Security, Privacy and Ethics

Chapter 14 in Discovering Computers 2000 (Shelly, Cashman and Vermaat)

Viruses

Not all programs that cause damage are viruses

Computer viruses share two characteristics with their biological counterparts• they require a host; they are not complete

programs but pieces of code that become attached to (infect) another program

• they replicate (copy) themselves

Types

boot sector infector: virus affecting the boot program (recall that booting is loading the operating system)

program or file infector: attaches to a program (typically has a .exe or .com extension)

Types (cont.)

macro virus: • a macro is a small program that

automates repeated tasks in an application (like Word or Excel)

• a macro virus is a macro used to cause damage

• example: Melissa, I love you• be wary of the .vbs and .js extensions

Bombs and worms

A logic bomb is designed to cause its damage only when a particular condition is met, a special case is a time bomb which goes off at a particular time• e.g. the Michelangelo virus

a worm does not attach itself to another program but fills one’s disk space (memory) with copies of itself

Protection

do not download and run software of questionable origin

install and run an anti-viral utility such as Norton Anti-virus on floppies and on hard drives • Update it frequently

do not have a floppy in the A drive when starting (booting) the computer

disable macros of unknown origin

Unauthorized access and use

Unauthorized access: logging on and using a computer without consent

hacker: one who gains unauthorized access to computers

Unauthorized use: sometimes the user is legitimate but the activity is not, e.g. playing games or downloading certain material or receiving/sending private email at work

Protection against unauthorized access

passwords• should be relatively long

• should be a combination of letters and numbers (and symbols if allowed)

• should be something you can remember and nobody else can guess

• should not be shared

• should be committed to memory and not written down on or near the PC

More on passwords

Windows NT (2000) has better password protection than Windows 95 because it was designed as a genuine multi-user operating system

For extra protection, add a password at the BIOS level

Other examples

ATM cards are used to authenticate users and to identify which accounts (files) he or she has access to; there is typically a password or personal identification number (PIN) as well

biometric devices: fingerprint or retina scanner, voice recognition, etc. • better protection• more expensive

Cryptography

one way to secure data, be it in storage or in transit, is encryption

Encryption coverts information in its usual readable form (called plaintext) to information in an encoded, unreadable form (called cyphertext)

PGP (Pretty Good Privacy) program: a good encrypter that works with most email systems

Keys

a key is a formula that encodes information

Single key cryptography uses one key; i.e. encryption and decryption method known to sender and receiver

Public-key cryptography uses two keys: • public key: anyone can have used to

encrypt• private key: only you have, used to decrypt

Digital signature

use this process in reverse you can use your private key to encrypt

a message then anyone with your public key can

decrypt it BUT he or she knows who sent it encryption and digital signatures are

what makes secure transactions over the net possible

Encryption controversy

Government should have control over encryption, i.e. be able to decode it

PRO: aid FBI and such in fight against espionage, terrorism, drugs, etc.

CON: if government has this capability, there are those who will use it illegally; it’s no security at all

Gone but not forgotten

Deleting a file is not the end of it Remember to empty the recycle bin Even emptying the recycle bin or

reformatting a disk does not completely eliminate your information

Only when the disk space is written over is the information truly disposed of

YOU’RE NOT PARANOID

THEY REALLY ARE WATCHING YOU!

Data mining

data mining is collecting information available on a person or group of people

often done for targeted marketing once a tedious chore, now easily done

with computers They’ll know you by your social security

number

Your Privacy Quotient

(from PC World Sept. 1998)• Registered to vote• Bought a house• Had a baby• Owned substantial stock in a company• Given more than $50 to a campaign• Had your dog vaccinated for rabies• Taken out a permit for a yard sale• Paid a fine for an overdue library book

Privacy Quotient (cont.)

• Gotten a parking ticket• Participated in a phone survey• Mailed in a warranty card• Entered a contest or sweepstakes• Used your ATM card for any purchase• Rented a movie• Subscribed to a magazine

At work

Electronic supervision: the computer at work can be used to keep track of your activity and/or productivity

email at work is not private; unless explicitly stated otherwise your employer can look at your email

the LAN manager can easily look at your files

The Cookie Monster

a cookie is information about your having visited a web site stored in YOUR computer• you can eliminate or block future cookies

browsers typically keep a list of sites visited, sometimes saved from session to session

it requires work to cover your surfing tracks

Software Piracy

“buying” software does not entitle the purchaser to copy and distribute, doing so is called “software piracy”

Billions of dollars every year, especially rampant in Asia

Public domain: software you are free to use in any way, you should still credit the source

More

Site license: permission for a school or company to run software from a network so one does not need a license for each computer

Plagiarism: claiming another’s work as your own, it may be code, research, writing, music, etc.

References

Discovering Computers 2000 (Shelly, Cashman and Vermaat)

Information Technology: The Breaking Wave (Curtin, Foley, Sen, Morin)

PC World, Sept. 1998