This work is licensed by Patrick Crispen to the public under the Creative Commons AttributionNonCommercialShareAlike 2.5 license.
Download ReportTranscript This work is licensed by Patrick Crispen to the public under the Creative Commons AttributionNonCommercialShareAlike 2.5 license.
This work is licensed by Patrick Crispen to the public under the Creative Commons AttributionNonCommercialShareAlike 2.5 license. Crispen on Security: Home Computer Security Basics a presentation by Patrick Douglas Crispen Richard’s Law of Computer Security • Don't buy a computer. • If you do buy a computer, don't turn it on. Source: http://virusbusters.itcs.umich.edu/um-resources/vb-interview.html • Clever, but false. The [social engineer] will talk someone into … turning that computer on. Source: Mitnick, p. 7 Truths about computer security • EVERY computer is vulnerable to attack. • Solitary used to equal safe. • But the internet is a dark force multiplier. • When you connect your home computer to the internet, the internet connects to your home computer. Tick tock • Online your computer is vulnerable to attack from viruses, worms, and even criminals. • How long do you have? – 20 minutes. [Not enough time to download all of the updates you need.] – If you have a broadband connection, you have less time than that. Source: http://isc.sans.org/survivalhistory.php Why me? • Why is your computer attacked? – It is either specifically targeted [HIGHLY unlikely]; or – It is a “target of opportunity” using a known exploit. • 999 times out of 1000, it’s not personal. Common types of home computer security breaches • • • • • Viruses, worms, and Trojan horses Code exploits Malware [adware and spyware] “Man in the middle” Combination attacks Impact of home computer security breaches • Loss or compromise • Interruption of your of your data illegal MP3 and porn downloading • Identity theft • Gloom, despair, and • Loss of income agony on me • Legal consequences • Deep dark depression, excessive misery Scared yet? • The internet can be a dangerous place for both computers and users. • There are some simple ways to protect your computer. • Protection = Prevention + [Detection + Response] Prevention is the mother of safety • This workshop is about Prevention. • We could spend weeks talking about detection and response. – In fact, your local college has semesterlong courses on that very topic. – Intrusion detection and response are just WAY too much work. – But prevention is a [relative] snap. Our goals • Demonstrate why you need a firewall • Show you how to deal with computer exploits • Introduce you to the Microsoft Baseline Security Analyzer • Teach you how to detect, delete, and block spyware and malware • Do all of this in ENGLISH! Part One: Firewalls What they are and why you absolutely need one [well, actually, two] before you even THINK about connecting your computer to the internet. Mmm … worms and crackers. • Two things target and attack your computer online: Worms and crackers. • Worms are a type of computer virus that infects other computers over a network. • Many worms include backdoors. • If the worms don’t get you, the crackers will. Hackers v. crackers • A "cracker" is someone who tries to break into your computer or files without your knowledge and/or permission. • A large portion of the cracker community is made up of “script kiddies,” people who – Use security-breaking scripts and programs developed by others. – In general do not have the ability to write these scripts and programs on their own. Source: Wikipedia How crackers find you • Worms automatically/randomly search the internet looking for every unprotected computer they can find. • Every semi-competent cracker and script kiddie has software that – Scans thousands of internet connections looking for Windows file and printer shares. – Scans for known vulnerabilities, holes, and unsecured services in Windows, Mac OS, Linux, VM-CMS, etc. – Exploits those known vulnerabilities. – Cracks Windows passwords. Two types of attacks • Most home computer attacks/intrusions are either – Coordinated: Your computer is specifically targeted by a skilled cracker. – Opportunistic: A worm or cracker finds your computer during a random scan of thousands of other computers. • Unless someone is after you, you don’t have to worry about coordinated attacks. – For home computer users, they’re few and far between. – Besides, you can’t really stop a coordinated attack. You can only delay it. Protecting your computer • To protect your computer from opportunistic attacks— besides being vigilant with patch management—you must “hide” your computer from the internet. • If the worms and crackers can’t see your computer, they [hopefully] won’t attack you. • How do you hide your computer? Use a firewall. What is a firewall? • A firewall is either hardware or software that stands between your computer [or home network] and its internet connection and provides “access control”—it determines what can and cannot pass. • It’s just like the firewall in your car. – Your car’s firewall keeps the bad stuff from your engine [like heat and exhaust] out of your passenger cabin. – But it isn’t impervious. It has holes in it to let the good stuff [like the steering column and the brakes] through. What is a firewall? • A good firewall, like your car’s firewall, keeps the bad stuff out and lets the good stuff through. • How? Well most consumer firewalls—the hardware firewalls/routers you can buy at Wal-Mart or Target or the software firewalls you can download—offer a combination of – Computer stealth—they hide your computer from the worms’ and crackers’ scans. – Intrusion blocking—they make it harder [but not impossible] for worms and crackers to break in. NAT • Hardware firewalls use something called “Network Address Translation” or “NAT” which, among other things, hides your computer from the worms and crackers. • You physically connect your home computer[s] to the firewall and connect the firewall to the internet. • The firewall—not your home computer— connects to the internet and is assigned a publicly-visible internet address by your ISP. Communicating with the Internet • Your firewall becomes your computer’s intermediary on the internet. All traffic must go through it. • When you request something from the internet, the firewall pretends that it made the request, not your computer. Keeping worms and crackers out • Since the internet never even sees your computer, there’s nothing for the worms or crackers to probe or attack other than your firewall. • And your firewall is just a dumb box. Stateful packet inspection In addition to using NAT to hide your computer, a firewall also uses “stateful packet inspection” or “SPI” to block intruders. – It only allows connections that you originate. – All other connections are automatically blocked at the firewall. Why firewalls ROCK! • IF YOU DON’T HAVE A FIREWALL, YOUR COMPUTER WILL BE ATTACKED AND/OR COMPROMISED… USUALLY WITHIN 20 MINUTES OF YOUR CONNECTING TO THE INTERNET. • Firewalls protect your home computer from worms and crackers through a combination of – Computer stealth using NAT. – Intrusion blocking using stateful packet inspection. • Gosh, is there anything firewalls can’t do? What a firewall can’t do Well, actually, a consumer firewall can’t – Fix operating system or software vulnerabilities • A firewall may block some exploits coming in from the internet, but the vulnerabilities will still be there • That’s why patch management is so important – Protect your computer from viruses • A firewall may block internet worms, but it won’t block viruses attached to emails, hidden in files you download from the internet or Kazaa, etc. • Virus protection is a job for your antivirus program, not a firewall. There’s more A consumer firewall also can’t – Protect your computer from spyware. – Block pop-up ads. – Block spam. – Completely keep crackers out. – Protect you from doing stupid stuff to your computer. But, if you are looking for simple computer stealth and basic intrusion blocking—and trust me, you are—you need a firewall. Which one? • Should you get a hardware firewall or a software firewall? • Yes. • If you have a cable modem, satellite, or DSL connection, you need both a hardware firewall and a software firewall. • If you have a dial-up connection or an internal broadband modem [a modem physically built into your computer], you only need a software firewall – But that’s only because I don’t know of any reasonablypriced external hardware firewalls that work with internal modems. Why both? • Hardware firewalls have an Achilles’ heel: they [for the most part] assume that ALL internet traffic originating from your computer is safe. • But, if you “accidentally” double-click on a virus-infected file, – Your computer will be infected with that virus. [Remember, hardware firewalls can’t protect you from either viruses or doing stupid stuff.] – That virus is more than likely going to try to use your computer and your internet connection to infect other computers. “With their tanks, and their bombs, and their bombs, and their guns…” • So your computer is now a virus-spewing zombie. • BUT, remember, your hardware firewall still trusts your computer. • Your computer is flooding the internet with thousands of viruses, worms, or spams, and your hardware firewall doesn’t notice, care, or even bother to tell you. How software firewalls work Software firewalls [actually, “personal software firewalls”] – Constantly run in the background. – Block bad stuff from the internet [the stuff that somehow magically makes it past the hardware firewall.] – Warn you when a program on your computer tries to access the internet. • You decide whether or not that program will be allowed to access the internet. So in our zombie example, the software firewall—NOT the hardware firewall—would catch the flood of viruses before they even left your computer. In the simplest [grossly oversimplified] terms… • Hardware firewalls protect your computer from the internet. • Software firewalls – Are a second layer of defense behind your hardware firewall. – Protect both your computer from the internet AND the internet from your computer. – Warn you when something fishy is happening on your computer. • So now can you see why I recommend running both a hardware AND a software firewall? Over the router and through the woods My suggestion? – Before you connect your computer to the Internet, go to your nearest technology store or big box retailer. – Buy a cable/DSL router from Linksys [my favorite], D-Link, Netgear, Belkin, or SMC for US$50-$75. Image courtesy Linksys.com u:admin p:admin? • Read the instructions that come with your router and CHANGE YOUR ROUTER’S DEFAULT ADMIN USERID AND PASSWORD! • Crackers know the default administrator’s userid and password for every router [and firewall and server and operating system and...] ever made. – Check out http://www.phenoelit.de/dpl/dpl.html if you don’t believe me. • Also, using the instructions, make sure to disable remote administration in your router’s settings. Software firewalls • Now that I spent US$50 of your hard-earned money on a router, let me save you some money. • The three best software firewalls [in my humble opinion] are absolutely free. – Sunbelt Kerio Personal Firewall [at sunbeltsoftware.com] – Windows XP Service Pack 2 Internet Connection Firewall: built into Windows XP SP2 but NOT into previous versions of XP – Mac OS X Firewall: built into Mac OS X [but disabled by default] Part Two: Exploits What they are, where they come from, and how to manage them What is an exploit? • Until machines start taking over for humans, software bugs and glitches caused by simple human error and non-defensive programming will be the norm. – Windows XP contains over 40 million lines of source code. Source: Wikipedia – Could YOU write that many lines of code and not make a mistake? • An exploit is a program or technique used by a cracker to take advantage of software bugs or glitches in order to circumvent your computer’s security, often without your knowledge. Signs your computer MAY have been exploited • Spontaneous reboots • Failed services, virus scanner disabled • Sluggish GUI behavior, poor performance, slow logins • Excessive disk or network activity (HD LED, Switch LED) • You can’t install protective software. • Unknown user accounts • Application and service errors • Low disk space • Subpoenas and search warrants • Your computer insists on playing “global thermonuclear war.” Sources: Alex Keller, Bob Klepfer Call my attorney! I’ve been EXPLOITED! If computer has been exploited, you need to – Stop cussing. – Immediately disconnect your computer from the internet. – Identify the exploit. – Close the hole. – Fix the damage. I feel so dirty. • To identify the exploit: – Reconnect to the internet, update your antivirus definitions, disconnect, and scan your entire hard drive. – Reconnect to the internet, update your antispyware definitions, disconnect, and scan your entire hard drive. – Write down the symptoms; reconnect to the internet; search Google, Symantec, or the Microsoft Knowledge Base; disconnect. • To close the hole, download and apply the appropriate patch from the manufacturer’s web site. Repairing the damage • Repairing the damage from an exploit could be as simple as deleting or replacing corrupt data or as complicated as a deep-level format of your hard drive. – The repair path depends on the exploit. – This may be a job for a professional repair technician. • The BEST way to repair the damage caused by an exploit is to close the holes before they are exploited. Closing the holes • When a vulnerability is found, operating system and software manufacturers [eventually/hopefully] release something called a “patch.” • A patch is simply a software update meant to fix problems, bugs, or the usability of a previous version of an application. Source: Wikipedia • Download and install the patch and your computer is [hopefully] no longer susceptible to that particular vulnerability. Why are patches so important? • When a new patch is released, an unintended consequence is that the bulletin announcing the patch also announces the vulnerability to crackers. • Crackers count on the fact that you won’t get the patch—your computer will continue to be vulnerable. • And the time between bulletin and exploit is shrinking. MS02-039 MS Security Bulletin: MS02-039 Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) Originally Posted: July 24, 2002 Exploit: W32.SQLExp.Worm [a.k.a., SQL Slammer Worm] Exploit Discovered by Symantec on: January 24, 2003 Elapsed Time from Bulletin to Exploit: MS02-039 MS Security Bulletin: MS02-039 Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) Originally Posted: July 24, 2002 Exploit: W32.SQLExp.Worm [a.k.a., SQL Slammer Worm] Exploit Discovered by Symantec on: January 24, 2003 Elapsed Time from Bulletin to Exploit: 184 days MS03-026 MS Security Bulletin: MS03-026 Buffer Overrun In RPC Interface Could Allow Code Execution (823980) Originally Posted: July 16, 2003 Exploit: W32.Blaster.Worm Exploit Discovered by Symantec on: August 11, 2003 Elapsed Time from Bulletin to Exploit: MS03-026 MS Security Bulletin: MS03-026 Buffer Overrun In RPC Interface Could Allow Code Execution (823980) Originally Posted: July 16, 2003 Exploit: W32.Blaster.Worm Exploit Discovered by Symantec on: August 11, 2003 Elapsed Time from Bulletin to Exploit: 26 days MS04-011 MS Security Bulletin: MS04-011 Security Update for Microsoft Windows (835732) Originally Posted: April 13, 2004 Exploit: W32.Sasser.Worm Exploit Discovered by Symantec on: April 30, 2004 Elapsed Time from Bulletin to Exploit: MS04-011 MS Security Bulletin: MS04-011 Security Update for Microsoft Windows (835732) Originally Posted: April 13, 2004 Exploit: W32.Sasser.Worm Exploit Discovered by Symantec on: April 30, 2004 Elapsed Time from Bulletin to Exploit: 17 days MS04-011 MS Security Bulletin: MS04-011 Security Update for Microsoft Windows (835732) Originally Posted: April 13, 2004 Exploit: W32.Sasser.Worm Exploit Discovered by Symantec on: April 30, 2004 Elapsed Time from Bulletin to Exploit: 17 days Patch or DIE! • Notice a trend? • Can you see why patch management is so important? • The time between bulletin and exploit is shrinking! • Patch Tuesday is often followed by Exploit Thursday. She watch, she watch, she watch… channel ZERO! • In fact, zero-day exploits—exploits that take advantage of unknown operating system or software application vulnerabilities—already exist and more are coming. – Crackers keep these zero-day exploits to themselves, using them to gain access or escalate privileges on a small number of target systems. • Zero-day exploits will become more prevalent in the months to come. You can’t completely protect your computer from every exploit, but you can keep the exploits at bay by practicing simple patch management. How to patch Windows • When Microsoft finds a security hole in Windows or Internet Explorer, they [usually/eventually] release a patch called a “Critical Update.” • In Internet Explorer, go to Tools > Windows Update. • Click on Scan for updates. How to patch the Apple OS • Apple menu > Software Update • To get updates immediately: – Choose System Preferences from the Apple menu. – Choose Software Update from the View menu. – Click Update Now. – In the Software Update window, select the items you want to install, then click Install. Image courtesy Apple.com Manually run Windows Update or Apple Software Update at least once a week. Your computer should, by default, automatically check for updates. That’s cool, but also run the update manually just to be safe. To patch Microsoft Office • In Windows XP or 2000, just run the new Windows Update. • In older versions of Windows, go to officeupdate.microsoft.com and click on “Check for Updates” • Mac users need to go to http://www.microsoft.com/m ac/downloads.aspx • Have your Office installation disk nearby in case the update needs to “sniff” the disk. Patching other programs through “Check for Updates” • Open the program you want to patch and, under the Help menu, look for “Check for Updates,” “Updates,” “Check for Upgrade,” or something similar. • This will either – Automatically check for and install any software patches you are missing – Take you to a web site where you can download the necessary patches. Manually patching your software • If the Help menu doesn’t have a built-in update feature, choose About [the name of the program] in the Help menu and write down the exact version number of the program. – Usually its an integer and a combination of decimals [like 7.0.1] • Go to the software manufacturer’s web site and look for “Downloads,” “Upgrades,” “Support,” or something similar. Manually patching your software Compare your software’s version number to the version number available online. – If the decimals of the online version number are larger than yours, download and install the appropriate patch. – If the integer is larger, you’ll need to buy a new version of the program. Part Three: Run MBSA Close “unknown” operating system vulnerabilities A dirty Microsoft secret • Windows Update lies. • It frequently thinks you’ve installed a critical update you haven’t, leaving your computer vulnerable. • That’s where Microsoft’s Baseline Security Analyzer [MBSA] comes in. MBSA 2.0 MBSA is a free program from Microsoft that scans for over 60 common system misconfigurations and almost any Microsoft security update your computer may be missing. What MBSA does • MBSA double-checks the security of – – – – – Windows (*) Microsoft Office 2000 and later Internet Explorer 5.01 and later Windows Media Player 6.4 and later A bunch of other Microsoft applications and services • MBSA analyzes, you fix. – MBSA tells you what’s wrong and points you to the solution. – You have to apply the solution. Bad news/good news • (*) MBSA only works on Windows XP, 2000, and Server 2003. • It was designed for corporate tech support, but there is no reason why you can’t use it at home. • Oh, and it’s free. • To get the version of Microsoft’s MBSA, – Search for “microsoft mbsa” at Google. – The first hit—Microsoft Baseline Security Analyzer (MBSA}—takes you to the download page. How MBSA really works • MBSA scans your computer’s operating system, operating system components, and Microsoft applications. • MBSA then compares the version numbers of the stuff on your computer with the latest version numbers in the MSSecure.cab file. • Finally, MBSA shows you which updates your computer is missing. Translating the security report Failures • Critical failures [red Xs] require you to immediately install a patch or update to ensure the strongest security of your computer. • Non-critical failures [yellow Xs] happen when there is a newer version of something available, but you don’t really have to upgrade…yet. • Best practices [blue asterisks] could signify a problem—MBSA can’t confirm that those particular security updates have been installed. Fixing the critical failures • Remember, MBSA analyzes, you fix. • To find a fix for a critical failure in Security Update Scan Results or Desktop Application Scan Results, click on the Result Details link next to that critical failure. Result details • This shows you exactly what’s missing or is misconfigured. • Click on each link and it opens a page in Internet Explorer telling you how to download the appropriate patch. • REMEMBER TO INSTALL THE PATCHES AFTER YOU DOWNLOAD THEM! – MBSA won’t do it for you. MBSA tips • Run MBSA from time to time just to double-check your computer’s security. • Don’t be surprised if MBSA still gives you blue asterisks even after you’ve installed all the patches. – Sometimes MBSA gets confused. – There’s no real way to unconfuse it. • There’s no such thing as a “clean” MBSA scan, especially in the middle five sections. Part Four: Update your Antivirus You’d be shocked at how many people never do this. The reality of the situation • According to Symantec, as of October 2005 there were nearly 72,895 PC viruses out there. • 10 to 15 new viruses are discovered each day. • Between 3,650 and 5,475 brand new viruses were discovered in just the past year alone. • The moment you connect your computer to the Internet your computer is immediately vulnerable to ALL of these viruses. True or False? As long as you keep updating your antivirus definitions, the antivirus software that came with your computer should protect you. FALSE! Now for the Bad News • Unless your computer is only a few months old, your antivirus software is outdated and may not be able to detect the newest, polymorphic viruses. • Your antivirus software has two distinct parts: – A computer program that scans your computer for viruses. – Antivirus definitions that tell that program exactly what to look for. • Updating your antivirus definitions—which you should do frequently—is not the same thing as updating your antivirus software. Out with the old, in with the new. Just like you need to change the oil in your car every few months, you need to change your antivirus software every 12 to 18 months. – Completely uninstall the old version [like Norton Antivirus 2005.] – Purchase and install the latest version [like Norton Antivirus 2007.] The latest antivirus software • The top two consumer antivirus software programs are – Norton Antivirus 2005 [~US$50] – McAfee VirusScan 2005 Version 9 [~US$50] • My favorite AV? Eset Nod 32 [US$39/yr] • The best free antivirus program is AVG Anti-Virus Free Edition version 7.5 at http://free.grisoft.com/ Update schedule • Completely replace your antivirus software every 12 to 18 months. • Update your antivirus definitions daily. – Most antivirus programs do this automatically. • Manually update your antivirus definitions weekly. – Automatic updates are cool, but run an update by hand each week just to be safe. What About Macs? Image courtesy http://www.apple.com/ • The possibility of new Mac viruses, while slight, is still greater than zero. • The possibility of future, cross-platform viruses (viruses that infect both PCs and Macs) is also quite real. • So, yes, Mac users also need antivirus software. • And keep it updated. Part Four: Detect, Delete, and Block Spyware and Malware Give spyware and malware the boot. Adware • Adware is software that displays advertisements when a particular program is running. • A good example is the Eudora email client. – You can buy it for ~US$50. – You can also get the exact same program for free, but the free version displays an ad window and up to 3 sponsored toolbar links. Adware: Good. • Pure adware is a good thing. – You get software that you otherwise wouldn’t be able to afford. – In return, the software displays some ads. • Unfortunately, pure adware is also rare. Spyware: Bad. • Spyware is software that tracks what you do and where you go online. • Pure spyware like the Google toolbar respects your privacy and doesn’t share this tracking information with anyone else. • Unfortunately, – Pure spyware is the exception, not the rule. – An overwhelming majority of spyware [like 99.99%] sells your personal information to marketing companies. Why is spyware so bad? • Besides the privacy implications, spyware can often break your computer. – Spyware code is often poorly-written. – You may have so many spyware programs running at once that your computer slows to a crawl or crashes. • Spyware has been linked to an increase in both spam and pop-ups. • Pornographers use spyware to push explicit advertisements to your computer. – “Will some please think about the children?” How pervasive is spyware? • Over 90% of broadband users have spyware installed on their systems. Source AOL [as quoted by http://tinyurl.com/5kdh9 ] • PestPatrol has identified 33,099 different spyware programs or objects on the loose as of late October 2006. Where does spyware come from? • Some spyware piggybacks on top of free software you download and install from the Internet. • Software that comes bundled with spyware include: – File-sharing programs like Grokster and Kazaa – DiVx – Weatherbug Where does spyware come from? You can also get spyware by clicking on dubious pop-up ads. – “Your Computer is Currently Broadcasting an Internet IP Address” – “Your Internet Connection Is Not Optimized” – “Your Current Connection May Be Capable of Faster Speeds” Where does spyware come from? • Another way to get spyware is from a virus or Trojan Horse, but that’s rare. • And if you use Internet Explorer, you can even get spyware just by visiting a particular website. – You don’t have to click or download anything. – Internet Explorer automatically installs the spyware for you. [“Thank you, Microsoft!”] – You can download the fix at mozilla.org. • MANY of these drive-by installations involve not only spyware but malware. Malware: Very bad! Malware can – Replace legitimate ads on commercial web sites with ads from vendors who financially support the malware’s author [a.k.a., “scumware.”] – Permanently and irreparably change your browser’s home page and search settings so that they point to the malware author’s site [a.k.a., “homepage hijackers.”] • The site is usually overflowing with advertising and popups. • Fixing homepage hijackers is often quite difficult. Source: http://www.doxdesk.com/parasite/ Malware: Very bad! Malware can – Cause your modem to automatically dial 900, long-distance, or international telephone numbers whose revenues support the malware’s author [a.k.a., “autodialers.”] – Open security holes on your computer that can be used later to remotely take control of your computer [a.k.a., “Trojan horses.”] Source: http://www.doxdesk.com/parasite/ Malware: Very bad! Malware can – Degrade your computer’s performance and cause errors thanks to it being badlywritten [a.k.a., “Microsoft Windows”] – Provide no uninstall feature and put its code in unexpected and hidden places to make it difficult to remove [ibid] Source: http://www.doxdesk.com/parasite/ Bye-bye, IE! • All kidding aside, it’s time to stop using IE 6 or earlier – use IE 7 or something else. – IE 5 and 6 have way too many security holes. – Microsoft only supports IE on XP. There will be no more free IE security updates for non-XP users. • Suggestion: Keep IE around so that you can access the sites that require it—Windows Update, Expedia, MSN, Shutterfly, etc. • Use an alternative browser [like Mozilla Firefox, Opera, or Safari] to access everything else! Detect and delete • To detect and delete both spyware and malware, download and install both – Ad-Aware Personal SE at http://www.lavasoftusa.com/ – Spybot Search & Destroy 1.3 at http://www.safer-networking.org/ • Why both? – Ad-Aware catches stuff that Spybot misses, and vice-versa. – They’re both free. Other spyware removal tools • But what about [insert your favorite spyware removal tool’s name here]? • There are some great spyware removal tools out there—some free, some not— but Ad-Aware and Spybot are the market leaders. – Ad-Aware has been downloaded 217 million times and Spybot 83 million times. – AND BOTH ARE FREE! Definitions • Both Ad-Aware and Spybot are similar to your antivirus program in that they both use definition files to know what to look for. • Always update the definitions before you scan your computer. – In Ad-Aware, click on Check for updates now. – In Spybot, click on Search for Updates. If all else fails… If your computer still has spyware or malware that neither Ad-Aware or Spybot could remove, check out Hijack This and CWShredder at spywareinfo.com Dealing with spyware/malware • To get rid of spyware and malware, run Ad-Aware and Spybot weekly. • To prevent future spyware and malware installations, – Don’t download and install any free software without first verifying that it is free of spyware. [Search Google for the name of the software +spyware] – Enable the Immunize feature in Spybot. Our goals • Demonstrate why you need a firewall • Show you how to deal with computer exploits • Introduce you to the Microsoft Baseline Security Analyzer • Teach you how to detect, delete, and block spyware and malware • Do all of this in ENGLISH! Crispen on Security: Home Computer Security Basics a presentation by Patrick Douglas Crispen This work is licensed by Patrick Crispen to the public under the Creative Commons AttributionNonCommercialShareAlike 2.5 license.