Security and Protection CS 110 Fall 2005. Security Risks More data is being stored than ever before...

Security and ProtectionSecurity and Protection

CS 110CS 110

Fall 2005Fall 2005

Security RisksSecurity Risks

More data is being stored than ever More data is being stored than ever beforebefore

More people/organizations “touch” More people/organizations “touch” the data the data

The “key” to unlock that data isn’t The “key” to unlock that data isn’t particularly strongparticularly strong

Communication networks are Communication networks are relatively openrelatively open

Data StorageData Storage

Who “owns” your data?Who “owns” your data? Amazon, Experian, Blue CrossAmazon, Experian, Blue Cross

• How do they share your data?How do they share your data? What other data is captured?What other data is captured?

Web visits, music playback, cell phone Web visits, music playback, cell phone trackingtracking

• Where does that data go?Where does that data go?• What unique identifiers are stored?What unique identifiers are stored?

Data ProtectionData Protection

What “keys” protect your data?What “keys” protect your data?• Social Security NumberSocial Security Number• Mother’s maiden nameMother’s maiden name• BirthdateBirthdate• PinPin• Encryption keysEncryption keys

Remember the DVD key was stolenRemember the DVD key was stolen

Data HandlingData Handling

More companies handle dataMore companies handle data• Are they trustworthy?Are they trustworthy?• What standards do they have?What standards do they have?• Can I sign a privacy agreement and Can I sign a privacy agreement and

assume all subcontracting companies assume all subcontracting companies follow the same privacy rules?follow the same privacy rules?

• How to point blame?How to point blame?• Who can you sue?Who can you sue?

Communication NetworksCommunication Networks

Easy to “sniff” communicationsEasy to “sniff” communications• TCP/IP packets are transparentTCP/IP packets are transparent

What’s in them?What’s in them? But, TCP/IP packets follow indeterminate But, TCP/IP packets follow indeterminate

routesroutes

• Programs residing on your computer can Programs residing on your computer can capture typing and steal passwordscapture typing and steal passwords

Even very secure devices have been Even very secure devices have been hackedhacked

Some technical detailsSome technical details

Protection in your computerProtection in your computer• A hierarchy of privilegesA hierarchy of privileges

Email should never be able to reboot your Email should never be able to reboot your machinemachine

Excel should not launch programsExcel should not launch programs

• Limits damageLimits damage• Limits power Limits power

Exceptions are everywhere: email does Exceptions are everywhere: email does launch Microsoft Wordlaunch Microsoft Word


Protection in your computerProtection in your computer• Some files are supposed to be for Some files are supposed to be for

“system use” only“system use” only

• Consider changing the file that contains Consider changing the file that contains the name of your home web sitethe name of your home web site

• Consider changing “notepad” to a Consider changing “notepad” to a program that deletes all filesprogram that deletes all files


Protection in your computerProtection in your computer• Some data in RAM should also be Some data in RAM should also be

protectedprotected

• People attack programs that have the People attack programs that have the most permission to write to RAMmost permission to write to RAM

• People try to sneak past the write People try to sneak past the write protections, buffer overflowprotections, buffer overflow


Protection in your computerProtection in your computer• What does your computer do with all What does your computer do with all

those packets addressed to your IP those packets addressed to your IP address and coming in through the address and coming in through the cable modem / DSL ?cable modem / DSL ?

• First, allocated to one of 65535 portsFirst, allocated to one of 65535 ports Your web browser “listens” for packets on a Your web browser “listens” for packets on a

specific portspecific port Your music sharing software communicates Your music sharing software communicates

on a specific porton a specific port Packets for unused ports should be dumpedPackets for unused ports should be dumped


Protection outside your computerProtection outside your computer• A firewall only permits packets to enter A firewall only permits packets to enter

your computer if they are legitimateyour computer if they are legitimate Even if a secret program is awaiting Even if a secret program is awaiting

instructions on port 1003, the firewall will instructions on port 1003, the firewall will cut packets off before entering computercut packets off before entering computer


Protection outside your computerProtection outside your computer• Internet routers are generally well Internet routers are generally well

protectedprotected They don’t let others rewrite your packets?They don’t let others rewrite your packets? They don’t let other read your packets?They don’t let other read your packets? They ensure your packets are delivered They ensure your packets are delivered

quickly?quickly? They ensure your packets are ever They ensure your packets are ever

delivered?delivered?

What’s Malware?What’s Malware?

General term is General term is malwaremalware (for (for "malicious software")"malicious software")• Any program or file harmful to a Any program or file harmful to a

computer usercomputer user IncludesIncludes

• Computer virusesComputer viruses• WormsWorms• Trojan horses, includingTrojan horses, including

Adware, SpywareAdware, Spyware

VirusesViruses

Programs that attach themselves to Programs that attach themselves to another program to gain access to another program to gain access to your machineyour machine• They may do nothing on your machine They may do nothing on your machine

or they may destroy all your filesor they may destroy all your files• The viruses seek to use your machine as The viruses seek to use your machine as

a launching point to infect other a launching point to infect other machinesmachines

WormsWorms

Like a virus but they are self-Like a virus but they are self-contained programs (they don’t need contained programs (they don’t need a host) a host)

AdwareAdware

Some programs are “free” but they Some programs are “free” but they support their costs by sending ads to support their costs by sending ads to your machineyour machine

Related to advertisingRelated to advertising

Many web sites have advertisingMany web sites have advertising A few big advertising agencies serve A few big advertising agencies serve

all these sitesall these sites These agencies embed tracking These agencies embed tracking

codes in the ads that you encounter codes in the ads that you encounter on each siteon each site

Data obtained from these ads Data obtained from these ads creates the most comprehensive creates the most comprehensive view of where you go on the webview of where you go on the web

SpywareSpyware

You download a music playerYou download a music player The music player includes an The music player includes an

additional program that is installed additional program that is installed and runs continuouslyand runs continuously

This program records the websites This program records the websites you visit and sends them to a you visit and sends them to a databasedatabase

How Bad Is It? (Bad!)How Bad Is It? (Bad!) Fall 2004: Study by AOL and National Cyber Fall 2004: Study by AOL and National Cyber

Security Alliance Security Alliance ((www.staysafeonline.infowww.staysafeonline.info))• Surveyed 329 PC users, then examined their PCsSurveyed 329 PC users, then examined their PCs

On-line for an avg. of 7 years; 42% intermediate or On-line for an avg. of 7 years; 42% intermediate or expert usersexpert users

• 85% said they were running anti-virus SW85% said they were running anti-virus SW• 71% said they were updating this weekly71% said they were updating this weekly

but barely half really werebut barely half really were• 19% of their PCs had viruses19% of their PCs had viruses• 80% had spyware on their PCs80% had spyware on their PCs• Only 33% running a firewallOnly 33% running a firewall

Some Things You Must Do!Some Things You Must Do! Install and run antivirus softwareInstall and run antivirus software

• UVa: UVa: FreeFree Norton Antivirus! Norton Antivirus!• Get updated virus definitions weekly!Get updated virus definitions weekly!

Keep your PC updated Keep your PC updated • Windows: run Windows: run Windows UpdateWindows Update from from

Start MenuStart Menu• Weekly, even!Weekly, even!

Run anti-spyware softwareRun anti-spyware software• UVa: UVa: FreeFree SpySweeper! SpySweeper!• Non-UVa: decent free versions out thereNon-UVa: decent free versions out there

Two Sides of the IssueTwo Sides of the Issue

Technical DimensionTechnical Dimension• Better operating systems, browsersBetter operating systems, browsers• Better tools to detect, fix and stop malwareBetter tools to detect, fix and stop malware

Social DimensionSocial Dimension• Users too trusting, too gullible, too easily Users too trusting, too gullible, too easily

fooledfooled• Users engage in risky behaviorUsers engage in risky behavior• Users do not update SW, don’t use toolsUsers do not update SW, don’t use tools

Email AttachmentsEmail Attachments Definition: A computer file that is Definition: A computer file that is

transmitted with an e-mail messagetransmitted with an e-mail message• Convenient way to send files via e-mailConvenient way to send files via e-mail

What does the e-mail client do with What does the e-mail client do with them?them?• In the bad old days: Could only save itIn the bad old days: Could only save it• Now the attachment is “smart”Now the attachment is “smart”

Play sound when it arrivesPlay sound when it arrives Display image in the e-mailDisplay image in the e-mail Display the Web page that’s attached to a Display the Web page that’s attached to a

text e-mailtext e-mail

Dangers with AttachmentsDangers with Attachments Attackers take advantageAttackers take advantage

• An attachment seems safe (to you) but does An attachment seems safe (to you) but does something badsomething bad

• The “helper” programs have normally assumed The “helper” programs have normally assumed everyone has good intentionseveryone has good intentions

• Example: Word documents can contain Example: Word documents can contain macrosmacros

Small bits of programming embedded in the Small bits of programming embedded in the documentdocument

It’s possible to write a nasty macro that runs when It’s possible to write a nasty macro that runs when you open the documentyou open the document

E-mail spoofingE-mail spoofing promotes this problem promotes this problem• You trust things you wouldn’t normallyYou trust things you wouldn’t normally

E-mail spoofingE-mail spoofing You receive e-mail appearing to be You receive e-mail appearing to be

from one source…. But it's actually from one source…. But it's actually from another sourcefrom another source

What's the sender’s goal? To trick What's the sender’s goal? To trick you into:you into:• Sending secure info (password, account Sending secure info (password, account

number)number)• Running an attachmentRunning an attachment• Clicking on a link that runs a programClicking on a link that runs a program

What makes spoofing possible?What makes spoofing possible?

Life was simpler once upon a time…Life was simpler once upon a time…• Expensive and difficult to put a mail-server Expensive and difficult to put a mail-server

on the net (and have administrator on the net (and have administrator privileges on it)privileges on it)

• Managed by responsible admins: business, Managed by responsible admins: business, government, universitiesgovernment, universities

• Open standardsOpen standards Today:Today:

• Easy, cheap, well-understood by everyoneEasy, cheap, well-understood by everyone

PhishingPhishing A attempt to gain personal information for A attempt to gain personal information for

purposes of identity theft, etc.purposes of identity theft, etc. Faked e-mail messages appear to come Faked e-mail messages appear to come

from legitimate, official sourcefrom legitimate, official source Fool you into divulging personal data such Fool you into divulging personal data such

asas• account numbersaccount numbers• passwordspasswords• credit card numberscredit card numbers• Social Security numbersSocial Security numbers

No company will ever ask you for such No company will ever ask you for such info by e-mail.info by e-mail. If in doubt, call them or contact them If in doubt, call them or contact them directly (not by replying)directly (not by replying)

Phishing Phishing IllustratedIllustrated

Looks real!Looks real!• PayPal logoPayPal logo• Copyright noticeCopyright notice• Says account may have Says account may have

been accessed!been accessed! Says to click on linkSays to click on link

• Appears to be to PayPal Appears to be to PayPal sitesite

• That’s just the textThat’s just the text• Link opens page that Link opens page that

looks like PayPallooks like PayPal• Asks for account infoAsks for account info

Let’s Go Phish!Let’s Go Phish!

Another exampleAnother example• Received in January 2005Received in January 2005• Appears to be from “my” bankAppears to be from “my” bank

The EmailThe Email

Where The Link Takes MeWhere The Link Takes Me

The Real Bank’s PageThe Real Bank’s Page

They Want Info!They Want Info!

E-mail LessonsE-mail Lessons

Do not open attachments unless you Do not open attachments unless you know what they areknow what they are• Antivirus software checks attachments Antivirus software checks attachments

as you open them!as you open them! Suspect spoofingSuspect spoofing

• Look for anything odd in the messageLook for anything odd in the message• Double-check with senderDouble-check with sender

Phishing: don’t get caughtPhishing: don’t get caught• Be suspicious. Call the business.Be suspicious. Call the business.

CookiesCookies

Cookies are somewhat controversialCookies are somewhat controversial• Websites can used them for legitimate Websites can used them for legitimate

reasonsreasons• They can be used for the wrong reasonsThey can be used for the wrong reasons• In any case, they are a In any case, they are a fact of lifefact of life of web of web

browsingbrowsing Cookies allow a web-server to:Cookies allow a web-server to:

• Track your visits to the siteTrack your visits to the site• Learn and remember info about youLearn and remember info about you• Store info on your computerStore info on your computer

What Is a Cookie?What Is a Cookie? A small piece of information stored by A small piece of information stored by

your web-browser on your PC when your web-browser on your PC when you visit a siteyou visit a site

What’s stored:What’s stored:• A URL related to the site you visitedA URL related to the site you visited• A name/value pair (the information A name/value pair (the information

content)content)• (Optional) An expiration date(Optional) An expiration date

Why is it a “cookie”? Why is it a “cookie”? • An old CS term for a chunk of data used An old CS term for a chunk of data used

obscurelyobscurely

Reminder: Web Browser Reminder: Web Browser and Server Interactionand Server Interaction

User types URL or clicks linkUser types URL or clicks link Browser sends a get-page request for Browser sends a get-page request for

that URL to web-serverthat URL to web-server Web-server finds HTML file (and Web-server finds HTML file (and

related files)related files) Web-server sends these back to Web-server sends these back to

browserbrowser Browser processes HTML and displays Browser processes HTML and displays

pagepage

Cookies: Web-servers Store Cookies: Web-servers Store Some Info on your PCSome Info on your PC

When sending back a page, server also When sending back a page, server also sends a cookiesends a cookie

Your browser stores it on your PCYour browser stores it on your PC Later, you visit the same siteLater, you visit the same site

• You request a page there You request a page there andand your browser has your browser has earlier stored a cookie matching that URLearlier stored a cookie matching that URL

• Browser sends URL Browser sends URL andand cookie to web-server cookie to web-server• Web-server processes cookieWeb-server processes cookie

May return updated cookies with pageMay return updated cookies with page

Normally browsing the Normally browsing the web is "stateless"web is "stateless"

““Stateless” means “no memory”Stateless” means “no memory”• Request a page from a server; it sends itRequest a page from a server; it sends it• Later request a 2nd page; the server sends itLater request a 2nd page; the server sends it• The webserver doesn't remember anything The webserver doesn't remember anything

connecting these two requestsconnecting these two requests But, cookies preserve “state.” Server can But, cookies preserve “state.” Server can

connect an early visit with a later visit.connect an early visit with a later visit.• How? Cookie stored a numeric ID number for How? Cookie stored a numeric ID number for

youyou FYI, a server FYI, a server doesdoes “log” requests “log” requests

• what page, what IP address, when, browserwhat page, what IP address, when, browser• But this can’t identify you uniquelyBut this can’t identify you uniquely

Cookies Can Be BeneficialCookies Can Be Beneficial Shopping CartsShopping Carts

• Server creates a cart, stored on the serverServer creates a cart, stored on the server• You visit other pages, but a cookie lets the You visit other pages, but a cookie lets the

server know you’re the person who created server know you’re the person who created that cartthat cart

Other personalizationOther personalization• ““Welcome back, Jane Doe!”Welcome back, Jane Doe!”• ““Items you viewed recently are…”Items you viewed recently are…”

Recognizing legitimate users for a siteRecognizing legitimate users for a site• Register and log-in, but then a cookie means Register and log-in, but then a cookie means

you don’t have to log-in every timeyou don’t have to log-in every time

The Darker Side of CookiesThe Darker Side of Cookies

We assume anonymity on the web, We assume anonymity on the web, right?right?

Do you want someone knowing what Do you want someone knowing what pages you’ve visited?pages you’ve visited?• Cookies allow a website to track what you Cookies allow a website to track what you

visited on that sitevisited on that site• Are they keeping this private? Selling it?Are they keeping this private? Selling it?

Do you even know they’re tracking your Do you even know they’re tracking your visits?visits?

• What are your rights here?What are your rights here?

The Darker Side of The Darker Side of Cookies (2)Cookies (2)

Personalized ads (e.g. the company Personalized ads (e.g. the company DoubleClick)DoubleClick)• Advertising image on a page is really on Advertising image on a page is really on

another serveranother server• You click on the image on the ad-serverYou click on the image on the ad-server• It builds up a profile about you over timeIt builds up a profile about you over time• Deliver ads you want to seeDeliver ads you want to see

When used for authorization, are they When used for authorization, are they secure?secure?

You Have ControlYou Have Control

You can configure your browser to You can configure your browser to handle cookies as you wanthandle cookies as you want

Cookies: Should You Worry?Cookies: Should You Worry? Hard to say…Hard to say…

• Some are quite useful. They allow e-Some are quite useful. They allow e-commerce!commerce!

• Some are sneakySome are sneaky Some anti-spyware tools remove Some anti-spyware tools remove

undesirable cookies (some remove undesirable cookies (some remove harmless ones)harmless ones)

Where We Are in the LectureWhere We Are in the Lecture

Email issuesEmail issues• attachments and email-spoofingattachments and email-spoofing• phishingphishing

CookiesCookies Web-bugsWeb-bugs Viruses in emailViruses in email Spyware (including browser hijacks)Spyware (including browser hijacks)

What’s a Web Bug?What’s a Web Bug? A graphic image on a Web page or in an Email A graphic image on a Web page or in an Email

messagemessage A link to an external site, not an image A link to an external site, not an image

embedded in your messageembedded in your message Designed to monitor who is reading the Web Designed to monitor who is reading the Web

page or Email messagepage or Email message May be invisible (size 1 pixel by 1 pixel) or notMay be invisible (size 1 pixel by 1 pixel) or not Sometimes knowns as a "clear GIFs", "1-by-1 Sometimes knowns as a "clear GIFs", "1-by-1

GIFs" or "invisible GIFs“GIFs" or "invisible GIFs“ (More info: (More info: http://http://

www.eff.org/Privacy/Marketing/web_bug.htmlwww.eff.org/Privacy/Marketing/web_bug.html))

http://www.eff.org/Privacy/Marketing/web_bug.html

http://www.eff.org/Privacy/Marketing/web_bug.html

How’s This Work?How’s This Work?

Web bug: on some other serverWeb bug: on some other server Remember: when a server delivers a Remember: when a server delivers a

HTML file or an image file, it logs thisHTML file or an image file, it logs this• A page or an email can have an image A page or an email can have an image

that’s stored on some external sitethat’s stored on some external site• Thus the server there logs delivery of Thus the server there logs delivery of

that image (even if it’s invisible to you)that image (even if it’s invisible to you)

Examples (in HTML)Examples (in HTML)

<img <img src="http://ad.doubleclick.net/ad/pixel.qusrc="http://ad.doubleclick.net/ad/pixel.quicken/NEW" width=1 height=1 icken/NEW" width=1 height=1 border=0>border=0>

<img width='1' height='1' <img width='1' height='1' src="http://www.m0.net/m/logopen02.assrc="http://www.m0.net/m/logopen02.asp? p? vid=3&catid=370153037&email=SMITHSvid=3&catid=370153037&email=SMITHS%40tiac.net" alt=" "> %40tiac.net" alt=" ">

What Info Can Be Gathered?What Info Can Be Gathered?

Again, the server where the bug lives will Again, the server where the bug lives will log:log:• The IP address of your computer The IP address of your computer • The URL of the page that the Web Bug is located The URL of the page that the Web Bug is located

onon• The URL of the Web Bug imageThe URL of the Web Bug image• The time the Web Bug was viewedThe time the Web Bug was viewed• The type of browser that fetched the Web Bug The type of browser that fetched the Web Bug

imageimage Also possible: Info from any cookie that's Also possible: Info from any cookie that's

on your machineon your machine

Web Bugs on a Web PageWeb Bugs on a Web Page

Using personal info in a cookie, ad Using personal info in a cookie, ad companies can track what pages you companies can track what pages you view over timeview over time• Stores this info in a databaseStores this info in a database• Later used to target specific banners ads Later used to target specific banners ads

for youfor you

How many people view a websiteHow many people view a website

Web Bugs Used in an EmailWeb Bugs Used in an Email

Tells if and when a message was readTells if and when a message was read Links email address with the IP address of Links email address with the IP address of

machine you read mail onmachine you read mail on Within an organization, can tell how often Within an organization, can tell how often

a message is forwarded and reada message is forwarded and read In spam:In spam:

• How many users have seen the spam messageHow many users have seen the spam message• Allows spammers to detect valid email Allows spammers to detect valid email

addressesaddresses

Web Bugs: Legal, Ethical?Web Bugs: Legal, Ethical?

Controversial! Attempt to monitor Controversial! Attempt to monitor you without your knowledgeyou without your knowledge

Legal? Not clearly illegalLegal? Not clearly illegal They They areare used on the websites of used on the websites of

legitimate companieslegitimate companies Privacy policies for websites Privacy policies for websites

generally don't mention thesegenerally don't mention these

Web Bugs: What can you Web Bugs: What can you do?do?

You can't easily identify web bugsYou can't easily identify web bugs New email clients (e.g. Mozilla New email clients (e.g. Mozilla

Thunderbird) do not display images in Thunderbird) do not display images in email that are links to files on external email that are links to files on external sites (see next slide)sites (see next slide)• (Images embedded as part of email (Images embedded as part of email

message are OK)message are OK)• You can click "Show Images" buttonYou can click "Show Images" button• Also nice not to see some images in spamAlso nice not to see some images in spam

Helps to disable and delete cookiesHelps to disable and delete cookies

An Email Client Blocks Remote An Email Client Blocks Remote ImagesImages

AnonymityAnonymity

Are you really anonymous surfing the Are you really anonymous surfing the web?web?• Someone (corporations and whoever buys Someone (corporations and whoever buys

their data) is collecting info on your their data) is collecting info on your browsingbrowsing

Do we want:Do we want:• Tools to “protect” us from this?Tools to “protect” us from this?• Laws against it?Laws against it?• Laws that disclose it’s being done and how Laws that disclose it’s being done and how

the info is used?the info is used?• Users to be aware it’s going on? (Yes!)Users to be aware it’s going on? (Yes!)



CookiesCookies Web-bugsWeb-bugs Viruses in emailViruses in email Spyware (including browser hijacks)Spyware (including browser hijacks)

Anatomy of a virusAnatomy of a virus

How you can be infectedHow you can be infected• By just reading email when…By just reading email when…

you do not keep your software updated!you do not keep your software updated!

Links in E-mailLinks in E-mail

The “data format” of Web pages is HTMLThe “data format” of Web pages is HTML• Controls the formatting of a Web pageControls the formatting of a Web page• Also supports hyperlinks to other pagesAlso supports hyperlinks to other pages• It’s nice when e-mail has this format, right?It’s nice when e-mail has this format, right?

A danger:A danger:• Some links can cause a program to run.Some links can cause a program to run.• Some download files that run on your system.Some download files that run on your system.

An attacker can disguise a link so it looks An attacker can disguise a link so it looks harmless (but…)harmless (but…)

Virus through a Link in an Virus through a Link in an EmailEmail

Link Link seemsseems to be to CS dept. (www.cs.virginia.edu) to be to CS dept. (www.cs.virginia.edu) That’s the That’s the texttext of the link of the link

• It links to someplace elseIt links to someplace else• An attachment that is disguised so it doesn’t appearAn attachment that is disguised so it doesn’t appear• The small box is the only clueThe small box is the only clue

How Can This Virus Get How Can This Virus Get Triggered?Triggered?

Click the link, and it tries to display the Click the link, and it tries to display the hidden attachmenthidden attachment• Only in someOnly in some email clients, i.e. older email clients, i.e. older

versions of Outlookversions of Outlook• Note: This vulnerability has been known!Note: This vulnerability has been known!

Patches available through Windows Update!Patches available through Windows Update! Click and… Congratulations!Click and… Congratulations!

• You’re now infected with a version of the You’re now infected with a version of the Netsky virus!Netsky virus!

What’s Netsky Do?What’s Netsky Do? A mass-mailing worm A mass-mailing worm

• Harvests email addresses from files on your PCHarvests email addresses from files on your PC• Comes with its own mail-server componentComes with its own mail-server component• Now a server on your machine that uses the SMTP Now a server on your machine that uses the SMTP

protocol to send copies of the virus directly to protocol to send copies of the virus directly to others!others!

You’re infected You’re infected andand contagious contagious• You’ll be very popular with your friends and other You’ll be very popular with your friends and other

email contacts!email contacts!• But they should have been running antivirus But they should have been running antivirus

software, and should have kept their systems software, and should have kept their systems updated.updated.

• (Like you should have been.)(Like you should have been.)

LessonsLessons

Use Windows Update to keep your system Use Windows Update to keep your system updatedupdated• AKA keep it “patched”AKA keep it “patched”

You might consider using software that is You might consider using software that is not the major target of virus writersnot the major target of virus writers• Other operating systems (Mac OS, Linux)Other operating systems (Mac OS, Linux)• Other email clients, other browsersOther email clients, other browsers

And And definitelydefinitely install and run anti-virus install and run anti-virus software (next slide)software (next slide)

SolutionsSolutions Antivirus SoftwareAntivirus Software

• Can scan your system: find and remove Can scan your system: find and remove problemsproblems

• Usually only viruses. Sometimes spyware too.Usually only viruses. Sometimes spyware too.• Also, most have Also, most have real-timereal-time protection protection

Checks e-mail as your read it, as you send itChecks e-mail as your read it, as you send it Checks files as you download themChecks files as you download them

• Note: Free for UVa users (see later slide)Note: Free for UVa users (see later slide) Important: run “update” on these to get Important: run “update” on these to get

updated virus definitionsupdated virus definitions



CookiesCookies Web-bugsWeb-bugs Viruses in emailViruses in email Spyware (including Spyware (including

browser hijacks)browser hijacks)

Browser HijackBrowser Hijack

An extremely nasty adwareAn extremely nasty adware Resets homepage to a particular siteResets homepage to a particular site

• Ads, porn – something you don’t wantAds, porn – something you don’t want• Any change you make doesn’t affect itAny change you make doesn’t affect it

Software running on your machineSoftware running on your machine• Does the usual adware/spyware stuffDoes the usual adware/spyware stuff• Also changes your browser settingsAlso changes your browser settings• Runs when system starts – changes the Runs when system starts – changes the

settings backsettings back

Spyware is a Common Spyware is a Common Problem!Problem!

Recall earlier study of users:Recall earlier study of users:

80% had spyware on their PCs80% had spyware on their PCs

(What about you?)(What about you?)

SolutionsSolutions Anti-spyware softwareAnti-spyware software

• Scans your system, removes problemsScans your system, removes problems• Some have real-time protection, most don’t.Some have real-time protection, most don’t.

Important (again): run “update” on these Important (again): run “update” on these to get most recent spyware definitionsto get most recent spyware definitions

Another option: Security Suites ($60-$70)Another option: Security Suites ($60-$70)• Include antivirus, maybe anti-spyware softwareInclude antivirus, maybe anti-spyware software• Also includes a firewall (explained later)Also includes a firewall (explained later)• May include spam filtering, parental controlMay include spam filtering, parental control

Getting Software at UVaGetting Software at UVa

ITC Downloads: ITC Downloads: http://www.itc.virginia.eduhttp://www.itc.virginia.edu• Norton AntivirusNorton Antivirus• SpySweeper (up to 3 machines)SpySweeper (up to 3 machines)• Free for UVa users!Free for UVa users!

This is a This is a wonderfulwonderful deal for students and deal for students and staff.staff.

Don’t be foolish! Please go install these! Don’t be foolish! Please go install these! • And keep things updated. Practice good habits.And keep things updated. Practice good habits.

http://www.itc.virginia.edu/

Anti-Virus SW For Your Anti-Virus SW For Your Non-UVa FriendsNon-UVa Friends

Free anti-virus software through websitesFree anti-virus software through websites• http://http://housecall.trendmicro.comhousecall.trendmicro.com//• http://http://www.pandasoftware.com/activescanwww.pandasoftware.com/activescan//• These two reviewed recommended by reliable These two reviewed recommended by reliable

magazinesmagazines These run their program on your PC from These run their program on your PC from

their websitetheir website• Scans your system and identifies problemScans your system and identifies problem

Does not include real-time protectionDoes not include real-time protection

http://housecall.trendmicro.com/



http://www.pandasoftware.com/activescan/



Anti-Spyware SW For Your Anti-Spyware SW For Your Non-UVa FriendsNon-UVa Friends

Good Good freefree utilities to find and remove utilities to find and remove spywarespyware• Lavasoft Adware: Lavasoft Adware: http://http://www.lavasoftusa.comwww.lavasoftusa.com//• Spybot Search & Destroy:Spybot Search & Destroy:

http://http://www.spybot.infowww.spybot.info Download, install, and run periodicallyDownload, install, and run periodically Updates:Updates:

• Must get updates of definitions for Antivirus Must get updates of definitions for Antivirus and spyware removal toolsand spyware removal tools

• Often free: use update facility in the toolOften free: use update facility in the tool

http://www.lavasoftusa.com/



http://www.spybot.info/

http://www.spybot.info/

SpySweeper in ActionSpySweeper in Action

Scanning Your PCScanning Your PC

Removing What It FoundRemoving What It Found

The ResultsThe Results

Everything That Looks Like Everything That Looks Like Spyware Removal Is Spyware Removal Is NotNot

Spyware RemovalSpyware Removal

•Email arrives with animated GIF file.

• Click on OK – you’re really clicking on the web-link associated with that image. Uh oh.

Final WordsFinal Words Cookies and web bugs raise privacy Cookies and web bugs raise privacy

issuesissues Malware: it’s a nasty world out there!Malware: it’s a nasty world out there!

Protect yourself with:Protect yourself with:• UnderstandingUnderstanding• Tools (anti-virus SW, anti-spyware SW)Tools (anti-virus SW, anti-spyware SW)

Practice good habits:Practice good habits:• Be suspicious and cautiousBe suspicious and cautious• Install, run, and update toolsInstall, run, and update tools• Keep your operating system updatedKeep your operating system updated

Security and Protection CS 110 Fall 2005. Security Risks More data is being stored than ever before...

Documents

Transcript of Security and Protection CS 110 Fall 2005. Security Risks More data is being stored than ever before...