PROTECTING YOUR PC

Threats and precautions

11 MOST COMMON COMPUTER SECURITY

THREATS

11.

Viruses
Spam/Spim/Spit
Spoofing, phishing and pharming
Spyware
Keystroke loggers
Adware
Botnet
Worms
Trojan horse
Blended threats
Denial-of-service

http://www.symantec-norton.com/11-most-common-computer-security-threats_k13.aspx

1.
2.
3.
4.
5.
6.
7.

8.
9.
10.

1. VIRUSES

A virus is a piece of software that can replicate itself and infect a computer without the permission or knowledge
of the user. A virus can only spread when it is transmitted by a user over a network or the Internet, or through
removable media such as CDs or memory sticks. Viruses are sometimes confused with worms and Trojan
horses, or used incorrectly to refer to malware.

Danger level: High

Prevalence: Extremely High
Worst case damage:

Some viruses delete files, reformat the hard disk or cause other damage. Others only replicate themselves and
may present text, video, or audio messages. While they are not designed to do damage, even these viruses take
up memory and may cause erratic behavior, system crashes and loss of data.

Prevention, detection and removal:

Antivirus software detects and eliminates known viruses. The two most common methods used to detect viruses
are:

Using a list of virus signature definitions: the antivirus software examines files stored in memory or on fixed or
removable drives and compares them against a database of known virus signatures e.g. source code patterns.
This protection is only effective against known viruses and users must keep their signature files up-to-date in
order to be protected.
Using a heuristic algorithm to detect viruses based on behavioral patterns: the advantage of this method is
that it can detect viruses that were not previously known or for which a signature does not yet exist.
Apart from directly detecting and removing viruses, users can minimize damage by making regular backups of
data and the operating system on different media. These backups should be kept disconnected from the system
(most of the time), be read-only or not be accessible for other reasons (for instance because they use different file
systems).
To restore a system that has been infected by a virus, Windows XP and Windows Vista provide a tool known as
System Restore. This tool restores the registry and critical system files to a previous checkpoint (point in time).

2. SPAM/SPIM/SPIT

SPAM is electronic junk email. The amount of spam has now reached 90 billion messages a day. Email
addresses are collected from chat rooms, websites, newsgroups and by Trojans which harvest users address
books.

SPIM is spam sent via instant messaging systems such as Yahoo! Messenger, MSN Messenger and ICQ.

SPIT is Spam over Internet Telephony. These are unwanted, automatically-dialed, pre-recorded phone calls
using Voice over Internet Protocol (VoIP).

Danger level: Low

Prevalence: Extremely High

Worst case damage:

Spam can clog a personal mailbox, overload mail servers and impact network performance. On the other hand,
efforts to control spam such as by using spam filters run the risk of filtering out legitimate email messages.
Perhaps the real danger of spam is not so much in being a recipient of it as inadvertently becoming a transmitter
of it. Spammers frequently take control of computers and use them to distribute spam, perhaps the use of a
botnet. Once a users computer is compromised, their personal information may also be illegally acquired.

Prevention, detection and removal:

ISPs attempt to choke the flood of spam by examining the information being sent and traffic patterns. User
systems may use spam filters to screen out email messages with suspect titles or from suspect persons, as well
email messages from blocked senders.

3. SPOOFING, PHISHING AND PHARMING

Spoofing is an attack in which a person or program masquerades as another. A common tactic is to spoof a URL or website
(see phishing).

Phishing (pronounced fishing) is a common form of spoofing in which a phony web page is produced that looks just like a
legitimate web page. The phony page is on a server under the control of the attacker. Criminals try to trick users into thinking
that they are connected to a trusted site, and then harvest user names, passwords, credit card details and other sensitive
information. eBay, PayPal and online banks are common targets. Phishing is typically carried out by email or instant
messaging. The email message claims to be from a legitimate source but when the user clicks on the link provided, he or she
lands on the fake web page.

Pharming (pronounced farming) is an attack in which a hacker attempts to redirect a website's traffic to another, bogus
website. Pharming can be conducted either by changing the hosts file on a victims computer or by exploitation of a
vulnerability in DNS server software. DNS servers are computers responsible for resolving Internet names into their real IP
addresses the servers are the signposts of the Internet.

Danger level: High

Prevalence: Extremely High

Worst case damage:

Once personal information is acquired, spoofers, phishers or pharmers may use a persons details to make transactions or
create fake accounts in a victims name. They can ruin the victims credit rating or even deny the victims access to their own
accounts.

Prevention, detection and removal:

As spoofing, phishing, and to a lesser extent, pharming, rely on tricking users rather than advanced technology, the best way
to handle these threats is through vigilance. Dont open emails from unknown sources or click on links embedded in suspect
messages. Check the security guidelines of websites such as PayPal so that you can distinguish between legitimate and
bogus emails. Also, rather than clicking on the link embedded in an email, you can type the general link in your web browser
(e.g.http://www.paypal.com).

4. SPYWARE

Spyware is software that is secretly installed on a computer without the users consent. It monitors user activity or
interferes with user control over a personal computer.

Danger level: High

Prevalence: High

Worst case damage:

Spyware programs can collect various types of personal information, such as websites visited, credit card details,
usernames or passwords, as well as install other malware, redirect web browsers to malicious websites, divert
advertising revenue to a third party or change computer settings (often leading to degraded or unstable system
performance, slow connection speeds or different home pages).

Prevention, detection and removal: Anti-spyware programs can combat spyware in two ways:

1
Real-time protection: these programs work just like anti-virus software. They scan all incoming network
traffic for spyware software and block any threats that are detected.

2
Detection and removal: users schedule daily, weekly, or monthly scans of their computer to detect and
remove any spyware software that has been installed. These antispyware programs scan the contents of the
Windows registry, operating system files, and programs installed on your computer. They then provide a list of
threats found, allowing the user to choose what to delete and what to keep.

Some popular antispyware programs are Spybot - Search & Destroy, PC Tools Spyware Doctor, as well as
commercial offerings from Symantec, McAfee, and Zone Alarm.

5. KEYSTROKE LOGGING (KEYLOGGING)

A keylogger is a software program that is installed on a computer, often by a Trojan horse or virus. Keyloggers
capture and record user keystrokes. The data captured is then transmitted to a remote computer.

Danger level: High

Prevalence: High

Worst case damage:

While keyloggers will not damage your computer system per se, because they can capture passwords, credit
card numbers and other sensitive data, they should be regarded as a serious threat.
Prevention, detection and removal:
Currently there is no easy way to prevent keylogging. For the time being, therefore, the best strategy is to use
common sense and a combination of several methods:
Monitoring which programs are running: a user should constantly be aware of which programs are installed on
his or her machine.

Antispyware: antispyware applications are able to detect many keyloggers and remove them.
Firewall: enabling a firewall does not stop keyloggers per se, but it may prevent transmission of the logged
material, if properly configured.
Network monitors: also known as reverse-firewalls, network monitors can be used to alert the user whenever an
application attempts to make a network connection. The user may then be able to prevent the keylogger from
transmitting the logged data.
Anti-keylogging software:keylogger detection software packages use signatures from a list of all known
keyloggers to identify and remove them. Other detection software doesnt use a signature list, but instead
analyzes the working methods of modules in the PC, and blocks suspected keylogging software. A drawback of
the latter approach is that legitimate, non-keylogging software may also be blocked. : some k

6. ADWARE

Adware is software which automatically plays, displays, or downloads advertisements to a computer. The adware
runs either after a software program has been installed on a computer or while the application is being used. In
some cases, adware is accepted by users in exchange for using software free-of-charge. Not all adware is
innocuous, however. Some types of adware are also spyware and therefore a threat to privacy.

Danger level: Low

Prevalence: High

Worst case damage:

Adware is relatively harmless unless it is spyware (see spyware). It can, however, cause degradation in system
performance.

Prevention, detection and removal:

As adware is also often spyware or malware, programs have been developed to detect, quarantine, and remove
both spyware and adware. Ad-Aware and Spybot - Search & Destroy are two commonly used programs. These
programs are specifically designed for spyware detection and therefore do not detect viruses, although some
commercial antivirus software packages can also detect adware and spyware, or offer a separate spyware
detection module.

7. BOTNET

A Botnet (also called a zombie army) is a collection of software robots, or bots, that run automated tasks over
the Internet. The term botnet is generally used to refer to a distributed network of compromised computers
(called zombie computers). These zombies typically run programs such as worms, Trojan horses, or
backdoors. Botnets are frequently used to launch Distributed Denial-of-Service (DDoS) attacks against websites.
Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak
passwords.
Experts estimate that as many as one in four personal computers connected to the Internet has become part of a
botnet. Several botnets have been found and removed from the Internet such as a 1.5-million node botnet
recently discovered by the Dutch police.

Danger level: High

Prevalence: High

Worst case damage:

In the first place, botnets steal computing resources and the individual users system performance may degrade
as a result. More serious consequences may be caused, however, by the programs that run on botnets (see
respective entries for worm and Trojan horse).

Prevention, detection and removal:

Detection focuses on either the computer itself or the network. Both approaches use trial and error to try to
identify bot behavior patterns. Network-based approaches then shutdown servers or re-direct DNS entries.
Security companies such as Symantec,Trend Micro, FireEye, Simplicita and Damballa offer products to stop
botnets. With the exception of Norton Antibot (formerly Sana Security), most focus on protecting enterprises
and/or ISPs rather than the systems of individual users.

8. WORMS

A computer worm is a self-replicating, malicious software program. Unlike a virus, it does not need to attach
itself to an existing program or require user intervention to spread. It uses a network to send copies of itself to
other computers on the network.

Danger level: Very High

Prevalence: Moderate

Worst case damage:

Worms can cause two types of damage:

Damage to the network: by their replicating behavior, worms consume bandwidth and can cause degraded
network performance.
Payload: worms also deliver payloads such as backdoors that allow hackers to gain control of the infected
computer and turn it into a zombie. That computer may then become part of a botnet used to send spam or
launch Distributed Denial-of-Service (DDoS) attacks (often coupled with blackmail attempts).
Prevention, detection and removal:
Since worms spread by exploiting vulnerabilities in operating systems, computers should be kept current with the
latest security updates or patches from operating system vendors.
To prevent infection, users need to be wary of opening unexpected emails and should not run attached files or
programs, or visit websites that are linked to such emails. Users should be constantly on guard against phishing.
Antivirus and antispyware software, if kept up-to-date, are also helpful, as is the use of a firewall.

9. TROJAN HORSE

A Trojan horse or Trojan is a piece of software which like the Trojan Horse of Greek mythology conceals a
payload (often malicious) while appearing to perform a legitimate action. Trojan horses often install backdoor
programs which allow hackers a secret way into a computer system.

Danger level: Very High

Prevalence: Moderate

Worst case damage:

Trojans horses can deliver a variety of payloads and therefore have the potential to cause significant damage.
Example payloads include:

Erasing or overwriting data on a computer

Corrupting files

Allowing remote access to the victim's computer

Installing other malicious programs such as viruses

Adding the victims computer to a network of zombie computers in order to launch Distributed Denial-ofService (DDoS) attacks or send spam.

Logging keystrokes to steal information such as passwords and credit card numbers

Harvesting email addresses and using them for spam

Deactivating or interfering with antivirus and firewall programs

Prevention, detection and removal:

Normally, antivirus software is able to detect and remove Trojan horses automatically. They may also be deleted
by clearing the temporary Internet files on a computer, or by finding the offending file and deleting it manually (in
safe mode).

10. BLENDED THREAT

A blended threat is a threat that combines different malicious components, such as a worm, a Trojan horse and
a virus. In this way, a blended threat uses multiple techniques to attack and propagate itself.

Danger level: Extremely high

Prevalence: Medium

Worst case damage:

See respective entries for worm, Trojan horse and virus.

Prevention, detection and removal:

See respective entries for worm, Trojan horse and virus.

11. DENIAL-OF-SERVICE ATTACK

Description:
As its name implies, a Denial-of-Service or DoS attack is an attempt to make a computer resource such as a
website or web service unavailable to users. One of the most common methods of attack involves saturating the
target (victim) machine with external communications requests. The machine then cannot respond to legitimate
traffic or responds so slowly as to be rendered effectively unavailable. Attacks are often launched by networks of
zombie computers or botnets. These are known as Distributed Denial-of-Service or DDoS attacks.
Although simple, DoS attacks can be highly effective. DoS attacks (reputedly by Russian hackers) against
websites of government ministries, the press and banks disrupted Internet communications for several days in
2007 throughout the Baltic nation of Estonia.

Danger level: High

Prevalence: Low
Worst case damage:
DoS attacks typically target large businesses or government institutions rather than individuals or small
businesses. Nonetheless, they can make a website or web service temporarily unavailable (for minutes, hours or
days), with ramifications for sales or customer service. Moreover, DoS attacks on private companies are
sometimes coupled with blackmail attempts.

PROTECTION
Best practices
Antivirus/Antispyware
Firewalls

BEST PRACTICES
Updated software (patching)
Safe browsing (scamadviser.com,
https://www.mywot.com/ (tiene cuadro de bsqueda
en cualquier pgina excepto la principal))
Passwords (https://www.microsoft.com/security/pcsecurity/password-checker.aspx). Password
managers.

419 (aka Nigerian) scams

UPDATED SOFTWARE

OS PATCHING

Keeping your operating system up to date is extremely important as

a large amount of the updates are security related and not simply
bug fixes.

Windows XP/Vista/7 should be set to automatically update. If not, go

to Start > Control Panel to enable automatic updates. You can
activate a manual update as well by going to Start > Windows
Update.

Mac OSX should be set to automatically update. If not, go to the

Apple Menu > System Preferences > Software Update to configure
this. You can also activate a manual update by going to the Apple
Menu -> Software Update.

https://it.uoregon.edu/node/2020

APPLICATION PATCHING

Remember to update any software that uses an internet connection:

Java Runtime Environment (JRE), Adobe Flash, and Adobe Reader
are among the most common applications that fit into this category.
Regular updating of software is just as critical as regular updating of
your operating system.
Many of these applications can easily be checked to see if they
have updates by going to http://www.mozilla.com/enUS/plugincheck/

Many software packages have their own auto-update

features. Keeping this setting enabled is the easiest way to ensure
your software is always up to date.

SAFE BROWSING

SAFE BROWSING

Use pop-up blockers. Not only will they greatly reduce the amount of ads you encounter but they can
help prevent many javascript exploits and vulnerabilities from infecting your machine. IE (only 7&8),
Firefox, and Chrome all have built-in pop-up blockers.

Also blocking content such as flash objects, java-script, and ads can help protect the user from other
attacks on malicious sites. You can get plug-ins for some browsers that will support blocking some of
these objects. You can then easily add sites to a white-list which will allow those sites to display and run
objects such as ads, java-script, and flash.

Don't click web links given to you in an e-mail or Instant Message conversation by someone you don't
know.

Be wary of any links sent via social network websites (such as facebook, myspace, twitter) as scams
and trojans are very popular on these sites. You also need to be wary of anything sent from a friend: if
their account is compromised, they may be aiding in spreading malware without even knowing it.

Don't EVER send your username/password to any account in any e-mail message. This is not secure.
Any legitimate organization will have a much more secure solution to dealing with accounts.

A useful tool to help you identify a malicious web-site is called Web Of Trust. This tool collects notes and
ratings by other users and displays it as an icon that turns green, yellow, or red depending on how safe
the web-site has been rated. Clicking on the icon will provide you more information such as
what category the site failed at (Trustworthiness, Vendor Reliability, Privacy, and Child Safety). Because
this service relies on other users to have already rated a site not all sites will have a rating attached.
Also due to the ratings given by other users (even you can give sites ratings if you sign-up) in the end
you will have to use your own judgement on whether or not to trust the ratings, but the majority of the
time these ratings are reliable.

PASSWORD PRACTICES

PASSWORD SECURITY

http://www.symantec.com/connect/articles/simplest-security-guide-better-password-practices

No Dictionary Words, Proper Nouns, or Foreign Words

No personal information

Length, Width and Depth

A strong, effective password requires a necessary degree of complexity. Three factors can help users to develop this complexity: length,
width & depth. Length means that the longer a password, the more difficult it is to crack. Simply put, longer is better. Probability dictates
that the longer a password the more difficult it will be to crack. It is generally recommended that passwords be between six and nine
characters. Greater length is acceptable, as long as the operating system allows for it and the user can remember the password. However,
shorter passwords should be avoided.
Width is a way of describing the different types of characters that are used. Dont just consider the alphabet. There are also numbers and
special characters like %, and in most operating systems, upper and lower case letters are also known as different characters. Windows,
for example, is not always case sensitive. (This means it doesnt know the difference between A and a.) Some operating systems allow
control characters, alt characters, and spaces to be used in passwords. As a general rule the following character sets should all be
included in every password:

uppercase letters such as A, B, C;

lowercase letters such as a, b,c;

numerals such as 1, 2, 3;

special characters such as $, ?, &; and

alt characters such as , ,

Depth refers to choosing a password with a challenging meaning something not easily guessable. Stop thinking in terms of
passwords and start thinking in terms of phrases. A good password is easy to remember, but hard to guess. (Armstrong) The purpose of
a mnemonic phrase is to allow the creation of a complex password that will not need to be written down. Examples of a mnemonic phrase
may include a phrase spelled phonetically, such as ImuKat! (instead of Im a cat!) or the first letters of a memorable phrase such as
qbfjold* = quick brown fox jumped over lazy dog.

What may be most effective is for users to choose a phrase that is has personal meaning (for easy recollection), to take the initials of each
of the words in that phrase, and to convert some of those letters into other characters (substituting the number 3 for the letter e is a
common example).

PASSWORD SECURITY (CONT.)

Extra Protection

All of the good password cracking programs include foreign words, backwards words, etc. And the easiest way to steal
a password is by asking for it, so its simpler to never give it away.

In some cases, a good password is enough protection to keep out intruders. In others, its just a start. Encryption and
one-time passwords add extra protection to systems. Encryption means garbling the password to protect from sniffers
or other onlookers, through a particular scheme that can be deciphered from the other end of the connection. One-time
passwords (S/key is the most commonly used) are just that. They can be used only once. This requires carrying a list
of passwords or having a special password calculator or SecureCard, but can be a very reliable method of password
security.

There are also certain behaviors that users should practice in order to maximize the effectiveness of their passwords.
Users should avoid using the same password on multiple accounts. Doing this creates a single point of failure, which
means that if an intruder gains access to one account, he or she will have access to all of the users accounts. Users
should never disclose their passwords to anybody unless they know them to be authorized (i.e., systems
administrators). Even then, passwords should only be disclosed in person (not over the phone or by e-mail) to a
known, trusted source.

Users should exercise extreme caution when writing down or storing passwords. Stories of hackers obtaining
passwords through shoulder-surfing and dumpster diving are not urban myths, they are real. Users should resist the
temptation to write down passwords on Post-It notes stuck to their monitors or hidden under their keyboards. Instead,
they should choose passwords that they will be able to remember not an easy task given the complexity required of
strong, effective passwords.

There are always extraneous circumstances where we must write down passwords. This is not recommended, but if it
must be done, it should be done with forethought, not haphazardly. The extreme example of too many passwords is
contract system administrators, who have multiple clients and machines. For these people, the only advice is to write
down the phrases or some sort of related thought to jog your memory and put it on a piece of paper carried on your
person. Maybe photocopy that and leave that stored in a safe place at home. Never put it on a Post-It. Never store it
online. An obscured hint might be okay, but never the actual password or even an encrypted version.

USING MULTIPLE PASSWORDS

Some ways to keep track of multiple passwords:

Memorize them all. Some people with good memories can create multiple passwords
with a single theme or follow some other strategy that helps them remember all their
passwords.

Write them down and store them in a secure place. Do not leave them where others
can see them or find them. Keep them locked up if at all possible. Store them as you
would any other valuable item. Do not store them in a document on your computer unless
you have encrypted the file.

Use password management software. Password management software lets you store
multiple passwords in encrypted form so you don't have to remember them. You can
access all your passwords using one master password. Examples of password
management software include:
KeePass Password Safe. Free, open source password manager with versions for
multiple operating systems.
LastPass. Free password manager with versions for multiple operating systems.
Premium for-fee version available.
Password Safe. Free open source password manager for Windows and Linux.

ANTIVIRUSES

RESIDENT ANTIVIRUS

Resident AntiVirus
First and foremost, all Windows machines need to have
some sort of active antivirus software which runs at all
times. For the UO, the default choice is McAfee but here
are some free alternatives that we can recommend:
Microsoft Security
Essentials: http://www.microsoft.com/Security_Essentials/
Avast Antivirus: http://www.avast.com/en-au/free-antivirusdownload
Avira AntiVir Personal Edition: http://www.avira.com/en/avirafree-antivirus
AVG Anti-Virus Free Edition: http://free.avg.com/usen/download-free-antivirus

ONLINE TOOLS

F-Secure Online Scanner: http://www.f-secure.com/en_EMEA/security/tools/online-scanner/

F-secure offers a similar online browser-based virus scan as well, however it is a more general sweep
for malware/spyware on your system. Simply accept to the agreement and click "Run Check." It does
not check for out-of-date software.
Hijack this: http://hijackthis.de/

While not entirely browser-based, hijack this is quite effective. First you'll need to download their
scanner and install it. After running the scanner it will output a text file--simply copy and paste
the entire contents of this text file into the textbox on the front page of hijackthis.de and it will
give you a readout of every single entry and its known threat or vulnerability.
Firefox Plugin Check: http://www.mozilla.com/en-US/plugincheck/

Firefox plugins can be very useful, but they may also introduce vulnerabilities. This web-based
tool from mozilla scans all your plugins at once to make sure they are up to date, and it works
on both OS X and Windows.
Threat Expert: http://threatexpert.com/

Threat Expert has a good database of information about malware, as well as some
tools. Information such as different strains of malware, where they come from, which strains
are related, and how they can affect your machine. In addition, you can scan individual files that
you may suspect to be infected, and it can give you a detailed report (if its infected) that might
help you identify what happened.
Virus Total: http://www.virustotal.com/

Similar to Threat Expert in that its geared towards scanning individual files. Also, if you go to the
"Statistics" page, you can get an idea of the most common infections that have been recently
scanned.

DOWNLOADABLE TOOLS

Malware-Bytes Anti-Malware: http://www.malwarebytes.org/

Malware-Bytes is one of if not the best all-purpose malware and
spyware remover tool. Click "Download Free Version" from the
main page to get it. As with all anti-virus scanning software, it is
only going to be truly effective if 1) the virus definitions are up to
date, and 2) the computer is running in safe mode. So make sure
to update before each scan, and to boot to safe mode.

Safe mode can be accessed by pressing F8 when the computer starts up

Spybot Search & Destroy: http://www.safernetworking.org/index2.html

Spybot is targeted towards adware and spyware specifically;
things that compromise the security of internet use. It scans your
system files, registry, active RAM, and browser specific things
such as cookies and ActiveX objects. While not as good of a jackof-all-trades like malware-bytes, spybot specializes in browser
infections.

FIREWALLS

FIREWALL

What is a firewall?

Firewalls are an important part of the security infrastructure. A firewall is a barrier that
keeps the bad guys out of a network or computer. A firewall follows a set of rules to filter
the information entering and exiting a network, or computer, allowing or denying access
to each specific request. Like the physical wall that is used to keep destructive fires from
spreading from one area to the next, an electronic firewall keeps unauthorized users like
hackers from spreading their destructive material onto your network or computer.

Why are firewalls used?

Firewalls are used to keep a network or computer secure. A firewall does this by carefully
inspecting each piece of information passing into and out of the network, filtering it based
on a specific set of rules. These rules tell the firewall whether to reject or approve access
to the network or computer, keeping out unauthorized users who may want to corrupt the
information stored behind the firewall.

Why do you need a firewall?

The Internet is like any society. Bad things that would like to corrupt or destroy your
computer are out roaming the information highway. Firewalls insure that your valuable
information is protected from unauthorized users. Firewalls act as a security system,
helping to prevent dangers like identity theft, and research theft, and denying hackers
from corrupting or gaining access to your computer.