Computer Security

Security

There are many threats out there. Some are real as in bad people who would rob or maim us. Some are in the digital world where although we cannot be physically hurt, we can be hurt in other ways.

Types of Security Threats

Cybercrime is formally defined as any criminal action perpetrated primarily through the use of a computer. Cybercriminals are individuals who use computers, networks, and the Internet to perpetrate crime. The existence of cybercrime means that computer users must take precautions to protect themselves.

A hacker is defined as anyone who breaks into a computer system unlawfully. Many hackers who break into systems just for the challenge of it refer to themselves as white-hat hackers. They tout themselves as experts who are performing a needed service for society by helping companies realize the vulnerabilities that exist in their systems.

White-hat hackers call hackers who use their knowledge to destroy information or for illegal gain black-hat hackers. Amateur hackers are referred to as script kiddies. Script kiddies don’t create programs used to hack into computer systems; instead, they use tools created by skilled hackers.

If you perform financial transactions online, credit card and bank account information can reside on your hard drive and may be detectable by a hacker. Even if this data is not stored on your computer, a hacker may be able to capture it when you’re online by using a packet sniffer.

A packet sniffer is a program that looks at each packet as it travels on the Internet—not just those that are addressed to a particular computer, but all packets. Some packet sniffers are configured to capture all the packets into memory, whereas others capture only certain packets that contain specific content (such as credit card numbers).

Once a hacker has your credit card information, he or she can either use it to purchase items illegally or sell the number to someone who will. If hackers can gather enough information in conjunction with your credit card information, they may be able to commit identity theft (refer to the Trends section of your text on page 336 on Identity Theft for more info on how to protect yourself.).

To perpetrate widespread computer attacks, hackers need to control many computers at the same time. To this end, hackers often use Trojan horses to install other programs on computers. A Trojan horse is a program that appears to be something useful or desirable (like a game or a screen saver), but at the same time does something malicious in the background without your knowledge. Often, the malicious activity perpetrated by a Trojan horse program is the installation of backdoor programs, which allow hackers to take almost complete control of your computer without your knowledge.

Using a backdoor program, hackers can access and delete all files on your computer, send e-mail, run programs, and do just about anything else you can do with your computer. Computers that hackers control in this manner are referred to as zombies. Hackers can also launch an attack from your computer called a denial of service (DoS) attack, in which legitimate users are denied access to a computer system because a hacker is repeatedly making requests of that computer system through a computer he or she has taken over as a zombie.

Hackers can gain access to computers directly or indirectly. Direct access involves sitting down at a computer and installing hacking software.

The most likely method a hacker will take to access a computer is indirectly through its Internet connection. When connected to the Internet, your computer is potentially open to attack by hackers. Logical ports are virtual communications gateways that allow a computer to organize requests for information from other networks or computers. Open logical ports, like open windows in a home, invite intruders. Unless you take precautions to restrict access to your logical ports, other people on the Internet may be able to access your computer through them.

Safeguards

Firewall's are software programs or hardware devices designed to keep computers safe from hackers. By using a firewall, you can close off open logical ports to invaders and potentially make your computer invisible to other computers on the Internet. Some of the most popular software firewall's for the home include Norton Personal Firewall, McAfee Firewall, ZoneAlarm, and BlackICE PC Protection. You can also buy and configure hardware firewall devices.

If you’re keeping a wired network secure with a firewall, you’re fairly safe from most hacker attacks. However, wireless networks have wide ranges, including areas outside of your house. This makes it possible for a hacker to access your network without you even knowing it. Because your packets of information are being broadcast through the airwaves, a hacker can intercept and decode information from your transmissions that may allow him to bypass your firewall. Others may steal your bandwidth and crimes can be committed through your network. Therefore, to secure a wireless network, you should take the following additional precautions:

  1. Change Your Network Name (SSID)

  2. Disable SSID Broadcast

  3. Change the Default Password on Your Router

  4. Turn on Security Protocols

  5. Implement Media Access Control

  6. Apply Firmware Upgrades

Viruses and Worms

A computer virus is a computer program that attaches itself to another computer program (known as the host program) and attempts to spread itself to other computers when files are exchanged. Viruses normally attempt to hide within the code of a host program to avoid detection. Viruses, by definition, have a method to spread.

If your computer is exposed to a file infected with a virus, the virus will try to copy itself and infect a file on your computer. If you never expose your computer to new files, it will not become infected. However, this would be the equivalent of a human being living in a bubble to avoid catching viruses. Sharing disks or flash drives is a common source of virus infection, as is e-mail. Just opening an e-mail message will not infect your computer with a virus. Downloading or running a file that is attached to the e-mail is how your computer becomes infected.

A computer virus’s main purpose is to replicate itself and copy its code into as many other files as possible. Although virus replication can slow down networks, it is not usually the main threat. The majority of viruses have secondary objectives or side effects, ranging from displaying annoying messages on the computer screen to the destruction of files or the contents of entire hard drives.

Although thousands of computer viruses and variants exist, they can be grouped into broad categories based on their behaviour and method of transmission. Boot-sector viruses replicate themselves into the hard drive’s Master Boot Record, a program that executes whenever a computer boots up, ensuring that the virus is loaded immediately. Boot-sector viruses are often transmitted by a floppy disk left in a floppy drive or a flash drive left in a USB port.

Although thousands of computer viruses and variants exist, they can be grouped into broad categories based on their behaviour and method of transmission.

  1. Boot-sector viruses replicate themselves into the hard drive’s Master Boot Record, a program that executes whenever a computer boots up, ensuring that the virus is loaded immediately. Boot-sector viruses are often transmitted by a floppy disk left in a floppy drive or a flash drive left in a USB port. Boot-sector viruses can erase your entire hard drive.

  2. Logic bombs are viruses that are triggered when certain logical conditions are met (such as opening a file). Time bombs are viruses that are triggered by the passage of time or on a certain date. The effects of logic bombs and time bombs range from annoying messages being displayed on the screen to reformatting of the hard drive, causing complete data loss. Logic and Time Bombs can be attached to any malicious code, i.e. virus or worm, and is not restricted to viruses.

  3. Worms are self-replicating programs that use vulnerabilities in operating systems to travel between systems through networks to spread copies of themselves.

  4. Some viruses are hidden on websites in the form of scripts. Scripts are mini programs that are often used to perform legitimate functions on websites. However, some scripts are malicious. For example, say you receive an e-mail encouraging you to visit a website full of useful programs and information. Unbeknownst to you, clicking a link to display a video runs a script that infects your computer with a virus.

  5. Macro viruses are attached to documents (such as Word files) that use macros. A macro is a short series of commands that usually automates repetitive tasks. However, macro languages are now so sophisticated that viruses can be written with them.

  6. E-mail viruses use the address book in the victim’s e-mail system to distribute the virus.

  7. Encryption viruses search for common data files and then compress them using a complex encryption key. The user then has to pay to get the file unlocked.

Classifying Viruses

Viruses can also be classified by the methods they take to avoid detection by antivirus software:

  1. Polymorphic viruses change their own code (or periodically rewrite themselves) to avoid detection. Most polymorphic viruses infect one certain type of file (.exe files, for example).

  2. Multipartite viruses are designed to infect multiple file types in an effort to fool the antivirus software that is looking for them.

  3. Stealth viruses temporarily erase their code from the files where they reside and hide in the active memory of the computer. This helps them avoid detection if only the hard drive is being searched for viruses.

Defences

The best defence against viruses is to install antivirus software, which is specifically designed to detect viruses and protect your computer and files from harm. Most antivirus software looks for virus signatures in files. Signatures are portions of the virus code that are unique to a particular computer virus.

Antivirus software scans files for these signatures and thereby identifies infected files and the type of virus that is infecting them. The antivirus software scans files when they’re opened or executed. If it detects a virus signature or suspicious activity, it stops the execution of the file and notifies you it has detected a virus. Usually it gives you the choice of deleting or repairing the infected file and places the virus in a secure area. This is called quarantining. Inoculating is when an antivirus program records key attributes about files and re-checks these statistics during a scan. Antivirus software catches known viruses effectively. Thus, your computer can still be attacked by a virus that your antivirus software doesn’t recognize. To minimize this risk, you should keep your antivirus software up-to-date.

Review

In this unit we explored how we could be hurt through our computer. Hackers try to steal our identity by placing worms and viruses into our computers. They send these through e-mails as well as web sites. You need to protect your computer in order to protect yourself.

Next we will take a closer look on how some of the software we use are actually created.