crispen on security: home computer security basics
DESCRIPTION
This work is licensed by Patrick Crispen to the public under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license. Crispen on Security: Home Computer Security Basics. a presentation by Patrick Douglas Crispen. Richard’s Law of Computer Security. Don't buy a computer. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/1.jpg)
This work is licensed by Patrick Crispen to the public under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.
![Page 2: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/2.jpg)
Crispen on Security: Home Computer Security Basics
a presentation byPatrick Douglas Crispen
![Page 3: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/3.jpg)
Richard’s Law of Computer Security
• Don't buy a computer. • If you do buy a computer, don't turn it
on. Source: http://virusbusters.itcs.umich.edu/um-resources/vb-interview.html
• Clever, but false. The [social engineer] will talk someone into … turning that computer on. Source: Mitnick, p. 7
![Page 4: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/4.jpg)
Truths about computer security
• EVERY computer is vulnerable to attack.
• Solitary used to equal safe.
• But the internet is a dark force multiplier.
• When you connect your home computer to the internet, the internet connects to your home computer.
![Page 5: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/5.jpg)
Tick tock
• Online your computer is vulnerable to attack from viruses, worms, and even criminals.
• How long do you have?– 20 minutes. [Not enough time to download
all of the updates you need.] – If you have a broadband connection, you
have less time than that.
Source: http://isc.sans.org/survivalhistory.php
![Page 6: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/6.jpg)
Why me?
• Why is your computer attacked?– It is either
specifically targeted [HIGHLY unlikely]; or
– It is a “target of opportunity” using a known exploit.
• 999 times out of 1000, it’s not personal.
![Page 7: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/7.jpg)
Common types of home computer security breaches
• Viruses, worms, and Trojan horses
• Code exploits
• Malware [adware and spyware]
• “Man in the middle”
• Combination attacks
![Page 8: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/8.jpg)
Impact of home computer security breaches
• Loss or compromise of your data
• Identity theft • Loss of income• Legal consequences
• Interruption of your illegal MP3 and porn downloading
• Gloom, despair, and agony on me
• Deep dark depression, excessive misery
![Page 9: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/9.jpg)
Scared yet?
• The internet can be a dangerous place for both computers and users.
• There are some simple ways to protect your computer.
• Protection = Prevention + [Detection + Response]
![Page 10: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/10.jpg)
Prevention is the mother of safety
• This workshop is about Prevention.
• We could spend weeks talking about detection and response.– In fact, your local college has semester-
long courses on that very topic.– Intrusion detection and response are just
WAY too much work. – But prevention is a [relative] snap.
![Page 11: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/11.jpg)
Our goals
• Demonstrate why you need a firewall
• Show you how to deal with computer exploits
• Introduce you to the Microsoft Baseline Security Analyzer
• Teach you how to detect, delete, and block spyware and malware
• Do all of this in ENGLISH!
![Page 12: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/12.jpg)
Part One: Firewalls
What they are and why you absolutely need one [well, actually, two] before you even THINK about connecting your computer to the
internet.
![Page 13: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/13.jpg)
Mmm … worms and crackers.
• Two things target and attack your computer online: Worms and crackers.
• Worms are a type of computer virus that infects other computers over a network.
• Many worms include backdoors.
• If the worms don’t get you, the crackers will.
![Page 14: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/14.jpg)
Hackers v. crackers
• A "cracker" is someone who tries to break into your computer or files without your knowledge and/or permission.
• A large portion of the cracker community is made up of “script kiddies,” people who– Use security-breaking scripts and programs
developed by others.– In general do not have the ability to write
these scripts and programs on their own. Source: Wikipedia
![Page 15: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/15.jpg)
How crackers find you
• Worms automatically/randomly search the internet looking for every unprotected computer they can find.
• Every semi-competent cracker and script kiddie has software that– Scans thousands of internet connections looking
for Windows file and printer shares.– Scans for known vulnerabilities, holes, and
unsecured services in Windows, Mac OS, Linux, VM-CMS, etc.
– Exploits those known vulnerabilities.– Cracks Windows passwords.
![Page 16: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/16.jpg)
Two types of attacks
• Most home computer attacks/intrusions are either– Coordinated: Your computer is specifically
targeted by a skilled cracker.– Opportunistic: A worm or cracker finds your
computer during a random scan of thousands of other computers.
• Unless someone is after you, you don’t have to worry about coordinated attacks.– For home computer users, they’re few and far
between.– Besides, you can’t really stop a coordinated
attack. You can only delay it.
![Page 17: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/17.jpg)
Protecting your computer
• To protect your computer from opportunistic attacks—besides being vigilant with patch management—you must “hide” your computer from the internet.
• If the worms and crackers can’t see your computer, they [hopefully] won’t attack you.
• How do you hide your computer? Use a firewall.
![Page 18: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/18.jpg)
What is a firewall?
• A firewall is either hardware or software that stands between your computer [or home network] and its internet connection and provides “access control”—it determines what can and cannot pass.
• It’s just like the firewall in your car. – Your car’s firewall keeps the bad stuff from your
engine [like heat and exhaust] out of your passenger cabin.
– But it isn’t impervious. It has holes in it to let the good stuff [like the steering column and the brakes] through.
![Page 19: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/19.jpg)
What is a firewall?
• A good firewall, like your car’s firewall, keeps the bad stuff out and lets the good stuff through.
• How? Well most consumer firewalls—the hardware firewalls/routers you can buy at Wal-Mart or Target or the software firewalls you can download—offer a combination of– Computer stealth—they hide your computer from
the worms’ and crackers’ scans.– Intrusion blocking—they make it harder [but not
impossible] for worms and crackers to break in.
![Page 20: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/20.jpg)
NAT
• Hardware firewalls use something called “Network Address Translation” or “NAT” which, among other things, hides your computer from the worms and crackers.
• You physically connect your home computer[s] to the firewall and connect the firewall to the internet.
• The firewall—not your home computer—connects to the internet and is assigned a publicly-visible internet address by your ISP.
![Page 21: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/21.jpg)
Communicating with the Internet
• Your firewall becomes your computer’s intermediary on the internet. All traffic must go through it.
• When you request something from the internet, the firewall pretends that it made the request, not your computer.
![Page 22: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/22.jpg)
Keeping worms and crackers out
• Since the internet never even sees your computer, there’s nothing for the worms or crackers to probe or attack other than your firewall.
• And your firewall is just a dumb box.
![Page 23: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/23.jpg)
Stateful packet inspection
In addition to using NAT to hide your computer, a firewall also uses “stateful packet inspection” or “SPI” to block intruders. – It only allows connections that you originate.– All other connections are automatically blocked at the
firewall.
![Page 24: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/24.jpg)
Why firewalls ROCK!
• IF YOU DON’T HAVE A FIREWALL, YOUR COMPUTER WILL BE ATTACKED AND/OR COMPROMISED… USUALLY WITHIN 20 MINUTES OF YOUR CONNECTING TO THE INTERNET.
• Firewalls protect your home computer from worms and crackers through a combination of– Computer stealth using NAT.– Intrusion blocking using stateful packet inspection.
• Gosh, is there anything firewalls can’t do?
![Page 25: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/25.jpg)
What a firewall can’t do
Well, actually, a consumer firewall can’t– Fix operating system or software vulnerabilities
• A firewall may block some exploits coming in from the internet, but the vulnerabilities will still be there
• That’s why patch management is so important
– Protect your computer from viruses• A firewall may block internet worms, but it won’t block
viruses attached to emails, hidden in files you download from the internet or Kazaa, etc.
• Virus protection is a job for your antivirus program, not a firewall.
![Page 26: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/26.jpg)
There’s more
A consumer firewall also can’t– Protect your computer from spyware.– Block pop-up ads.– Block spam.– Completely keep crackers out.– Protect you from doing stupid stuff to your
computer.
![Page 27: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/27.jpg)
But, if you are looking for simple computer stealth and basic
intrusion blocking—and trust me, you are—you need a firewall.
![Page 28: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/28.jpg)
Which one?
• Should you get a hardware firewall or a software firewall?
• Yes.• If you have a cable modem, satellite, or DSL
connection, you need both a hardware firewall and a software firewall.
• If you have a dial-up connection or an internal broadband modem [a modem physically built into your computer], you only need a software firewall– But that’s only because I don’t know of any reasonably-
priced external hardware firewalls that work with internal modems.
![Page 29: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/29.jpg)
Why both?
• Hardware firewalls have an Achilles’ heel: they [for the most part] assume that ALL internet traffic originating from your computer is safe.
• But, if you “accidentally” double-click on a virus-infected file,– Your computer will be infected with that virus.
[Remember, hardware firewalls can’t protect you from either viruses or doing stupid stuff.]
– That virus is more than likely going to try to use your computer and your internet connection to infect other computers.
![Page 30: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/30.jpg)
“With their tanks, and their bombs,and their bombs, and their guns…”
• So your computer is now a virus-spewing zombie.
• BUT, remember, your hardware firewall still trusts your computer.
• Your computer is flooding the internet with thousands of viruses, worms, or spams, and your hardware firewall doesn’t notice, care, or even bother to tell you.
![Page 31: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/31.jpg)
How software firewalls work
Software firewalls [actually, “personal software firewalls”]
– Constantly run in the background.– Block bad stuff from the internet [the stuff
that somehow magically makes it past the hardware firewall.]
– Warn you when a program on your computer tries to access the internet.
• You decide whether or not that program will be allowed to access the internet.
![Page 32: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/32.jpg)
So in our zombie example, the software firewall—NOT the
hardware firewall—would catch the flood of viruses before they
even left your computer.
![Page 33: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/33.jpg)
In the simplest [grossly oversimplified] terms…
• Hardware firewalls protect your computer from the internet.
• Software firewalls– Are a second layer of defense behind your
hardware firewall.– Protect both your computer from the internet AND
the internet from your computer.– Warn you when something fishy is happening on
your computer.
• So now can you see why I recommend running both a hardware AND a software firewall?
![Page 34: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/34.jpg)
Over the router and through the woods
My suggestion? – Before you connect
your computer to the Internet, go to your nearest technology store or big box retailer.
– Buy a cable/DSL router from Linksys [my favorite], D-Link, Netgear, Belkin, or SMC for US$50-$75. Image courtesy Linksys.com
![Page 35: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/35.jpg)
u:admin p:admin?
• Read the instructions that come with your router and CHANGE YOUR ROUTER’S DEFAULT ADMIN USERID AND PASSWORD!
• Crackers know the default administrator’s userid and password for every router [and firewall and server and operating system and...] ever made.– Check out http://www.phenoelit.de/dpl/dpl.html if
you don’t believe me.
• Also, using the instructions, make sure to disable remote administration in your router’s settings.
![Page 36: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/36.jpg)
Software firewalls
• Now that I spent US$50 of your hard-earned money on a router, let me save you some money.
• The three best software firewalls [in my humble opinion] are absolutely free.– Sunbelt Kerio Personal Firewall [at sunbelt-
software.com]– Windows XP Service Pack 2 Internet Connection
Firewall: built into Windows XP SP2 but NOT into previous versions of XP
– Mac OS X Firewall: built into Mac OS X [but disabled by default]
![Page 37: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/37.jpg)
Part Two: Exploits
What they are, where they come from, and how to manage them
![Page 38: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/38.jpg)
What is an exploit?
• Until machines start taking over for humans, software bugs and glitches caused by simple human error and non-defensive programming will be the norm.– Windows XP contains over 40 million lines of
source code. Source: Wikipedia
– Could YOU write that many lines of code and not make a mistake?
• An exploit is a program or technique used by a cracker to take advantage of software bugs or glitches in order to circumvent your computer’s security, often without your knowledge.
![Page 39: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/39.jpg)
Signs your computer MAY have been exploited
• Spontaneous reboots• Failed services, virus
scanner disabled• Sluggish GUI behavior,
poor performance, slow logins
• Excessive disk or network activity (HD LED, Switch LED)
• You can’t install protective software.
• Unknown user accounts
• Application and service errors
• Low disk space• Subpoenas and search
warrants• Your computer insists
on playing “global thermonuclear war.”
Sources: Alex Keller, Bob Klepfer
![Page 40: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/40.jpg)
Call my attorney! I’ve been EXPLOITED!
If computer has been exploited, you need to– Stop cussing.– Immediately disconnect your computer
from the internet.– Identify the exploit.– Close the hole.– Fix the damage.
![Page 41: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/41.jpg)
I feel so dirty.
• To identify the exploit:– Reconnect to the internet, update your antivirus
definitions, disconnect, and scan your entire hard drive.
– Reconnect to the internet, update your antispyware definitions, disconnect, and scan your entire hard drive.
– Write down the symptoms; reconnect to the internet; search Google, Symantec, or the Microsoft Knowledge Base; disconnect.
• To close the hole, download and apply the appropriate patch from the manufacturer’s web site.
![Page 42: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/42.jpg)
Repairing the damage
• Repairing the damage from an exploit could be as simple as deleting or replacing corrupt data or as complicated as a deep-level format of your hard drive.– The repair path depends on the exploit.– This may be a job for a professional repair
technician.
• The BEST way to repair the damage caused by an exploit is to close the holes before they are exploited.
![Page 43: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/43.jpg)
Closing the holes
• When a vulnerability is found, operating system and software manufacturers [eventually/hopefully] release something called a “patch.”
• A patch is simply a software update meant to fix problems, bugs, or the usability of a previous version of an application. Source: Wikipedia
• Download and install the patch and your computer is [hopefully] no longer susceptible to that particular vulnerability.
![Page 44: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/44.jpg)
Why are patches so important?
• When a new patch is released, an unintended consequence is that the bulletin announcing the patch also announces the vulnerability to crackers.
• Crackers count on the fact that you won’t get the patch—your computer will continue to be vulnerable.
• And the time between bulletin and exploit is shrinking.
![Page 45: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/45.jpg)
MS02-039
MS Security Bulletin: MS02-039Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
Originally Posted: July 24, 2002
Exploit: W32.SQLExp.Worm [a.k.a., SQL Slammer Worm]
Exploit Discovered by Symantec on:
January 24, 2003
Elapsed Time from Bulletin to Exploit:
![Page 46: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/46.jpg)
MS02-039
MS Security Bulletin: MS02-039Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875)
Originally Posted: July 24, 2002
Exploit: W32.SQLExp.Worm [a.k.a., SQL Slammer Worm]
Exploit Discovered by Symantec on:
January 24, 2003
Elapsed Time from Bulletin to Exploit: 184 days
![Page 47: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/47.jpg)
MS03-026
MS Security Bulletin: MS03-026Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Originally Posted: July 16, 2003
Exploit: W32.Blaster.Worm
Exploit Discovered by Symantec on:
August 11, 2003
Elapsed Time from Bulletin to Exploit:
![Page 48: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/48.jpg)
MS03-026
MS Security Bulletin: MS03-026Buffer Overrun In RPC Interface Could Allow Code Execution (823980)
Originally Posted: July 16, 2003
Exploit: W32.Blaster.Worm
Exploit Discovered by Symantec on:
August 11, 2003
Elapsed Time from Bulletin to Exploit: 26 days
![Page 49: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/49.jpg)
MS04-011
MS Security Bulletin: MS04-011Security Update for Microsoft Windows (835732)
Originally Posted: April 13, 2004
Exploit: W32.Sasser.Worm
Exploit Discovered by Symantec on:
April 30, 2004
Elapsed Time from Bulletin to Exploit:
![Page 50: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/50.jpg)
MS04-011
MS Security Bulletin: MS04-011Security Update for Microsoft Windows (835732)
Originally Posted: April 13, 2004
Exploit: W32.Sasser.Worm
Exploit Discovered by Symantec on:
April 30, 2004
Elapsed Time from Bulletin to Exploit: 17 days
![Page 51: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/51.jpg)
MS04-011
MS Security Bulletin: MS04-011Security Update for Microsoft Windows (835732)
Originally Posted: April 13, 2004
Exploit: W32.Sasser.Worm
Exploit Discovered by Symantec on:
April 30, 2004
Elapsed Time from Bulletin to Exploit: 17 days
![Page 52: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/52.jpg)
Patch or DIE!
• Notice a trend?• Can you see why
patch management is so important?
• The time between bulletin and exploit is shrinking!
• Patch Tuesday is often followed by Exploit Thursday.
![Page 53: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/53.jpg)
She watch, she watch, she watch… channel ZERO!
• In fact, zero-day exploits—exploits that take advantage of unknown operating system or software application vulnerabilities—already exist and more are coming.– Crackers keep these zero-day exploits to
themselves, using them to gain access or escalate privileges on a small number of target systems.
• Zero-day exploits will become more prevalent in the months to come.
![Page 54: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/54.jpg)
You can’t completely protect your computer from every exploit, but you can keep the exploits at bay
by practicing simple patch management.
![Page 55: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/55.jpg)
How to patch Windows
• When Microsoft finds a security hole in Windows or Internet Explorer, they [usually/eventually] release a patch called a “Critical Update.”
• In Internet Explorer, go to Tools > Windows Update.
• Click on Scan for updates.
![Page 56: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/56.jpg)
How to patch the Apple OS
• Apple menu > Software Update
• To get updates immediately: – Choose System
Preferences from the Apple menu.
– Choose Software Update from the View menu.
– Click Update Now.– In the Software Update
window, select the items you want to install, then click Install.
Image courtesy Apple.com
![Page 57: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/57.jpg)
Manually run Windows Update or Apple Software Update at least
once a week.
Your computer should, by default, automatically check for updates.
That’s cool, but also run the update manually just to be safe.
![Page 58: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/58.jpg)
To patch Microsoft Office
• In Windows XP or 2000, just run the new Windows Update.
• In older versions of Windows, go to officeupdate.microsoft.com and click on “Check for Updates”
• Mac users need to go to http://www.microsoft.com/mac/downloads.aspx
• Have your Office installation disk nearby in case the update needs to “sniff” the disk.
![Page 59: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/59.jpg)
Patching other programs through “Check for Updates”
• Open the program you want to patch and, under the Help menu, look for “Check for Updates,” “Updates,” “Check for Upgrade,” or something similar.
• This will either– Automatically check for
and install any software patches you are missing
– Take you to a web site where you can download the necessary patches.
![Page 60: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/60.jpg)
Manually patching your software
• If the Help menu doesn’t have a built-in update feature, choose About [the name of the program] in the Help menu and write down the exact version number of the program.– Usually its an integer and a
combination of decimals [like 7.0.1]
• Go to the software manufacturer’s web site and look for “Downloads,” “Upgrades,” “Support,” or something similar.
![Page 61: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/61.jpg)
Manually patching your software
Compare your software’s version number to the version number available online.
– If the decimals of the online version number are larger than yours, download and install the appropriate patch.
– If the integer is larger, you’ll need to buy a new version of the program.
![Page 62: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/62.jpg)
Part Three: Run MBSA
Close “unknown” operating system vulnerabilities
![Page 63: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/63.jpg)
A dirty Microsoft secret
• Windows Update lies.
• It frequently thinks you’ve installed a critical update you haven’t, leaving your computer vulnerable.
• That’s where Microsoft’s Baseline Security Analyzer [MBSA] comes in.
![Page 64: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/64.jpg)
MBSA 2.0
MBSA is a free program from Microsoft that scans for over 60 common system misconfigurations and almost any Microsoft security update your computer may be missing.
![Page 65: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/65.jpg)
What MBSA does
• MBSA double-checks the security of– Windows (*)– Microsoft Office 2000 and later– Internet Explorer 5.01 and later– Windows Media Player 6.4 and later– A bunch of other Microsoft applications and
services
• MBSA analyzes, you fix.– MBSA tells you what’s wrong and points you to the
solution.– You have to apply the solution.
![Page 66: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/66.jpg)
Bad news/good news
• (*) MBSA only works on Windows XP, 2000, and Server 2003.
• It was designed for corporate tech support, but there is no reason why you can’t use it at home.
• Oh, and it’s free.• To get the version of Microsoft’s MBSA,
– Search for “microsoft mbsa” at Google.– The first hit—Microsoft Baseline Security Analyzer
(MBSA}—takes you to the download page.
![Page 67: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/67.jpg)
How MBSA really works
• MBSA scans your computer’s operating system, operating system components, and Microsoft applications.
• MBSA then compares the version numbers of the stuff on your computer with the latest version numbers in the MSSecure.cab file.
• Finally, MBSA shows you which updates your computer is missing.
![Page 68: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/68.jpg)
Translating the security report
![Page 69: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/69.jpg)
Failures
• Critical failures [red Xs] require you to immediately install a patch or update to ensure the strongest security of your computer.
• Non-critical failures [yellow Xs] happen when there is a newer version of something available, but you don’t really have to upgrade…yet.
• Best practices [blue asterisks] could signify a problem—MBSA can’t confirm that those particular security updates have been installed.
![Page 70: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/70.jpg)
Fixing the critical failures
• Remember, MBSA analyzes, you fix.• To find a fix for a critical failure in Security
Update Scan Results or Desktop Application Scan Results, click on the Result Details link next to that critical failure.
![Page 71: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/71.jpg)
Result details
• This shows you exactly what’s missing or is misconfigured.
• Click on each link and it opens a page in Internet Explorer telling you how to download the appropriate patch.
• REMEMBER TO INSTALL THE PATCHES AFTER YOU DOWNLOAD THEM!– MBSA won’t do it for you.
![Page 72: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/72.jpg)
MBSA tips
• Run MBSA from time to time just to double-check your computer’s security.
• Don’t be surprised if MBSA still gives you blue asterisks even after you’ve installed all the patches.– Sometimes MBSA gets confused.– There’s no real way to unconfuse it.
• There’s no such thing as a “clean” MBSA scan, especially in the middle five sections.
![Page 73: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/73.jpg)
Part Four: Update your Antivirus
You’d be shocked at how many people never do this.
![Page 74: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/74.jpg)
The reality of the situation
• According to Symantec, as of October 2005 there were nearly 72,895 PC viruses out there.
• 10 to 15 new viruses are discovered each day.
• Between 3,650 and 5,475 brand new viruses were discovered in just the past year alone.
• The moment you connect your computer to the Internet your computer is immediately vulnerable to ALL of these viruses.
![Page 75: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/75.jpg)
True or False?
As long as you keep updating your antivirus definitions, the antivirus
software that came with your computer should protect you.
![Page 76: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/76.jpg)
FALSE!
![Page 77: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/77.jpg)
Now for the Bad News
• Unless your computer is only a few months old, your antivirus software is outdated and may not be able to detect the newest, polymorphic viruses.
• Your antivirus software has two distinct parts:– A computer program that scans your computer
for viruses.– Antivirus definitions that tell that program exactly
what to look for.• Updating your antivirus definitions—which
you should do frequently—is not the same thing as updating your antivirus software.
![Page 78: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/78.jpg)
Out with the old, in with the new.
Just like you need to change the oil in your car every few months, you need to change your antivirus software every 12 to 18 months.
– Completely uninstall the old version [like Norton Antivirus 2005.]
– Purchase and install the latest version [like Norton Antivirus 2007.]
![Page 79: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/79.jpg)
The latest antivirus software
• The top two consumer antivirus software programs are– Norton Antivirus 2005 [~US$50]– McAfee VirusScan 2005 Version 9 [~US$50]
• My favorite AV? Eset Nod 32 [US$39/yr]• The best free antivirus program is AVG
Anti-Virus Free Edition version 7.5 at http://free.grisoft.com/
![Page 80: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/80.jpg)
Update schedule
• Completely replace your antivirus software every 12 to 18 months.
• Update your antivirus definitions daily.– Most antivirus programs do this
automatically.
• Manually update your antivirus definitions weekly.– Automatic updates are cool, but run an
update by hand each week just to be safe.
![Page 81: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/81.jpg)
What About Macs?
• The possibility of new Mac viruses, while slight, is still greater than zero.
• The possibility of future, cross-platform viruses (viruses that infect both PCs and Macs) is also quite real.
• So, yes, Mac users also need antivirus software.
• And keep it updated.Image courtesy http://www.apple.com/
![Page 82: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/82.jpg)
Part Four: Detect, Delete, and Block Spyware and Malware
Give spyware and malware the boot.
![Page 83: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/83.jpg)
Adware
• Adware is software that displays advertisements when a particular program is running.
• A good example is the Eudora email client.– You can buy it for ~US$50.– You can also get the exact
same program for free, but the free version displays an ad window and up to 3 sponsored toolbar links.
![Page 84: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/84.jpg)
Adware: Good.
• Pure adware is a good thing.– You get software that you otherwise
wouldn’t be able to afford.– In return, the software displays some ads.
• Unfortunately, pure adware is also rare.
![Page 85: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/85.jpg)
Spyware: Bad.
• Spyware is software that tracks what you do and where you go online.
• Pure spyware like the Google toolbar respects your privacy and doesn’t share this tracking information with anyone else.
• Unfortunately,– Pure spyware is the exception, not the rule.– An overwhelming majority of spyware [like
99.99%] sells your personal information to marketing companies.
![Page 86: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/86.jpg)
Why is spyware so bad?
• Besides the privacy implications, spyware can often break your computer.– Spyware code is often poorly-written.
– You may have so many spyware programs running at once that your computer slows to a crawl or crashes.
• Spyware has been linked to an increase in both spam and pop-ups.
• Pornographers use spyware to push explicit advertisements to your computer.– “Will some please think about the children?”
![Page 87: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/87.jpg)
How pervasive is spyware?
• Over 90% of broadband users have spyware installed on their systems. Source AOL [as quoted by http://tinyurl.com/5kdh9 ]
• PestPatrol has identified 33,099 different spyware programs or objects on the loose as of late October 2006.
![Page 88: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/88.jpg)
Where does spyware come from?
• Some spyware piggybacks on top of free software you download and install from the Internet.
• Software that comes bundled with spyware include:– File-sharing programs like Grokster and
Kazaa– DiVx– Weatherbug
![Page 89: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/89.jpg)
Where does spyware come from?
You can also get spyware by clicking on dubious pop-up ads.
– “Your Computer is Currently Broadcasting an Internet IP Address”
– “Your Internet Connection Is Not Optimized”
– “Your Current Connection May Be Capable of Faster Speeds”
![Page 90: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/90.jpg)
Where does spyware come from?
• Another way to get spyware is from a virus or Trojan Horse, but that’s rare.
• And if you use Internet Explorer, you can even get spyware just by visiting a particular website.– You don’t have to click or download anything.
– Internet Explorer automatically installs the spyware for you. [“Thank you, Microsoft!”]
– You can download the fix at mozilla.org.
• MANY of these drive-by installations involve not only spyware but malware.
![Page 91: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/91.jpg)
Malware: Very bad!
Malware can– Replace legitimate ads on commercial web sites
with ads from vendors who financially support the malware’s author [a.k.a., “scumware.”]
– Permanently and irreparably change your browser’s home page and search settings so that they point to the malware author’s site [a.k.a., “homepage hijackers.”]
• The site is usually overflowing with advertising and pop-ups.
• Fixing homepage hijackers is often quite difficult.
Source: http://www.doxdesk.com/parasite/
![Page 92: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/92.jpg)
Malware: Very bad!
Malware can– Cause your modem to automatically dial
900, long-distance, or international telephone numbers whose revenues support the malware’s author [a.k.a., “autodialers.”]
– Open security holes on your computer that can be used later to remotely take control of your computer [a.k.a., “Trojan horses.”]
Source: http://www.doxdesk.com/parasite/
![Page 93: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/93.jpg)
Malware: Very bad!
Malware can– Degrade your computer’s performance and
cause errors thanks to it being badly-written [a.k.a., “Microsoft Windows”]
– Provide no uninstall feature and put its code in unexpected and hidden places to make it difficult to remove [ibid]
Source: http://www.doxdesk.com/parasite/
![Page 94: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/94.jpg)
Bye-bye, IE!
• All kidding aside, it’s time to stop using IE 6 or earlier – use IE 7 or something else.– IE 5 and 6 have way too many security holes.– Microsoft only supports IE on XP. There will be no
more free IE security updates for non-XP users.
• Suggestion: Keep IE around so that you can access the sites that require it—Windows Update, Expedia, MSN, Shutterfly, etc.
• Use an alternative browser [like Mozilla Firefox, Opera, or Safari] to access everything else!
![Page 95: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/95.jpg)
Detect and delete
• To detect and delete both spyware and malware, download and install both– Ad-Aware Personal SE at
http://www.lavasoftusa.com/– Spybot Search & Destroy 1.3 at
http://www.safer-networking.org/
• Why both?– Ad-Aware catches stuff that Spybot misses, and
vice-versa.– They’re both free.
![Page 96: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/96.jpg)
Other spyware removal tools
• But what about [insert your favorite spyware removal tool’s name here]?
• There are some great spyware removal tools out there—some free, some not—but Ad-Aware and Spybot are the market leaders.– Ad-Aware has been downloaded 217
million times and Spybot 83 million times.– AND BOTH ARE FREE!
![Page 97: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/97.jpg)
Definitions
• Both Ad-Aware and Spybot are similar to your antivirus program in that they both use definition files to know what to look for.
• Always update the definitions before you scan your computer.– In Ad-Aware, click on
Check for updates now.– In Spybot, click on
Search for Updates.
![Page 98: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/98.jpg)
If all else fails…
If your computer still has spyware or malware that neither Ad-Aware or Spybot could remove, check out Hijack This and CWShredder at spywareinfo.com
![Page 99: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/99.jpg)
Dealing with spyware/malware
• To get rid of spyware and malware, run Ad-Aware and Spybot weekly.
• To prevent future spyware and malware installations,– Don’t download and install any free
software without first verifying that it is free of spyware. [Search Google for the name of the software +spyware]
– Enable the Immunize feature in Spybot.
![Page 100: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/100.jpg)
Our goals
• Demonstrate why you need a firewall
• Show you how to deal with computer exploits
• Introduce you to the Microsoft Baseline Security Analyzer
• Teach you how to detect, delete, and block spyware and malware
• Do all of this in ENGLISH!
![Page 101: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/101.jpg)
Crispen on Security: Home Computer Security Basics
a presentation byPatrick Douglas Crispen
![Page 102: Crispen on Security: Home Computer Security Basics](https://reader036.vdocument.in/reader036/viewer/2022062301/5681430c550346895daf5d14/html5/thumbnails/102.jpg)
This work is licensed by Patrick Crispen to the public under the Creative Commons Attribution-NonCommercial-ShareAlike 2.5 license.