Transcript INTERNET SECURITY

SECURITY ON THE INTERNET
Did you know others
have likely attacked
your computer
already??
6/2003, 10/2004, 10/2005, 7/2006, Joe Collins
Q1: How quickly is a new computer infected
when first connected to the Internet?
1.
2.
3.
4.
5.
20 minutes
24 hours
1 week
4 weeks
3 months
A1: How fast is a new computer infected
when first connected to the Internet?
ANSWER:
TWENTY MINUTES

“More than ever, Windows buyers need to make sure that they equip their new
machines with an array of tools to fend off attacks and malicious software”

“Even on a brand-new Windows machine, you should immediately obtain an
arsenal of security programs, and keep them updated. One recent test
showed that a brand-new, unprotected Windows machine became
infected with viruses in just 20 minutes on the Internet.”

“You should have a firewall, an antivirus program, an antispyware program and
an antispam program. The built-in Windows firewall and Windows' new Security
Center aren't enough to protect you.”

Reference: Wall Street Journal – 9/30/2004, page B1
Q2: What % of computers have a security
breach of some sort?
1.
2.
3.
4.
5.
7%
17%
30%
50%
70%
A2: What % of computers have a
security Breach of some sort?
ANSWER:



70%
Some 70% of all computers have suffered a security
breach of some sort (virus, spyware, keylogger,
hijacked browser etc). Investors Business Daily,
October 1st, 2004, page A4
Another source says 90% of computers have
security breaches.
DirectRevenue alone has breached nearly 100
million computers (business week 7/2006, page 41).
Q3: How many different computer
viruses as of August 2005?
1.
2.
3.
4.
5.
14
143
194
11,157
over 200,000
A3: How many different viruses as of
August 2005?
ANSWER: 200,000+
 Authentium, Inc (West Palm Beach, FL) reports there
are 200,000 individual computer viruses as of August
2005 and the number doubles every year.
 Dealing with viruses, spyware, PC theft and other
computer-related crimes costs U.S. businesses a
staggering $67.2 billion a year (FBI, January 2006).
 The “I Love You” Virus (in 2000) cost $10 billion
dollars alone as it hit 45 million personal computers.
SO IS THERE ANY INTERNET
SECURITY??
OUR TOPICS FOR DISCUSSION
















SPAM EMAIL
VIRUSES
KEYLOGGERS
POPUP/BANNER ADS
COOKIES
SHOPPING ONLINE
SPYWARE
HOAXES/PHISHING
PORT SCANNING
YOUR OLD COMPUTER
ROUTERS
PUBLIC COMPUTERS
TRENDS
SOLUTIONS
WHAT I USE
QUESTIONS
THE INTERNET

IT IS TRULY A 2 WAY STREET.

YOU READ EMAIL, BROWSE THE WEB,
TRAVERSING HUNDREDS OF COMPUTERS IN
THE PROCESS.

OTHERS PUT PROGRAMS ON YOUR COMPUTER
TO SPY ON YOU, RECORD YOUR KEYSTROKES,
HJACK YOUR BROWSER OR WORSE.
SPAM EMAIL








Over 60 billion emails (of all types) projected to be sent DAILY by 2006.
Why do spammers use email? Far cheaper than printing up colorful
newspaper inserts or mailing you ads via the US Post Office.
To mail 1,000 flyers cost some $300+, just in postage. To email 1,000,000
people cost you nothing. Scott Richter (of Colorado) sends over 100
million spam emails PER DAY!
Some 70-75% of all EMAIL is now spam, it was 50% April (2003). AOL
blocked 2.3 Billion spam emails per day in April 2003.
MICROSOFT and others have sued 20+ SPAMMERS, responsible for 2
billion spam emails.
Some 80% of spam comes from China (WSJ 3/19/2004)
SPAM email costs you and I real money.
SPAM email sometimes includes virus attachments.
My Spammed email account:
Daily spam emails sent
As measured
at: Ryerson
University,
California
SPAM EMAIL

HOW DID THEY FIND YOUR EMAIL ADDRESS?
–

HOW MANY DO YOU GET PER DAY?
–

Average person’s email is 70-75% spam
SPAM MAY INCLUDE ATTACHED VIRUSES
–
–

Online Shopping, Web Forms, Usenet, forums
Beware of email from strangers and even companies you
deal with, i.e. Valley National Bank, Ebay etc!
Never open an email unless you are CERTAIN it is legitmate.
HOW TO “HIDE” FROM THE SPAMMERS
–
–
–
Keep 2 email accounts: one public & one private.
Give private email account to friends and family ONLY.
Use public email account for everything else.
COMPUTER VIRUSES/WORMS




WHAT THEY ARE
–
Rogue computer programs that damage computers.
THE DAMAGE THEY CAN DO
–
Wipe out your hard drive, damage files, change numbers in files, install programs, record
your keystrokes.
HOW WE GET VIRUSES
–
Attached to email or imbedded in downloaded programs
–
Thousands of new viruses appear every month
–
The Samy Virus (October 4, 2005) hit over one million users within 24 hours of release.
HOW TO MINIMIZE THE RISK
–
Never download a program unless you check it carefully before using it.
–
NEVER open an email from a stranger (see next 2 slides)
Be careful of email from others, very careful
Run software to detect/remove these rogue programs.
I use AVG AntiVirus (free version) for stopping viruses.
–
–
–
ALWAYS--check a new program with your anti-virus software before you install it – ALWAYS.
Virus detected:
Keyloggers





‘Hidden’ programs that record your every keystroke.
Capturing your passwords, credit cards and so on
They then send this back to their source via the Internet.
Now that unknown person or company has your passwords and
credit card numbers!!
Visit this site to stay current on the latest list of nasty software,
including keyloggers:
http://research.pestpatrol.com/Lists/TopTenPestsByType.asp
POP UP ADS



YOU ENTER OR EXIT A WEB PAGE and...
YOU START SEEING POPUP ADS
– Usually done with JavaScript programming in the web page
itself. DirectRevenue uses this approach to pop up 30 ads
per day on 100 million computers.
WHY THEY DO IT
– Get your attention since people usually ignore banner ads.
HOW TO STOP THEM
– Use software to disable the pop-ups. Google does a good
job of stopping popups and Panicware’s popup stopper is
also good.
POPUPS & BANNER ADS


ON MOST WEB PAGES (on the top or on the side)
ARE THEY SAFE? NOT REALLY!
–
–
–

May track your ‘clicks’ and thus learn your preferences.
These same banner ads then report back to some unknown
company on which web sites you visit, a new form of stalking!
DirectRevenue is one company that does this and routinely will
bombard you with some 30 popups per day. They are paid by
Priceline.Com, Delta Airline, Cingular Wireless,Travelocity.com
and other major corporations.
HOW TO PROTECT YOURSELF
–
–
Monitor ‘cookies’ frequently or just erase them weekly. In Internet
Explorer: Tools->Internet Options->General-Delete Cookies.
Use software to convert cookies to session only, i.e. CookieCop or
a program like it.
EXAMPLE OF TRACKING YOUR USE
OF THE INTERNET.
EXAMPLE OF POPUPS & BANNER ADS
COOKIES

WHAT ARE THEY?
–
–

WHY THEY ARE USEFUL
–
–

Remembers your id and password for web pages you visit.
Remembers your preferences as well.
THE GOOD AND THE BAD
–

Small files web pages place on your computer.
Remembers your preferences.
Sets preferences when you load web pages but some companies
will then closely track which web pages you visit.
HOW TO MANAGE THEM
–
–
Get software to block most cookies (or) erase them weekly.
They are found in the ‘Cookies’ subdirectory for your logon id (for
Windows XP users).
SHOPPING ONLINE



THE RISKS
– You enter credit card and other personal
information on a web page.
WHEN IS IT SAFE?
– Does the web page employ SSL technology to
encrypt this information when you send it?
HOW DO YOU KNOW IT IS SAFE?
– The web page usually signals you when they
encrypt responses.
SHOPPING ONLINE
Latest trends…
 Single-use Credit Card Numbers
–
–
–

Only on ONE computer (so if stolen, will not work)
–

Citibank
Discover Card
MBNA
VISA
Iron-clad online guarantee (see their web page):
–
American Express
SPYWARE!




There are some 78,000 different spyware programs impacting
computer users!
WHAT THEY SPY ON
– How you use the computer, your programs, scan your email
addresses or inbox, what web pages you visit, etc….
HOW THEY PUT IT ON YOUR COMPUTER
– Often arrives in some other innocent email or downloaded
program.
WHAT THEY USE IT FOR
– Track what you do and report back to someone.
– Can learn your preferences and more.
Detecting/Removing Spyware

I use four software tools to detect/remove
spyware/viruses and I run these weekly:
–
–
–
–

Lavasoft’s Ad-aware (free download)
Spybot (free download)
Spysweeper (free download, $29/yr subscription)
AVG Antivirus (free download)
All four are needed to do a fairly complete
job. It is far better to prevent them than to try
to remove them.
HOAXES (also known as) Phishing





Emails that masquerade as coming from someone else, i.e.
IRS, Discover card, Microsoft, Ebay, Paypal and others. The
email can look very legitimate!
Over 70 million Americans have received them thus far.
The masquerading email asks you to confirm your credit card or
other personal information.
Do NOT trust these emails!
More details at:
–
–

http://www.msnbc.com/news/884810.asp
http://hoaxbusters.ciac
Examples follow this slide….
Was it Paypal?




That first link directed me NOT to Paypal but to this link:
http://la.znet.nethere.net/~marie/cgi_bin/webscr=cmd=_home/
That web page looks identical to Paypal but simply collects
your logon id and password and thus they can then
withdraw money from your account.
I reported this person to their ISP and they promptly shut
her down.
Be careful! Always inspect the web page address before you
trust it. I use the tool Spoofstick which tells me the real web
address on web pages I visit. Very helpful.
HOAXES/Phishing





As you can see, spammers etc have now ‘forged’ other email
addresses so as to look very legitimate.
They also send official looking emails to you asking you to run a
program or give them personal information.
They even ‘hide’ the program in a zip file so your virus software
cannot detect it!
BE CAREFUL! Rarely trust an email from the government or a
corporation. Contact them via telephone or their web page to be
sure it is a legitimate email (which is very unlikely).
Report Phishing attempts to the US Government:
[email protected]
PORT SCANNING




Outsiders may do a port scan, looking to enter your computer,
masquerading as an FTP connection or a Web Browser link or
TELNET .
I have been getting 1-2 attempts PER DAY!
More likely if you have DSL or CABLE access.
Keep your ports locked up or monitor closely
–
–

More details at:
–

Use IceSword to monitor ports (http://find.pcworld.com/53710)
Use ZoneAlarm to shut down your ports (http://zonelabs.com)
http://www.dslreports.com/faq/security?r=878
You should test your computer security at:
–
–
http://www.dslreports.com/scan
http://www.securitymetrics.com/portscan.adp
EXAMPLE OF PORT SCANNING
Attempt
traced
back to
New Delhi
India
ANOTHER EXAMPLE
Attempt
Traced
back to
Yokohama
Japan
Your old computer



Did you throw it out? Was the hard drive still in it?
What thieves may have done with your old hard
drive! They can recover the contents!!
What the impact can be
–

Get your passwords, your email, your personal files
How to minimize your risk
–
Get a “wipedisk program (WIPEDISK, BCWIPE, U-WIPE)
and thoroughly erase that hard drive BEFORE you throw it
out. I drive a nail through my old harddrives!
A harddrive with a nail hole in it:
Below is a harddrive I destroyed. I do the same to CDROMs
also, i.e. I break them into pieces before throwing them out.
IN THE CLEAR




Email contents can be read by many others as it
goes from computer to computer. Be careful what
you put in an email. Others will see it.
Your (ftp) id and password, are also visible to others.
What does this mean? Others can copy it & use it for
their own purposes.
Never put anything personal in an email, i.e. no
birthdates, account numbers, social security
numbers and so on.
HiJacked Browsers
Does your Internet Browser act strange?
 Does it always take you to a strange web site?
 Can you change the default home page?
If not, your browser may have been hijacked!!
 Might not be easy to fix as the hijacker has modified your computer (if
you had administrative privileges).
 Usually you need to reboot in SAFE MODE and then delete the
offending files and also likely need to make risky registry changes!
 It is ar better to NOT run with administrative privileges to prevent it in
the first place.
 Use another browser instead, i.e. Netscape, Mozilla Firefox (which I
use) instead of Internet Explorer which hackers target,
 Note: Cool Web Search is very nasty and very hard to remove!

Dangerous programs
Smiley Central
 KAZAA
 Cool Web Search
 HotBar
 Bonzi Buddy
 Speedblaster
 MemoryMeter
 Best Offers
See also: http://www.pchell.com/support/spyware.shtml

Administrator Userid
Your logon userid on a new computer defaults to Administrator
privileges so you can install programs.
 But spyware/viruses/keyloggers will also install their programs
while you have these same Administrative privileges!
Solution:
 Create a user account (non-privileged) and use that account for
email, web browsing, etc.
 Rename your Administrator account to another name and keep
it logged off and also use an obscure password for it
 See next two slides to see how to do it.

ROUTERS






A router allows multiple computers to easily share one internet
connection.
May allow port blocking to stop port scanning
Hides your real IP address via NAT; NAT = native address
translation. Some also use SPI or Stateful Packet Inspection
as an added benefit.
Thus a router functions as a simple firewall.
I use the Linksys BEFSR41 4 Port Wired Router which costs
about $50 or so, as well as wireless routers.
I reset it weekly, i.e. turn it off for 15 minutes and then back on.
[I do the same to the modem also]. This changes the IP
address that others will see.
My Router Connection (simplified)
The primary router I use…
Wireless routers

1.
2.
3.
4.
Not very secure….anyone can use it, even from
the street. Do this to increase security:
Change the default router password and default
SSID (Service Set Identifier) name.
Disable SSID broadcasting.
Enable the firewall software, encryption and MAC
filtering (Media Access Control)
Read your router manual for details on the above &
variations on this.
Using computers in public places





Never save your password locally
Never save your user-id; after you are done, type in
[email protected] or something like it in the user-id field so
the next user sees that and not your real email address.
Always assume the public computer has a virus or spyware.
Use for browsing or simple emailing only
Erase the cookies on that computer when you are done and
also clear out your internet history (tools-> internet options
->general; then click each of these: clear history, delete
cookies, delete files)
Microsoft Outlook




Spyware, Viruses may target Microsoft Outlook to
send their programs to everyone in your contacts
file, thus spreading rapidly on the Internet.
Keep Outlook’s Inbox password-protected so that
Outlook will not work unless you know the password.
Set the password this way in Outlook:
File->Data File Management->Settings.
These steps reduce the chance of spyware and
viruses spreading.
I use Mozilla’s Thunderbird email program and it
works fine and is somewhat safer to use.
TRENDS



People are now targeting AOL users, smart
cell phones and wireless PDAs.
They also remotely turn on your attached
webcam and may literally watch you as you
work or walk around the room.
The latest is to capture banking information
by installing a program on your computer and
capturing banking passwords (RAT=Remote
Access Trojan) – see next slide.
Trends, continued



Last month, an agency detected 170 distinct
Trojan programs used to steal bank data. In
January, there were only about 30, he said.
10% of all connected computers have these
RAT trojans installed and running.
The risk is high these people are gaining
access to your online banking accounts!
Software Solutions
POPUP STOPPER
http://www.panicware.com (free); download the basic version
http://www.popupcop.com (30day free trial)
SPY WARE
http://www.safer-networking.org (free)
http://www.lavasoftusa.com (free)
http://www.webroot.com/consumer/products/spysweeper/index.html ($30)
http://www.pestpatrol.com ($40)
http://www.sunbelt-software.com/CounterSpy.cfm ($20)
FIREWALL SOFTWARE
http://www.zonelabs.com (free version, $40 for improved version)
COOKIE COP
http://www.pcmag.com/article2/0,4149,6244,00.asp (free)
VIRUS SOFTWARE
http://www.symantec.com/product/ ($50, sometimes cheaper)
http://www.grisoft.com/doc/10/lng/us/tpl/tpl01 (AVG-generally free)
Software Solutions, continued
TEST YOUR COMPUTERS SECURITY:
•
http://gemal.dk/browserspy/
•
https://grc.com/x/ne.dll?bh0bkyd2
MORE SECURITY TOOLS & SOFTWARE:
•
http://www.pacific.net/secpriv.html
•
http://epic.org/privacy/tools.html
•
http://www.pgpi.org/products/pgp/versions/freeware/
•
http://blog.tech-security.com/?p=16 (IceSword tool!)
MORE INFORMATION:
•
http://www.bestsearchers.com/best-websites/computers-security.html
•
http://blog.tech-security.com/?p=16 (IceSword tool!)
REPORTING SCAMS:
http://www.IFCCFBI.gov (or) [email protected]
WHAT DO I USE AT HOME?











I have a LINKSYS 4 port ROUTER, model BEFSR41, providing
internet sharing and NAT (blocks inbound attempts)
We also run a BELKIN wireless router but we keep encryption enabled
to block intruders.
I use ZoneAlarm to monitor hacking attempts and outbound traffic.
I use Panicwares’ popup stopper.
I use CookieCop to block tracking cookies (I set them to session only)
I use Adaware, Spybot and SpySweeper weekly.
I also run AVG Antivirus weekly and also against all downloads I may
do. I update its virus definitions weekly.
My main windows login is as a ‘limited user’, not as an administrator.
I never open unknown emails. Never.
I use PGP for securing my USB flashdrive in case I lose it.
I back up my computer every month to another harddrive.
In Summary










Purchase a router that has NAT installed to block intruders.
Download Zonealarm and install it.
Purchase AntiVirus Software and keep its virus definitions current.
Never run a program you download or are given to by a friend unless you first
check it with a current antivirus program. (AVG, McAfee, Norton, etc)
Never open an email from a stranger or reply to any emails you don’t
personally know. Ignore all emails asking for personal information.
Be wary of screensavers, Activex, Javascript; they may install software without
you knowing it (if you have administrative privileges).
Do not use an account with Administrative privileges.
Delete cookies periodically or use CookieCop or similar to manage them.
Reset your modem weekly, i.e. turn it off for 15 minutes or more, forcing a new
IP address every time.
Run SpyBot, AdAware, SpySweeper and your Virus software weekly – this is
what I do every week.
IN CLOSING, WHAT WE DISCUSSED…
















SPAM EMAIL
VIRUSES
KEYLOGGERS
POPUP/BANNER ADS
COOKIES
SHOPPING ONLINE
SPYWARE
HOAXES
PORT SCANNING
YOUR OLD COMPUTER
ROUTERS
PUBLIC COMPUTERS
TRENDS
SOLUTIONS
WHAT I USE
QUESTIONS
IT IS WORTH REPEATING AT THIS POINT:
“One recent test showed that a
brand-new, unprotected Windows
machine became infected with
viruses in just 20 minutes on the
Internet.” 9/30/2004, Wall Street
Journal, page B1
QUESTIONS?
How to reach me:
[email protected]
This complete handout is available online at:
http://www.collins-consulting.org/download.html
Another good overview of personal computer security:
http://safecomputing.umn.edu/studentchecklist.html