Sponsor for PC Pals Forum

Author Topic: SAFE COMPUTING  (Read 7599 times)

Offline Clive

  • Administrator
  • *****
  • Posts: 73662
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
SAFE COMPUTING
« on: November 21, 2002, 19:41 »
SAFE COMPUTING
Computing isn't what is used to be, especially if you use the Internet for looking up information, or to send and receive e-mail. Whilst users at institutions or companies are protected from computer viruses and hackers, many home users are vulnerable simply because they are unaware that someone has gained access to their machine.
They do this by secretly planting a small program on your machine which can:

corrupt files,
steal files and passwords,
damage your computer,
monitor your keyboard strokes,
record your surfing habits,
use your computer as a 'zombie' in denial of service attacks,
steal credit card and bank account details.
they can also find out your interests and sell that information to other companies who will fill your mail box with junk mail.
How can you protect yourself?

It's surprisingly easy, and it doesn't have to cost much either. In fact, you can download all the protection you want from the Internet for free if you so wish.

VIRUSES
Viruses are usually sent by e-mail, although they can be picked up from any infected removable storage device.  This could be a memory stick, CD or even a floppy disk.  Infected websites are another source of infection. It's wise not to share removable media unless you know that it doesn't contain a virus. E-mail viruses normally come as an attachment, and the golden rule is to never open an attachment unless you are quite certain that it is safe to do so. Even if you know the sender, don't assume that he or she actually sent the mail to you in the first place. Most viruses propagate by sending themselves out to everybody in the address book of an infected computer. Your contact may have his or her address stored on dozens of other computers and would be completely unaware that the virus is using it.

If you receive an unsolicited e-mail which tempts you to visit an 'unusual' or interesting website, there is every likelihood that it is no more than a ploy to infect you with a virus, so be warned!

Viruses can cause all sorts of problems. They can physically damage your computer by telling it to switch off the cooling fan, or completely format your hard disk causing you to lose everything you had stored on it. Some will corrupt files or send your files to all your contacts for them to see. Others obtain your personal details and use your credit cards. Many viruses are little more than nuisance value because they just flash words on your screen, but unfortunately the more malicious ones seem to be the most successful.

Beware of E-mails warning you of a virus and asking you to forward the warning to everybody in your address book. These are usually hoaxes and are no more than chain letters. To find out if you have received a hoax warning check: http://vil.mcafee.com/hoax.asp

USING ANTIVIRUS SOFTWARE
You can buy Antivirus software from any computer store, and it's not expensive.  Norton Antivirus will set you back around 40 to purchase and perhaps 15 a year for updates.  But there are many others available including McAfee, F-Secure, Panda and Sophos.  Alternatively you can download AVG Free Antivirus Software from http://www.grisoft.com or Avast http://www.avast.com/  But remember, new and more dangerous viruses are being discovered all the time. So it's important that you regularly update your antivirus program at least once a week (more often if possible) by downloading the latest virus definitions from its website.

A comprehensive list of the Anti-virus software available can be found at http://www.pcmag.com/category2/0,2806,4796,00.asp

SPYWARE
Spyware usually consists of small programs known as Trojans. They can be planted on your computer when you visit certain websites, or download shareware. Trojans conceal themselves inside programs and spy on your surfing habits, relaying information back to the website owners. At worst spyware can contain a keylogger which will record every word you type and send it to a cyber criminal living half way around the world. Often, spyware arrives in the form of a 'cookie' which is a tiny data file that a website sends to your browser to store on your computer's hard drive for later retrieval. The stored data is then sent back to the website every time you visit that site. The data can contain information such as a user name and password, items you are purchasing, or other text information the Web site has been set up to ask you for. Not all cookies are spyware though. Many websites (e.g. PC-Pals) drop cookies onto your computer to help you browse their website faster by alerting you to any new additions since you lasted visited it.

Unfortunately, not all antivirus software can detect spyware, but there are several free downloads which will weed out these Trojans. One is Ad-Aware which can be obtained from http://www.lavasoftusa.com If you want a list of software which is known to be spyware look at http://www.spychecker.com You might then wish to consider whether you want to continue using it.  Another excellent SpyWare remover is SpyBot Search and Destroy, which is available free-of-charge from http://www.safer-networking.org or Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html  Although you should only use one antivirus software software at a time, it does no harm to have several different antispyware programs since they all tend to detect different types of spyware.

HACKERS
Once you are connected to the Internet your computer is wide open to attacks from hackers. Information passes in and out of your computer through 'ports', and anyone with sufficient knowledge can gain access through one of your computer's open ports. Hackers use scanner programs to search for vulnerable Internet users. Once they find a computer which allows them access, they can have full control of it if they wish to do so. They can access your files, passwords, bank accounts and personal details. They may choose to use your computer as a 'zombie' to make Denial of Service(DOS) attacks on websites or Internet Service Providers. If you want to learn more about DOS attacks, look at https://grc.com/default.htm  If you are using a router to access the internet then you will already have a great deal of protection.  However, if you are using dial-up you can install a personal firewall.  Such programs can be purchased from computer stores, or downloaded for free. One of the best is Zone Alarm. http://tinyurl.com/nv6hw  The basic version is free, but you can, if you wish, purchase Zone Alarm Pro which gives the same protection, but provides more information about the source of the attack. The vast majority of people use the free version because even if you know who is attempting to hack into your computer, there's not really much you can do with the information.

If you want to check how vulnerable your computer is, click on Shields Up http://grc.com/x/ne.dll?bh0bkyd2 It?s a security site which will attempt a 'friendly' hack, and will inform you if it has succeeded or failed. Firewalls only allow programs of your choice to access the Internet and will make your computer 'invisible' to potential hackers by closing its ports. Another security site which will attempt a 'friendly' hack and also perform a free virus check is http://tinyurl.com/mxc83  Yet another useful site is http://www.pcflank.com which provides many differing simulated attacks with which to test your PC's defences. 


WINDOWS UPDATES
Microsoft release frequent security patches for all editions of Windows and Internet Explorer. By clicking http://v4.windowsupdate.microsoft.com/en/default.asp will scan your computer and advise you of any security patches you should acquire. This is a free service.

« Last Edit: December 23, 2009, 16:43 by Clive »

Offline lobo

  • Full Member
  • ***
  • Posts: 342
    • http://www.burnleywood.com
Re:SAFE COMPUTING
« Reply #1 on: June 27, 2003, 17:28 »
@Clive I would just like to add these notes to your excellent post on Safe Computing, some items may be duplicated but it still makes good reading.  

Guidelines for safer computing.

As well as keeping your anti-virus software up to date there are other ways in which you can reduce the chances of virus infection inside your company. Below we list some of the guidelines you might like to consider for safer computing.

Network administrators,Users

Guidelines for network administrators.  

Have a strict policy in your organisation that downloading executables and documents from the net is unacceptable, and that anything that runs in your organisation has to be virus-checked and approved first. Unsolicited executables/documents/spreadsheets etc. should not be run inside any organisation. If you don't know that something is virus-free assume it isn't. Ideally, staff should not be allowed to have anything they don't actually need. However, you might want to consider providing a selection of games/screen savers for staff to use which have been virus-checked.  Block any unwanted file types at the email gateway. Viruses often use file types such as VBS, SHS, EXE, SCR, CHM and BAT to spread. It is unlikely that your organisation will ever need to receive files of these types from the outside. If this is the case Sophos recommends blocking all of them at the email gateway - whether they are virus infected or not.  

Sophos MailMonitor can help you block unwanted file types  at the email gateway.  Some viruses attempt to disguise their true executable nature by using "double extensions". Files such as LOVE-LETTER-FOR-YOU.TXT.VBS or ANNAKOURNIKOVA.JPG.VBS may appear to be harmless graphic or ASCII text files at first glance at the file name. Sophos recommends blocking any file which has double extensions from entering an organisation.

Again, Sophos MailMonitor can help you block suspicious filenames such as these at the email gateway.  Hoax virus warnings and chain letter emails can be as disruptive as viruses themselves. Aside from spreading misinformation and wasting staff time and resources, it can be very embarrassing for your organisation if an employee forwards these to contacts or customers. A firm hoax policy such as this should be put in place.

You shall not forward any virus warnings of any kind to anyone other than insert name of the department or staff member who looks after anti-virus issues. It doesn't matter if the virus warnings have come from an anti-virus vendor or been confirmed by any large computer company or your best friend. All virus warnings should be sent to <insert name>, and <insert name> alone. It is <insert name>'s job to send round all virus warnings, and a virus warning that comes from any other source should be ignored.

 You may also like to consider adding a live hoax information feed to your website or intranet. Change the CMOS bootup sequence so that rather than booting from drive A: if you leave a floppy in your machine, you boot by default from drive C: instead. This should stop all pure boot sector viruses (like Form, CMOS4, AntiCMOS, Monkey, etc) from infecting you. Should you need to boot from a floppy disk the CMOS can easily be switched back.

Make regular backups of important work and data, and check that the backups were successful.  Subscribe to an email alert service that warns you about new, in-the-wild, viruses. At the same time consider adding a live virus information feed to your website or intranet to ensure your users know about the very latest computer viruses.  Keep an eye on Microsoft's security bulletins. These warn of new security loopholes and issues with Microsoft's software.  Produce a set of guidelines and policies for safe computing and distribute them amongst staff. Make sure that every employee has read and understood them and that if they do have any questions they know who to speak to. You may want to base these on the Sophos user guidelines below.

Guidelines for users

Use Rich Text Format instead of DOC files which can harbour viruses. You can automatically save all of your Word documents as RTF by selecting Tools|Options|Save and choosing Rich Text Format as the default format from the drop down menu.  Do not run, download or forward any unsolicited executables, documents, spreadsheets, etc. Anything that runs on your PC should be virus checked and approved first.  Any email you weren't expecting should be treated with suspicion, even if it comes from someone you know. It is worth calling whoever sent it to you to check that they intended to send you the email.  Do not open any files with a double file extension, (e.g. iamavirus.txt.vbs). Under normal circumstances you should never need to receive or use these.

Do not download executables or documents from the internet. These are often used to spread computer viruses.  Although JPG, GIF and MP3 files cannot be infected with a virus, viruses can be disguised as these file types. Jokes, pictures, graphics, screensavers and movie files should be treated with the same amount of suspicion as other file types.  If in doubt, always ask your IT department for advice, do not open the file or email.  If you think you have been infected with a virus inform your IT department immediately. Do not panic or interrupt other users.  Any virus warnings or hoaxes should be sent to the IT department who can confirm whether or not it is genuine. Do not forward these warnings to anyone else; unless you are signed up to an official virus alert service it is unlikely to be a genuine warning.  

If you have to work at home ensure that you follow the same procedures there as you do at work. Viruses can easily be brought into an organisation along with work that has been done on a home PC.  Anti-virus software will prevent the vast majority of viruses from entering an organisation but it is not fool-proof. It is your responsibility to ensure that you don't get infected with a computer virus.
url=http://pc-pals.com/userpics/loboPC.swf]Flash[/url]

All the survivors of the war had reached their homes and so put the perils of battle and the sea behind them.
Homer   , The Odyssey, line 1

Offline Clive

  • Administrator
  • *****
  • Posts: 73662
  • Won Quiz of the Year 2015,2016,2017, 2020, 2021
Re:SAFE COMPUTING
« Reply #2 on: June 27, 2003, 17:33 »
Very masterful Brian.  I salute you.  ;D

Offline Simon

  • Administrator
  • *****
  • Posts: 76397
  • First to score 7/7 in Quiz of The Week's News 2017
Re:SAFE COMPUTING
« Reply #3 on: June 27, 2003, 18:00 »
That's what I call a tight ship!   ;D ;D
Many thanks to all our members, who have made PC Pals such an outstanding success!   :thumb:

Offline lobo

  • Full Member
  • ***
  • Posts: 342
    • http://www.burnleywood.com
Re:SAFE COMPUTING
« Reply #4 on: June 27, 2003, 18:19 »
A major part of my NCFE in Advanced Networking 3 Diploma consisted of anti-viral and Trojan protection and the implementation of Intruder defences Systems, if it taught me one thing it is that a PC can only be secure from all these thins if it is situated in a locked secure room with Anti-Virus and Anti-Trojan software installed, disconnected from the internet and preferably switched off with the plugs disconnected from the mains, :wahh:

Brian ;D
url=http://pc-pals.com/userpics/loboPC.swf]Flash[/url]

All the survivors of the war had reached their homes and so put the perils of battle and the sea behind them.
Homer   , The Odyssey, line 1

Offline chorleydave

  • Forum Fanatic
  • ******
  • Posts: 5035
Re:SAFE COMPUTING
« Reply #5 on: June 28, 2003, 00:51 »
I count myself very lucky, that in six years of having a home internet connection, I have never had a virus.  The only nasty I have suffered was the Optix Pro trojan, which I seemed to get every time I used Kazaa.  It is so nasty that it doesn't only get through all your defenses, but actually shuts them down.  Norton and Zone Alarm Pro (which were my anti-virus and firewall at the time) had no chance.  It just goes to show that the writers of these evil programs can be  more talented than the paid professionals whose job is to protect us from them.

It never ceases to amaze me how so many people will exitedly open an e-mail attachment without giving it a second thought, although I will readily admit that my own attitude to attachments verges on acute paranoia.  All atachments I receive are either deleted without openng or, if I am confident they are kosher, saved to floppy disk and opened on the spare machine (old 486, 500MB HD, 16MB RAM, Win98 and Office 97 only) in my son's bedroom so I can have a good look at them before they come back in here.  Fortunately, my paranoia has served me so well that even the spare machine has never been infected.

Anyone who wants to extend their knowledge of vunerabilities could do a lot worse than visit Steve Gibson's Shields Up website at https://grc.com/x/ne.dll?bh0bkyd2

Can be heavy, technical, but is well worth it.


Show unread posts since last visit.
Sponsor for PC Pals Forum