Computer Safe Practices SeniorNet Longmont, Colorado Special Presentation at Senior Center March 18, 2008 Note: This presentation is written for Microsoft Windows XP users; however, most information is general in nature and can apply to other operating systems such as Microsoft Windows Vista Prepared and presented by Henry Spencer, a volunteer in the Longmont SeniorNet program Contents Topic Starting page Plan for Emergencies 3 About Viruses 4 How to Protect Yourself Against Viruses 13 Hoaxes 18 Privacy – Your Personal Data 20 Spam 25 Phishing (Brand Spoofing) 28 Firewalls 32 Security Packages 34 Identity Theft 43 Computer Maintenance 59 Glossary 60 2 Plan for Emergencies • Anything can happen at any time, for example: – Head crash on hard disk – Computer virus • • You may have to reconstruct your computer Saving your data – Hard drive: Use “My Documents” to store all of your data in one place – Folders – use within “My Documents” – Backup (removable) media: floppies, CDs, DVDs, flash drives, external hard drive (connects through USB port) – Backup (non-removable) media: second hard disk drive if you have one – Saving special data and settings: Favorites, address lists (if stored on computer) • Saving software – Installation CDs or key if downloaded • Restoring your software – “System restore” or re-format hard drive (c:) and re-install software • Restoring you data – Copy from backup media to hard drive (“My Documents” or other) 3 About Viruses • A virus is a program that reproduces its own code by attaching itself to other executable files in such a way that the virus code is executed when the infected executable file is executed. A virus program inserts the damaging piece of code without your knowledge • All computer viruses are manmade • Viruses can simply be a nuisance or can be very dangerous • A computer virus can do anything from popping up a short message to destroying key files so your computer doesn't work • The most dangerous type of virus is one capable of transmitting itself across networks and bypassing security systems. • There are over 66,000 computer viruses in existence, with a new one detected every 18 seconds • You can have a virus in your computer and not even know it 4 Example 1 This story was printed from ZDNN, located at http://www.zdnn.com. Variant of NetSky virus takes flight. Reuters, March 1, 2004, 1:00 PM PT A new computer worm dubbed NetSky.D was clogging e-mail systems around the world after emerging Monday, a security expert said. The worm is particularly difficult to root out, because it lands in e-mail boxes using a number of different subject lines, such as "re: details" or "re: here is the document.“ "It arrives with an attached PIF (program information file) file, and it's already extremely widespread," said Graham Cluley, senior technology consultant at Sophos. Cluley said experts do not think the new virus is as big as MyDoom, which brought havoc to computer users and targeted Microsoft's Web site, but that the full extent of NetSky.D's spread would be known, as North America logged on throughout the day. When opened, the virus PIF file will rapidly replicate itself, slowing down computers and e-mail bandwidth. "We suspect people are more laid back about PIF files, because they may not have heard of them and may not realize they can contain dangerous code," Cluley said. "The best thing to do with this file is to delete it. Don't open it." NetSky.B, an earlier variant of the latest worm, was rated the third-worst computer virus in February after MyDoom.A and Sober.C, according to Sophos, which writes antivirus and antispam software. Story Copyright © 2004 Reuters Limited. All rights reserved. 5 Example 2 New Bugbear spreading fast by Ian Ferguson and Matthew Broersma ZDNet (UK) June 5, 2003, 9:12 AM PT A new variant of the Bugbear virus--Win32.Bugbear.B--has emerged and threatens corporate and home computer systems, according to anti-virus experts. Messagelabs, which runs outsourced e-mail servers for 700,000 customers around the world, has labeled the worm "high risk" and reports more than 31,000 infections in 120 countries. Computer Associates expert Jakub Kaminsky on Wednesday confirmed the company's anti-virus laboratories had received their first sample of the variant from an Australian user late on Thursday afternoon, Australian time. Other security firms have also discovered the new worm "in the wild", or affecting computers outside the lab. IDefense first found Bugbear.B in Australia and the United States on Wednesday, and said it has since gained ground rapidly. The first Bugbear worm spread rapidly last autumn, creating about 320,000 infected messages in its first week, according to MessageLabs. This week has already seen another significant virus threat emerge with the spread of W32/Sobig.C-mm, which has generated about 30,000 infected messages per day this week, according to MessageLabs. 6 Example 2 (Cont.) Like the first worm, Bugbear.B is a mass-mailing virus that infects Windows PCs. After it infects a PC, the virus searches the machine for email addresses and sends a message out to each address, with a copy of itself attached. Bugbear also grabs a random address from those found in the email program on the PC and uses it in the "From:" line of the messages it sends. This disguises where the actual emails are coming from and makes it difficult to alert someone that their system is infected. The virus also attempts to spread by copying itself to other computers that share their hard drives with the infected system. Bugbear also searches for any of a long list of security programs or antivirus programs and halts them if they are running on the victim's machine. In some cases, Bugbear can also cause printers on a network with infected PCs to start printing a large amount of raw binary data. More dangerously, the virus installs a keylogger that records what the user types--a method of capturing passwords--and a Trojan horse backdoor, communicating on port 1080, which allows an attacker to take control of the system. The virus uses a flaw in the way Microsoft Outlook formats email using MIME (multipurpose Internet mail extensions). The flaw, if left unpatched, allows the virus to automatically execute on a victim's PC if Outlook displays the text of the message. While the flaw and its patch are more than two years old, some users have still not fixed the problem. 7 Example 2 (Cont.) Computer Associates' Kaminsky said that reporting of the virus was likely to increase over the next few hours as European and United States residents awoke and accessed their email inboxes. "Probably tomorrow, we should have more records from Australian users," he told ZDNet Australia . He predicted that the variant--also known as W32/Kimjo.A-mm and W32.Shamur--would spread widely over the next couple of days, before increased consumer awareness, anti-virus vendors updating their offerings and users subsequently installing new patches slowed its progress. While home users face the greater individual threat from the variant, the infection of a large corporate network would see it "truly spread like wildfire" due to its propensity to try to propagate through email addresses found by searching through specific files, and to spread over a network, Kaminsky said. However, most companies who are up to scratch with their virus defenses automatically block the file extension types through which the variant is delivered-.pif, .scr and .exe. Kaminsky said blocking any executable attachment--particularly with double extensions, which characterize both the original BugBear and its variant--was "a good idea" and a natural precaution for companies. CNET News.com's Robert Lemos contributed to this report. 8 More on the BugBear.B Virus New BugBear worm still spreading MSNBCJune 6 — Several antivirus companies remained on high alert Friday after the continued spread of a new computer worm that includes particularly malicious snooping techniques. Bugbear.B, a variant of a worm released last year, installs keylogging software, back-door software, and in some cases even attempts to control infected computers’ modems. Some of the worm’s functions are designed to specially target financial institutions. THE NEW WORM spread to 164 countries in the first 24 hours after its release Thursday morning, according to antivirus firm MessageLabs. There was hope that the worm’s spread would slow at the end of the workday Thursday, but it continued to hit computer users worldwide on Friday. Symantec Corp. raised its risk rating to 4 on a scale of 1 to 5, joining a host of other firms which described the program as a high risk to both home and corporate Internet users. Vincent Weafer, senior director of security response at Symantec, said the firm had received 3,000 submissions from customers who received BugBear. That means the worm is growing faster than Klez, last year’s most virulent computer worm — and it might turn out to be the biggest e-mail virus outbreak in the past two years. “This thing is still growing,” Weafer said. UK-based MessageLabs said it had trapped 150,000 copies of the worm by Friday. About 1 in every 135 e-mails scanned by MessageLabs was carrying the worm. “Just like with the original BugBear, the first day was slower than second day. We’ll probably see this thing peak today and slow down over the weekend,” said Tony Magallanez, assistant engineer with F-Secure. 9 More on the BugBear.B Virus STANFORD HIT Among the victims: Stanford University. A notice on the school’s Web site says the school was “severely impacted” by the worm, and school administrators shut down outgoing e-mail for part of the day yesterday. The school’s computer Security Services indicated it had stemmed a potentially embarrassing incident for Stanford. One of BugBear’s components involves attaching random Microsoft Office documents from one infected machine and sending them along to other users as the worm spreads. According to the school’s Web site, computer administrators “intercepted messages containing salary and bonus spreadsheets, personal data, and other files that are highly confidential” for the worm could send them to other e-mail users. “The exporting of confidential information is a much more significant event than just an infection,” Weafer said. “It involves the potential loss of privacy. People are a lot more concerned about that.” BugBear.B is jam-packed with other malicious tactics. Infected corporations will even find their networked printers spewing out pages of nonsense, as the program sends bad data around the network. In an attempt to avoid detection, BugBear attempts to turn off all antivirus programs, and it shuts down other security software. In addition, it uses a particularly nasty flaw in Microsoft’s Internet Explorer program and its implementation by Microsoft’s Outlook e-mail reader that allows the virus to infect machines whenever a victim simply previews an e-mail message loaded with the program. 10 More on the BugBear.B Virus FINANCIAL INSTITUTIONS TARGETED Kevin Haley, group product manger at Symantec Security Response, said the worm contains a list of 500 domains which belong to financial institutions around the world. If the virus realizes it’s infected a computer on one of those domains, it goes to great lengths to connect with the virus author. First, it installs so-called back-door software on infected machines, which would allow anyone with knowledge of the back door to break into the computer later. But if a network connection isn’t present, BugBear then goes searching for a modem, enables it, then tries to get the computer to dial out, probably to reach the virus author. (The virus writer) really wanted to get into those machines,” said McAfee Fellow Jimmy Kuo. McAfee is a division of security firm Network Associates Inc. U.S. financial institutions probably aren’t at risk from this technique, Kuo said, because most don’t have modems attached to their critical computers any more. But “less technologically-advanced countries might,” he said. The list of financial institutions is thorough: it includes banks from dozens of countries around the globe, including Spain, Argentina, Iceland, Slovakia, Korea, and South Africa. “I can’t say it has or it hasn’t hit a financial institution,” Magallanez said. Financial institutions are tight-lipped about the security they have on their systems.” But the virus writer employed other methods to steal financial information, Mark Sunner, chief technology officer at F-secure, said. “Particularly worrying is the fact that not only can Bugbear leach confidential information from an infected machine, but it may also leave a backdoor wide open for hackers to take control of the machine and misappropriate passwords, credit-card details or for some other nefarious purpose,” he said. 11 More on the BugBear.B Virus SOCIAL ENGINEERING TRICKS Given its various tactics, BugBear.B appears to be the work of a sophisticated programmer — and unlike most viruses, it seems isn’t only after attention — he or she is after money. “There is more of an ulterior motive here,” Belthoff said. “It will be interesting to see if there is continued activity in this line (from other virus authors).” The program’s social engineering tricks are probably the reason it’s spreading, Belthoff said. BugBear has the ability to detect an incoming e-mail message and reply to it with an infected e-mail, attacking computer users when their defense are lowest. “You are certainly less likely to be suspicious of a message that is a reply to a message you’ve sent,” Haley said. BugBear spreads via e-mail and local networks. It’s hard to warn users what to watch for — the subject line, message body, and attachment are all selected from a random list, or chosen from file names already in the target computer’s “My Documents” folder. The infected file itself has either a .exe, .scr, or a .pif extension — blocking those extensions will protect e-mail users against infection, according to Ken Dunham, senior intelligence analyst with iDefense.com. Many companies have done that, Weafer said, so by Friday, 90 percent of infections reported to Symantec came from home users, who are often slower to react to virus warnings. Once BugBear hits a machine, it can be hard to remove, Weafer said, because the worm disables antivirus products that consumers normally use to “clean” infected computers. Antivirus firms are offering special cleaning instructions on their Web sites. But that feature means consumers will probably be dealing with BugBear for a while. “The original BugBear is still in our top 20 list,” Weafer said. “This one will be around for a long time.” 12 How to Protect Yourself Against Viruses • Be sure to install an anti-virus software program to guard against virus attacks. Also, be sure you turn on the scanning features. It can't protect you if it's not enabled. • Update the signature files often (turn on “automatic updates”, if available) • Practice caution when working with files from unknown or questionable sources. • Do not open e-mail attachments if you do not recognize the sender (though you may also receive viruses from people you know or they may be spoofed). Scan the attachments with anti-virus software before opening them. • Be especially wary of attachments that end in .exe, .vbs, .pif, .bat, .dat, .inf or ANY attachment that has a name with double extensions (such as “filename.jpg.exe”) 13 How to Protect Yourself Against Viruses • Make sure you can see file extension names! – Go to Windows Explorer, Tools, Folder Options, View, uncheck “Hide file extensions for known file types”) • Keep your operating system up to date with latest Microsoft patches – Go to Windows Update web site… or, preferably set for automatic update • Go to Control panel, Security Center, Automatic updates • Configure your browser to use a higher security setting – In Internet Explorer, choose Tools, Internet Options and select the Security tab. Make sure that the Internet Zone is configured to Medium Security or above. • Scan your hard drive for viruses frequently (such as every Friday morning at 3AM). • Download files only from reputable Internet sites, and be wary when exchanging diskettes or other media with friends. • Scan ALL floppy disks, CDs, etc. you receive from other people. Believe it or not, most viruses come from removable media, not the Internet! 14 Commercial Virus Protection Software Best know and most widely used for personal computers are Symantec’s Norton Anti Virus PC Magazine (9/2001) Editor Rating: 5/5 Member Rating: 2.5/5 Consumer Reports (9/2006) 80 out of highest score of 87 McAfee Virus Scan PC Magazine (11/2001) Editor Rating: 4/5 Member Rating: 2/5 Consumer Reports (9/2006) 77 out of a highest score of 87 15 How/where to Obtain Anti-Virus Software • You can purchase Symantec’s Norton Anti-virus or McAfee Virus Scan at any business supply store – Office Max or Office Depot, WalMart, etc. – Approx. cost $30-$40 • • • • • • You can buy on the Internet – but make sure you get installation CDs Try a Google search Norton Antivirus or McAfee Virus Scan Can get comparison prices at many sites (e.g. www.pricegrabber.com) You might not need a security “package” which contains other tools in addition to anti-virus software… (However, Norton, McAfee and MSN all have products that are integrated, easy to use and fairly inexpensive compared to buying just anti-virus protection…. See section later in presentation) P.S. Don’t forget the annual subscription fee for virus definitions that start one year from the purchase (about $30/yr. for Norton and McAfee) Note: There are FREE anti-virus packages!!!… e.g., see – www.grisoft.com/ww.product-avg-anti-virus-free-edition – www.avast.com/eng/avast_4_home.html • Another note: Many ISPs such as Comcast, Qwest, AOL, Earthlink and MSN offer free anti-virus and other security features 16 If You Suspect That You May Have A Virus • You have opened a suspicious e-mail attachment, your computer is suddenly crashing or running slowly, you receive error messages whenever you start up your computer or try to launch an application, a friend or colleague has warned you that they have received an infected e-mail attachment from you… • Do not use your e-mailing until the problem is resolved or you have otherwise verified that you do not have a virus (could be a hoax?) • Check to see if your virus protection is up to date and scan your hard drive for viruses • Check antivirus software vendors’ sites for more details and removal instructions, e.g.,: – http://securityresponse.symantec.com (let’s look here for latest threats) 17 Hoaxes • A computer virus hoax is a fake warning about a computer virus, usually sent to you from a well-meaning friend (I’ve been caught on this too!) • Examples: – – – – Congressional bill that wants to charge for all emails “Teddy Bear” or Jdbgmgr.exe (Java debugger) virus (need to delete the file) “SULFNBK.EXE” virus (need to delete the file) WTC Survivor virus (wipes out your hard drive) • Some hoaxes don’t mention a virus, they are myths or “urban legends” • Examples: – Microsoft giving away $800 (very new) – Craig Shergold (dying child collecting business cards) – Person who wakes up in hotel bathtub, packed in ice, with both kidneys gone! 18 How Do I Know If It Is a Hoax? • It may be a hoax if: – – – – An email that urges you to send it to all of your friends The story is frightening Something that is unrealistic (e.g., ability to trace all recipients of email) Credible-sounding but vague technical language (e.g., “nth-complexity infinite binary loop”) • Where can I check to see if it is a hoax or myth? – Hoaxbusters: http://hoaxbusters.org – Vmyths: http://www.vmyths.com – Symantec’s Hoax Site: http://www.symantec.com/avcenter/hoax.html • (Look here for $800 offer from Microsoft) – Urban Legends: http://urbanlegends.about.com – Scambusters: http://www.scambusters.org 19 Privacy – Your Personal Data • NEVER give out your passwords to anyone (even your Internet Service Provider) • Use safe passwords (no real words or names, mix letters and numbers, upper and lower case) • Be careful about who you give any information to…. Is this a trusted source? (Example: $18M estate… see next page) • Don’t log onto sites that you don’t know anything about, even if they advertise something for free • Buying online: Buy from trusted sources and insure that the connection is encrypted (https). Note: Credit card numbers are safer here than in your typical store or restaurant • Cookies: Clean up and delete from time to time. You can disallow cookies, but this will make some Internet use more cumbersome 20 $18M Estate Dear sir/madam: As you read this,I don't want you to feel sorry for me,because I believe everyone will die someday. My name is Ahmed Mohammed,a merchant in Dubai,In the U.A.E, I have been diagnosed with esophageal cancer,It has defiled all forms of medical treatments,and according to medical experts, I only have about a few months to live, I have not particularly lived my life so well,as i never really cared for anyone(not even myself) but my business. Though I am very rich,I was never generous,I was always hostile to people and always focused on my business as that was the only thing I cared for. But now I regret all these as I now know that there is more to life than just wanting to have or make all the money in the world. I believe that when Allah gives me a second chance to come back into this world,I would live my life a different way from how i lived it. Now that Allah has called me ,I have willed and given most my properties and assets to my immediate and extended family members as well as a few close friends. I want Allah to be merciful to me and accept my soul when i die. I have decided to also give to charitable organizations,as I want this to be one of the last good deeds i have done on earth so far, I have distributed money to some charitable organizations in the U.A.E, Algeria and Zimbabwe. Now that my health has deteriorated so badly, I can not do this myself anymore. I once asked members of my family to close one of my accounts and distribute the money to some charitable organizations in Bulgaria and Pakistan,they refused and kept the money to themselves. Hence,I do not trust them anymore,as they seem not to be satisfied with what i left for them. The last of my money which no one knows about is a huge cash deposit of EIGHTEEN MILLION UNITED STATES DOLLARS (US$18,000,000.00) that i have in the vault of a finance company abroad. I will want you to collect this fund on my behalf and dispatch it to charitable organizations of your choice. Please endeavour to reply me through my direct and private e-mail address for confidentiality so that i can give you further information on the project. I will be checking my personal e-mail awaiting your quick response. For your time and honesty, I am willing to offer you 20% of the total fund. May Allah be with you. Ahmed Mohammed E-mail:mohammedmoh2@yahoo.co.uk 21 Privacy – Someone is Spying on You! • Have you ever noticed your “Home” page has been changed?… or, have you noticed some software has been installed on your computer that you didn’t install? These can be caused by “free” downloads or responses to popups that you make. • Adware: installs an additional component that feeds advertising to you or points your browser homepage to sites feeding advertising – It’s not only annoying, but it can alter the way your computer operates, slow it down or interfere with the correct operation of some of your programs • Spyware: Adware often contains another hidden component that tracks web usage. This creates “traffic data” and can: – consist of rather benign cookies showing time spent on certain sites – more often it also obtains your system's unique numerical hardware ID (MAC address) and IP address, combines it with your surfing habits and correlates it with any personal information you provided when the "free" program was downloaded – worse, it trades this information with affiliate advertising, building an increasingly complex dossier on who you are and what you like to do on the Internet. 22 What do I do about Adware and Spyware? • • • These types of programs can be difficult or almost impossible to remove from your computer The BEST protection is prevention Be very careful about the software that you download… regardless whether it is from a “trusted” site or not, READ the terms and conditions of their privacy policy – • • Never click on “Run this program” or “OK” or “Yes” or anything like this unless you understand completely what is going to happen Install one or more Adware/Spyware detection/removal programs: – – – – – – • You may find out that they are both collecting and selling your information Ad-Aware SE Personal: www.lavasoftusa.com (“Ad-Aware 2007 Free” under “Home”) ( free) Windows Defender: www.microsoft.com/athome/security/spyware/software/default.mspx (free) Spybot Search and Destroy: www.safer-networking.org/en/index.html (free but asks for donation) Yahoo! Toolbar Anti-Spy: For link, search for “Yahoo! toolbar anti-spy” in Google (free) Spy Sweeper: www.webroot.com (buy) Anti-spyware features in packages such as McAfee Virus Scan If you have adware or spyware installed on your computer and cannot remove it, you can at least block access to your computer with a firewall 23 Spyware Example • Article in New York Times by their computer expert… someone wrote to him saying that “something called Xupiter took over my Web browser’s start page and I can’t change it”… and, why didn’t his anti-virus program catch it? • Response from J.D. Biersdorfer (the column’s author): – It wasn’t a virus so the anti-virus program couldn’t do anything about it – The person’s Web browser was “kidnapped” by the aggressive marketing software used by Xupiter, a search engine company – The person may have inadvertently clicked on a link from a pop-up ad or website that invited Xupiter to reset his browser’s start page to itself – Or, he may have inadvertently installed the program along with some shareware – This is an example of “adware” or “spyware” – Spyware Info, an online journal has an informative article on the practice of hijacking at www.spywareinfo.com/articles/hijacked • (Let’s go look at this!… info only…. some advertisements in here!) 24 Spam • Junk email – some experts say that in 2004, 60% of all email was spam • Pain in the neck!… I suggest you just delete them… if you respond or even ask to be deleted from their address list, then they know you exist and might send you more (exception: a legitimate, big company will usually let you “opt” out) • Junk mail filter for Hotmail users (incl. MSN) – – – – – – Go to http://www.hotmail.com Sign on (if you have MSN mail, add “@msn.com” to your email address Click on “Options” See heading “Junk e-Mail ” Click on “Filters and reporting” Choose your level of junk mail filtering and options for junk mail • Most ISPs offer free spam blockers, including MSN, Google Mail and Earthlink 25 Question 26 Five Ways to Cook Your Spam from article written by Barbara Basler, Feb. 2004 issue of AARP Bulletin 1. 2. 3. 4. 5. Don’t open spam – just delete it. Opening it just confirms there is a working address. Keep your primary email address private. Give it only to those you trust. Have an alternate email address. If you buy products online, register for free offers or sign up for email newsletters, set up a second email address with your ISP or with one of several email services (e.g., Hotmail) Always check the privacy policy of websites you visit. Opt out of receiving mail from their partners. Devise an email address with numbers as well as letters. A complicated address is harder for spammers to find. 27 Phishing (Brand Spoofing) Definition from www.whatis.com • On the Internet, phishing (sometimes called carding or brand spoofing) is a scam where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online, in an effort to phish (pronounced "fish") for personal and financial information from the recipient. • Phishers use any number of different social engineering and email spoofing ploys to try to trick their victims. In a recent case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. 28 Phishing, or Brand Spoofing (Cont.) • • • Phishing is a variation on the word fishing: fishers (and phishers) set out hooks, knowing that although most of their prey won't take the bait, they just might entice someone to bite. The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the Web site of the company to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to uce@ftc.gov or call the FTC help line, 1-877-FTC-HELP. NEVER click on a link (URL) in an email that looks like it goes to a trusted site (such as your bank). Instead, use your browser to take you directly to the trusted site. This insures* that you are not going to a “spoofed” site. (A “spoofed” URL in an email will probably look exactly like the real URL, but if you click on it in the email, it will take you to a fake site.) * A similar but newer threat to “phishing” is “pharming” (for definition see http://en.wikipedia.org/wiki/pharming). The end result of “pharming” is the same as “phishing” but is more difficult to detect because it can take you to a spoofed site even if you go there directly from your own browser! In the “phishing” case, even though the URL looks correct on the web page, the actual code on the web page which is hidden from view takes you to the wrong site. In the “pharming” case, an internal table in your computer has been “hacked” to take you to the wrong site! The best protection against this is to insure that you have a firewall running on your computer. Luckily the threat of “pharming” is much less than “phishing” because it happens much less frequently and would take a “bad guy” to hack into your individual computer; thus, the need for a firewall to prevent this. 29 From Kim Komando, January, 2004 • A NEW TRICK FROM THE SAME OLD PEST The people behind MiMail.P have found a new way to sneak into your computer. Clicking on a spam attachment does not start the program. Rather, it sends your computer to Russia to download the virus. This enables it to escape anti-virus programs that scan e-mail. MiMail.P tries to trick you into disclosing passwords, credit card numbers and other private information. Avoid the trickery by not clicking the attachment on the spam. If MiMail.P gets into your computer, don't fall for it. • KEEP AN EYE ON 'PHISHING' EFFORTS Phishing e-mails are constructed to look like the real thing. For instance, MiMail.P presents you with a message that looks like it came from PayPal. You are asked for your personal information. That can be used to steal your identity, among other things. An anti-phishing group has put together a site to educate the public and curb phishing. Check it out at: www.antiphishing.org 30 Example (from www.antiphishing.org) Wells Fargo Bank "Please verify your Wells Fargo account“ 9-Mar-2004 Email title: "Please verify your Wells Fargo account" Scam target: Wells Fargo account holders Email format: HTML email Sender: Wells Fargo Customers Support [wells@WellsFargo.com] Sender spoofed? Yes Scam call to action: "Please note that if you don't verify your ownership of account in 24 hours we will block it to protect your money." Scam goal: Capture bank account information. Call to action format: URL link Visible link: http://www.wellsfargo.com/verify/ Called link : http://68.104.255.61:82/verify/ Resolved URL: http://68.104.255.61:82/verify/ 31 Firewalls • • • • • A firewall is a program or set of related programs, located on a personal computer or at a network gateway server, that protects the local resources from users from other networks Important software to install on your home PC if you are permanently connected to the Internet (DSL or cable modem) Once installed on your PC, the firewall can protect you from intrusion from unwanted external sites (e.g., adware or spyware sites) Firewall lets you “allow” or “disallow” connection to/from certain Internet locations or allow you to be prompted for each requested connection Check out this web site!… www.firewallguide.com – • • Free firewalls include Sunbelt (was Kerio at www.321download.com/LastFreeware/page7.html) and Comodo at www.personalfirewall.comodo.com Before installing personal firewall software on a Windows XP computer, be sure that the firewall built into Windows XP is turned off. Never use two software firewalls at the same time. You can use the firewall built into Windows XP, but it does not monitor “outbound” traffic, just “inbound”. Other firewalls monitor traffic going both ways. 32 To enable or disable Internet Connection Firewall in XP • • If you have not applied Service Pack 2 (SP2) 1. Open Network Connections by clicking Start, click Control Panel, and then double-click Network Connections. 2. Click the Dial-up, LAN or High-Speed Internet connection that you want to protect, and then, under Network Tasks, click Change settings of this connection. 3. On the Advanced tab, under Internet Connection Firewall, select one of the following: o To enable Internet Connection Firewall (ICF), select the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. o To disable Internet Connection Firewall, clear the Protect my computer and network by limiting or preventing access to this computer from the Internet check box. If you have applied Service Pack 2 (SP2) 1. Click Start, click Control Panel, and then double-click Windows Firewall Note: If you see the Windows Firewall icon in the Control Panel, you do have Service Pack 2. 2. • On General tab, click On or Off. Note: See Help and Support Center (Click Start, click Help and Support and search for Firewall for more detailed information on the XP firewall) 33 Security Packages • • There is a trend towards “packages” of security features such as anti-virus, anti-spyware, spam protection, etc. which are offered by major vendors MSN Live One Care (http://onecare.live.com) – $49.95/yr. for up to 3 computers – 90-day free trial – Includes: • • • • • • • • Anti-virus Anti-spyware Anti-phishing Firewall (2-way) Performance Tune-ups Backup and restore McAfee (following) Norton (following) 34 McAfee • McAfee Total Protection with SiteAdvisor Plus 2008 – 12-in-1 protection – $59.99 for 3 users (on McAfee site*) • McAfee Internet Security Suite with SiteAdvisor 2008 – 10-in-1 protection – $39.99 for 3 users (on McAfee site*) • McAfee Virus Scan Plus with SiteAdvisor 2008 – 6-in-1 protection – $34.99 for 1 PC (on McAfee site*) * Current promotion 35 36 If you have DSL High Speed Internet Access with Qwest/MSN, you can download and install a free copy of McAfee security software. Start Internet Explorer, go to http://membercenter.msn.com 38 39 Install these 40 Norton • Norton 360 Version 2.0 Premier Edition – $99.99 for 3 users (on Norton site*) • Norton 360 Version 2.0 All-in-One Security – $79.99 for 3 users (on Norton site*) • Norton Internet Security 2008 – Anti-virus, firewall, anti-spam, parental control, anti-spyware, antiphishing – $59.99 for 3 users (on Norton site*) • Norton Anti-virus 2008 with Anti-spyware – $39.99 for 1 PC (on Norton site*) * www.symantec.com - for local purchase, check Wal-Mart 41 Norton 360 Version 2.0 Premier Edition Norton 360 Version 2.0 All-in-One Security Norton Internet Security 2008 Norton Anti-virus 2008 with Anti-spyware 42 Identity Theft (Computer and otherwise) How can I prevent identity theft from happening to me? As with any crime, you can't guarantee that you will never be a victim, but you can minimize your risk. By managing your personal information widely, cautiously and with an awareness of the issue, you can help guard against identity theft. • Don't give out personal information on the phone, through the mail or over the Internet unless you've initiated the contact or are sure you know who you're dealing with. Identity thieves may pose as representatives of banks, Internet service providers (ISPs) and even government agencies to get you to reveal your SSN, mother's maiden name, account numbers, and other identifying information. Before you share any personal information, confirm that you are dealing with a legitimate organization. You can check the organization's Web site as many companies post scam alerts when their name is used improperly, or you can call customer service using the number listed on your account statement or in the telephone book. 43 Identity Theft (Cont.) • Don't carry your SSN card; leave it in a secure place. • Secure personal information in your home, especially if you have roommates, employ outside help or are having service work done in your home. • Guard your mail and trash from theft: • Deposit outgoing mail in post office collection boxes or at your local post office, rather than in an unsecured mailbox. Promptly remove mail from your mailbox. If you're planning to be away from home and can't pick up your mail, call the U.S. Postal Service at 1-800-275-8777 to request a vacation hold. The Postal Service will hold your mail at your local post office until you can pick it up or are home to receive it. 44 Identity Theft (Cont.) • To thwart an identity thief who may pick through your trash or recycling bins to capture your personal information, tear or shred your charge receipts, copies of credit applications, insurance forms, physician statements, checks and bank statements, expired charge cards that you're discarding, and credit offers you get in the mail. If you do not use the prescreened credit card offers you receive in the mail, you can opt out by calling 1-888-5-OPTOUT (1-888-567- 8688). Please note that you will be asked for your Social Security number in order for the credit bureaus to identify your file so that they can remove you from their lists and you still may receive some credit offers because some companies use different lists from the credit bureaus’ lists. • Carry only the identification information and the number of credit and debit cards that you'll actually need. • Place passwords on your credit card, bank and phone accounts. Avoid using easily available information like your mother's maiden name, your birth date, the last four digits of your SSN or your phone number, or a series of consecutive numbers. When opening new accounts, you may find that many businesses still have a line on their applications for your mother's maiden name. Use a password instead. 45 Identity Theft (Cont.) • Ask about information security procedures in your workplace or at businesses, doctor's offices or other institutions that collect personally identifying information from you. Find out who has access to your personal information and verify that it is handled securely. Ask about the disposal procedures for those records as well. Find out if your information will be shared with anyone else. If so, ask if you can keep your information confidential. • Give your SSN only when absolutely necessary. Ask to use other types of identifiers when possible. If your state uses your SSN as your driver's license number, ask to substitute another number. Do the same if your health insurance company uses your SSN as your account number. • Pay attention to your billing cycles. Follow up with creditors if your bills don't arrive on time. A missing bill could mean an identity thief has taken over your account and changed your billing address to cover his tracks. 46 Identity Theft (Cont.) • Be wary of promotional scams. Identity thieves may use phony offers to get you to give them your personal information. • Keep your purse or wallet in a safe place at work as well as any copies you may keep of administrative forms that contain your sensitive personal information. • Cancel all unused credit accounts. • When ordering new checks, pick them up at the bank, rather than having them sent to your home mailbox. 47 Identity Theft (Cont.) What should I do if someone has stolen or scammed my personal information or identification documents? If your information or identification documents were stolen or scammed, you have an opportunity to prevent the misuse of that information if you can take action quickly. • For financial account information such as credit card or bank account information: Close those accounts immediately. When you open new ones, place passwords on these accounts. Avoid using your mother’s maiden name, your birth date, the last four digits of your SSN or your phone number, or a series of consecutive numbers. • For SSNs: Call the toll-free fraud number of any one of the three major credit bureaus and place a fraud alert on your credit reports. This can help prevent an identity thief from opening new credit accounts in your name. • To replace an SSN card: Call the Social Security Administration at 1800-772-1213 to get a replacement. 48 Identity Theft (Cont.) • For driver's license or other identification documents: Contact the issuing agency. Follow their procedures to place fraud flags and to get replacements. • Once you have taken these precautions, there really isn't anything more you need to do except to check for the signs that your information is being misused. You don't have to file an identity theft report with the police or with the FTC until you find out if your information is actually being misused. If another crime was committed, such as theft of your purse or wallet or your house or car was broken into, report that crime to the police. 49 Identity Theft (Cont.) I have a computer and use the Internet. What should I be concerned about? If you're storing personal information such as SSNs, financial records, tax returns, birth dates, or bank account numbers in your computer, the following tips can help you keep your computer and your personal information safe from intruders: • Update your virus protection software regularly, or when a new virus alert is announced. Computer viruses can have a variety of damaging effects, including introducing program code that causes your computer to send out files or other stored information. Be on the alert for security repairs and patches that you can download from your operating system's Web site. • Do not download files sent to you by strangers or click on hyperlinks from people you don't know. Opening a file could expose your system to a computer virus or a program that could hijack your modem. 50 Identity Theft (Cont.) • Use a firewall program, especially if you use a high-speed Internet connection like cable, DSL or T-1, which leaves your computer connected to the Internet 24 hours a day. The firewall program will allow you to stop uninvited guests from accessing your computer. Without it, hackers can take over your computer and access your personal information stored on it or use it to commit other crimes. • Use a secure browser - software that encrypts or scrambles information you send over the Internet - to guard the security of your online transactions. Be sure your browser has the most up-to-date encryption capabilities by using the latest version available from the manufacturer. When submitting information, look for the "lock" icon on the browser's status bar to be sure your information is secure during transmission. 51 Identity Theft (Cont.) • Try not to store financial information on your laptop unless absolutely necessary. If you do, use a strong password - a combination of letters (upper and lower case), numbers and symbols. Don't use an automatic log-in feature which saves your user name and password so you don't have to enter them each time you log-in or enter a site. And always log off when you're finished. That way, if your laptop gets stolen, it's harder for the thief to access your personal information. • Before you dispose of a computer, delete personal information. Deleting files using the keyboard or mouse commands may not be enough because the files may stay on the computer's hard drive, where they may be easily retrieved. Use a "wipe" utility program to overwrite the entire hard drive. It makes the files unrecoverable. Most local computer stores have utility programs to do this. • For more information, see Protect Yourself and NASA Before Getting Rid of That Old Home Computer (http://www.hq.nasa.gov/office/oig/hq/identity.html) from the National Aeronautics and Space Administration (NASA). 52 Identity Theft (Cont.) • Look for Web site privacy policies. They answer questions about maintaining accuracy, access, security, and control of personal information collected by the site, as well as how information will be used, and whether it will be provided to third parties. If you don't see a privacy policy, consider surfing elsewhere. How can I prevent companies from using my personal information for marketing? More organizations are offering consumers choices about how their personal information is used. For example, many let you "opt out" of having your information shared with others or used for marketing purposes. 53 Identity Theft (Cont.) When should I provide my Social Security number? Your employer and financial institution will likely need your SSN for wage and tax reporting purposes. Other businesses may ask you for your SSN to do a credit check, like when you apply for a car loan. Sometimes, however, they simply want your SSN for general record keeping. If someone asks for your SSN, ask the following questions: • Why do you need it? How will it be used? How do you protect it from being stolen? What will happen if I don't give it to you? • If you don't provide your SSN, some businesses may not provide you with the service or benefit you want. Getting satisfactory answers to your questions, though, will help you to decide whether you want to share your SSN with the business. 54 Identity Theft More GOOD ADVICE AGAINST THEFT An Attorney's Advice Free! A corporate attorney sent the following out to the employees in his company: The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name but your bank will know how you sign your checks. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the "For" line. Instead, just put the last four numbers. The credit card company knows the rest of the number and anyone who might be handling your check as it passes through all the check processing channels won't have access to it. 55 Identity Theft More (Cont.) Put your work phone # on your checks instead of your home phone. If you have a PO Box use that instead of your home address. Never have your SS# printed on your checks (DUH!) you can add it if it is necessary. But if you have it printed, anyone can get it. Place the contents of your wallet on a photocopy machine, do both sides of each license, credit card, etc You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel. Keep the photocopy in a safe place. I also carry a photocopy of my passport when I travel either here or abroad. We have all heard horror stories about fraud that's committed on us in stealing a name, address, Social Security number, credit cards, etc. Unfortunately, I, an attorney, have firsthand knowledge because my wallet was stolen last month. Within a week, the thieve(s) ordered an expensive monthly cell phone package, applied for a VISA credit card, had a credit line approved to buy a Gateway computer, received a PIN number from DMV to change my driving record information online, and more. 56 Identity Theft More (Cont.) But here's some critical information to limit the damage in case this happens to you or someone you know: We have been told we should cancel our credit cards immediately. But the key is having the toll free numbers and your card numbers handy so you know whom to call. Keep those where you can find them easily. File a police report immediately in the jurisdiction where it was stolen, this proves to credit providers you were diligent, and is a first step toward an investigation (if there ever is one). But here is what is perhaps most important: (I never even thought to do this). Call the three national credit-reporting organizations immediately to place a fraud alert on your name and Social Security number. I had never heard of doing that until advised by a bank that called to tell me an application for credit was made over the Internet in my name. The alert means any company that checks your credit knows your information was stolen and they have to contact you by phone to authorize new credit. By the time I was advised to do this, almost two weeks after the theft, all the damage was done. 57 Identity Theft More (Cont.) There are records of all the credit checks initiated by the thieves' purchases, none of which I knew about before placing the alert. Since then, no additional damage has been done, and the thieves threw my wallet away this weekend (someone turned it in). It seems to have stopped them in their tracks. The numbers are: Equifax: 1-800-525-6285 Experian (formerly TRW): 1-888-397-3742 Trans Union: 1-800-680-7289 Social Security Administration (fraud line): 1-800-269-0271 58 Computer Maintenance • Keep your operating system up to date (use Windows Update) • If you use the XP operating system, apply Service Pack 2 (SP2) if it not installed and use its built-in firewall if you don’t have another one and also specify automatic updates – Click Start, click Control Panel, double click Security Center, see Manage Security Settings at bottom • Microsoft Internet Explorer: – Tools, Internet Options (or if SP2 applied, select under Manage Security Settings as described above): • General tab: Change, default home page, delete cookies and temp files, clear history • Security tab: At a minimum, choose default level (medium) • Privacy tab: Cookies controls (and also a popup killer in latest security release) • Content tab: Content advisor, certificates • Keep your virus protection signature files up to date • Security check software: http://security.symantec.com – Scans your computer and makes recommendations for security improvements (closing unnecessary ports such as NetBIOS, etc.) 59 Glossary • • • • • • Anti Virus Program - A utility program designed to search hard disks for viruses and remove any that are found. Most antivirus programs include an auto-update feature that enables the program to download profiles of new viruses so that it can check for the new viruses as soon as they are discovered. Backup - Backing up data allows users to restore important data if the computer encounters a computer virus or if the data happens to be destroyed or corrupted. It is wise to back up your files regularly. Brand Spoofing – see “Phishing” Bug - An error or defect in software or hardware that causes a program to malfunction. According to folklore, the first computer bug was an actual bug. Discovered in 1945 at Harvard, a moth trapped between two electrical relays of the Mark II Aiken Relay Calculator caused the whole machine to shut down. Cookies - A cookie is information that a Web site puts on your hard disk or browser so that it can remember something about you at a later time. Typically, a cookie records your preferences when using a particular site. Cookies do not act maliciously on computer systems. They are merely text files that can be deleted at any time. Digital Signature - An electronic signature that can be used to authenticate the identity of the sender of a message or the signer of a document, and possibly to ensure that the original content of the message or document that has been sent is unchanged. 60 Glossary • • • • • • Download - To copy something from a primary source to a more peripheral one, as in saving something found on the Web (currently located on its server) to diskette or to a file on your local hard drive. Encryption - Is a programmatic translation of data into a secret code. Encryption is the most effective way to achieve data security. Firewall - A combination of hardware and software that provides a security system, usually to prevent unauthorized access from outside to a personal computer, an internal network or intranet. Hoax (Virus) hoax is a false warning about a computer virus. Typically, the warning arrives in an e-mail note or is distributed through a note in a company's internal network. These notes are usually forwarded using distribution lists and they will typically suggest that the recipient forward the note to other distribution lists. If you get a message about a new virus, you can check it out by going to one of the leading Web sites that keep up with viruses and virus hoaxes. ISP – Internet Service Provider (such as AOL, MSN) Offline Storage - Term used to describe a type of storage that cannot be accessed by the computer all the time. A good example of offline storage is a floppy disk. Offline storage allows a user to store or backup information so that it will not be affected by computer viruses or hardware failure. 61 Glossary • • • • Phishing - On the Internet, phishing (sometimes called carding or brand spoofing) is a scam where the perpetrator sends out legitimate-looking e-mails appearing to come from some of the Web's biggest sites, including eBay, PayPal, MSN, Yahoo, BestBuy, and America Online, in an effort to phish (prounounced "fish") for personal and financial information from the recipient. Public-Private Key Encryption - a public key is a value provided by some designated authority as an encryption/decryption key that, combined with a private key derived from the public key, can be used to effectively encrypt and decrypt messages and digital signatures. Security - refers to techniques for ensuring that data stored in a computer cannot be read or compromised. Most security measures involve data encryption and passwords. Data encryption is the translation of data into a form that is unintelligible without a deciphering mechanism. A password is a secret word or phrase that gives a user access to a particular program or system. Spam is unsolicited e-mail on the Internet. From the sender's point-of-view, it's a form of bulk mail, often to a list culled from subscribers to a Usenet discussion group or obtained by companies that specialize in creating e-mail distribution lists. To the receiver, it usually seems like junk e-mail. In general, it's not considered good netiquette to send spam. It's generally equivalent to unsolicited phone marketing calls except that the user pays for part of the message since everyone shares the cost of maintaining the Internet. 62 Glossary • Spam (cont.) - Some apparently unsolicited e-mail is, in fact, e-mail people agreed to receive when they registered with a site and checked a box agreeing to receive postings about particular products or interests. This is known as both opt-in e-mail and permissionbased e-mail. A first-hand report indicates that the term is derived from a famous Monty Python sketch ("Well, we have Spam, tomato & Spam, egg & Spam, Egg, bacon & Spam...") that was current when spam first began arriving on the Internet. Spam is a trademarked Hormel meat product that was well-known in the U.S. Armed Forces during World War II. Spoofing - E-mail spoofing is the forgery of an e-mail header so that the message appears to have originated from someone or somewhere other than the actual source. Distributors of spam often use spoofing in an attempt to get recipients to open, and possibly even respond to, their solicitations. Spoofing can be used legitimately. Classic examples of senders who might prefer to disguise the source of the e-mail include a sender reporting mistreatment by a spouse to a welfare agency or a "whistle-blower" who fears retaliation. However, spoofing anyone other than yourself is illegal in some jurisdictions. Although most spoofed e-mail falls into the "nuisance" category and requires little action other than deletion, the more malicious varieties can cause serious problems and security risks. For example, spoofed e-mail may purport to be from someone in a position of authority, asking for sensitive data, such as passwords, credit card numbers, or other personal information -- any of which can be used for a variety of criminal purposes. The Bank of America, eBay, and Wells Fargo are among the companies recently spoofed in mass spam mailings. One type of e-mail spoofing, self-sending spam, involves messages that appear to be both to and from the recipient. (See also “Phishing”) 63 Glossary • • Spyware - Also called adware, spyware is any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. Virus - Software program, script, or macro that has been designed to destroy, modify, or cause other problems with a computer or software program that would otherwise not be there. Viruses can be prevented by getting a virus protection program. 64