This work is licensed by Patrick Crispen to the public under the Creative Commons AttributionNonCommercialShareAlike 2.5 license.

Download Report

Transcript This work is licensed by Patrick Crispen to the public under the Creative Commons AttributionNonCommercialShareAlike 2.5 license.

This work is licensed by
Patrick Crispen to the
public under the Creative
Commons AttributionNonCommercialShareAlike 2.5 license.
Crispen on Security:
Home Computer Security Basics
a presentation by
Patrick Douglas Crispen
Richard’s Law of Computer Security
• Don't buy a computer.
• If you do buy a computer, don't turn it
on. Source: http://virusbusters.itcs.umich.edu/um-resources/vb-interview.html
• Clever, but false. The [social engineer]
will talk someone into … turning that
computer on. Source: Mitnick, p. 7
Truths about computer security
• EVERY computer is vulnerable to
attack.
• Solitary used to equal safe.
• But the internet is a dark force
multiplier.
• When you connect your home
computer to the internet, the internet
connects to your home computer.
Tick tock
• Online your computer is vulnerable to
attack from viruses, worms, and even
criminals.
• How long do you have?
– 20 minutes. [Not enough time to download
all of the updates you need.]
– If you have a broadband connection, you
have less time than that.
Source: http://isc.sans.org/survivalhistory.php
Why me?
• Why is your
computer attacked?
– It is either
specifically targeted
[HIGHLY unlikely]; or
– It is a “target of
opportunity” using a
known exploit.
• 999 times out of
1000, it’s not
personal.
Common types of home computer
security breaches
•
•
•
•
•
Viruses, worms, and Trojan horses
Code exploits
Malware [adware and spyware]
“Man in the middle”
Combination attacks
Impact of home computer security
breaches
• Loss or compromise • Interruption of your
of your data
illegal MP3 and porn
downloading
• Identity theft
• Gloom, despair, and
• Loss of income
agony on me
• Legal consequences
• Deep dark
depression,
excessive misery
Scared yet?
• The internet can be a
dangerous place for
both computers and
users.
• There are some simple
ways to protect your
computer.
• Protection = Prevention
+ [Detection +
Response]
Prevention is the mother of safety
• This workshop is about Prevention.
• We could spend weeks talking about
detection and response.
– In fact, your local college has semesterlong courses on that very topic.
– Intrusion detection and response are just
WAY too much work.
– But prevention is a [relative] snap.
Our goals
• Demonstrate why you need a firewall
• Show you how to deal with computer
exploits
• Introduce you to the Microsoft Baseline
Security Analyzer
• Teach you how to detect, delete, and
block spyware and malware
• Do all of this in ENGLISH!
Part One: Firewalls
What they are and why you
absolutely need one [well, actually,
two] before you even THINK about
connecting your computer to the
internet.
Mmm … worms and crackers.
• Two things target and attack your
computer online: Worms and crackers.
• Worms are a type of computer virus
that infects other computers over a
network.
• Many worms include backdoors.
• If the worms don’t get you, the crackers
will.
Hackers v. crackers
• A "cracker" is someone who tries to
break into your computer or files
without your knowledge and/or
permission.
• A large portion of the cracker
community is made up of “script
kiddies,” people who
– Use security-breaking scripts and
programs developed by others.
– In general do not have the ability to write
these scripts and programs on their own.
Source: Wikipedia
How crackers find you
• Worms automatically/randomly search the
internet looking for every unprotected
computer they can find.
• Every semi-competent cracker and script
kiddie has software that
– Scans thousands of internet connections looking
for Windows file and printer shares.
– Scans for known vulnerabilities, holes, and
unsecured services in Windows, Mac OS, Linux,
VM-CMS, etc.
– Exploits those known vulnerabilities.
– Cracks Windows passwords.
Two types of attacks
• Most home computer attacks/intrusions are
either
– Coordinated: Your computer is specifically
targeted by a skilled cracker.
– Opportunistic: A worm or cracker finds your
computer during a random scan of thousands of
other computers.
• Unless someone is after you, you don’t have
to worry about coordinated attacks.
– For home computer users, they’re few and far
between.
– Besides, you can’t really stop a coordinated
attack. You can only delay it.
Protecting your computer
• To protect your
computer from
opportunistic attacks—
besides being vigilant
with patch
management—you
must “hide” your
computer from the
internet.
• If the worms and
crackers can’t see your
computer, they
[hopefully] won’t attack
you.
• How do you hide your
computer? Use a
firewall.
What is a firewall?
• A firewall is either hardware or software that
stands between your computer [or home
network] and its internet connection and
provides “access control”—it determines
what can and cannot pass.
• It’s just like the firewall in your car.
– Your car’s firewall keeps the bad stuff from your
engine [like heat and exhaust] out of your
passenger cabin.
– But it isn’t impervious. It has holes in it to let the
good stuff [like the steering column and the
brakes] through.
What is a firewall?
• A good firewall, like your car’s firewall, keeps
the bad stuff out and lets the good stuff
through.
• How? Well most consumer firewalls—the
hardware firewalls/routers you can buy at
Wal-Mart or Target or the software firewalls
you can download—offer a combination of
– Computer stealth—they hide your computer from
the worms’ and crackers’ scans.
– Intrusion blocking—they make it harder [but not
impossible] for worms and crackers to break in.
NAT
• Hardware firewalls use something called
“Network Address Translation” or “NAT”
which, among other things, hides your
computer from the worms and crackers.
• You physically connect your home
computer[s] to the firewall and connect the
firewall to the internet.
• The firewall—not your home computer—
connects to the internet and is assigned a
publicly-visible internet address by your ISP.
Communicating with the Internet
• Your firewall becomes your computer’s intermediary
on the internet. All traffic must go through it.
• When you request something from the internet, the
firewall pretends that it made the request, not your
computer.
Keeping worms and crackers out
• Since the internet never even sees your
computer, there’s nothing for the worms or
crackers to probe or attack other than your
firewall.
• And your firewall is just a dumb box.
Stateful packet inspection
In addition to using NAT to hide your computer, a
firewall also uses “stateful packet inspection” or
“SPI” to block intruders.
– It only allows connections that you originate.
– All other connections are automatically blocked at the
firewall.
Why firewalls ROCK!
• IF YOU DON’T HAVE A FIREWALL, YOUR
COMPUTER WILL BE ATTACKED AND/OR
COMPROMISED… USUALLY WITHIN 20
MINUTES OF YOUR CONNECTING TO THE
INTERNET.
• Firewalls protect your home computer from
worms and crackers through a combination
of
– Computer stealth using NAT.
– Intrusion blocking using stateful packet
inspection.
• Gosh, is there anything firewalls can’t do?
What a firewall can’t do
Well, actually, a consumer firewall can’t
– Fix operating system or software vulnerabilities
• A firewall may block some exploits coming in from the
internet, but the vulnerabilities will still be there
• That’s why patch management is so important
– Protect your computer from viruses
• A firewall may block internet worms, but it won’t block
viruses attached to emails, hidden in files you download
from the internet or Kazaa, etc.
• Virus protection is a job for your antivirus program, not a
firewall.
There’s more
A consumer firewall also can’t
– Protect your computer from spyware.
– Block pop-up ads.
– Block spam.
– Completely keep crackers out.
– Protect you from doing stupid stuff to your
computer.
But, if you are looking for simple
computer stealth and basic
intrusion blocking—and trust me,
you are—you need a firewall.
Which one?
• Should you get a hardware firewall or a software
firewall?
• Yes.
• If you have a cable modem, satellite, or DSL
connection, you need both a hardware firewall and a
software firewall.
• If you have a dial-up connection or an internal
broadband modem [a modem physically built into
your computer], you only need a software firewall
– But that’s only because I don’t know of any reasonablypriced external hardware firewalls that work with internal
modems.
Why both?
• Hardware firewalls have an Achilles’ heel:
they [for the most part] assume that ALL
internet traffic originating from your
computer is safe.
• But, if you “accidentally” double-click on a
virus-infected file,
– Your computer will be infected with that virus.
[Remember, hardware firewalls can’t protect you
from either viruses or doing stupid stuff.]
– That virus is more than likely going to try to use
your computer and your internet connection to
infect other computers.
“With their tanks, and their bombs,
and their bombs, and their guns…”
• So your computer is
now a virus-spewing
zombie.
• BUT, remember, your
hardware firewall still
trusts your computer.
• Your computer is
flooding the internet
with thousands of
viruses, worms, or
spams, and your
hardware firewall
doesn’t notice, care, or
even bother to tell you.
How software firewalls work
Software firewalls [actually, “personal
software firewalls”]
– Constantly run in the background.
– Block bad stuff from the internet [the stuff
that somehow magically makes it past the
hardware firewall.]
– Warn you when a program on your
computer tries to access the internet.
• You decide whether or not that program will be
allowed to access the internet.
So in our zombie example, the
software firewall—NOT the
hardware firewall—would catch
the flood of viruses before they
even left your computer.
In the simplest [grossly
oversimplified] terms…
• Hardware firewalls protect your computer
from the internet.
• Software firewalls
– Are a second layer of defense behind your
hardware firewall.
– Protect both your computer from the internet AND
the internet from your computer.
– Warn you when something fishy is happening on
your computer.
• So now can you see why I recommend
running both a hardware AND a software
firewall?
Over the router and through the
woods
My suggestion?
– Before you connect
your computer to the
Internet, go to your
nearest technology
store or big box
retailer.
– Buy a cable/DSL
router from Linksys
[my favorite], D-Link,
Netgear, Belkin, or
SMC for US$50-$75.
Image courtesy Linksys.com
u:admin p:admin?
• Read the instructions that come with your
router and CHANGE YOUR ROUTER’S
DEFAULT ADMIN USERID AND PASSWORD!
• Crackers know the default administrator’s
userid and password for every router [and
firewall and server and operating system
and...] ever made.
– Check out http://www.phenoelit.de/dpl/dpl.html if
you don’t believe me.
• Also, using the instructions, make sure to
disable remote administration in your
router’s settings.
Software firewalls
• Now that I spent US$50 of your hard-earned
money on a router, let me save you some
money.
• The three best software firewalls [in my
humble opinion] are absolutely free.
– Sunbelt Kerio Personal Firewall [at sunbeltsoftware.com]
– Windows XP Service Pack 2 Internet Connection
Firewall: built into Windows XP SP2 but NOT into
previous versions of XP
– Mac OS X Firewall: built into Mac OS X [but
disabled by default]
Part Two: Exploits
What they are, where they come
from, and how to manage them
What is an exploit?
• Until machines start taking over for humans,
software bugs and glitches caused by simple
human error and non-defensive
programming will be the norm.
– Windows XP contains over 40 million lines of
source code. Source: Wikipedia
– Could YOU write that many lines of code and not
make a mistake?
• An exploit is a program or technique used by
a cracker to take advantage of software bugs
or glitches in order to circumvent your
computer’s security, often without your
knowledge.
Signs your computer MAY have
been exploited
• Spontaneous reboots
• Failed services, virus
scanner disabled
• Sluggish GUI behavior,
poor performance, slow
logins
• Excessive disk or
network activity (HD
LED, Switch LED)
• You can’t install
protective software.
• Unknown user
accounts
• Application and service
errors
• Low disk space
• Subpoenas and search
warrants
• Your computer insists
on playing “global
thermonuclear war.”
Sources: Alex Keller, Bob Klepfer
Call my attorney! I’ve been
EXPLOITED!
If computer has been exploited, you
need to
– Stop cussing.
– Immediately disconnect your computer
from the internet.
– Identify the exploit.
– Close the hole.
– Fix the damage.
I feel so dirty.
• To identify the exploit:
– Reconnect to the internet, update your antivirus
definitions, disconnect, and scan your entire hard
drive.
– Reconnect to the internet, update your
antispyware definitions, disconnect, and scan
your entire hard drive.
– Write down the symptoms; reconnect to the
internet; search Google, Symantec, or the
Microsoft Knowledge Base; disconnect.
• To close the hole, download and apply the
appropriate patch from the manufacturer’s
web site.
Repairing the damage
• Repairing the damage from an exploit could
be as simple as deleting or replacing corrupt
data or as complicated as a deep-level format
of your hard drive.
– The repair path depends on the exploit.
– This may be a job for a professional repair
technician.
• The BEST way to repair the damage caused
by an exploit is to close the holes before they
are exploited.
Closing the holes
• When a vulnerability is found, operating
system and software manufacturers
[eventually/hopefully] release something
called a “patch.”
• A patch is simply a software update meant to
fix problems, bugs, or the usability of a
previous version of an application. Source:
Wikipedia
• Download and install the patch and your
computer is [hopefully] no longer
susceptible to that particular vulnerability.
Why are patches so important?
• When a new patch is released, an
unintended consequence is that the
bulletin announcing the patch also
announces the vulnerability to
crackers.
• Crackers count on the fact that you
won’t get the patch—your computer
will continue to be vulnerable.
• And the time between bulletin and
exploit is shrinking.
MS02-039
MS Security Bulletin:
MS02-039
Buffer Overruns in SQL Server
2000 Resolution Service Could
Enable Code Execution (Q323875)
Originally Posted:
July 24, 2002
Exploit:
W32.SQLExp.Worm [a.k.a., SQL
Slammer Worm]
Exploit Discovered by Symantec on:
January 24, 2003
Elapsed Time from Bulletin to
Exploit:
MS02-039
MS Security Bulletin:
MS02-039
Buffer Overruns in SQL Server
2000 Resolution Service Could
Enable Code Execution (Q323875)
Originally Posted:
July 24, 2002
Exploit:
W32.SQLExp.Worm [a.k.a., SQL
Slammer Worm]
Exploit Discovered by Symantec on:
January 24, 2003
Elapsed Time from Bulletin to
Exploit:
184 days
MS03-026
MS Security Bulletin:
MS03-026
Buffer Overrun In RPC Interface
Could Allow Code Execution
(823980)
Originally Posted:
July 16, 2003
Exploit:
W32.Blaster.Worm
Exploit Discovered by Symantec on:
August 11, 2003
Elapsed Time from Bulletin to
Exploit:
MS03-026
MS Security Bulletin:
MS03-026
Buffer Overrun In RPC Interface
Could Allow Code Execution
(823980)
Originally Posted:
July 16, 2003
Exploit:
W32.Blaster.Worm
Exploit Discovered by Symantec on:
August 11, 2003
Elapsed Time from Bulletin to
Exploit:
26 days
MS04-011
MS Security Bulletin:
MS04-011
Security Update for Microsoft
Windows (835732)
Originally Posted:
April 13, 2004
Exploit:
W32.Sasser.Worm
Exploit Discovered by Symantec on:
April 30, 2004
Elapsed Time from Bulletin to
Exploit:
MS04-011
MS Security Bulletin:
MS04-011
Security Update for Microsoft
Windows (835732)
Originally Posted:
April 13, 2004
Exploit:
W32.Sasser.Worm
Exploit Discovered by Symantec on:
April 30, 2004
Elapsed Time from Bulletin to
Exploit:
17 days
MS04-011
MS Security Bulletin:
MS04-011
Security Update for Microsoft
Windows (835732)
Originally Posted:
April 13, 2004
Exploit:
W32.Sasser.Worm
Exploit Discovered by Symantec on:
April 30, 2004
Elapsed Time from Bulletin to
Exploit:
17 days
Patch or DIE!
• Notice a trend?
• Can you see why
patch management
is so important?
• The time between
bulletin and exploit
is shrinking!
• Patch Tuesday is
often followed by
Exploit Thursday.
She watch, she watch, she watch…
channel ZERO!
• In fact, zero-day exploits—exploits that take
advantage of unknown operating system or
software application vulnerabilities—already
exist and more are coming.
– Crackers keep these zero-day exploits to
themselves, using them to gain access or
escalate privileges on a small number of target
systems.
• Zero-day exploits will become more
prevalent in the months to come.
You can’t completely protect your
computer from every exploit, but
you can keep the exploits at bay
by practicing simple patch
management.
How to patch Windows
• When Microsoft finds a
security hole in
Windows or Internet
Explorer, they
[usually/eventually]
release a patch called a
“Critical Update.”
• In Internet Explorer, go
to Tools > Windows
Update.
• Click on Scan for
updates.
How to patch the Apple OS
• Apple menu > Software
Update
• To get updates
immediately:
– Choose System
Preferences from the
Apple menu.
– Choose Software Update
from the View menu.
– Click Update Now.
– In the Software Update
window, select the items
you want to install, then
click Install.
Image courtesy Apple.com
Manually run Windows Update or
Apple Software Update at least
once a week.
Your computer should, by default,
automatically check for updates.
That’s cool, but also run the update
manually just to be safe.
To patch Microsoft Office
• In Windows XP or 2000, just
run the new Windows
Update.
• In older versions of
Windows, go to
officeupdate.microsoft.com
and click on “Check for
Updates”
• Mac users need to go to
http://www.microsoft.com/m
ac/downloads.aspx
• Have your Office installation
disk nearby in case the
update needs to “sniff” the
disk.
Patching other programs through
“Check for Updates”
• Open the program you
want to patch and,
under the Help menu,
look for “Check for
Updates,” “Updates,”
“Check for Upgrade,” or
something similar.
• This will either
– Automatically check for
and install any software
patches you are missing
– Take you to a web site
where you can download
the necessary patches.
Manually patching your software
• If the Help menu doesn’t
have a built-in update
feature, choose About [the
name of the program] in the
Help menu and write down
the exact version number of
the program.
– Usually its an integer and a
combination of decimals
[like 7.0.1]
• Go to the software
manufacturer’s web site and
look for “Downloads,”
“Upgrades,” “Support,” or
something similar.
Manually patching your software
Compare your software’s version number
to the version number available online.
– If the decimals of the online version number
are larger than yours, download and install
the appropriate patch.
– If the integer is larger, you’ll need to buy a
new version of the program.
Part Three: Run MBSA
Close “unknown” operating
system vulnerabilities
A dirty Microsoft secret
• Windows Update lies.
• It frequently thinks you’ve installed a
critical update you haven’t, leaving
your computer vulnerable.
• That’s where Microsoft’s Baseline
Security Analyzer [MBSA] comes in.
MBSA 2.0
MBSA is a free
program from
Microsoft that scans
for over 60 common
system
misconfigurations and
almost any Microsoft
security update your
computer may be
missing.
What MBSA does
• MBSA double-checks the security of
–
–
–
–
–
Windows (*)
Microsoft Office 2000 and later
Internet Explorer 5.01 and later
Windows Media Player 6.4 and later
A bunch of other Microsoft applications and
services
• MBSA analyzes, you fix.
– MBSA tells you what’s wrong and points you to
the solution.
– You have to apply the solution.
Bad news/good news
• (*) MBSA only works on Windows XP, 2000,
and Server 2003.
• It was designed for corporate tech support,
but there is no reason why you can’t use it at
home.
• Oh, and it’s free.
• To get the version of Microsoft’s MBSA,
– Search for “microsoft mbsa” at Google.
– The first hit—Microsoft Baseline Security
Analyzer (MBSA}—takes you to the download
page.
How MBSA really works
• MBSA scans your computer’s
operating system, operating system
components, and Microsoft
applications.
• MBSA then compares the version
numbers of the stuff on your computer
with the latest version numbers in the
MSSecure.cab file.
• Finally, MBSA shows you which
updates your computer is missing.
Translating the security report
Failures
• Critical failures [red Xs] require you to
immediately install a patch or update to
ensure the strongest security of your
computer.
• Non-critical failures [yellow Xs] happen when
there is a newer version of something
available, but you don’t really have to
upgrade…yet.
• Best practices [blue asterisks] could signify
a problem—MBSA can’t confirm that those
particular security updates have been
installed.
Fixing the critical failures
• Remember, MBSA analyzes, you fix.
• To find a fix for a critical failure in Security
Update Scan Results or Desktop Application
Scan Results, click on the Result Details link
next to that critical failure.
Result details
• This shows you exactly
what’s missing or is
misconfigured.
• Click on each link and it
opens a page in Internet
Explorer telling you
how to download the
appropriate patch.
• REMEMBER TO
INSTALL THE
PATCHES AFTER YOU
DOWNLOAD THEM!
– MBSA won’t do it for you.
MBSA tips
• Run MBSA from time to time just to
double-check your computer’s security.
• Don’t be surprised if MBSA still gives
you blue asterisks even after you’ve
installed all the patches.
– Sometimes MBSA gets confused.
– There’s no real way to unconfuse it.
• There’s no such thing as a “clean”
MBSA scan, especially in the middle
five sections.
Part Four: Update your
Antivirus
You’d be shocked at how many
people never do this.
The reality of the situation
• According to Symantec, as of October 2005
there were nearly 72,895 PC viruses out
there.
• 10 to 15 new viruses are discovered each
day.
• Between 3,650 and 5,475 brand new viruses
were discovered in just the past year alone.
• The moment you connect your computer to
the Internet your computer is immediately
vulnerable to ALL of these viruses.
True or False?
As long as you keep updating your
antivirus definitions, the antivirus
software that came with your
computer should protect you.
FALSE!
Now for the Bad News
• Unless your computer is only a few months
old, your antivirus software is outdated and
may not be able to detect the newest,
polymorphic viruses.
• Your antivirus software has two distinct
parts:
– A computer program that scans your computer
for viruses.
– Antivirus definitions that tell that program exactly
what to look for.
• Updating your antivirus definitions—which
you should do frequently—is not the same
thing as updating your antivirus software.
Out with the old, in with the new.
Just like you need to change the oil in
your car every few months, you need to
change your antivirus software every 12
to 18 months.
– Completely uninstall the old version [like
Norton Antivirus 2005.]
– Purchase and install the latest version [like
Norton Antivirus 2007.]
The latest antivirus software
• The top two consumer antivirus
software programs are
– Norton Antivirus 2005 [~US$50]
– McAfee VirusScan 2005 Version 9
[~US$50]
• My favorite AV? Eset Nod 32
[US$39/yr]
• The best free antivirus program is AVG
Anti-Virus Free Edition version 7.5 at
http://free.grisoft.com/
Update schedule
• Completely replace your antivirus
software every 12 to 18 months.
• Update your antivirus definitions daily.
– Most antivirus programs do this
automatically.
• Manually update your antivirus
definitions weekly.
– Automatic updates are cool, but run an
update by hand each week just to be safe.
What About Macs?
Image courtesy http://www.apple.com/
• The possibility of new
Mac viruses, while
slight, is still greater
than zero.
• The possibility of
future, cross-platform
viruses (viruses that
infect both PCs and
Macs) is also quite real.
• So, yes, Mac users also
need antivirus software.
• And keep it updated.
Part Four: Detect, Delete, and
Block Spyware and Malware
Give spyware and malware the
boot.
Adware
• Adware is software that
displays
advertisements when a
particular program is
running.
• A good example is the
Eudora email client.
– You can buy it for
~US$50.
– You can also get the
exact same program for
free, but the free version
displays an ad window
and up to 3 sponsored
toolbar links.
Adware: Good.
• Pure adware is a good thing.
– You get software that you otherwise
wouldn’t be able to afford.
– In return, the software displays some ads.
• Unfortunately, pure adware is also rare.
Spyware: Bad.
• Spyware is software that tracks what you do
and where you go online.
• Pure spyware like the Google toolbar
respects your privacy and doesn’t share this
tracking information with anyone else.
• Unfortunately,
– Pure spyware is the exception, not the rule.
– An overwhelming majority of spyware [like
99.99%] sells your personal information to
marketing companies.
Why is spyware so bad?
• Besides the privacy implications, spyware
can often break your computer.
– Spyware code is often poorly-written.
– You may have so many spyware programs
running at once that your computer slows to a
crawl or crashes.
• Spyware has been linked to an increase in
both spam and pop-ups.
• Pornographers use spyware to push explicit
advertisements to your computer.
– “Will some please think about the children?”
How pervasive is spyware?
• Over 90% of broadband users have
spyware installed on their systems. Source
AOL [as quoted by http://tinyurl.com/5kdh9 ]
• PestPatrol has identified 33,099
different spyware programs or objects
on the loose as of late October 2006.
Where does spyware come from?
• Some spyware piggybacks on top of
free software you download and install
from the Internet.
• Software that comes bundled with
spyware include:
– File-sharing programs like Grokster and
Kazaa
– DiVx
– Weatherbug
Where does spyware come from?
You can also get spyware
by clicking on dubious
pop-up ads.
– “Your Computer is
Currently Broadcasting
an Internet IP Address”
– “Your Internet
Connection Is Not
Optimized”
– “Your Current
Connection May Be
Capable of Faster
Speeds”
Where does spyware come from?
• Another way to get spyware is from a virus
or Trojan Horse, but that’s rare.
• And if you use Internet Explorer, you can
even get spyware just by visiting a particular
website.
– You don’t have to click or download anything.
– Internet Explorer automatically installs the
spyware for you. [“Thank you, Microsoft!”]
– You can download the fix at mozilla.org.
• MANY of these drive-by installations involve
not only spyware but malware.
Malware: Very bad!
Malware can
– Replace legitimate ads on commercial web sites
with ads from vendors who financially support the
malware’s author [a.k.a., “scumware.”]
– Permanently and irreparably change your
browser’s home page and search settings so that
they point to the malware author’s site [a.k.a.,
“homepage hijackers.”]
• The site is usually overflowing with advertising and popups.
• Fixing homepage hijackers is often quite difficult.
Source: http://www.doxdesk.com/parasite/
Malware: Very bad!
Malware can
– Cause your modem to automatically dial
900, long-distance, or international
telephone numbers whose revenues
support the malware’s author [a.k.a.,
“autodialers.”]
– Open security holes on your computer that
can be used later to remotely take control
of your computer [a.k.a., “Trojan horses.”]
Source: http://www.doxdesk.com/parasite/
Malware: Very bad!
Malware can
– Degrade your computer’s performance and
cause errors thanks to it being badlywritten [a.k.a., “Microsoft Windows”]
– Provide no uninstall feature and put its
code in unexpected and hidden places to
make it difficult to remove [ibid]
Source: http://www.doxdesk.com/parasite/
Bye-bye, IE!
• All kidding aside, it’s time to stop using IE 6
or earlier – use IE 7 or something else.
– IE 5 and 6 have way too many security holes.
– Microsoft only supports IE on XP. There will be
no more free IE security updates for non-XP
users.
• Suggestion: Keep IE around so that you can
access the sites that require it—Windows
Update, Expedia, MSN, Shutterfly, etc.
• Use an alternative browser [like Mozilla
Firefox, Opera, or Safari] to access
everything else!
Detect and delete
• To detect and delete both spyware and
malware, download and install both
– Ad-Aware Personal SE at
http://www.lavasoftusa.com/
– Spybot Search & Destroy 1.3 at
http://www.safer-networking.org/
• Why both?
– Ad-Aware catches stuff that Spybot misses, and
vice-versa.
– They’re both free.
Other spyware removal tools
• But what about [insert your favorite
spyware removal tool’s name here]?
• There are some great spyware removal
tools out there—some free, some not—
but Ad-Aware and Spybot are the
market leaders.
– Ad-Aware has been downloaded 217
million times and Spybot 83 million times.
– AND BOTH ARE FREE!
Definitions
• Both Ad-Aware and
Spybot are similar to
your antivirus program
in that they both use
definition files to know
what to look for.
• Always update the
definitions before you
scan your computer.
– In Ad-Aware, click on
Check for updates now.
– In Spybot, click on
Search for Updates.
If all else fails…
If your computer still
has spyware or
malware that neither
Ad-Aware or Spybot
could remove, check
out Hijack This and
CWShredder at
spywareinfo.com
Dealing with spyware/malware
• To get rid of spyware and malware, run
Ad-Aware and Spybot weekly.
• To prevent future spyware and malware
installations,
– Don’t download and install any free
software without first verifying that it is
free of spyware. [Search Google for the
name of the software +spyware]
– Enable the Immunize feature in Spybot.
Our goals
• Demonstrate why you need a firewall
• Show you how to deal with computer
exploits
• Introduce you to the Microsoft Baseline
Security Analyzer
• Teach you how to detect, delete, and
block spyware and malware
• Do all of this in ENGLISH!
Crispen on Security:
Home Computer Security Basics
a presentation by
Patrick Douglas Crispen
This work is licensed by
Patrick Crispen to the
public under the Creative
Commons AttributionNonCommercialShareAlike 2.5 license.