COMPUTER SECURITY & VIRUSES

COMPUTER SECURITY & VIRUSES

Computer security or cyber security has gained its importance with increase in net awareness and use of net. Prior to use of a network it is very important for an user to have a awareness of all possible threats and its remedies .We are going to study this chapter with two aspect, one is computer threatsand second is computer security i.e. method to protect our computer ,network, data from various threats. Sometimes these two aspects are also known as cyber crime and cyber security. We require security to keep the PC safe, to keep the data and network safe and overall to keep our organization safe. A virus can mass mail annoying contents to all the contacts in our address book. A key logger can send every keystroke of ours to someone on the net. A spy ware can keep a track of your surfing habits and can pass the same to third person. Hacking, Phishing, Adware can harm our data.

The computer security can be further subdivided as data security, Operating system security, network Security and physical security. For each type of security different type of precautions requires to be taken which we will study in this chapter. To make it simple we will study first various type of threats

i.e. cyber crime and then various security measures to prevent them i.e. cyber security.

SOURCE OF THREATS

1. Floppies/CD/DVD/External storage device/internet/attacks from known sources

2. Mail

3. Software downloads

4. Wrong handling

5. Internet

6. User

VARIOUS TYPES OF THREATS

I would like to give some basic definitions for variety of modern computer threats. All these threats are currently known as Malware ("malicious software"). 7 years ago, the most security threats that most people came across were Viruses. This is no longer the case! There are new threats out; and they take no prisoners, no longer is an anti-virus application sufficient to stop the invaders, the web is a complex place and the technology is getting so advanced that you need to act now to protect your machine and your private\personal data.

Before proceeding further I would like to give some symptoms by which user can make a guess whether there computer is infected or not.

1. Key word” odd behavior”

2. Windows pop up more slowly

3. Random activity seems to be happening in background

4. Slow behavior (spy ware)

5. Avoid automatic updates except well known program

6. Computer does things on its own

7. Moving the mouse cursor all by itself

8. Computer often stops responding

9. Computer crashes and restarts on its own

10. Several application seems broken

11. Certain drives on your computer suddenly becomes inaccessible

12. Not being able to print correctly

13. Unexpected error message with weird codes

14. Distorted dialogue box and menus

Now we will give a quick overview of various types of modern threats.

MALWARE

Malware is any program or file that is harmful to a computer or computer user. This would include computer viruses, Trojan horses, worms, key loggers, spyware, adware, web-page hijackers, drive by downloads, and any programming that gathers info about a computer user without their expressed permission.

VIRUS

An application or piece of code that is loaded onto your computer without your knowledge and runs against your wishes. Viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can duplicate itself over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and crash the system. An even moredangerous type of virus is one capable of transmitting itself across networks and bypassing security systems.

A computer virus can either be destructive in that it erases selected files, or entire hard drives, or less destructive in that all it does is send thousands of email messages from your computer to everyone in your address book. In between those two levels are virus types which will look for specific files, such as word processing files, and send those to everyone that you know.

Computer viruses can get delivered in many ways. The method of choice these days is to attach the virus to an email message. When you open the message the virus installs and begins doing its dirty work. A virus can also be delivered from a floppy disk that came from a friend with an infected computer, by downloading certain files from unfriendly web sites, and even from some hardware which has a virus hidden in one of its chips.

WORMS

Worms are in a similar category to viruses. Usually spread by email and containing their own email engine, they attempt to spread themselves to all the people in our address books, impacting greatly on network traffic on the web. Sometimes we find viruses also contain Worm code so the virus is able to mail multiple people using its email engine, whilst infecting the machine with a specific virus, making the sender of the virus hard to find as it looks like it has come from someone we know.

TROJAN

Trojans are malicious programs often used by hackers to attack target computers, usually to provide a backdoor into the system but sometimes just to cause destruction. Remote Access Trojans (RATs) are the most famous class of Trojans and they usually come in two parts - a server that is sent to infect the victim and a client that the hacker uses to connect to the server after the victim is infected. There are many ways that hackers can use to infect a target with a Trojan, and careful security measures aren't always enough - a strong anti-trojan program can easily detect tens of thousands of Trojans that would otherwise be near-impossible for a human to find.

A Trojan horse, or simply a trojan (the name is derived from Greek mythology) is a malicious program that disguises itself as something interesting, thereby gaining the confidence of the user Who unsuspectingly then installs a piece of malicious software on his computer .Trojans are generally disguised as free screensavers and such, and they arouse the curiosity of those who they are sent to. (Usually by an e- mail). Once installed, the developer of the Trojan is able to gain content from the machines it has been installed on, which can be used for malicious purpose.

The primary difference between a trojan horse and a virus is the way that you become infected. A trojan horse (which gets its name from the wooden Trojan Horse that was used in the Trojan War as immortalized by Homer in his book the 'Iliad and the Odyssey') hides inside of what is usually a beneficial software program and then installs itself when its host software is run. Once installed the Trojan Horse is capable of doing anything that a virus can do, and worse, including letting the Trojan Horse's creator watch whatever you are typing on your computer screen including sensitive password information, bank and credit card account numbers, and more. Like a virus, there are several delivery methods for trojan horses. They can be received via email as an attached file containing software and they can be downloaded from web sites, especially sites which offer free software or free music as well as many gambling and pornography sites.

SPYWARE

Spyware is any technology that aids in gathering info about a person or organization without their knowledge. On the Internet (where it is sometimes called a spybot or tracking software), spyware is programming that is put in someone's computer to secretly gather information about the user and relay it to advertisers or other interested parties without the knowledge of the user often once spyware get

installed inside our computer it gives no symptoms except the computer becomes slow due to utilization of RAM by spyware. Just as viruses and Trojan horses get lumped together into the same category by mistake, Spyware is regularly confused with Trojan horses. Again, there are subtle yet significant differences.

Spyware is a class of software (and sometimes hardware) which gets installed on your computer

either without you knowing about it (Stealth ware) or with your full knowledge that it is being installed

but, usually, without your full understanding of what it's going to do once it gets installed.

Spyware comes in two basic categories: Legal and Illegal. Legal spyware is that which is generally

installed with your permission but without you realizing that it is going to cause ads to pop up whenever you go online, track the web sites that you visit and report it to some advertising agency or other "big brother", and generally keep a diary on what you like to buy online and what kinds of sites you visit.

Illegal spyware may do all of that as well as try to obtain information about your banking accounts, passwords, home address, Social Security or other Tax ID numbers, etc. Now you understand why so many people have difficulties differentiating between Spyware and Trojan Horses.

"Legal" spyware usually gets installed as part of many "free" software programs that people download from the Internet. Buried in the fine print of the user Agreement, which no one ever reads but are forced to click on a box which says "I agree" before you can use it, is a clause which states thatsomething is going to spy on you and that you give them permission to do so.

Programs such as KaZaa, Toptext, Comet Cursor, Gator, BargainBuddy, BonzaiBuddy, ClickTillUWin and PurityScan are notarious spyware programs.

Illegal spyware finds its way onto your hard drive through infected hardware and software such as MP3 players, computer games, "freeware" as well as porn site and gambling site "dialers" which you must download in order to access the site. The dialers usually have an additional built-in scam in that they can be programmed to dial numbers which may end up getting billed to your telephone account for hundreds of dollars an hour.

HACKING

Hacking is an extremely high tech attack which requires you to take certain precautions to protect your computer and all of the data which is stored in it. Phishing, on the other hand, is decidedly low tech and just requires a dose of common sense to ward off the dangers.

Because the Internet is simply a network of computers that are all tied together, every one of them (including yours) has the capability to "talk" to any other one. That means that a determined criminal can gain unauthorized entry to your PC once he knows your computer's "address". These criminals are called "hackers".

How hackers discover our PC's address

Your computer leaves its address all over the Internet whenever it visits a web site. The addresses can be found in the log files which are automatically generated by every web server among other places.

Some hackers use what is known as "port scanning" software which simply goes out on the Internet and electronically "knocks" on the door of every connected computer it can find to see if any will them him in.

Once a hacker gains access to your computer he can read anything that's stored on your hard drive. He can install programs which will monitor your key strokes and send sensitive passwords and user names back to his lair, and he can even get copies of your credit card and bank account numbers. Once a hacker gets this information he will proceed to steal you blind.

PHISHING

Phishing is essentially a clever and illegal method used by “phisers” to extract personal information .this personal information may be in the form of credit card number, bank account details etc

Phishing is a term that's applied to the latest identify theft scam where potential thieves and con men use fake e-mail messages, which look very real sometimes, to con you into giving up credit card, bank and other sensitive financial and personal information. Once you give it up they proceed to clean you out and/or steal your identity and run up thousands of dollars worth of debt in your name.

Although some phishing excursions take place over the telephone, where people call up and pretend to be someone that they are not, most of the attacks come in the way of e-mail messages. Thesemessages look very official and purport to come form your bank, Charge Card Company, brokerage house and even government agencies. These con men go to the web site of the company or agency that they are impersonating, steal the graphics and logos and then proceed to put together an email which looks like it actually came from a valid source.

The email may say that your account is about to be suspended unless you "verify" your personal information, or they may contain some other important or urgent-sounding request. What they all have in common is that they require you to click on a link that's embedded in the email and then fill out some form that asks for your PIN code, credit card number, bank account number, social security or tax ID and anything else that they think that they can get away with asking you. Once they have that information - you're toast.

KEYLOGGERS

A key logger is a program that has been dropped onto a PC that actively monitors all our keystrokes and mouse clicks to try to capture both personal data, passwords, and browser habits, it will also capture any data entered on any web site including secure sites like online bank sites. This data is then stored in an encrypted text file either on the machine or sent to a pre-defined server for the sender of the key logger to access at his discretion.

ADWARE

Adware is any software application in which advertising banners are displayed while the program is running. The authors of these applications include additional code that delivers the ads, which can be viewed through pop-up windows or through a bar that appears on a computer screen. The justification for adware is that it helps recover programming development cost and helps to hold down the cost for the user.

Adware stands for “Advertising Supported software. It comes bundled with some commercial software which upon installation, installs packages that download advertising materials to our computer and displays them

HIJACKERS

A hijacker is an expression used to explain a registry entry on your machine that has been placed there to re-direct your browser to another site, usually ad-purposed. These are not normally harmful for

the machine, other than the fact that it will stop us from getting to the web site we wish to visit. It is more of a frustration than a security risk.

Other Types of Viruses

A type of computer virus that normally shares a few characteristics of worms or Trojans or other methods used by the main types of computer viruses is differently classified. The nomenclature used is

different. We detail some of those below.

Multi-Partite Viruses

Some computer viruses appear to behave like many other viruses and sometimes more than one type. These are hybrids and are called as multi-partite computer viruses.

Polymorphic Viruses

These viruses are written such that it changes its code when ever it passes to another machine so that it is difficult for an anti-virus scanner to locate them. Flaws in the program code make it easy to track down these viruses. It is usually the encryption of the code that changes every time.

Stealth Viruses

Whenever a virus attaches itself onto another file the size of the file increases and this is indicated in the File allocation table. The stealth virus uses techniques to avoid detection by redirecting the disk head to read another sector or alter the file size shown in the Directory listing .

Script Viruses

A subset of file viruses these are written in a variety of script languages like Javascript, VBS, BAT,PHP etc… They are also able to infect other file formats such as HTML (if the file format allows script execution)

ActiveX & Java Applets

Active X and Java Controls are being used in Web browsers to enable and disable sound or video and a host of other controls. If not properly secured this is another area that virus writes use to get private data from your computer.

Many types of viruses do more than viruses do. Some are file type viruses and then a trigger may activate a code to make them behave like a worm. Therefore classification becomes difficult in these

cases. The basic behavior of a virus which makes it different from a Trojan is that it replicates very fast.

People have a very general view that there are many types of computer viruses and are those programs that cause damage or make the system crash. Malicious code is the general word used and virus is one type of malicious code. Worms and Trojans are different from computer virus and destructive types of worms are sometimes termed as internet types of virus. Computer viruses have made their mark on the PC's since the 90's with different types of viruses causing damage to computers.

The earliest viruses made the most impact as no anti-virus programs were available. The advent of anti-virus programs spelled a death blow to many common types of computer viruses that were written by the various tools to generate types of computer virus. Those who were inept at programming used these various tool to generate the virus. Devious mind always find new ways when they found that the anti-virus software's were able to disinfect and remove the different types of computer viruses they went on to new methods and that is how Trojans and worms came up.

There are a few main types of computer viruses and these computer virus types are classified below depending upon the infection methods:

Boot sector/Master Boot Record Computer Virus

Means of Infection

Boot sector is that area of the computer that is accessed when the computer is turned on. A boot sector virus infects this portion. Once the boot sector is infected the virus is loaded into memory when the computer is turned on. This virus then infects boot sectors on floppies or other removable media Master Boot record virus only infects the Master boot record and not the boot sector

Damage Caused

Boot sector viruses gain complete control of the master boot record or the DOS boot sector by replacing the operating system contents with that of its own. This allows the virus to spread fast and cause damage:

• By gaining control of the master boot record and the DOS boot sector the boot sector viruses can sometimes hide the resources that the computer has( the floppy drive even though attached may not be present)

• Some boot sector viruses contain instructions to redirect disk reads.

• Some boot sector viruses move the master boot record to another location causing the

system to crash when it boots up. Other boot sector viruses cause damage to the master boot record

• Some boot sector viruses damage the File Allocation Table (FAT) which is the index of all the files on the drive. This causes loss of data

Removal

The best way to remove boot sector virus is to boot the computer with using a clean boot disk and then rewrite the files with the good operating system files on the infected disk. These viruses were very much prevalent in the ninety's and a host of antivirus programs are now available to detect and clean them effectively.

Tips to avoid viruses

• Install anti-virus software from a reputed vendor. Update it and use it regularly.

• In addition to scanning for viruses on a regular basis, install an "on access" scanner (included in most anti-virus software packages) and configure it to start each time you start up your computer. This will protect your system by checking for viruses each time you run an executable file.

• Use a virus scan before you open any new programs or files that may contain executable code. This includes packaged software that you buy from the store as well as any program you might download from the internet.

• If you are a member of an online community or chat room, be very careful about accepting files or clicking links that you find or that people send you within the community.

• Make sure you back up your data (documents, bookmark files, important email messages, etc.) on disc so that in the event of a virus infection, you do not lose valuable work.

• Although most quality virus protection software programs provide some degree of Trojan horse protection, your best bet is to install a special-purpose Trojan Horse and Spyware Scanner.

• It is difficult to protect yourself 100% against spyware. Your first line of defense is to install a quality Spyware protection program. After that comes conditioning yourself not to download special file viewing software that you are not familiar with, customized tool bars from unknown suppliers, custom cursors, email icons or "emoticons", or anything else that does not come from a 100% trusted source.

• The best method is to protect our network from hacker is use of what is known as a "firewall". This is a piece of hardware, or software, or both which is designed to make your computer "invisible" on the Internet. A firewall works by blocking the "ports", or doors, which hackers commonly use to gain entrance. Once those ports are blocked the hacker can no longer "see" your computer and, thus, is unable to attack it.

• The new version of Windows XP comes with a built-in firewall program which may be all that you need to keep your computer safe. Some cable modem and DSL providers also configure your Internet modem to act as a firewall. In addition there are commercial firewalls available which run from simple to very sophisticated.

• . Do not ever reply to any e-mail that asks you for any personal or financial information no matter how official it looks. Banks, credit card companies, brokers, the government and any other legitimate entity will never ask you to click on a link and supply any kind of personal or financial information.

• If they include a telephone number for you to call, don't! If you feel that the message is legitimate then look up the actual web site address, or telephone number, from a statement or invoice and use it. Even if the link in the email looks real, it isn't. It's easy to make a link look like it goes to one web site but really have it go to another.

• Never give any sensitive personal information out to anyone who calls you and asks for it. Simply ask for their name, telephone number and extension and tell them you'll call them back. Then, check that telephone number against a number that you find on a statement or receipt. If it doesn't match, call the number that you found and tell someone what's going on. If it's a real message they'll figure it all out for you. If it's a fraud, they'll tell you.

• If all of this advice comes too late for you because you already fell for the phishing trick hook, line and sinker, then you have to take immediate action for damage control. Immediately contact the actual company, bank or other agency, explain what happened and then let them close your account and issue you a new one.

• You should also contact the authorities and file a report. This will protect you later if creditors come after you for bills that the thieves ran up in your name.

• The only way to disinfect files from the file virus is that the files affected with the file virus have to be deleted and restored from back up.

• To protect data from being compromised use strong encryption software and encrypt all data while saving. There are software available which encrypts the whole hard drive and any data stored inside that is totally safe.

• Always save the documents by converting them into PDF (portable document format) so that they are not changed for some wrong intentions. Always carry the document in PDF format to keep the integrity of the document intact.

• Use metadata cleaner to clean the metadata of the document(metadata is the data of data which is attached with any documents and gives the idea about the origin of the documents)

अन्य विषय