SECURITY ON THE INTERNET
Did you know others
have likely attacked
6/2003, 10/2004, 10/2005, 7/2006, Joe Collins
Q1: How quickly is a new computer infected
when first connected to the Internet?
A1: How fast is a new computer infected
when first connected to the Internet?
“More than ever, Windows buyers need to make sure that they equip their new
machines with an array of tools to fend off attacks and malicious software”
“Even on a brand-new Windows machine, you should immediately obtain an
arsenal of security programs, and keep them updated. One recent test
showed that a brand-new, unprotected Windows machine became
infected with viruses in just 20 minutes on the Internet.”
“You should have a firewall, an antivirus program, an antispyware program and
an antispam program. The built-in Windows firewall and Windows' new Security
Center aren't enough to protect you.”
Reference: Wall Street Journal – 9/30/2004, page B1
Q2: What % of computers have a security
breach of some sort?
A2: What % of computers have a
security Breach of some sort?
Some 70% of all computers have suffered a security
breach of some sort (virus, spyware, keylogger,
hijacked browser etc). Investors Business Daily,
October 1st, 2004, page A4
Another source says 90% of computers have
DirectRevenue alone has breached nearly 100
million computers (business week 7/2006, page 41).
Q3: How many different computer
viruses as of August 2005?
A3: How many different viruses as of
Authentium, Inc (West Palm Beach, FL) reports there
are 200,000 individual computer viruses as of August
2005 and the number doubles every year.
Dealing with viruses, spyware, PC theft and other
computer-related crimes costs U.S. businesses a
staggering $67.2 billion a year (FBI, January 2006).
The “I Love You” Virus (in 2000) cost $10 billion
dollars alone as it hit 45 million personal computers.
SO IS THERE ANY INTERNET
OUR TOPICS FOR DISCUSSION
YOUR OLD COMPUTER
WHAT I USE
IT IS TRULY A 2 WAY STREET.
YOU READ EMAIL, BROWSE THE WEB,
TRAVERSING HUNDREDS OF COMPUTERS IN
OTHERS PUT PROGRAMS ON YOUR COMPUTER
TO SPY ON YOU, RECORD YOUR KEYSTROKES,
HJACK YOUR BROWSER OR WORSE.
Over 60 billion emails (of all types) projected to be sent DAILY by 2006.
Why do spammers use email? Far cheaper than printing up colorful
newspaper inserts or mailing you ads via the US Post Office.
To mail 1,000 flyers cost some $300+, just in postage. To email 1,000,000
people cost you nothing. Scott Richter (of Colorado) sends over 100
million spam emails PER DAY!
Some 70-75% of all EMAIL is now spam, it was 50% April (2003). AOL
blocked 2.3 Billion spam emails per day in April 2003.
MICROSOFT and others have sued 20+ SPAMMERS, responsible for 2
billion spam emails.
Some 80% of spam comes from China (WSJ 3/19/2004)
SPAM email costs you and I real money.
SPAM email sometimes includes virus attachments.
My Spammed email account:
Daily spam emails sent
HOW DID THEY FIND YOUR EMAIL ADDRESS?
HOW MANY DO YOU GET PER DAY?
Average person’s email is 70-75% spam
SPAM MAY INCLUDE ATTACHED VIRUSES
Online Shopping, Web Forms, Usenet, forums
Beware of email from strangers and even companies you
deal with, i.e. Valley National Bank, Ebay etc!
Never open an email unless you are CERTAIN it is legitmate.
HOW TO “HIDE” FROM THE SPAMMERS
Keep 2 email accounts: one public & one private.
Give private email account to friends and family ONLY.
Use public email account for everything else.
WHAT THEY ARE
Rogue computer programs that damage computers.
THE DAMAGE THEY CAN DO
Wipe out your hard drive, damage files, change numbers in files, install programs, record
HOW WE GET VIRUSES
Attached to email or imbedded in downloaded programs
Thousands of new viruses appear every month
The Samy Virus (October 4, 2005) hit over one million users within 24 hours of release.
HOW TO MINIMIZE THE RISK
Never download a program unless you check it carefully before using it.
NEVER open an email from a stranger (see next 2 slides)
Be careful of email from others, very careful
Run software to detect/remove these rogue programs.
I use AVG AntiVirus (free version) for stopping viruses.
ALWAYS--check a new program with your anti-virus software before you install it – ALWAYS.
‘Hidden’ programs that record your every keystroke.
Capturing your passwords, credit cards and so on
They then send this back to their source via the Internet.
Now that unknown person or company has your passwords and
credit card numbers!!
Visit this site to stay current on the latest list of nasty software,
POP UP ADS
YOU ENTER OR EXIT A WEB PAGE and...
YOU START SEEING POPUP ADS
itself. DirectRevenue uses this approach to pop up 30 ads
per day on 100 million computers.
WHY THEY DO IT
– Get your attention since people usually ignore banner ads.
HOW TO STOP THEM
– Use software to disable the pop-ups. Google does a good
job of stopping popups and Panicware’s popup stopper is
POPUPS & BANNER ADS
ON MOST WEB PAGES (on the top or on the side)
ARE THEY SAFE? NOT REALLY!
May track your ‘clicks’ and thus learn your preferences.
These same banner ads then report back to some unknown
company on which web sites you visit, a new form of stalking!
DirectRevenue is one company that does this and routinely will
bombard you with some 30 popups per day. They are paid by
Priceline.Com, Delta Airline, Cingular Wireless,Travelocity.com
and other major corporations.
HOW TO PROTECT YOURSELF
Monitor ‘cookies’ frequently or just erase them weekly. In Internet
Explorer: Tools->Internet Options->General-Delete Cookies.
Use software to convert cookies to session only, i.e. CookieCop or
a program like it.
EXAMPLE OF TRACKING YOUR USE
OF THE INTERNET.
EXAMPLE OF POPUPS & BANNER ADS
WHAT ARE THEY?
WHY THEY ARE USEFUL
Remembers your id and password for web pages you visit.
Remembers your preferences as well.
THE GOOD AND THE BAD
Small files web pages place on your computer.
Remembers your preferences.
Sets preferences when you load web pages but some companies
will then closely track which web pages you visit.
HOW TO MANAGE THEM
Get software to block most cookies (or) erase them weekly.
They are found in the ‘Cookies’ subdirectory for your logon id (for
Windows XP users).
– You enter credit card and other personal
information on a web page.
WHEN IS IT SAFE?
– Does the web page employ SSL technology to
encrypt this information when you send it?
HOW DO YOU KNOW IT IS SAFE?
– The web page usually signals you when they
Single-use Credit Card Numbers
Only on ONE computer (so if stolen, will not work)
Iron-clad online guarantee (see their web page):
There are some 78,000 different spyware programs impacting
WHAT THEY SPY ON
– How you use the computer, your programs, scan your email
addresses or inbox, what web pages you visit, etc….
HOW THEY PUT IT ON YOUR COMPUTER
– Often arrives in some other innocent email or downloaded
WHAT THEY USE IT FOR
– Track what you do and report back to someone.
– Can learn your preferences and more.
I use four software tools to detect/remove
spyware/viruses and I run these weekly:
Lavasoft’s Ad-aware (free download)
Spybot (free download)
Spysweeper (free download, $29/yr subscription)
AVG Antivirus (free download)
All four are needed to do a fairly complete
job. It is far better to prevent them than to try
to remove them.
HOAXES (also known as) Phishing
Emails that masquerade as coming from someone else, i.e.
IRS, Discover card, Microsoft, Ebay, Paypal and others. The
email can look very legitimate!
Over 70 million Americans have received them thus far.
The masquerading email asks you to confirm your credit card or
other personal information.
Do NOT trust these emails!
More details at:
Examples follow this slide….
Was it Paypal?
That first link directed me NOT to Paypal but to this link:
That web page looks identical to Paypal but simply collects
your logon id and password and thus they can then
withdraw money from your account.
I reported this person to their ISP and they promptly shut
Be careful! Always inspect the web page address before you
trust it. I use the tool Spoofstick which tells me the real web
address on web pages I visit. Very helpful.
As you can see, spammers etc have now ‘forged’ other email
addresses so as to look very legitimate.
They also send official looking emails to you asking you to run a
program or give them personal information.
They even ‘hide’ the program in a zip file so your virus software
cannot detect it!
BE CAREFUL! Rarely trust an email from the government or a
corporation. Contact them via telephone or their web page to be
sure it is a legitimate email (which is very unlikely).
Report Phishing attempts to the US Government:
Outsiders may do a port scan, looking to enter your computer,
masquerading as an FTP connection or a Web Browser link or
I have been getting 1-2 attempts PER DAY!
More likely if you have DSL or CABLE access.
Keep your ports locked up or monitor closely
More details at:
Use IceSword to monitor ports (http://find.pcworld.com/53710)
Use ZoneAlarm to shut down your ports (http://zonelabs.com)
You should test your computer security at:
EXAMPLE OF PORT SCANNING
Your old computer
Did you throw it out? Was the hard drive still in it?
What thieves may have done with your old hard
drive! They can recover the contents!!
What the impact can be
Get your passwords, your email, your personal files
How to minimize your risk
Get a “wipedisk program (WIPEDISK, BCWIPE, U-WIPE)
and thoroughly erase that hard drive BEFORE you throw it
out. I drive a nail through my old harddrives!
A harddrive with a nail hole in it:
Below is a harddrive I destroyed. I do the same to CDROMs
also, i.e. I break them into pieces before throwing them out.
IN THE CLEAR
Email contents can be read by many others as it
goes from computer to computer. Be careful what
you put in an email. Others will see it.
Your (ftp) id and password, are also visible to others.
What does this mean? Others can copy it & use it for
their own purposes.
Never put anything personal in an email, i.e. no
birthdates, account numbers, social security
numbers and so on.
Does your Internet Browser act strange?
Does it always take you to a strange web site?
Can you change the default home page?
If not, your browser may have been hijacked!!
Might not be easy to fix as the hijacker has modified your computer (if
you had administrative privileges).
Usually you need to reboot in SAFE MODE and then delete the
offending files and also likely need to make risky registry changes!
It is ar better to NOT run with administrative privileges to prevent it in
the first place.
Use another browser instead, i.e. Netscape, Mozilla Firefox (which I
use) instead of Internet Explorer which hackers target,
Note: Cool Web Search is very nasty and very hard to remove!
Cool Web Search
See also: http://www.pchell.com/support/spyware.shtml
Your logon userid on a new computer defaults to Administrator
privileges so you can install programs.
But spyware/viruses/keyloggers will also install their programs
while you have these same Administrative privileges!
Create a user account (non-privileged) and use that account for
email, web browsing, etc.
Rename your Administrator account to another name and keep
it logged off and also use an obscure password for it
See next two slides to see how to do it.
A router allows multiple computers to easily share one internet
May allow port blocking to stop port scanning
Hides your real IP address via NAT; NAT = native address
translation. Some also use SPI or Stateful Packet Inspection
as an added benefit.
Thus a router functions as a simple firewall.
I use the Linksys BEFSR41 4 Port Wired Router which costs
about $50 or so, as well as wireless routers.
I reset it weekly, i.e. turn it off for 15 minutes and then back on.
[I do the same to the modem also]. This changes the IP
address that others will see.
My Router Connection (simplified)
The primary router I use…
Not very secure….anyone can use it, even from
the street. Do this to increase security:
Change the default router password and default
SSID (Service Set Identifier) name.
Disable SSID broadcasting.
Enable the firewall software, encryption and MAC
filtering (Media Access Control)
Read your router manual for details on the above &
variations on this.
Using computers in public places
Never save your password locally
Never save your user-id; after you are done, type in
[email protected] or something like it in the user-id field so
the next user sees that and not your real email address.
Always assume the public computer has a virus or spyware.
Use for browsing or simple emailing only
Erase the cookies on that computer when you are done and
also clear out your internet history (tools-> internet options
->general; then click each of these: clear history, delete
cookies, delete files)
Spyware, Viruses may target Microsoft Outlook to
send their programs to everyone in your contacts
file, thus spreading rapidly on the Internet.
Keep Outlook’s Inbox password-protected so that
Outlook will not work unless you know the password.
Set the password this way in Outlook:
File->Data File Management->Settings.
These steps reduce the chance of spyware and
I use Mozilla’s Thunderbird email program and it
works fine and is somewhat safer to use.
People are now targeting AOL users, smart
cell phones and wireless PDAs.
They also remotely turn on your attached
webcam and may literally watch you as you
work or walk around the room.
The latest is to capture banking information
by installing a program on your computer and
capturing banking passwords (RAT=Remote
Access Trojan) – see next slide.
Last month, an agency detected 170 distinct
Trojan programs used to steal bank data. In
January, there were only about 30, he said.
10% of all connected computers have these
RAT trojans installed and running.
The risk is high these people are gaining
access to your online banking accounts!
http://www.panicware.com (free); download the basic version
http://www.popupcop.com (30day free trial)
http://www.zonelabs.com (free version, $40 for improved version)
http://www.symantec.com/product/ ($50, sometimes cheaper)
http://www.grisoft.com/doc/10/lng/us/tpl/tpl01 (AVG-generally free)
Software Solutions, continued
TEST YOUR COMPUTERS SECURITY:
MORE SECURITY TOOLS & SOFTWARE:
http://blog.tech-security.com/?p=16 (IceSword tool!)
http://blog.tech-security.com/?p=16 (IceSword tool!)
http://www.IFCCFBI.gov (or) [email protected]
WHAT DO I USE AT HOME?
I have a LINKSYS 4 port ROUTER, model BEFSR41, providing
internet sharing and NAT (blocks inbound attempts)
We also run a BELKIN wireless router but we keep encryption enabled
to block intruders.
I use ZoneAlarm to monitor hacking attempts and outbound traffic.
I use Panicwares’ popup stopper.
I use CookieCop to block tracking cookies (I set them to session only)
I use Adaware, Spybot and SpySweeper weekly.
I also run AVG Antivirus weekly and also against all downloads I may
do. I update its virus definitions weekly.
My main windows login is as a ‘limited user’, not as an administrator.
I never open unknown emails. Never.
I use PGP for securing my USB flashdrive in case I lose it.
I back up my computer every month to another harddrive.
Purchase a router that has NAT installed to block intruders.
Download Zonealarm and install it.
Purchase AntiVirus Software and keep its virus definitions current.
Never run a program you download or are given to by a friend unless you first
check it with a current antivirus program. (AVG, McAfee, Norton, etc)
Never open an email from a stranger or reply to any emails you don’t
personally know. Ignore all emails asking for personal information.
you knowing it (if you have administrative privileges).
Do not use an account with Administrative privileges.
Delete cookies periodically or use CookieCop or similar to manage them.
Reset your modem weekly, i.e. turn it off for 15 minutes or more, forcing a new
IP address every time.
Run SpyBot, AdAware, SpySweeper and your Virus software weekly – this is
what I do every week.
IN CLOSING, WHAT WE DISCUSSED…
YOUR OLD COMPUTER
WHAT I USE
IT IS WORTH REPEATING AT THIS POINT:
“One recent test showed that a
brand-new, unprotected Windows
machine became infected with
viruses in just 20 minutes on the
Internet.” 9/30/2004, Wall Street
Journal, page B1
How to reach me:
This complete handout is available online at:
Another good overview of personal computer security: