Computer Security
4. Computer security
Active and passive security
The internet is a network that connects computers and people around the world. It is a form of communication
with many advantages, but it also has it risks: it is a world of information in which we have to move carefully. A
computer is not a harmless tool.
with many advantages, but it also has it risks: it is a world of information in which we have to move carefully. A
computer is not a harmless tool.
If we want to travel safely by car, it’s not enough to know how to drive: we must also know what safety devices
the vehicle has (seatbelt, airbags, ABS, etc), and the traffic rules that govern interaction with other vehicles.
Similarly, if we are going to use a computer on a network, we must:
the vehicle has (seatbelt, airbags, ABS, etc), and the traffic rules that govern interaction with other vehicles.
Similarly, if we are going to use a computer on a network, we must:
Know how to use it (we should be careful when using tools that we are unfamiliar with, especially online).
Know what security tools are available to us (so we’ll know if we are protected against viruses, spam and
websites with unwanted content).
websites with unwanted content).
Apply a set of basic security rules to guide our interaction with other Internet users.
We use the term active security to refer to the set of actions aimed at protecting the computer and its content
(e.g. using safe passwords, keeping the antivirus program up to date, etc.). Passive security aims to minimize
the impact of possible computer damage (e.g. making regular backup copies).
(e.g. using safe passwords, keeping the antivirus program up to date, etc.). Passive security aims to minimize
the impact of possible computer damage (e.g. making regular backup copies).
Security on the computer
We are going to start by learning about the main threats to our computer, ie. what it needs to be protected
from and what tools are available to do this.
from and what tools are available to do this.
Threats to the computer: malicious software
Malware (from malicious software) is software developed for malicious purposes, such as viruses, Trojans,
worms, spyware, etc.
worms, spyware, etc.
The different types of malware are shown in the figure of the following page.
Signs that our computer has been attacked
Computer processes or the Internet connection are working very slowly.
There is less avalaible disk space (warnings of insufficient disk space).
Unknown programs appear, new browser home pages open or elements are added that can’t be deleted.
The keyboard and mouse do strange things.
Types of malware
Virus
This is a program that installs itself on the computer without the user’s consent with the aim of causing harm.
It can self-replicate and infect other computers. It can use portable drivers, software or the Internet to spread
itself. Viruses are the best known threat and the most important one because of their volumen of risk.
itself. Viruses are the best known threat and the most important one because of their volumen of risk.
Keylogger
(From key [tecla] and logger [registrador]. This is a type of software that attempts to obtain and memorise
keystrokes. It can be used for remote spying, with the aim of obtaining paswords from the user.
keystrokes. It can be used for remote spying, with the aim of obtaining paswords from the user.
Worm
This is malware whose purpose is to flood the system memory by reproducing itself.
Spyware
Not all spyware is malware. Spyware programs with malicious code are basically Trojans, adware and hijackers.
Trojan
This is a type of virus that contains instructions, camouflaged in another program, whose purpose is to destroy
or gather information saved on disks. The name refers to the Trojan horse, because these viruses are usually
housed in apparently harmless elements, such as an image or music file, and are installed in the system when
the containing file is opened.
or gather information saved on disks. The name refers to the Trojan horse, because these viruses are usually
housed in apparently harmless elements, such as an image or music file, and are installed in the system when
the containing file is opened.
Adware (from advertisement software).
Adware is advertisinig included in programs that appear after installation. Some of this comes with shareware
or freeware licences, where advertising is included top ay for them, so that if the user wants an advertising-free
version, they can choose to pay for the registered license version. The problem arises when these programs act
as a spyware, including code to gather personal information on the user( information that is not necessarily
used maliciously: sometimes it is about discovering user’s tastes, but it can be passed on to other parties
without authorisation).
or freeware licences, where advertising is included top ay for them, so that if the user wants an advertising-free
version, they can choose to pay for the registered license version. The problem arises when these programs act
as a spyware, including code to gather personal information on the user( information that is not necessarily
used maliciously: sometimes it is about discovering user’s tastes, but it can be passed on to other parties
without authorisation).
Hackers:
These are expert criminals who, in theory are only looking for an intellectual challenge. They don’t necessarily
cause harm; indeed, there are ethical hacking (or White hacking) companies that help people and business find
out how secure they are against malicious hackers. Hackers are sometimes confused with black hackers, who
try to attack Internet security systems and make Money from it.
cause harm; indeed, there are ethical hacking (or White hacking) companies that help people and business find
out how secure they are against malicious hackers. Hackers are sometimes confused with black hackers, who
try to attack Internet security systems and make Money from it.
Pharming
This practice involves redirecting a domain name to a different computer, so that a user who enters a URL goes
to the attacking website. Thus for instance, it can replace a bank website to obtain the victim’s passwords.
to the attacking website. Thus for instance, it can replace a bank website to obtain the victim’s passwords.
Spam or junk mail
These are e-mail messages that flood the network in order to advertise products, sometimes of
dubious legality, so the recipients buy them. They are sent en masse, since it has been shown that 1 in
12 million sent e-mails receive a positive reply. Studies indicate that spam currently represents 80% of
e-mail traffic worldwide.
dubious legality, so the recipients buy them. They are sent en masse, since it has been shown that 1 in
12 million sent e-mails receive a positive reply. Studies indicate that spam currently represents 80% of
e-mail traffic worldwide.
Crackers
These are people who try and change how a commercial program works or produce applications to
obtain valid serial numbers in these types of programs in order to use them without a licence (pirate
them).
obtain valid serial numbers in these types of programs in order to use them without a licence (pirate
them).
Cookies
These are text files that are saved to the computer by the browser when we visit a website, for the site
to red them on subsequent visits. They are not a risk or a threat as long as they only aim to provide
access to the site.
to red them on subsequent visits. They are not a risk or a threat as long as they only aim to provide
access to the site.
Thus, for instance, when we visit an online shopping website for the second time on the same
computer, it is usual to find certain parameters already completed the configuration from the
previous visit has already been selected, or we may even received a customised welcome message ,
all because of the cookies saved from the first visit. They could be considered non-malicious spyware.
computer, it is usual to find certain parameters already completed the configuration from the
previous visit has already been selected, or we may even received a customised welcome message ,
all because of the cookies saved from the first visit. They could be considered non-malicious spyware.
Hoaxes
These are chain e-mails started by companies to gather e-mail adresses from large numbers of users
and then carry out mailings (which are also spam). They abuse people’s good intentions, credulity and
superstition. It is currently not an ilegal practice. A chain starts when a company sends a message such
as ‘Lost child’ or ‘careful, dangerous virus!’ to millions of invented e-mail addresses (those that do not
produce error messages exist and can be used); some of these recipients resend the message in good
faith and thus a chain starts; after a number have been sent, the chain will reach the company again,
now full of valid e-mail addresses.
and then carry out mailings (which are also spam). They abuse people’s good intentions, credulity and
superstition. It is currently not an ilegal practice. A chain starts when a company sends a message such
as ‘Lost child’ or ‘careful, dangerous virus!’ to millions of invented e-mail addresses (those that do not
produce error messages exist and can be used); some of these recipients resend the message in good
faith and thus a chain starts; after a number have been sent, the chain will reach the company again,
now full of valid e-mail addresses.
Software to protect the computer: computer security
ACTIVITY: Type of viruses
ACTIVITY: Type of viruses
- Boot Sector Virus: boot sector viruses are some of the most dangerous. Because they infect the master boot record, they are notoriously difficult to remove, often requiring a full system format. This is especially true if the virus has encrypted the boot sector or excessively damaged the code.
- Direct Action Virus: a direct action virus is one of the two main types of file infector viruses. The virus is considered “non-resident”; it doesn’t install itself or remain hidden in your computer’s memory. It works by attaching itself to a particular type of file (typically EXE or COM files). When someone executes the file, it springs into life, looking for other similar files in the directory for it to spread to.
- Resident Virus: resident viruses are the other primary type of file infectors. Unlike direct action viruses, they install themselves on a computer. It allows them to work even when the original source of the infection has been eradicated. As such, experts consider them to be more dangerous than their direct action cousin.
- Multipartite Virus: while some viruses are happy to spread via one method or deliver a single payload, multipartite viruses want it all. A virus of this type may spread in multiple ways, and it may take different actions on an infected computer depending on variables, such as the operating system installed or the existence of certain files.
- Polymorphic Virus: according to Symantec, polymorphic viruses are one of the most difficult to detect/remove for an anti-virus program. It claims anti-virus firms need to “spend days or months creating the detection routines needed to catch a single polymorphic”.
- Overwrite Virus: to an end-user, an overwrite virus is one of the most frustrating, even if it’s not particularly dangerous for your system as a whole. That’s because it will delete the contents of any file which it infects; the only way to remove the virus is to delete the file, and consequently, lose its contents. It can infect both standalone files and entire pieces of software.
- Spacefiller Virus: also known as “Cavity Viruses”, spacefiller viruses are more intelligent than most of their counterparts. A typical modus operandi for a virus is to simply attach itself to a file, but spacefillers try to get into the empty space which can sometimes be found within the file itself.
Very good and complete!
ResponderEliminar