Wednesday, May 26, 2010

Why Computer Security Matters To You

Last winter I did a project in my college computer class on computer security. Since I was roughly in the top 5% of the class as far as knowledge of computers go, I thought it’d be a good subject that a lot of students could learn and pass the same knowledge on to their parents.  I also wanted to learn more about it, but I wanted to share it with others as well.  My goal for them was that they gain a better understanding of the concept of computer security, to raise their awareness of the risks and threats that the Internet holds and for them to be better prepared for future attacks against their computers, but to also know how to prevent them.  My Powerpoint contains pictures to better illustrate some concepts and may be helpful. You can view it in Google Docs here.

Outline – Next Slide

Through my presentation I will explain computer security and why it matters to everyone no matter the influence computers and technology have on you. I will define and hopefully open your awareness to the threats we are exposed to through everyday usage of our computers. I will also touch upon how computers become insecure and also what you can do to prevent that and stay safe while still getting use out of the Internet. After listing some precautions, I will give my recommendations for programs you could use to carry out the action steps with. And then the last area I will cover is Mac computers and how they play into computer security. Also make sure as I’m going through if there is anything unclear or that you have a question on, to jot it down. I am willing to answer any questions you may have on this topic so be ready to shoot some out when I’m finished.

Computer Security – Next Slide

So what exactly is computer security? It is the process of preventing and detecting unauthorized use of your computer. Prevention measures help you to stop unauthorized users (aka intruders) from accessing any part of your computer system, while detection helps you to determine whether or not someone attempted to break into your system, if they were successful and what they may have done.

Why It Matters – Next Slide

So why should we care about computer security? It’s just for those paranoid people right? Wrong. Computer security matters for everyone. Why you may ask? Because you use computers for almost everything these days – from Banking to Communication to Shopping to Work – they are a major part of our everyday life and that’s why it matters. Another reason is because of personal responsibility. If you are not careful, your computer may become a link between a criminal and someone else. What I mean is that your machine might be used to spam or worse, infect other computers – even ones of your friends.

Threats – Next Slide

To simply put it: there are tons of dangers out on the internet. As you can see there is a good list of them there, and that’s not even all of them. I just listed the main ones I feel are the most important to understand. And thankfully you don’t need to know how they work to protect yourself from them, but it is good to have an understanding about the risks.

  • Malware – A generic name for all malicious programs
  • Adware – a small program designed to show advertisements. It often reports personal information back to its owners – privacy can be violated (ex. MyWebSearch)
  • Spyware – installed on your computer without your consent to monitor or control your computer use
  • Rogue – a malicious program disguised as a trustworthy program (ex. anti-spyware)
  • Virus – a small malicious program that multiplies and is capable to attach itself to other programs after being executed/ run
  • Trojan – a small malicious program that pretends to have a particular function, but that only shows its real purpose after execution and that purpose is often destructive. Trojans cannot multiply themselves, which differentiates them from viruses

Phishing – There is a short video to describe the dangers of here.

So basically phishing is a scam that people use to obtain personal and financial information through deception. A significant part of the phishing problem is ignorance. A survey found that less than 50% of Americans even know what phishing is. It is difficult to defend against something one is not aware of.

Next Slide

This is actually an email that I received last month that is imitating Hotmail. If you look at the selected rectangle, it is requesting my username, password, birthday and the country I live in. One could do a lot of damage with that information. Also if you look down at the bottom the “Get it now” link doesn’t even go to a Hotmail website – this is something you always want to check and is an immediate red flag. On a side note, don’t ever respond to phishing or other scam emails, it just confirms that you are a working email address and will only create more headaches for you in the future.

Facebook Convo – Next slides

(see Powerpoint for entire conversation)

A Facebook conversation I had recently between me and a friend really changed how I look at computer security – it isn’t just about the software you have on your computer. Right away I was skeptical and addressed “her” by a different name – she didn’t correct me. (Next Slide) She continued the story and then asked for MY help – how am I going to help this “friend” get out of the UK. OH Money! Of course! Then if you read the 3rd rectangle “she” plays the urgency card – needing it now. I buy more time and then confront her about the whole situation and “she” flees. Minutes later the real person comes on.

How Computers Become Insecure – Next Slide

First off what’s really important to understand is that computers and made and purchased in a secure state. They have all the necessities – a firewall, which is like a security guard at a store or a guard dog at your house, but on your computer. New computers also come with the most recent updates and security patches on the operating system and obviously don’t have any viruses, spyware or other malware. So how do they get insecure? – You. The majority of the time it is the user or operator, and they do this by visiting dangerous websites, not updating their computer or software and by opening links and attachments in emails from people that they don’t know.

Action Steps – Next Slide

Essential Programs

So what can you do about it? Surprisingly, a lot! I have broken down the process into action steps to follow to ensure a good computer experience while being secure. First you must at least have some essential software installed – an anti-virus program, firewall program and anti-spyware software.

Frequent Updates

Second you need to frequently be updating your operating system and your software (this includes other non-security software as well). Now, if you’re like me the first thing you think of every morning or night isn’t “has my computer been updated and patched recently?” and apparently this consists of most of the population, which is the reason why all operating systems these days come with the ability to be automatically updated. In fact, it may even be the default setting for many computers. If you aren’t familiar with this or you want to know how to see if it’s on, talk to me afterwards and I’ll show you.

Unknown Senders

You should also be wary of emails and other messages on social networks from unknown senders. As the guy in the video said earlier you never want to left click on a link or attachment as it could immediately execute a virus which is never good. Also, even if you know the sender, but are unsure about the email or message they sent; just simply ask them about it first. Some of my friends’ email or social network accounts have been hacked and “they” have sent me messages that they didn’t know of. It also is nice to just let them know about it. Another reminder – if you do happen to receive an email from a friend, but are unsure of the content, don’t reply directly from that email, as the email may go to a different address. To avoid this, simply open a new message window and send them an email separate from the one they sent you.

Backup – Next Slide

When deciding what to do about backing up files on your computer, ask these questions:

The Files question: What files should you back up? The files you select are those that you can neither recreate nor reinstall from somewhere else. Backup the files you cannot replace.

The Often or when question: How often should you back them up? In the best of all cases you should back them up each time a file changes, if you don’t you will have to reintroduce all the changes that happened since you last backup – this is actually a reason I really like online backup, but I’ll touch upon that later.

The Media question: Where should I back them up to; that is what media should you use to hold backed up files? Whatever you have – CD-ROMs, DVDs, an external hard drive and the Internet are my favorites. A couple other forms of media available are flash drives and SD cards. The reason these are not ideal is because they are small and easy to lose, typically have less amount of space than a DVD or HDD and due to portability, aren’t very secure. However, if that’s all you have – then it’s better than nothing!

The Storage question: Where should you store that media once it contains your backed up files? No matter how you back up your files, you need to be concerned about where those backed up copies live. Granted you don’t need to be as concerned with them getting lost or stolen like your information off your computer that can be accessed via the web from anywhere in the world by anyone, but you should still know where you have it stored and for it to be in a safe, protected place.

Secure Your Passwords – Next Slide

Making sure you have secure passwords is another very important step. It can save a lot of time and hassle if you do it the right way the first time. There are a few questions and tests to do with your current and future passwords:

The Strong test – is it strong enough (meaning length and content) as the rules allow?

The Unique test: Is the password unique and unrelated to any of your other passwords?

The Practical test: Can you remember it without having to write it down?

The Recent test: Have you changed it recently?

You should use passwords on all computers and services you use on the Internet. Also you never want to have the same case, always combine upper and lowercase. Always include numbers and punctuation in your password and don’t use numbers that pertain directly to you, such as your birthday or graduation year. And lastly make sure that no part of your password can be found in the English dictionary.

Downloading & Installing Programs – Next Slide

It is very important to do your research prior to just downloading a program on your computer. There are a few different types of programs:

  • Shareware – paid for software that can be bought though retail stores or online. (MS Office)
  • Freeware – free software usually only available online from a wide variety of locations (Adobe Reader)
  • Open Source – Free and Open software that can be customized and changed by the user (Firefox)

There are a few key questions to ask before purchasing and/or downloading programs:

  • What is it and what does it do?
  • Do I need it?
  • Where is it coming from?
  • And after answering all of those questions you should be  able to determine the final one – is it worth it?

Just because you pay for it, doesn’t automatically make it the best or even safe. There is a lot of free software that is both safe and sometimes even the best of its category.

Recommendations – Next Slide

All of the following are available here:

  • Anti-virus Software
    • Avast Free Antivirus
    • Avira AntiVir Personal – Free Antivirus
    • Microsoft Security Essentials
  • Spyware removal
    • Malwarebytes Anti-Malware Free
  • Firewall
    • Comodo Internet Security – have used, but was honestly confused by it, but if someone wants to use it I would encourage it as it’s a good program, but for most of you the…
    • Provided Windows/Mac firewall …is more than enough
  • Backup
    • Windows Backup & Restore Center – Default (backup on External HDD/ CD-ROM/DVD)
    • SyncBack – Freeware (backup on External HDD/ CD-ROM/DVD)
    • SugarSync – Online Backup – 2.5 GB upfront
    • Live Mesh – Online Backup – 5 GB upfront
    • GFI Backup Home Edition
  • Web Browser Add-ons/Plug-ins (Firefox, IE & Chrome)
    • Web of Trust
    • LastPass Password Manager

Macintosh Computers – Next Slide

Who feels that Macs are more secure than PCs?

More than half of Americans believe that PCs are very or extremely vulnerable to cybercrime attacks, while only 20% say the same about Macs.  A survey of more than 1,000 people found that while both PC & Mac users perceive the Mac as being safer, Mac users are victims of cybercrime just as frequently as PC users.

Why, you might ask? – Next Slide

Because it isn’t the operating system or the computer, like I said earlier, it’s the user.  One thing I want to warn you about is not to fall for the marketing techniques Apple uses to entice consumers to buy a Mac.  They claim that Macs don’t get viruses, but they can.

Also at a conference in 2009 a security researcher hacked a Mac through a flaw in the default Mac Internet browser, Safari, in less than 10 seconds.  And while a good OS always helps, it really is up to the user and operator of the computer to stay safe online because most operating systems are fairly secure and decent in this day in age.

Conclusion – Next Slide

In closing the things you need to do is be aware and be prepared. Research your products, known the risks and threats of the Internet and don’t always trust everything you see on the internet. Also, be prepared by having an updated operating system and software, using anti-virus software, backing up your files and using the web and its services responsibly.

View my sources in Google Docs here

No comments:

Post a Comment