasons. Some have
instituted policies that require employees to snitch on co-workers. (Not surprisingly, companies
particularly resent employees who use office computers to comb the Internet for help-wanted
ads.) Note the debate concerning an employer’s right to read an employee’s e-mail messages.
Discovering Computers 2007                                                            Page 25 of 32


One study found that 84 percent of employees said they sent personal e-mail messages from
work. Many falsely believe that their messages are private. Consultants claim that because of
this, people speak more freely through e-mail, disclosing things they would never put in a paper
memo. To date, courts have held that employees cannot expect privacy in e-mail. A new breed of
private investigator has arisen that specializes in unearthing e-mail thought to be deleted. Similar
to other files, usually when an e-mail message is deleted the disk space it occupies simply is
marked as available. The message, however, remains on disk until another message writes over
it. (Often, a main computer also makes daily backups of all files.) ―Deleted‖ messages have
proven a valuable asset in several lawsuits, including the antitrust action against Microsoft and
many employee discrimination or sexual harassment cases against other companies. A large
number of companies search and read employee network communications. Sequel Technology
sells software called Net Access Manager that allows companies to monitor and control all their
employees’ activities on the Internet. The program lets managers read employee e-mail, restrict
individual access to Web sites, and create reports on an employee’s Internet activity. A company
called DVD software has sold hundreds of organizations a program called UnGame, which finds
and erases games from office computers.

CLASSROOM ACTIVITIES
A few companies have adopted a zero-tolerance policy towards any at-work personal use of the
Internet or e-mail. Although espousing such a policy and monitoring Internet use may seem
draconian, it is within an employer’s rights. ―It may be unfair for a boss to fire you for a five
minute Web site visit, but it’s not illegal,‖ admits the workplace-rights chief for the American
Civil Liberty Union (ACLU). ―If you filed a lawsuit, you wouldn’t have a prayer.‖ A few
companies, however, accept personal use of office computers. They believe that extracurricular
activities are a harmless way to take an occasional break and may even raise office morale and
develop computer skills. The important issue, they maintain, is whether or not the work is being
done. Yet, other companies insist that even intermittent games at lunch tax computer resources
and lessen worker productivity. Ask students how they feel. Is it right for workers to use
company computers for personal activities? Should an employee use an instant screen saver to
disguise his or her use of games or personal software? Is it right for employees to do outside
work, on their own time, on office computers? Why or why not? Should employers be able to
place limitations on how office computers are used on an employee’s own time? What policies
should be enacted regarding personal use of business computers?

DISCUSSION TOPICS
Employers can use a number of products to monitor their employees’ use of the Internet. These
products report an employee’s access of non-business related Web sites. Advocates insist that
these products conserve network resources, make workers more productive, and discourage
downloading of objectionable material. Opponents maintain, however, that determining business-
related sites often is a matter of opinion. In addition, the time spent at home on work-related
issues more than balances any office non-business Internet use. Companies have devised a range
of Internet policies, from strict limitations on personal use to reliance on employee’s discretion.
Should there be limitations on an employee’s access to the Internet? Why or why not? What
might be the disadvantages of allowing unlimited access? What might be the advantages?
Page 26 of 32                                 Chapter 11: Computer Security, Ethics, and Privacy


Content filtering, 586
LECTURE NOTES
Explain the issue of objectionable material on the Internet. In addition to violating guarantees of
free speech, regulation of the Internet poses another problem — who sets standards for indecent
or patently offensive material? What is indecent in one part of the world may be accepted in
another. In 1995, America Online decided to purge objectionable material from the network.
Eliminating four-letter words and racial epithets was simple, but banning the word ―breast‖ set
off a storm of protest. Online support groups for cancer patients were incensed and launched
several days of protests. America Online’s decision was called ―potentially life-threatening.‖
America Online backed down, but the incident illustrates how difficult it is to make decisions on
what is decent. The global nature of the Internet compounds the problem, because morality
usually is measured by local community standards. Define content filtering. Describe the
Internet Content Rating Association (ICRA). Characterize Web filtering software. Discuss
Figure 11-31. Parents can use several software programs to limit the material available to their
children. Some of the most popular programs are Cybersitter (with an intelligent phrase filtering
system that screens words in context), Surfwatch (said to be the easiest program to install), Net
Nanny (easily customized by parents), and Cyber Patrol (lets parents limit the amount of time
spent Web surfing). A popular Internet filtering system used by several schools is N2H2,
nicknamed ―Bess‖ by many students. N2H2 employs 64 people to review Web sites. Unlike
filtering software for home use, N2H2 maintains a fluid database of banned sites. N2H2 blocks
Web sites in the following categories:
 Adults only                        Suicide/murder                    Profanity
 Illegal activities                 Weapons                           Nudity
 Sex                                Hate/discrimination               Tobacco advocacy
 Alcohol                            Pornography                       Personal ads
 Drugs                              Violence                          Sites that gather personal
 Free pages                         Chat                                 data
 Tasteless/gross                    Free e-mail                       School cheating
 Lingerie                           Gambling                             information
Students and teachers can challenge the decisions made by N2H2, and sites can be added to or
removed from the database. Some claim that filtering software provides parents and teachers
with a false sense of security, and often prevents access to legitimate sites. The American Library
Association maintains that even the best filtering software allows 13 percent of sexually explicit
material to get through, while stopping up to 30 percent of useful information. One teacher points
out that because N2H2 blocks free Web pages (unless specifically requested to remove them
from the database of banned sites), students sometimes are unable to see classroom Web pages,
their own Web pages, and even Web pages for the Parent Teacher Association, which often are
on a free server.

CLASSROOM ACTIVITIES
Many people who object to government restrictions argue that technology does not permit those
who post information to control who receives it. When the Telecommunications Reform Bill,
with its ―decency‖ provision, was signed in early 1996, many Web sites protested by changing
the backgrounds of their home pages to solid black. Others posted blue ribbons — the symbol of
solidarity against Internet censorship — on their Web pages. Ask students how they feel about
Discovering Computers 2007                                                             Page 27 of 32


Internet censorship. Should there be controls on the material available? If so, who should set, and
enforce, the standards? How do they feel about filtering software? How would they feel as
parents? What else can be done to protect children from objectionable material?

DISCUSSION TOPICS
An issue heavily debated in the United States and around the world is Internet censorship. In
many states and within the federal government, politicians are attempting to pass laws and
legislation that would permit the government and other agencies to regulate Internet content. The
public libraries and schools are the main focus of many of these proposed laws. In general, these
laws would require that these public institutions use filtering software. This type of software can
be used to prevent users from accessing a wide range of information, including such topics as art,
literature, politics, religion, and free speech. The American Civil Liberties Union and other
similar organizations vehemently oppose any type of legislative censorship. Instead, they argue, it
is the responsibility of the parents to control what content their children access at a library. They
suggest that schools have acceptable use policies and that the schools be responsible for
enforcing those policies. They further contend that without free and unregulated access to the
Internet, this exciting medium could become for many Americans little more than a G-rated
television network. Do you agree or disagree that public institutions (e.g., schools and libraries)
should be required to use filtering software? Why or why not? Should the use of filtering
software be based on the nature of the institution? In other words, should filtering software be
used in institutions where children might have Internet access (such as elementary schools, high
schools, and public libraries), but not at institutions attended primarily by adults (such as colleges
and universities)? Why? Should the use of filtering software be determined by a national
mandate, or should it be decided by local officials, such as school boards or public library
directors?

Computer forensics, 587
LECTURE NOTES
Define computer forensics, also called digital forensics, network forensics, or cyberforensics.
List areas that use computer forensics. Refer students to the Computer Forensics feature that
follows this chapter. Computer forensics specialist is discussed in this chapter’s Career Corner on
page 591. Point out Web Link 11-11: Computer Forensics. Discuss Looking Ahead 11-2:
Computer Knowledge Assessment Using Brain Fingerprinting.

Health concerns of computer use, 587
LECTURE NOTES
Note concerns that have arisen regarding health and computer use.

Computers and health risks, 587
LECTURE NOTES
Define repetitive strain injury (RSI). Repetitive strain injury afflicts more than 1.8 million
people in the United States. The chairman of a National Academy of Science panel on work-
related injuries claims that every year a million U.S. workers miss days due to RSI. Several
concerns have been raised about the physical effects of protracted computer use, especially
among children. Because RSI symptoms can take more than a decade to appear, one neurologist
Page 28 of 32                                   Chapter 11: Computer Security, Ethics, and Privacy


described prolonged computer use by children as, ―a time bomb waiting to go off.‖ A study of
sixth graders found that already many complained of sore wrists, shoulders, necks, and backs.
Describe tendonitis and carpal tunnel syndrome (CTS). Note symptoms of tendonitis and CTS.
CTS, a painful wrist injury that usually appears first as a tingling in the fingers, affects sufferers
not only when working at the keyboard, but when performing other tasks as well. Mention
precautions that users can take to prevent tendonitis and CTS. Ideally, when working at a
keyboard, the elbows should be above the keyboard and the wrists and hands should extend
straight from the elbows, parallel to the floor. Use Figure 11-32 to list hand exercises that can be
used to reduce the likelihood of developing tendonitis or CTS. Point out that the wrist rest
provided with some computer workstations is designed to reduce wrist strain. Physical therapists
maintain that the best position for a keyboard is tilting away from the typist, so that the
SPACEBAR is above the letter keys. Goldtouch, a manufacturer of ergonomic computer
peripherals, markets a keyboard that can be adjusted 30 degrees. Some desktop keyboards have
small props that can be used to raise the height of the back of the keyboard. If a user wishes to
avoid carpal tunnel syndrome, these props should not be used because they put additional strain
on the wrist. Define computer vision syndrome (CVS). List symptoms of CVS. Spending as
little as two hours a day in front of a monitor can lead to CVS. As one optometrist explained,
―our eyes are not designed for staring at fuzzy words on an illuminated background.‖ Use Figure
11-33 to outline techniques that can be used to ease eyestrain. Specially designed prescription
glasses are available for computer users to sharpen images at the arm’s length distance of a
monitor. Lowering room lights or using a monitor shield to reduce glare also can help. Although
many software programs offer screen displays with colored type and backgrounds, research
shows that black type on a white background is easiest on the eyes. Explain how to ease the
lower back pain that sometimes accompanies work at a computer.

PROJECTS TO ASSIGN
The chairman of a National Academy of Science panel on work-related injuries claims that every
year a million U.S. workers miss days due to RSI. A survey of Harvard undergraduates found
that 40 percent reported symptoms of RSI. Some schools, including Harvard, have begun RSI
prevention programs. The programs are successful — Harvard already reports a decline in the
number of students seeking treatment for RSI symptoms — but too many schools (especially on
the pre-collegiate level) still pay little attention to ergonomic issues. In terms of ergonomic
issues, how safe is your workplace? Have students compare the characteristics of their
workplaces to the guidelines for a well-designed work area offered in Figure 11-34 on page 589.
Then, have each student make a sketch of his or her workplace and indicate where it does, and
where it does not, conform to the ergonomic guidelines. Could the workplace be improved?
How?

Ergonomics and workplace design, 589
LECTURE NOTES
Recall ergonomics. Discuss Figure 11-34. Mention features incorporated in monitors and
keyboards that address ergonomic issues. In addition to the guidelines presented in Figure 11-34,
to minimize neck and back strain when designing an ergonomic workplace, other considerations
are:
 Position the monitor so you can see it without turning your head.
Discovering Computers 2007                                                           Page 29 of 32


  When using a notebook computer, elevate the screen slightly.
 Do not cradle a telephone between your shoulder and neck.
 When you sit, keep your thighs parallel to the floor.
Even in a perfectly designed workplace, two more steps can be taken to reduce the risk of injury:
 Try to stay relaxed and interested. Most workers diagnosed with RSI also complain of stress
   or boredom. Orthopedists hypothesize that these people may pay less attention to their
   posture, strike the keyboard harder, and work more unceasingly.
 Take frequent breaks. Before computers, people automatically took small breaks, if only to
   replace the paper in a typewriter. Today, people easily can (and too often do) sit for hours,
   almost unmoving, in front of a computer keyboard. To avoid injury, force yourself to get up
   and walk around occasionally, even if it is only to run to the drinking fountain.

Computer addiction, 589
LECTURE NOTES
Describe computer addiction. List symptoms of computer addiction. Computer addiction is a
growing health problem. Several concerns have been raised about the over-use of computers,
especially among children. Recent surveys show that an average American child spends from one
to three hours a day working at a computer. In a perhaps related finding, studies indicate that
children today are three times more likely to be overweight than 30 years ago. The increase in
obesity has been attributed to several factors, one of which is an increasingly sedentary lifestyle
spent in front of a computer screen. Explain how computer addiction is treated.

DISCUSSION TOPICS
USA TODAY reported on a study that indicates more than six percent of Internet users suffer
from Internet addiction disorder (IAD). Researcher David Greenfield, who conducted the study,
says marriages are being disrupted, kids are getting into trouble, people are committing illegal
acts, and many are spending too much money for online purchases. Do you agree that IAD
exists? Is someone in your family suffering from IAD? Do families spend more quality time
together because of all the electronic conveniences in the home? Or, do family members spend
more time using these devices and less time with the family? Can one partner spending time in a
chat room be a problem for married couples? Can chat rooms be a problem for children?

Green computing, 590
LECTURE NOTES
Define green computing. Recall the ENERGY STAR program. Computers and devices that
meet ENERGY STAR guidelines display the ENERGY STAR label. Explain what should be
done with obsolete computers and devices. Use Figure 11-35 to identify ways to contribute to
green computing. Point out Web Link 11-12: Green Computing. Mention FAQ 11-10: Should I
turn off my computer every night? In an article for SmallTech, Monte Enbysk identified several
green computing myths:
 Turning a computer off at night uses more energy than leaving it on. Not true. The small
    surge of power used when turning it on is much less than the amount used in keeping it on for
    lengthy periods.
 Turning a computer on and off wears it out. Five or more years ago, there was something to
    this, but not today. At one time, hard disks did not automatically park their heads when shut
Page 30 of 32                                  Chapter 11: Computer Security, Ethics, and Privacy


    off, and frequent on/off cycling could damage the hard disks. Today's computers are designed
    to handle 40,000 on/off cycles before a failure — a number that probably will not be reached
    during a computer's typical five-to-seven-year life span.
   Screen savers save energy. Not true. Screen savers, at a minimum, can use 42 watts; those
    with 3D graphics can use as much as 114.5 watts.
   A computer uses zero energy when it is off. This is true only if it is unplugged. Otherwise,
    the computer utilizes ―flea power,‖ or about 2.3 watts, to maintain local-area network
    connectivity, among other things. In ―hibernate‖ mode, a computer uses the same 2.3 watts;
    in ―sleep‖ mode, a computer uses about 3.1 watts. Monitors do use zero energy when turned
    off.

PROJECTS TO ASSIGN
―The cost of a thing is the amount of what I will call life which is required to be exchanged for it,
immediately or in the long run.‖ — Henry David Thoreau (1817-62), U.S. philosopher, author,
and naturalist. Supporters of green computing agree with Thoreau and believe that the cost of
irresponsible computer use, in terms of energy and environmental waste, is too high. But, on a
more prosaic level, what is the cost of green computing? Have each student visit a computer
vendor and compare two similar computer systems. The systems should have comparable
components and capabilities, with one difference — make sure that all of the components in one
system comply with the ENERGY STAR program (that is, each component displays the
ENERGY STAR label), and that the components in the other system do not. Compare the cost of
the two systems. Which system is more expensive? Why? If the system that meets the ENERGY
STAR guidelines is more expensive, is the additional cost balanced by the potential saving in
energy? Why or why not?

QUICK QUIZZES
As a quick review, have students visit the Discovering Computers 2007 Quiz Yourself Web page
(scsite.com/dc2007/ch11/quiz) and then click Objectives 10 – 12.

Chapter Summary, 591
Briefly summarize the material presented in this chapter. Point out Career Corner: Computer
Forensics Specialist.

High-Tech Talk, 592
Have students read The Key(s) to Making Encryption Work. Explain how private key
encryption (or symmetric key encryption) is different from public key encryption (or asymmetric
key encryption). Use Figure 11-36 to explain sending an encrypted e-mail message with public
key encryption. Characterize Encryption File System (EFS) and advanced encryption standard
(AES). Explain how students can use the Discovering Computers 2007 High-Tech Talk Web
page (scsite.com/dc2007/ch11/tech) to learn more about encryption.

Companies on the Cutting Edge, 593
Have students read McAfee and Symantec. Students can visit the Discovering Computers 2007
Companies Web page (scsite.com/dc2007/ch11/companies) to learn more about McAfee and
Symantec.
Discovering Computers 2007                                                          Page 31 of 32



Technology Trailblazers, 593
Have students read Donn Parker and Clifford Stoll. Students can visit the Discovering
Computers 2007 People Web page (scsite.com/dc2007/ch11/people) to learn more about Donn
Parker and Clifford Stoll.

Chapter Review, 594
This section provides a general survey of the material in the chapter. Students can use these
pages to reinforce their achievement of the chapter objectives. Students can use the Web address
scsite.com/dc2007/ch11/review to display this page from the Web. To obtain help from other
students regarding any subject in this chapter, students can visit scsite.com/dc2007/ch11/forum
and post their thoughts or questions.

Key Terms, 596
Students can use these terms to prepare for tests and quizzes. Students should know each Primary
Term (shown in bold-black characters in the chapter) and be familiar with each Secondary Term
(shown in italic characters in the chapter). Primary Terms include terms commonly used in the
computer industry and in advertisements, or terms that identify a major category. Secondary
Terms include terms primarily used by IT professionals and other technical people, terms that
identify subcategories, or terms that are discussed in more depth in a later chapter. Students can
use the Web address scsite.com/dc2007/ch11/terms to display this page from the Web.
In the Test Bank that accompanies this Instructor’s Manual, the answers to questions pertaining
to Primary Terms are labeled (P), and the answers to questions pertaining to Secondary Terms
are labeled (S). If you are using the ExamView test generator, you can use the Primary or
Secondary difficulty designations to choose questions that involve only Primary Terms, only
Secondary Terms, or both Primary and Secondary Terms.

Checkpoint, 597
These exercises review key terms and concepts presented in the chapter. Have students complete
the Label the Figure, True/False, Multiple Choice, Matching, Short Answer, and Beyond the
Book exercises. Students can use the Web address scsite.com/dc2007/ch11/check to display this
page from the Web.

Learn It Online, 600
These exercises ask students to visit Web pages that offer additional information, resources, and
activities related to topics presented in the chapter. Students can use the Web address
scsite.com/dc2007/ch11/learn to display this page from the Web.

Learn How To, 602
The Learn How To exercises apply to students’ every day life what they learn in each chapter.
These hands-on activities solidify the concepts presented in the chapter with practical
application. Students can visit scsite.com/dc2007/ch11/howto to obtain more information
pertaining to each activity.
Page 32 of 32                                 Chapter 11: Computer Security, Ethics, and Privacy


Web Research, 604
In these exercises, students use various Web resources to find out more features related to this
chapter. Encourage students to use their browsers and the link in each exercise or a search engine
to complete selected exercises. Students can visit scsite.com/dc2007/ch11/research to obtain
more information pertaining to each exercise. To discuss any of the Web Research exercises with
other students, they can post their thoughts or questions at scsite.com/dc2007/ch11/forum.

Case Studies, 605
Thought-provoking case studies in each chapter exercise students’ minds and challenge them to
construct creative solutions. The Case Study exercises are constructed to discuss in class, assign
for student research, or in a team environment. Students can visit scsite.com/dc2007/ch11/cases
to obtain more information pertaining to each exercise. To discuss the Case Studies with other
students, they can post their thoughts and questions at scsite.com/dc2007/ch11/forum.

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:7
posted:10/15/2011
language:Esperanto
pages:32
chenleihor chenleihor
About