1 Spam, Spyware, Malware and You! Don't give up just yet! Presented by: Mervin Istace Provincial Library Saskatchewan Learning Lee Zelyck Network Administrator Regina Public Library
3 Malware, Spyware, Trojans Objectives After After attending this this workshop you you will will be be able able to: to: I. I. Explain threats threats to to your your information security II. II. Explain security requirements III. III. Describe how how to to protect yourself and and others others from from i. i. Password Password compromises compromises ii. ii. Malware Malware iii. iii. Spyware Spyware and and adware adware
4 Don't give up just yet! Some users have given up on the Internet due to spam, spyware, and malware; however a growing number of users have a new stance on spam, spyware, and malware. This session will show you how others are trying to slow the tide, through a variety of new and improved tools, tricks and tips.
5 Digital Self-Defense 101 Outline I. I. The The need need for for self-defense II. II. Primary self-defense tactics tactics and and tools tools III. III. Social Social engineering threats threats and and responses
6 The Need for Self-Defense Rapidly-increasing threats 2004: Year of the Cyber-Crime Pandemic eweek Over 17,000 new malware threats in 2004 Over 8459 new social engineering/phishing attempts in November 2004
7 Who s Doing the Crime? Internet crime is carried out primarily by teenage hackers who are trying to make a name for themselves. False. Internet crime is being funded and sponsored by organized crime, often out of Eastern Europe. True or False?
8 Why am I a Target? Three key reasons: 1. Conduct identity theft for financial gain 2. Access to your network/resources 3. Use of PC in botnets 4. Host for Parasites
9 How are the Attacks Occurring? Attacks from the Internet use several different attack vectors.
10 Attack Vector 1 Worms All a person has to do is connect an unpatched PC to the Internet. No user action is required. Sasser Netsky Bagel
11 Attack Vector 2 Browser exploits Most used application Malicious code Spoofed browser windows Secunia has noted about one vulnerability every 10 days since IE 5 was introduced
12 Attack Vector 3 Infected attachments Phishing scams Links to malicious Web sites
13 Self-defense a Layered Approach No one tactic will be sufficient. There is no silver bullet or impenetrable firewall. You must use a layered defense which uses a combination of software and hardware solutions to prevent, detect, and clean malware.
14 Layer 1 Secure Passwords Choosing a secure password is one of the easiest and most overlooked ways to keep your information secure.
15 The Password Requirement Your password should Be at least 8 characters long Contain both UPPER and lower case letters and at least one number or symbol (placed in the middle not at the beginning or end of the password) Be changed at least every 120 days Not contain your username Not be reused (repeated) for at least 6 changes of password
16 Weak Passwords Weak Weak passwords are are one one of of the the most most critical critical security threats threats to to networks (and (and your your home home PC). PC). Examples of of weak weak passwords: admin Username [default], etc. etc.
17 Strong Passwords Anatomy of a Secure Password MINIMUM of 7-8 characters Mixed numbers and letters * *other characters allowed by the software/operating system UPPER and lower case
18 Constructing a Password You You can can use use the the first first letter letter of of each each word word in in a a phrase phrase and and add add a a number number in in the the middle. middle. Alternate Alternate between between a a random random consonant consonant and and vowel vowel to to produce produce a a nonsense nonsense word word that that can can be be pronounced. Then Then add add a a number number in in the the middle. middle. Choose Choose two two shorter shorter words words and and put put them them together together with with a a number number in in between. between.
19 Password Tools There are are a number of of tools to to help you create a strong password one one example: You You can can check check password strength by by typing typing a SIMILAR password into into the the password checker at at
20 Log off or Lock Your Computer It's a good habit to either log out or lock the system every time you walk away from the computer.
21 Log off or Lock Your Computer If you walk away from your computer you may give someone an open door into your e- mail, personal information, and other sensitive or private data.
22 Layer 2 Defending Against Malware Malware encompasses classic threats, such as viruses, worms, and trojans, and newer threats such as spyware.
23 Malware Viruses A virus virusis is a a piece piece of of program program code code that that makes makes copies copies of of itself itself and and spreads spreads by by attaching attaching itself itself to to files files or or messages, messages, and and requires requires user user action action to to spread. spread.
24 Malware Payloads Malware Malware often often carries carries payloads which are are executed executed by by the the malware malware program. program. Payloads Payloads may: may: Pop Pop up up a a message message Reformat Reformat your your hard hard drive drive themselves themselves and and other other information information to to the the addresses addresses in in your your address address book book Cause Cause file file corruption corruption over over time time
25 Malware Worms A computer worm is is a self-replicating computer program, similar to to a computer virus. A worm is is self-contained and and does not not need to to be be part part of of another program to to propagate itself or or need user action to to spread. From Wikipedia, the free encyclopedia, From Wikipedia, the free encyclopedia,
26 Malware Trojans A Trojan horse or or Trojanis is a computer program which claims to to be be innocuous but but instead has has a malicious effect one which the the programmer (or (or packager, or or distributor) intended and and the the user user didn't expect. From Wikipedia, the free encyclopedia, From Wikipedia, the free encyclopedia,
27 Malware Backdoors A backdoor is is a hidden system administration tool tool that that malware installs onto your system, allowing someone access and and control of of your system in in the the future.
28 Malware Defenses Primary self-defense techniques: Patching Firewalls Antivirus Anti-spyware Anti-keylogger Proxy server Commonsense
29 Patching In order to keep your information and the network secure, you need to keep your computer patched and up to date.
30 Patching Automatic Updates Most operating systems provide an auto-update feature. Many applications do not.
31 Patching Windows If you are running Windows, find out how to turn on automatic updates by going to:
32 Patching Macintosh If you are running Mac OSX, find out how to turn on automatic updates by going to
33 Patching Applications Windows update does not patch applications. Obtain Microsoft Office patches from Check for updates for other applications at the vendors home pages.
34 Firewalls A personal firewall is a piece of software or hardware installed on an end-user's PC which controls communications to and from the user's PC. From Wikipedia, the free encyclopedia,
35 Firewalls Firewalls allow you to limit access of specific programs to the Internet and also allow you to control various ports and services. From Wikipedia, the free encyclopedia,
36 Recommended Firewalls We recommend the use of a personal software firewall product: For personal computers, we recommend choosing a product from an industry leader such as Zone Alarm, Sygate, McAfee, or Symantec.
37 Firewalls and Routers Placing a router between your computer and your modem can provide some of the protections of a firewall. Internet
38 Antivirus Many good products on the market Absolute must have before going on the Internet As many as 1 in 10 s may contain viruses Must be kept up to date
39 Keeping Anti-Virus Programs Up to Date Set up Auto-Update to check for updates daily. Scan all files weekly.
40 Spyware Computer software that gathers information about a computer user without the user's knowledge or or informed consent, and then transmits this information to to an an external entity. From Wikipedia, the free encyclopedia, From Wikipedia, the free encyclopedia,
41 Spyware How Big is the Threat? According to to eweek.com, spyware is is on on track track to to replace massmailing worms as as the the biggest security threat threat in in the the coming year. year. mass- Spyware, also also known as as adware, has has become the the preferred way way to to deliver malicious Trojans, which which can can relay relay information to to other other computers or or Web Web locations. This This puts puts your your passwords, log-in log-in details, credit credit card card numbers and and other other personal information at at risk. risk.
42 Spyware How did I Get it? You can get spyware from: Unintentional Downloads Software Bundles Other Other Users Users Computer Viruses or or Worms Automatic Installation Embedded in in applets
43 Spyware How do I Prevent It? You can prevent spyware infections by: Using anti-spyware and and antivirus software Increasing security settings in in your browser Carefully reading pop-up warnings Not downloading or or installing software without investigating it it and and its its publisher
44 Anti-Spyware Tools Anti-spyware programs such as Spybot Search & Destroy AND AD-AWARE are available free for personal use.
45 Dealing with Spam At Provincial Library We use a Barracuda Spam Firewall (Model 200) filters out about 3,000 spam and viruses a day on average At Home Leading products include ZoneAlarm Security Suite, McAfee SpamKiller, and MailFrontier Desktop. Use a Hotmail, GMail or Yahoo address for mailing lists, etc.
46 Layer 3 Protecting Yourself from "Social Engineers" "Social engineering" describes the activity of tricking or engineering the user into willingly disclosing confidential or privileged information.
47 Beware of "Social Engineers" Don t give out personal information, especially passwords, to to anyone by by phone, , or or through a a Web page, except login pages you you trust.
48 Layer 4 Common sense Practices Using commonsense can help you avoid many malware and social engineering attacks.
49 Stay Informed Security vendors and criminals are in a race. Keep abreast of security issues by following the news and checking out the following web sites.
50 Don t Click Links or Attachments in Unexpected s Many viruses these days can generate s that look like they came from actual users.
51 Don t Work in the Admin Account In In Windows XP: Create a separate account for for installing software and performing administrative functions. Create user accounts with limited privileges and use use those accounts when browsing or or reading . (This may prevent some malware from installing itself on on your computer.)
52 Malware, Spyware, Trojans Wrap up up I. I. Why Why self-defense? II. II. Review threats threats III. III. Review tools tools IV. IV. Your Your questions