Responsible Computing

1
Responsible Computing

• Mr. A. Craig Dixon, M.S.
• Madisonville Community College
• http//www.madisonville.kctcs.edu/facstaf/cdixon/
  
• New Horizons Teaching and Learning Conference
• May 16, 2007

2
Computing Dangers

• The Internet, while a powerful and useful tool,
  has made it easier than ever to bother people
  with a host of ills. Among those we will discuss
  are
• Scams and hoaxes
• Spam
• Viruses
• Spyware and adware

3
Scams and Hoaxes

• The ease with which a person can send an email or
  publish a web page has lead to the creation and
  quick distribution of several falsehoods. These
  primarily fall into two categories
• Chain letters
• Phishing scams

4
Chain Letters

• The old adage Dont believe everything you read
  goes double for anything you read on the
  Internet.
  
• Email hoaxes abound some misrepresent the facts,
  others are out-and-out lies.
  
• Many involve famous people like Dr. James Dobson
  others big-name companies from AOL to Cracker
  Barrel. Still others warn of non-existent
  computer viruses or show phony or doctored
  photographs.

5
Examples of Chain Letters

• Nigerian officials do not need your help in
  retrieving money from a government bank account.
  (This is known as the 419 scheme.)
  
• There is no such thing as an email tracker that
  counts how many people you send an email to. Any
  email promising money, gift certificates,
  donations to charity, answers to jokes, etc.
  based on an email counter are hoaxes.
• CBS did not cancel Touched By An Angel due to
  pressure from Madeline Murray OHare (who has
  been dead for years.)
  
• No one has died from dirty needles in the room of
  balls a Chuck-E-Cheese or anywhere else.
  
• Almost no legitimate petition is conducted
  through forwarding email. Most use a web site
  connected to a database.
  
• There is not a rash of viruses hiding in emails
  with the subject line It Takes Guts to Say
  Jesus or A Card for You, although this may
  occur on a case-by-case basis.

6
Ways to Identify Chain Letters

• Check out www.snopes.com. It is one of the most
  popular urban-legend-busting sites on the
  Internet.
  
• For virus warnings or other alleged computer
  maladies, search the web site of a credible
  anti-virus maker like Symantec (makers of Norton
  Antivirus.)
• If a famous person or company is mentioned, check
  the person or companys official web site. Most
  are quick to post explanations or denials of
  false claims. Use site searches when possible
  many of these hoaxes are very old.
• If all else fails, type a unique word or phrase
  from the email into a search engine. Many times
  there will be several hits to sites that debunk
  the myth.

7
Phishing

• Phishing is a dangerous scam to entice people to
  give away passwords or account information to
  malicious entities.
  
• Most phishing scams involve sending email to an
  unsuspecting user that appears to be from a
  trusted company like eBay or Citibank, claiming
  the user needs to verify their account
  information.
• The email contains a link to a site that is not
  affiliated with the company. When the user enters
  his or her information on this site, it is
  collected by the malicious entity and may be used
  for identity theft or other malevolent purposes.

8
Avoiding Phishing Scams

• Dont trust an email simply because it comes from
  a legitimate-looking address. It is very easy to
  create this illusion using a technique called
  email spoofing.
• Company logos are also easy to steal and
  include.
  
• Learn to identify how your browser denotes a
  secure site. (This is still not a guarantee of
  legitimacy.)
  
• Most companies wont ask for sensitive
  information like user names and passwords in an
  email. It is best to confirm the request by phone
  or by a means of contact posted on the companys
  official site.
• Counter-intuitively, many phishing emails claim
  that by entering your personal data, you are
  protecting your identity.
  
• Phishing emails often convey a sense of urgency
  in dealing with the purported problem. Dont be
  fooled take your time and get the facts.
  
• Many companies have ways to report phishing. If
  you believe you have been targeted in a phishing
  attack, save the email so you can forward it to
  the company via the proper channels.

9
Spam

• Anyone with an email address is familiar with the
  scourge of inboxes spam.
  
• Spam originally denoted repetitive postings to a
  newsgroup, but has come to mean, in the
  vernacular, all undesirable email.
  
• By some estimates, spam accounts for over 80 of
  all email traffic on the Internet.
  
• Spam takes its name from a Monty Python sketch
  that uses the word spam over 100 times in a
  matter of minutes.

10
Methods of Obtaining Addresses

• Spammers are often unscrupulous in obtaining
  email addresses. Below are some of their
  tactics.
  
• Email spiders Similar to search engine spiders,
  except they search web pages for anything of the
  form name_at_domain.tld and report it as an email
  address.
• Dictionary attacks Once the spammer identifies
  a domain (e.g. kctcs.edu) he or she has a program
  that sends email to addresses constructed by
  adding _at_kctcs.edu to the end of a group of
  characters that might be a user name. If the
  email is not returned, the address is assumed
  valid and added to the list. AOLs mail server
  bounces millions of messages a day.
• Buying a list of email addresses from companies
  or other spammers These lists sell for up to 5
  cents per address.

11
Methods of Dealing with Spam

• Use a spam blocker many ISPs and mail services
  provide these for free. Microsoft Outlook has a
  spam filter built in.
  
• Employ a black list, a list of addresses to block
  email from, or a white list, a list of addresses
  to accept email from.
  
• When posting email addresses online, some users
  prefer to list their address as user (at)
  domain.tld or userNOSPAM_at_domain.tld to confuse
  email spiders.
• Do not click on remove links. Many spammers use
  these links to detect live email addresses and
  sell them.

12
Viruses

• A virus is a program that covertly installs
  itself in order to destroy data or otherwise
  disrupt normal computer functions.
  
• Worms are viruses that exploit vulnerabilities in
  applications or the operating system itself.
  
• Trojan horses are viruses that pose as legitimate
  programs, but silently drop a damaging payload as
  well.
  
• Executable viruses must be run by the user, and
  are thus usually attached to an email with a
  cleverly vague body that convinces the user to
  run the file.
• Boot sector viruses infect a critical area of the
  disk that is read every time the disk is
  accessed. It rewrites this section to make the
  computer copy the virus onto any computer into
  which the disk is inserted.
• Macro viruses hide in files that support macros,
  which are small programs that automate repetitive
  tasks.

13
Avoiding Viruses

• Buy quality antivirus software and keep it
  updated! New virus definitions are released
  almost daily. Downloading these updates usually
  takes a minute or less.
• Watch for updates for your major applications and
  your operating system to be posted by the
  manufacturer. Windows users should run Windows
  Update frequently.
• Before using a portable storage medium in another
  computer, turn on its write protection. (There is
  usually a small switch on the medium itself.)
  This prevents anything from being written to the
  medium. This is not an option if you need to save
  something to the medium.
• Be very careful when opening email attachments.
  It is a good idea to verify that the person who
  was supposed to have sent it actually did. Even
  after that, you should scan it for viruses before
  opening it. Viruses typically hide in files with
  the extensions .exe, .pif, .vbx, .bat, and .zip.
  Viruses can also be hidden in Microsoft Office
  files (.doc, .xls, .mdb, and .ppt) using macros.

14
Adware and Spyware

• Both adware and spyware are similar to viruses in
  that they are almost always installed without the
  users knowledge.
  
• Both differ from viruses in that they do not
  attempt to destroy data.
  
• Adware attempts to display unsolicited
  advertisements such as pop-up ads on the users
  computer. It may also search the users hard
  drive for email addresses and attempt to spam
  them, or hijack the users browser to make it
  display pages the user did not request.
• Spyware silently records a users actions
  (particularly the web sites he or she visits) and
  reports them back to a third-party, usually for
  marketing purposes, although spyware has been
  used for identity theft.

15
More about Adware and Spyware

• Adware and spyware makers often pay legitimate
  software makers to include malware in their
  products install. Peer-to-peer (P2P) file
  sharing programs like Kazaa and Morpheus are
  notorious for this practice.
• Some adware and spyware is installed simply by
  visiting the wrong web site.
  
• Common adware and spyware programs include
  Gator/GAIN/Claria, Alexa, Bonzi Buddy, and
  WhenU.
  
• Designers of this malware often do not care how
  much of a systems resources their software uses
  consequently, the systems performance can be
  significantly affected.

16
Avoiding Adware and Spyware

• Avoid P2P software its uses are mostly illegal
  anyway.
  
• Do not click on pop-up ads or links in spam
  email.
  
• Install a firewall, a program that controls
  incoming and outgoing data from your computer.
  
• A firewall can be configured to only allow
  traffic from programs you specify (your browser,
  email client, etc.) to access the Internet.
  
• Zone Labs provides a free firewall called
  ZoneAlarm. Symantec includes a commercial
  firewall in its Internet Security suite.
  
• Install a spyware/adware removal tool, keep it
  updated, and run it often. Two of the most
  popular and reliable removal tools are Lavasoft
  AdAware and Spybot Search and Destroy. Both are
  free and may be used together for maximum
  protection.

17
Choosing a Browser

• Use a modern browser. Most new browsers include
  popup blockers.
  
• Consider an alternative browser.
• Despite recent surges by competitors, Microsoft
  Internet Explorer still controls 80 of the
  browser market. This, combined with numerous
  security flaws in its code, make it the most
  attractive target for malware creators.
• Many alternative browsers also reject ActiveX
  controls, which many computer experts consider
  inherently unsafe. This may limit a sites
  functionality, but it also limits the users
  vulnerability.
• A great alternative browser is Firefox from the
  Mozilla Corporation. You can download it at
  www.mozilla.com.
  
• Explore the add-ons available for browsers.
  Besides being handy, toolbars like those from
  Yahoo, Google, and MSN provide additional tools
  to prevent malware attacks. Some even include
  anti-phishing features that warn you if you are
  accessing a site known to be involved in phishing
  attacks.