Transcript Spyware
Chapter Managing Local Security in Windows Threats to Computers and Users Defense Against Threats Windows Local Security Accounts Applying Security to Files and Folders, Common Windows Security Problems 7 Chapter Threats to Computers and Users 7 Accidental, Deliberate, Natural and Unnatural Disasters Fires; Earthquakes; Floods ? Dropped Theft and damage Protect against disasters with frequent backups Backup critical data files Image backups Multiple backup sets Why? Chapter Threats to Computers and Users Computer Hardware Theft Secure computers physically Laptops more vulnerable Unsophisticated thieves steal for the value of hardware. Sophisticated thieves will search hard drive for data. 7 Identify Theft Personal information is stolen and used to commit fraud Obtaining a social security # and other key personal information may be enough to steal someone's identity Fraud a form of identity theft The use of deceit & trickery to obtain money or valuables Chapter Threats to Computers and Users 7 Accidental, Deliberate, Natural and Unnatural Disasters Continued) Other Deliberate Attacks Spyware Bluesnarfing Keystroke Logger Password Crackers Viruses, Worms, Spam Adware Trojan Horse Home Page Hijack Pop-Up Download PC Hijacking War Driving Back Doors Phishing Chapter Define 7 Spyware whether malicious or not, “Spyware” is software secretly placed on a computer that records and reports user activity. Phishing is attempt to lure a user into surrendering their personal information, by pretending to be an official request from a legitimate business. (PayPal, eBay, Citibank, IRS Tax refund) Chapter Attackers 7 Online attackers or organized crime – monetary gain Credit card trafficking Identity theft Financial account access Hire out Marketing organizations Online surfing and purchasing habits Trend related activities to mount marketing campaigns Trusted Insiders sell information leverage to gain advantage Black mail Chapter Attack Form Application add-ons: Often bundled with 7 software Web site installs: Malicious Web sites often disguise spyware as a helpful utility and prompt users to install the spyware when browsing the site. E-mail attachments or links: especially HTML graphics images, misrepresented links Software Install Prompt Pop-up Windows: Chapter Spyware Types 7 Adware – demos, free trials, EULA deception Keyloggers – record key press Trojans - attached to a useful program Scumware – altered link rerouting (email) Dialers – hidden time pay phone calls (Porn) Browser & search engine Hijackers Spyware Visual Examples Spyware has been known to masquerade as a prizenotification pop-up window. Masquerading as antispyware - This is one of the cruelest tricks in the book. This type of software convinces you that it's a tool to detect and remove spyware. Spyware Visual Examples continued: Peer-to-peer file-sharing clients. While it officially claims otherwise, Kazaa has been known to include Spyware in its download package. Bonzi Buddy is an "add-on" application that includes spyware in its package. Browser add-ons – are particularly nasty add-ons are considered browser hijackers -- these embed themselves deeply in your machine and take quite a bit of work to get rid of. Chapter Indicators Unexplainable, reduction in computer 7 performance. “unauthorized device hijacking” Toolbars appear that can't be deleted permanently. Heavy increase in pop-up ads. “internet pollution” Search engine or browser home page has changed, “Hijacked”. Excessive or unexplained network or modem traffic. “bandwidth stealing” Chapter Spyware Statistics 7 Spyware dishing websites, at the end of Q1 of 2006, the number was 427,000, while at the end of Q2 2006, the number reached an astonishing 527,136. Infection rates Q2 of 2006: Home user – 89% Small & Medium size Businesses – 50% Enterprise Businesses – 21% Business Effects Reported: Performance slow down – 65% Productivity Loss – 58% Loss in sales – 20% The Spyware King: China 42%, United States 17% Chapter Emotions 7 Emotional effects on home user and IT personnel Direct Revenue an advertising company (spyware) tracked the most frequently used aggressive words found in customer complaints for June of 2005. The top three are, ’”die” (103 times), “f-----“(44), and “kill” (15) (Elgin & Grow, 2006). No where to turn, no recourse! Controversial Course teaches Spyware Code writing Chapter Legislation 7 Federal - Computer Fraud and Abuse Act Federal Trade Commission Act Electronic Communications Privacy Act About 12 states have specific Spyware laws Shawn Collins, Chicago attorney - charges spyware as a pollutant to the internet and a trespass-to-personal-property as an argument. (6 cases: 3 and 1 so far) Spy vs. Spy (Direct Revenue and Avenue Media) Fail to Report Incidents why? FTC must (reasonably protected) Reputation Prevention and Detection Use a firewall to restrict outbound traffic on all ports except those used for HTTP, POP3, and SMTP. Use multi-layered Anti-spyware approach Make it a habit to run scans of antivirus and antispyware programs bi-weekly or even daily. Read EULA very carefully – target phrases EULAlyzer program – automatic EULA reader Close unwanted pop-up install prompts using Alt-F4 instead of “X” icon on the title bar, a “No”, “Close”, or “Cancel” button. Avoid using peer-to-peer, file sharing networks Prevention and Detection Limit Web surfing to known-safe sites by using a proxy server or restricted sites list. Web links within pop-ups or in emails can be masked to look legitimate. Type in URLs don’t click email links Use Pop-up blockers Avoid downloading helpful site plug-ins. Avoid downloading freeware, shareware, limited demo software, and free trail offers. Use only commercial and known-safe utilities. Don’t surf the web while logged in as Administrator Regularly apply software patches and updates. Prevention and Detection Consider alternative browsers, Firefox, Opera. Turn off PC or modem Backup your data regularly. Adjust cookie permissions: Uninstall applications you don’t use. When possible, configure user accounts without download or install permissions. Use Spam blockers Check out programs before you download or install Chapter Removal 7 Install multiple detection and removal programs. Identify and disable malicious processes with Windows Task Manager. Run “msconfig” disable malicious services and startup programs with the System Configuration Utility. Run an anti-virus program and keep it updated Reacting to a Suspected Virus Attack Scan all drives and memory with a locally installed anti-virus Use a free antivirus scanner, such as Housecall, at housecall.trendmicro.com Search and delete registry entries associated that malicious code. Warning, educate yourself first! Top Ten Rogue Anti-Spyware Applications Chapter 7 10. Spyware Bomber brought to us by the same folks behind Enternet Media, the spyware company shut down recently by the FTC 9. SlimShield tied with Winhound Spyware Remover for hijacking and stealth installation 8. WinAntiVirus and its companion WinAntiSpyware 2005 for hijacking, aggressive advertising and inappropriate collection of personally identifying information 7. SpywareNo and its clone SpyDemolisher for stealth installation and deceptive aggressive advertising 6. Razespyware for stealth installs, desktop hijacks and aggressive advertising 5. Spy Trooper for stealth installs, desktop hijacks and aggressive advertising 4. WorldAntiSpy for stealth installs, desktop hijacks and aggressive advertising 3. PSGuard for stealth installs, desktop hijacks and aggressive advertising 2. SpySheriff for stealth installs, desktop hijacks and aggressive advertising 1. SpyAxe for desktop hijacks, stealth installs and deceptive, aggressive advertising Top Ten Anti-Spyware Applications 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. Lavasoft Ad-aware - Free ZoneAlarm Anti-Spyware Tenebril SpyCatcher Webroot Spy Sweeper PC Tools Spyware Doctor McAfee AntiSpyware Spybot Search & Destroy - Free Microsoft Defender – Free for until Dec. Trend Micro Anti-Spyware CA eTrust PestPatrol - Free Chapter 7 Chapter Defense Against Threats Authentication and Authorization 7 Authentication Verification of who you are, your identity (user name) One-layer authentication Something you know (password) Two-layer authentication Something you know plus something you have (a token, like a bankcard) Three-layer authentication Above plus biometric data (retinal scan, voice print, etc.) Chapter Defense Against Threats Authentication and Authorization (continued) Authorization Determines the level of access to a computer or a resource. Includes both authentication, plus verification of access level Permission describes an action that can be performed on an object 7 Chapter Defense Against Threats 7 Authentication and Authorization (continued) Password A string of characters entered for authentication Don’t take passwords for granted Don’t use the same password everywhere Basic defense against invasion of privacy Use long and complex password Do not use common words Chapter Defense Against Threats 7 Best Practices with User Names and Passwords Don't Give Away Your User Name and Password Create Strong Passwords Never Reuse Passwords Avoid Creating Unnecessary Online Accounts Don’t Provide More Information Than Necessary Always Use Strong Passwords for Certain Types of Accounts Chapter Defense Against Threats Security Accounts 7 An account that can be assigned permission to take action on an object or the right to take action on an entire system. User Accounts Individual account Includes user name and password Full name, description, and other information Exist in all Windows security accounts databases Chapter Defense Against Threats Security Accounts (continued) Group Accounts 7 Contain one or more user and group accounts Exist in all Windows Security accounts databases Computer Accounts Computers may have accounts Exist in Microsoft domain security accounts databases Chapter Defense Against Threats 7 Encryption Transformation of data into a code that can only be decrypted with a secret key or password Secret key is a special code used to decrypt Encrypt a local or network-based file Encrypt data before sending over a network (PGP) Only someone with the password or key can decrypt data Secret key may be held in a digital certificate Encrypt sensitive data stored on a laptop or in a setting where data theft is a concern NTFS5 supports file and folder encryption Chapter Defense Against Threats Firewalls Firewall technologies IP packet filter Proxy service Encrypted authentication Virtual private network (VPN) 7 Chapter Defense Against Threats 7 Firewalls (continued) Working behind a Firewall in a Large Organization Firewall configured based on the computers it is protecting. Working Behind a Firewall at Home or on a Small LAN Hardware for home and small business called "broadband routers“ Personal software firewall utilities Step-by-Step 7.01 Configure the Windows Firewall Page 324 Chapter Defense Against Threats 7 More help from Windows XP Service Pack 2 Windows Security Center monitors Firewall Automatic Updates Virus Protections A Manage Add-ons button in Internet Options A pop-up dialog will warn of add-on installation attempt Protection from opening suspect files Chapter Defense Against Threats Privacy Protection 7 Internet Options privacy settings Control handling of cookies Settings from block-all-cookies to allow-all-cookies Balance between convenience and risk Chapter Defense Against Threats 7 Protection from Inappropriate or Distasteful Content Web content filter Add-on or feature of a web browser Block or allow certain sites Service on Internet give ratings to web sites Configure filter to allow or disallow unrated sites Content Advisor in Internet Explorer Step-by-Step 7.02 Check Out the Content Advisor in Internet Explorer Page 329 Windows Local Security Accounts Chapter 7 Administering Local Windows Accounts (continued) User Administration in Windows XP Pro (continued) Password Reset Disk Created by/for currently logged on user Use when password is forgotten Will not lose access to items such as encrypted files If Administrator resets—password access to encrypted files is lost Gives user power to fix own passwords More complicated to do in a domain Step-by-Step 7.05 Creating User Accounts and a Password Reset Disk in Windows XP Page 347