Upload
eydie
View
32
Download
0
Embed Size (px)
DESCRIPTION
Security and Privacy. Viruses. Not all programs that cause damage are viruses Computer viruses share two characteristics with their biological counterparts they require a host; they are not complete programs but pieces of code that become attached to (infect) another program - PowerPoint PPT Presentation
Citation preview
Security and Privacy
Viruses
Not all programs that cause damage are viruses
Computer viruses share two characteristics with their biological counterparts• they require a host; they are not complete
programs but pieces of code that become attached to (infect) another program
• they replicate (copy) themselves
Types
boot sector infector: virus affecting the boot program (recall that booting is loading the operating system)
program or file infector: attaches to a program (typically has a .exe or .com extension)
Types (cont.)
macro virus: • a macro is a small program that
automates repeated tasks in an application (like Word or Excel)• Macro virus
• a macro virus is a macro used to cause damage
• example: Melissa
Bombs and worms
A logic bomb is designed to cause its damage only when a particular condition is met, a special case is a time bomb which goes off at a particular time• e.g. the Michelangelo virus
a worm does not attach itself to another program but fills one’s disk space (memory) with copies of itself
Protection
do not download and run software of questionable origin
install and run an anti-viral utility such as Norton Anti-virus on floppies and on hard drives • Update it frequently
do not have a floppy in the A drive when starting (booting) the computer
disable macros of unknown origin
Unauthorized access and use
Unauthorized access: logging on and using a computer without consent
hacker: one who gains unauthorized access to computers
Unauthorized use: sometimes the user is legitimate but the activity is not, e.g. playing games or downloading certain material or receiving/sending private email at work
Protection against unauthorized access
passwords• should be relatively long
• should be a combination of letters and numbers (and symbols if allowed)
• should be something you can remember and nobody else can guess
• should not be shared
• should be committed to memory and not written down on or near the PC
More on passwords
Windows NT (2000) has better password protection than Windows 95 because it was designed as a genuine multi-user operating system
For extra protection, add a password at the BIOS level
Other examples
ATM cards are used to authenticate users and to identify which accounts (files) he or she has access to; there is typically a password or personal identification number (PIN) as well
biometric devices: fingerprint or retina scanner, voice recognition, etc. • better protection• more expensive
Cryptography
one way to secure data, be it in storage or in transit, is encryption
Encryption coverts information in its usual readable form (called plaintext) to information in an encoded, unreadable form (called cyphertext)
PGP (Pretty Good Privacy) program: a good encrypter that works with most email systems
Keys
a key is a formula that encodes information
Single key cryptography uses one key; i.e. encryption and decryption method known to sender and receiver
Public-key cryptography uses two keys: (more secure)• public key: anyone can have used to
encrypt• private key: only you have, used to decrypt
Digital signature
use this process in reverse you can use your private key to encrypt
a message then anyone with your public key can
decrypt it BUT he or she knows who sent it encryption and digital signatures are
what makes secure transactions over the net possible
Encryption controversy
Government should have control over encryption, i.e. be able to decode it
PRO: aid FBI and such in fight against espionage, terrorism, drugs, etc.
CON: if government has this capability, there are those who will use it illegally; it’s no security at all
Gone but not forgotten
Deleting a file is not the end of it Remember to empty the recycle bin Even emptying the recycle bin or
(quick) reformatting a disk does not completely eliminate your information
Only when the disk space is written over is the information truly disposed of
YOU’RE NOT PARANOID
THEY REALLY ARE WATCHING YOU!
Data mining
data mining is collecting information available on a person or group of people
often done for targeted marketing once a tedious chore, now easily done
with computers They’ll know you by your social security
number
Your Privacy Quotient
(from PC World Sept. 1998)• Registered to vote• Bought a house• Had a baby• Owned substantial stock in a company• Given more than $50 to a campaign• Had your dog vaccinated for rabies• Taken out a permit for a yard sale• Paid a fine for an overdue library book
Privacy Quotient (cont.)
• Gotten a parking ticket• Participated in a phone survey• Mailed in a warranty card• Entered a contest or sweepstakes• Used your ATM card for any purchase• Rented a movie• Subscribed to a magazine
At work
Electronic supervision: the computer at work can be used to keep track of your activity and/or productivity
email at work is not private; unless explicitly stated otherwise your employer can look at your email
the LAN manager can easily look at your files
The Cookie Monster
a cookie is information about your having visited a web site stored in YOUR computer• you can eliminate or block future cookies
browsers typically keep a list of sites visited, sometimes saved from session to session
it requires work to cover your surfing tracks
Software Piracy
“buying” software does not entitle the purchaser to copy and distribute, doing so is called “software piracy”
Billions of dollars every year, especially rampant in Asia
Public domain: software you are free to use in any way, you should still credit the source
More
Site license: permission for a school or company to run software from a network so one does not need a license for each computer
Plagiarism: claiming another’s work as your own, it may be code, research, writing, music, etc.
References
Discovering Computers 2000 (Shelly, Cashman and Vermaat)
Information Technology: The Breaking Wave (Curtin, Foley, Sen, Morin)
PC World, Sept. 1998