Disguised as free programs, they track your surfin

1
Home PC Security

• What PC Users and Law Enforcement Should Know
• Printing with Notes enabled with provide a
  script for each slide

Bob Samson 07/06/2004
2
What is the Problem?

• Hardware architecture of a PC
• Complexity of computer software
• Anonymity of the Internet
• High speed connections
• Wireless connections

3
Hardware Architecture of a PC

• There are 65,535 open ports on every Intel-based
  PC
• Only a few ports are probably necessary for the
  average home user
• Port 25 SMTP Simple Mail Transport Protocol is
  used for sending email
• Port 53 DNS Domain Name Server translates URLs
  into IP Addresses
• Port 67/68 - When an ISP uses DHCP (Dynamic Host
  Configuration Protocol) to assign IP addresses
  when you logon
• Port 80 - Your main Internet Connection
• Port 110 POP3 Post Office Protocol version 3
  for retrieving email
• Games, the use of instant messaging, or other
  business uses all may add a few additional ports
  to this list

4
Complexity of Computer Software

• Windows has about 40 million lines of code
  (instructions)
• By the year 2010, Windows is projected to grow to
  100 million lines of code
• A Carnegie Mellon University study found that a
  programmer makes an error every 1,000 lines of
  code.
• That means just in Windows, there are probably
  40,000 errors. If you consider all of the other
  application software that runs on the average PC,
  there are hundreds of thousands of errors that
  can be exploited by computer hackers so that they
  can gain entry into your computer

5
Anonymity of the Internet

• When you are connected to the Internet, you are
  only known by a numeric Internet Protocol address
• IP Addresses are not a reliable source of
  identification (they can easily be changed)
• There is no way to identify a physical location
  from an IP address
• Since the Internet is a network of millions of
  interconnected computers, it is easy to hide
  ones trail behind the numerous points of
  interconnection
• There are three sources of hackers geeks
  socially deprived intellects terrorists - all
  pose a threat

6
High Speed Connections

• DSL and cable connections pose a greater risk
  than telephone modems because they process data
  more quickly
• Without a firewall, anyone in the world can gain
  access to your computer easily!
• If you have more than one computer and share
  files between them, every file may also shared
  with the world unless you have a firewall
• Peer-to-Peer programs like Kazaa, Gnutella used
  to swap music files can share more than you
  intended such as password files
• Leave your computer open to the world wide web,
  add a few web pages to your files and you can
  easily find your private files indexed and
  accessible through search engines such as Google

7
Wireless Connections

• If you can connect without a wire, your
  neighbors high school computer wizard can also
  connect to your computer and your Internet
  connection
• A wireless network must have
• Encryption of the signal/connection
• Data encryption may also be required for
  additional protection
• Strong log in and password rules for your
  computer are a must
• Dont let children use the wireless feature to
  hide and connect to the Internet - use it to keep
  them in the accompaniment of an adult

8
What you risk when connected

• Personal Information
• Reputation
• Financial resources (Identity Theft)

9
Personal Information

• Surfing habits can be tracked so a profile of
  your interests developed for marketing purposes
• Your address book and the email addresses of all
  your friends can be copied
• Financial information like bank records, tax
  records, social security numbers, etc. can be
  stolen
• Information can be corrupted or deleted by a
  virus
• Read those Privacy Policies - you could be giving
  up your personal information

10
Reputation

• Your computer can be used to send Spam email
  without your knowledge
• Your address book containing all of your contacts
  can be emailed pornographic content

11
Financial Resources

• 53 billion dollars was lost in 2003 through
  identity theft
• 27.3 million Americans in the last 5 years
  reported that personal information was stolen
  Identity Theft
• The cost to victims for recovery of their good
  name in 2003 was 5 million
• In the last year, nearly 2 million Americans had
  their checking accounts raided by criminals

12
No One is Safe
Even the unborn and the dead can be victims of
identity theft
13
What can you do?

• Use anti-virus software
• Use a firewall
• Learn about patch management
• Change your behavior
• Be careful with online purchases

14
Anti-virus Software

• Purchase an anti-virus application to protect
  your computer
• Update frequently - better yet, use anti-virus
  software that will update automatically
• Stay alert to virus trends - the media is an
  excellent source of pending attacks

15
Use a Firewall

• At a minimum, use a software firewall (port
  blocker)
• Use a hardware firewall if you connect to the
  Internet via a cable modem or DSL
• Both a software and hardware firewall together
  offer the best protection
• Block as many ports as you can - this may mean
  that you cannot play some Internet Games

16
Learn About Patch Management

• Patch management means updating software
  frequently with the changes that manufactures add
  to improve security
• Software updates are usually free
• Microsoft provides automatic updates as a service
  to their customers
• If you are using Windows 95 or older, stop and
  upgrade - the older versions are no longer
  supported and leave you vulnerable
• If you have to re-install software for any
  reason, you must update it again because the
  patches will be missing

17
Change Your Behavior

• Dont use illegal copies of software - it can be
  loaded with viruses and spyware and besides it is
  wrong to steal!
• Dont surf questionable web sites - Pornographic
  sites are one of the biggest sources for web bugs
  and spyware
• Update your software frequently (patch
  management)
• Never send credit card data in an email - Emails
  should always be considered unsecured
• Dont open email attachments without
  understanding that these are the largest cause of
  viruses - Even opening an attachment from a
  trusted email address is not safe (your friend
  could have been infected and had their address
  book stolen)

18
Dangerous Email Extensions

• ADE Microsoft Access Project Extension
• MDB Microsoft Access Application
• ADP Microsoft Access Project
• MDE Microsoft Access
• MDE Database
• BAS Visual Basic Class Module
• MSC Microsoft Common Console Document
• BAT Batch File MSI Windows Installer Package
• CHM Compiled
• HTML Help File
• MSP Windows Installer Patch
• CMD Windows NT Command Script
• MST Visual Test Source File
• COM MS-DOS Application
• PCD Photo CD Image
• CPL Control Panel Extension
• PIF Shortcut to MS-DOS Program
• CRT Security Certificate
• REG Registration Entries

• SCR Screen Saver
• HLP Windows Help File
• SCT Windows Script Component
• HTA HTML Applications
• SHS Shell Scrap Object
• INF Setup Information File
• URL Internet Shortcut (Uniform Resource Locator)
• INS Internet Communication Settings
• VB VBScript File
• ISP Internet Communication Settings
• VBE VBScript Encoded Script File
• JS JScript File
• VBS VBScript Script File
• JSE JScript Encoded Script File
• WSC Windows Script Component
• LNK Shortcut
• WSF Windows Script File
• WSH Windows Scripting Host Settings File

19
Watch Out for Phishing

• Emails from legitimate companies are copied to
  trick consumers into providing confidential
  information
• Passwords
• Credit card numbers and expiration dates
• Banking account numbers
• Even experts cannot tell by looking at the
  messages or the web site that you are directed to
  that this message is a forgery
• Understand that no legitimate company ever asks
  you to validate personal information via an email
  in this way
• Never respond, even if you do business with the
  company. If you are concerned, call them first!

20
Change Your Behavior continued

• Make backups of important information stored on
  your computer
• Dont download browser add-ons and other software
  from unknown sources - this is an easy way to
  give your personal information to anyone through
  spyware or adware
• Set your browsers security and privacy settings
  to protect you from 3rd party cookies - these are
  used to track you
• Be careful of HTML email - it can contain web
  bugs and spyware
• Learn how to identify a secured web page -
  Never send your personal information over an
  unsecured web page

21
Change Your Behavior continued

• Disable Java and ActiveX in your browser - These
  can be used to steal information from your
  computer
• For Windows XP users, dont log in with
  ADMINISTRATIVE RIGHTS
• Use complex passwords created from phrases
• Example MwaiJ10 (My wedding anniversary is June
  10th)
• Example Gmlogmd1775 (Give me liberty or give me
  death 1775)
• Learn how to tell if a web page is secure

22
What About SPAM?

• Two Thirds of all email is SPAM
• One of the largest sources of SPAM is infected
  home computers
• Trojan programs hijacking computers to send
  others SPAM (zombies)
• Beware of spyware/adware and Trojan programs
• Disguised as free programs, they track your
  surfing activities
• Dont use music download sites like KaZaA,
  GrokSter, Imesh
• Free Screen Savers are a source of spyware
• If your computer becomes infected, your Internet
  Service Provider may turn off your email
  capability until you fix it

23
Be Smart About Online Purchases

• Selling or purchasing online through groups like
  eBay carry risks
• 40 of all credit card fraud is committed by
  criminals overseas
• The top five offending countries are
• Yugoslavia
• Nigeria
• Romania
• Pakistan
• Indonesia
• Many con artists hide the real country of origin
• Use protection services
• Never pay with a check card or debit card - only
  true credit cards with online protection

24
Where to go for help

• Your local computer store
• Microsofts web site
• A knowledgeable and trusted friend
• Community Services
• Senior community centers
• Community college classes
• State and Federal fraud assistance web sites
• Your local police department (when you suspect
  that a crime has been committed)

25
Remember

• If you dont bother to protect your computer,
  your privacy and your information, you are a
  victim just waiting for the crime to happen.