Malware Summary
What is "malware"?
-
"malicious software"
-
There are many different kinds of programs
which do bad things on your computer.
They have technical names like virus, bot, trojan, ...
So somebody came up with the idea to call all
of them "malware". ("mal" is from Latin for "bad".)
-
trojan, spyware, virus, key logger, adware,
For the professional, it is useful to know
what these are and exactly what they do, so
they can figure out how to get rid of them.
For us, all we need to know is: We want them GONE!
What does malware do?
-
What does "dangerous emails and webpages" mean?
What do they actually do?
-
Malware will be annoying or harmful to your own computer:
-
destroy files
-
modify files
-
change settings on your computer (to annoy you)
-
slow your computer down by using it to do other
things (see below).
-
But these days it does more than that!
-
-
It gets information from your computer:
-
-
Get email addresses from Outlook Express and
other programs, and send them (through your
internet connection) so they can use for spam.
-
steals information about your surfing habits
(what you click on, pages, ads etc
what you search for, what websites you visit.)
-
Captures your keystrokes and sends them to someone
(passwords! credit card numbers! personal information!)
-
Change settings on your computer
(to enable it to do the bad stuff)
-
It puts things on your computer:
-
Redirects your home page or searches
-
Puts ads on your computer
-
Add links (to ads) in web pages you visit,
in your favorites/bookmarks, on your desktop
-
change security settings in MSIE so that you
will see sites you thought you had blocked,
popup ads, etc.
-
Puts itself on flash drive to infect the next computer.
-
It does this by installing programs on your computer to do
these things .. plus more we don't know about!
-
It makes use of your computer:
to harm others, or more: to steal
This uses your bandwidth and your computer ram,
causing your connection and programs to run
more slowly.
Also makes it harder to trace the attack to its real source.
-
Uses your computer to relay spam
-
Uses your computer to send malware to other computers
Uses your computer to relay stolen information
from other computers.
-
Use your computer to store files (often illegal) and
make them available to others – shifting liability
away from the attackers.
-
Use your computer to attack other computers
(send viruses, DOS attacks, ...)
-
Use your computer as file server (transfer files
between other computers, use your storage space).
-
It is used by rival businesses (and governments):
-
to attack rival spammers/hackers
-
to attack other businesses
-
And there is now big money for the bad guys:
-
send spam to the stolen email addresses
(money from advertisers in the spam)
-
sell the stolen email addresses to other spammers
-
steal from bank account (transfer to another account)
-
order things with stolen credit card number
-
resell malware on the black market for cash
-- tens of thousands of dollars each! --
which are, in turn, used by exploiters to steal
How does the malware get into your computer?
-
From email - as web page, as javascript, as image, ...
-
From a web page: infected (hacked or on purpose) webpages
have code that attempts to install malware on visiting PCs.
-
From you installing it yourself, thinking it is a good program!
(common ones are screensavers, browser toolbars,
and even .. "anti-virus" programs)
How to protect yourself:
If you walk down the street, you don't hold
out your hands (or your wallet!) and accept
or give things to anyone you see. You have
learned from childhood to recognise and choose,
so it seems natural and you don't have to think
about it. (In the west we call it "street smarts".)
Computers are new, and we learn computer as adults.
So it seems hard and complicated to "be safe"
with computers. It isn't really — it's just
something more to learn as you go through life.
If you use MS Windows, the most useful things you can do are:
-
First: Don't
-
Don't use Internet Explorer
(use FireFox or Opera or ...)
-
Don't use Outlook/Outlook Express
(use Thunderbird or Eudora or ...)
-
Why? These programs are "tied in" to the operating system,
and so are very susceptible to viruses.
-
Second: Do
-
Install a good anti-virus program,
such as AVG or Awast or ClamWin
-
Keep it updated! otherwise it is no good,
might as well not have it.
-
Install and use a firewall.
If you are running Windows XP you can use the
built-in software firewall under Control Panel.
Also there are free versions of firewalls that work
on all versions of Windows.
-
(What is a firewall? What is an anti-virus program?)
Develop "net smarts" to go with your "street smarts"
-
Email:
-
Don't open mail or attachments from someone you don't know.
It will have a virus, and the minute you open
it, you won't see anything to tell you, but you
will have released the virus to infect your computer
and also the other computers in your office.
-
Be careful opening email attachments, even from friends.
They may have viruses that your friends didn't
put there.
-
Don't view your mail "as web page", view it "as text"
The things that make a "web page" (such as javascript)
can get infected with viruses.
-
Web:
-
Be careful clicking on web links found on less reputable
web sites. Um - don't even *go* to "less reputable" websites.
-
Pay attention to the "url"
(what is a url?)
If you think you are going to the Microsoft website,
and the url says http://www.microsoft.comehere.com
... well maybe it is not actually Microsofts website!
-
Pay attention when clicking on web searches
The first link isn't always the best link -
May be an advertisement site.
May be a bad website.
-
Pay attention to links on a web page:
Does it say "advertisement" anywhere near the link?
-
If something seems "to good to be true", it probably is!
This is as true on websites as in life.
If some website is offering you free downloads,
free exciting pictures, etc, they are probably
getting something from you in return: your
virus-filled computer.
-
Passwords:
-
I bet i could get into the email accounts
of about half the people i know!
I would try things like this:
tibet123 tpprc123 tashi70 tashi59 tashi310
-
If i can try this, a hacker can too —
and get into your email, online accounts,
and your computer.
-
How do hackers get passwords: not by sitting
and clicking - but by running a program that
has a file of words and names, and tries
them over and over. A program doesn't get tired!
It can keep trying until it gets it.
-
How to make a good password:
-
If you can't remember it, the hacker probably
can't guess it. Good! Keep a record of
your passwords *safely* somewhere.
-
What is a good password?
It has letters (upper and lowercase), numbers, punc.
-
That's too hard! ... No, it's not:
Start with a word that means something to you:
You already do this! So:
tashimarch10
Then, change it:
replace some letters with numbers, punctuation,
uppercase.
Tash;m8r10
Because it starts with a word that means something,
you may be surprised that after typing it
a few times, you *will* be able to remember it.
And a hacker can't guess it.
-
Use different passwords for different accounts:
That's too hard! ... No, it's not:
website file uploads: Tash;m8r10tp
yahoo mail: Tash;m8r10yh
google mail: Tash;m8r10gm
See, i use an abbreviation for the different
sites at the end of the password.
-
Change your passwords every few months.
That's too hard!
... Well ... i admit it is annoying.
But it's like brushing your teeth — Just do it.
-
Backups:
-
Keep your computer backed up -
keep the second most recent backup, in case the
most recent backup was infected!
The above things alone will do a lot to protect you.
If you want to be more involved in protecting your
computer (which means: your files and your information!):
Go further
-
Managing your programs:
-
Keep your computer’s software updated and current.
This means, your operating system and your programs.
-
* Your anti-virus application *must* be updated regularly.
-
* Only download updates from reputable sources.
sourceforge.net, downloads.com, twocows.com
For Windows operating systems, always go to
http://update.microsoft.com/microsoftupdate/
and for other software always use the legitimate
websites of the company or person who produces it.
Don't use other "download free" websites - think about
why they might be offering this service - what do
they get out of it!
-
* Always think before you install something, weigh
the risks and benefits, and be aware of the fine
print. Does that long license agreement that you
don't want to read, conceal a warning that you are
about to install spyware?
-
Explore:
-
Use Open Office instead of Microsoft Office programs
(same as MSIE and Outlook - MSOffice programs are
"tied in" to the operating system, and so are
very susceptible to viruses.
-
Google is your friend.
If you want to know more about anything,
just type the word in the box at
www.google.com
-
Try out other operating systems which do not get
viruses, such as linux.
Many great versions of linux come on bootable CD,
so you can try them out without actually installing.
-
Watch out for "back door attacks"
— hackers trying
to get into your computer through the internet connection.
-
Use a netstat program to see what services are running.
-
Keep your server software patched and up-to-date.
-
Consider shutting down any services you do not need.
Know more
-
General info:
-
www.tibetangeeks.com/technology/security/
-
Tech info for Tibetans
-
http://www.microsoft.com/technet/security/alerts/info/malware.mspx
-
About "malware", at Microsoft.com
-
http://www.microsoft.com/windows/ie/community/columns/adware.mspx
-
About adware, at Microsoft.com
[an error occurred while processing this directive]
|
[an error occurred while processing this directive]
