You are on page 1of 126

INTERNET SECURITY: USER’S PERSPECTIVE

A PROJECT REPORT

Submitted in partial fulfillment for the award of the degree

of

BACHELOR OF ENGINEERING

in

ELECTRONICS & COMMUNICATION ENGINEERING

SUBMITTED TO: SUBMITTED BY:

Dr. Hitesh Kapoor Siddharth Bhardwaj


Assistant Professor (UE 85094)
Dept. of Applied Sciences Surbhi Vijh
(UE 85098)

UNIVERSITY INSTITUTE OF ENGINEERING & TECHNOLOGY


PANJAB UNIVERSITY
CHANDIGARH

MAY 2011
PANJAB UNIVERSITY, CHANDIGARH

CERTIFICATE

Certified that this project report “Internet Security: User’s Perspective” is

the bona fide work of “Siddharth Bhardwaj and Surbhi Vijh”

who carried out the project work under my supervision.

PROF. RENU VIG DR. HITESH KAPOOR

Director Assistant Professor

U.I.E.T. Dept. of Applied Sciences

i
ACKNOWLEDGEMENT

We owe a great many thanks to a great many people who helped and supported us
during the writing of this book. Our deepest thanks to Assistant Professor and our
teacher, Dr. Hitesh Kapoor, for guiding and correcting various documents of ours with
attention and care. He has taken pain to go through the project and make necessary
corrections as and when needed.

We also express our thanks to the Director of UNIVERSITY INSTITUTE OF ENGINEERING


& TECHNOLOGY, PANJAB UNIVERSITY, Prof. Renu Vig for extending her support.

We would also like to thank all the individuals who participated in the survey conducted
by us, to develop a detailed analysis as a part of the project.

We would also thank our Institution and our faculty members without whom this
project would have been a distant reality. We also extend our heartfelt thanks to our
families and well wishers.

ii
Abstract

The computer is the great invention of 20th century which has been now the part of
our life. Gradually it became necessary to connect different computers that lead to
establish local network. The network field grew up by leaps and bound that lead to
huge matrix of computer network. This great invention is known as Internet. It
benefited to human being in each & every field, which is now part of our life. But as
we know each coin has two sides. Similarly the darkness of network field is an
unimaginable. Now the big question is how to provide protection to your machine &
secure our data & information? The only answer is “Network Security”.

Internet (a network of networks) security is a complicated subject, historically only


tackled by well trained and experienced experts. However, as more and more people
become ``wired'', an increasing number of people need to understand the basics of
security in a networked world. It explains the concepts needed to read through hype
in the marketplace and understand risks and how to deal with them.

In this project, we have covered the various practices and precautions a user must
undertake to protect his/her computer system from the viable threats when
connected in a computer network (internet).

The topic is aimed at understanding the various threats that are encountered on a
widespread basis and the various security measures that need to be implemented so
as to counter them. It considers network security (issues and remedial measures)
from a common user’s perspective, a brief understanding of the various threats (like
viruses, worms, trojans, spyware, malware etc.). Futher, it covers topics like secure
online transactions, understanding Phishing Sites, Keyloggers, Malicious Scripts, Pop-
ups etc, threats to network security via emails and need and role of Antivirus, Anti-
spyware, Firewall.

Internet security is indeed the hot topic of discussion amongst all computers
enthusiastic & it has also become a major concern in broad room across the globe.

iii
Companies have started taking computer security very seriously and dedicated teams who
maintain & secure the companies sensitive information round the clock. Even individuals
who use ultimate tool the internet have started to show an increase4d demand for tools or
ways to protect their system against criminal. It is totally impossible to create 100%
foolproof firewall or network without compromising the services that network has offer
being aware and regularly updating one’s network in tune with latest updating in field of
computer security, is one trick that internet user must have in his or her armory of defense
against computer infiltration.

It is hoped that the reader will have a wider perspective on security in general, and better
understand how to reduce and manage risk personally, at home, and in the workplace.

iv
List of Tables

S.No. Table No. About Page No.


1 Table 1 Significance of Security Status bar colours 58
2 Table 2 Internet Security Threats & Solutions: At a Glance 74
3 Table 3 Review of Spy Sweeper 77
4 Table 4 Review of Spybot 79
5 Table 5 Review of Malwarebytes 81
6 Table 6 Review of Ad-aware 83
7 Table 7 Review of Zone Alarm Firewall 85
8 Table 8 Review of Comodo Internet Security 86
9 Table 9 Review Of Bit-Defender 88
10 Table 10 Review of Kaspersky 93
11 Table 11 Review of ESET NOD 32 96
12 Table 12 Review Of AVG 2011 99

v
List of Figures

S.no Figure Page


About
No. no.
1 Fig 1 Internet 1
2 Fig 2 Antivirus 21
A phishing example, showing how eBay logo is used
3 Fig 3 34
to hoodwink users.
4 Fig 4 Phishing HSBC customers 35
5 Fig 5 Several pop-up ads on computer screen 40
6 Fig 6 A POP-Up blocking software 42
7 Fig 7 A logfile from a software based keylogger 47
Screen capture of what the software-based keylogger
8 Fig 8 47
above was logging
9 Fig 9 On Screen Keyboard 52
10 Fig 10 Spy Sweeper Window 75
11 Fig 11 Spybot Window 78
12 Fig 12 Malwarebytes Anti-Malware 80
13 Fig 13 Ad-aware window 82
14 Fig 14 Zone alarm Firewall 84
15 Fig 15 Comodo Internet Security Window 85
16 Fig 16 Bit Defender Antivirus 2011 window 87
17 Fig 17 Kaspersky 2011 Antivirus window 90
18 Fig 18 ESET NOD 32 window 94
19 Fig 19 AVG Antivirus 2011 window 97
20 Fig 20 NORTON 2011 Antivirus window 100
21 Fig 21 VirusTotal.com interface 102
22 Fig 22 Scan Report of a Test File 104
23 Fig 23 Sandboxie 105

vi
List of Graphs

Graph
S.No. About Page No.
No.
1 Graph 1 User ratings for Bit-Defender 87
2 Graph 2 User ratings for Kaspersky 91
3 Graph 3 User ratings for ESET NOD 32 94
4 Graph 4 User Ratings Of AVG 2011 97
5 Graph 5 User Ratings Of Norton 2011 100
6 Graph 6 Bar graph depicting awareness about 107
various threats
7 Graph 7 Bar graph depicting Antivirus softwares 109
used
8 Graph 8 Bar graph depicting awareness about 111
security measures

vii
TABLE OF CONTENTS

S. No. Title Page No.


Abstract iii
List of tables v
List of figures vi
List of graphs vii

1 Internet 1
2 Internet Security 3
3 Good Security Habbits 6
4 Viruses, Trojans, Worms & Spyware 9
5 Spyware 11
6 Malware 14
7 Recovering from Viruses, Worms, and Trojan Horses 18

8 Antivirus 21
9 Firewalls 28
10 Phishing 30
11 Pop ups 39
12 Digital Footprint 44
13 Keystroke logging 46
14 E-mail Security 53
15 Secure Online Transactions 57
16 P2P Security 61
17 Securing Wireless Networks 65
18 Browsing Safely: Understanding Active Content and 68
Cookies
19 Software Analysis 75
19.1 Anti-Spyware Softwares 75
19.1.1 Spy Sweeper 75
19.1.2 Spybot- Search and Destroy 77
19.2 Anti-Malware Softwares 80
19.2.1 Malwarebytes Anti-Malware 80
19.2.2 Ad-Aware 82
19.3 Firewalls 84
19.3.1 Zone alarm Firewall 84
19.3.2 Comodo Internet Security 85
19.4 Antivirus Softwares 87
19.4.1 Bit-Defender Antivirus 2011 87
19.4.2 Kaspersky 2011 Antivirus 90
19.4.3 ESET NOD 32 Antivirus 94
19.4.4 AVG Antivirus 2011 97
19.4.5 NORTON 2011 Antivirus 100
19.5 Virus Total.com 102
19.6 Sandboxie (Isolation Program) 105
20 INFORMATION TECHNOLOGY ACT, 2000 -Certain 107
provisions pertaining Cyber Security
21 Survey and Analysis 109
21.1 Awareness about various threats 109
21.2 Antivirus Softwares Used 111
21.3 Awareness about Security Measures 113
22 References 115
1. Internet [1]

Definition:

 The Internet is a worldwide system of computer networks - a network of


networks in which users at any one computer can, if they have permission, get
information from any other computer (and sometimes talk directly to users at
other computers).

Fig 1: Internet

History:

 The Internet was conceived by the Advanced Research Projects Agency (ARPA) of
the U.S. government in 1969 and was first known as the ARPANet.
 The original aim was to create a network that would allow users of a research
computer at one university to be able to "talk to" research computers at other
universities.
 A side benefit of ARPANet's design was that, because messages could be routed
or rerouted in more than one direction, the network could continue to function

1
even if parts of it were destroyed in the event of a military attack or other
disaster.

Applications:

 The most widely used part of the Internet is the World Wide Web ("WWW").
Using the Web, we have access to millions of pages of information. Web
browsing is done with a Web browser, the most popular of which are Microsoft
Internet Explorer and Mozilla Firefox
 Electronic mail (email) is the most widely used application on the Net.
 More recently, Internet telephony hardware and software allows real-time voice
conversations.
 File sharing is another application which allows transferring large amounts of
data across the Internet. A computer file can be e-mailed to customers,
colleagues and friends as an attachment. It can be uploaded to a website or FTP
server for easy download by others.

2
2. Internet Security [1]

 Internet security is a branch of computer security specifically related to the


Internet. Its objective is to establish rules and measures to use against attacks
over the Internet. The Internet represents an insecure channel for exchanging
information leading to a high risk of intrusion or fraud, such as phishing.

 Internet security is often neglected when people begin shopping, banking and
doing other financial or personal activities online. With identity fraud and online
theft rising every day, the first thing that should be done before engaging in any
sensitive matters online is making sure that the computer and its connection are
secure. Contrary to popular belief, it does not take a certified network engineer
to enhance the safety of a home computer system. By following a few simple
guidelines, even a novice can go a long way toward protecting his or her identity
and financial information from those who would prey upon it.

Need for Internet Security

 Even if you don't think you have anything worth protecting on your computer,
it's still important that you keep it locked down. Your files are not the only thing
at stake when we talk of network security. If someone gains access to your
computer, it can be used as a "zombie" for hacking into other computer, hiding
the trail of the person who is actually doing it. How would you like to get a call
from your local police telling you that there's been a virus attack that has been
traced back to your computer?
 No, even if your computer isn't used for anything critical you need to run security
software such as an antivirus and a firewall. These programs will keep your
computer "hidden" from prying eyes over the internet, as well as protected from
viruses and other malware that can be spread through email or other methods.

3
Working: Internet Security

Basic Defense: The first line of defense for dial-up, high speed and wireless
Internet access is a firewall. When it is active, your computer will only allow
connections from computers at trusted sources. Depending on your operating
system, you can allow exceptions and add programs and websites. Virus and
spyware protection software will help you safeguard your files and your
operating system. Malicious computer users (hackers) insert viruses and spyware
in html codes, text files and software programs. Once downloaded and activated,
these programs can destroy files, copy passwords and damage software
applications to the extent that your computer no longer functions.

Passwords and Privacy: Almost every website, forum and even your email
program requires you to enter a password. For added security, do not use the
same password repeatedly. Combine random letters and numbers for strong
password security. Avoid giving your personal email address to every site that
you visit. It is better to sign up on new sites with a disposable email address.
Despite aggressive legislation and prosecution, spam is still a major problem for
Internet users. Review every website's privacy policy before providing personal
information including your home address.

Email Security: Pay particular attention to common email security threats. Do


not open email file attachments from unknown sources because this tends to be
a major source of viruses. Clicking on active links in emails can redirect your
browser to sites that contain spyware, adware or worse. Phishing, phony emails
from trusted sources that ask for personal and financial information, can lead to
identity theft. In general, your bank or credit card will never email a request for
you update your information.

4
Stay Secure: New Internet threats appear daily. Keeping your security software updated
is essential to your security plan. Review the default Internet security settings and
update settings for your operating system, browser, email program and all installed
security software often. Schedule a daily or weekly time for your virus and spyware
software to run and report your security status. If you are frequently finding that your
computer has been invaded by spyware or viruses, upgrade your software or select
stronger protection options.

5
3. Good Security Habits [1]

There are some simple habits you can adopt that, if performed consistently, may
dramatically reduce the chances that the information on your computer will be lost or
corrupted.

Minimizing the access other people have to your information

You may be able to easily identify people who could, legitimately or not, gain physical
access to your computer—family members, roommates, co-workers, members of a
cleaning crew, and maybe others. Identifying the people who could gain remote access
to your computer becomes much more difficult. As long as you have a computer and
connect it to a network, you are vulnerable to someone or something else accessing or
corrupting your information; however, you can develop habits that make it more
difficult.

 Lock your computer when you are away from it. Even if you only step away
from your computer for a few minutes, it's enough time for someone else to
destroy or corrupt your information. Locking your computer prevents another
person from being able to simply sit down at your computer and access all of
your information.
 Disconnect your computer from the Internet when you aren't using it. The
development of technologies such as DSL and cable modems has made it
possible for users to be online all the time, but this convenience comes with
risks. The likelihood that attackers or viruses scanning the network for available
computers will target your computer becomes much higher if your computer is
always connected. Depending on what method you use to connect to the
Internet, disconnecting may mean disabling a wireless connection, turning off
your computer or modem, or disconnecting cables. When you are connected,
make sure that you have a firewall enabled.

6
 Evaluate your security settings. Most software, including browsers and email
programs, offers a variety of features that you can tailor to meet your needs and
requirements. Enabling certain features to increase convenience or functionality
may leave you more vulnerable to being attacked. It is important to examine the
settings, particularly the security settings, and select options that meet your
needs without putting you at increased risk. If you install a patch or a new
version of the software, or if you hear of something that might affect your
settings, reevaluate your settings to make sure they are still appropriate.

Other measures

Sometimes the threats to your information aren't from other people but from natural or
technological causes. Although there is no way to control or prevent these problems,
you can prepare for them and try to minimize the damage.

Protect your computer against power surges and brief outages. Aside from providing
outlets to plug in your computer and all of its peripherals, some power strips protect
your computer against power surges. Many power strips now advertise compensation if
they do not effectively protect your computer. Power strips alone will not protect you
from power outages, but there are products that do offer an uninterruptible power
supply when there are power surges or outages. During a lightning storm or
construction work that increases the odds of power surges, consider shutting your
computer down and unplugging it from all power sources.

Back up all of your data. Whether or not you take steps to protect yourself, there will
always be a possibility that something will happen to destroy your data. You have
probably already experienced this at least once— losing one or more files due to an
accident, a virus or worm, a natural event, or a problem with your equipment. Regularly
backing up your data on a CD or network reduces the stress and other negative
consequences that result from losing important information. Determining how often to
back up your data is a personal decision. If you are constantly adding or changing data,

7
you may find weekly backups to be the best alternative; if your content rarely changes,
you may decide that your backups do not need to be as frequent. You don't need to
back up software that you own on CD-ROM or DVD-ROM—you can reinstall the
software from the original media if necessary.

8
4. Viruses, Trojans, Worms & Spyware [1]

There are many different types of computer viruses circulating in the cyber world,
including regular Computer Viruses, Worms, Trojans, and Spyware. Each is different in
how they work, but they all share one thing in common; the ability to do a great deal of
damage to your computer system.

Computer Viruses:

Computer Viruses have been around since the early 1980's. A computer virus is a
program that gets into a computer system by means of hardware or software without
the knowledge of the computer user, and then attaches itself to a program file. The
virus then starts to replicate itself and do the damage it has been programmed to do.
There are many different kinds of computer viruses out there and each has a different
way that they work. They can be quite damaging to a computer system, so it is
important that you have a good anti-virus program in place to protect your computer

Trojan Horses:

A Trojan is not a computer virus in the sense that it doesn't get into your computer and
self-replicate. The Trojan derives its name from the ancient Greek story of the Trojan
Horse, where a group of warriors invades a city by hiding within a giant wooden horse.
The residents of the city thought the horse to be a gift, never knowing what was hidden
inside, so they rolled the horse in bringing their enemy within the city walls with it. The
Greek Trojan horse appeared to be something that it was not, just as the computer
Trojan appears to be something that it is not. A computer Trojan is software that
appears to function in a certain way (such as a program that you may have downloaded
to remove viruses or spyware), when in reality it performs another action, unknown to
the user. A Trojan is not always harmful and damaging to your computer, but it can
9
open a Backdoor for hackers to get into your computer and cause damage or retrieve
information. A good firewall program is the most effective means to stop a Trojan Horse
(also regular computer updates and an antivirus program help prevent Trojan Horses).

Computer Worms:

Computer Worms are like a virus in the fact that they do self-replicate themselves within
your computer system. However, a computer worm does not have to attach itself to a
program in your system like a computer virus does in order to function. Also, unlike a
computer virus that generally corrupts and modifies files on your computer to cause
damage, a computer worm generally localizes its damage to the computer network by
causing increased bandwidth. However, computer worms may have a "payload" that can
delete files, encrypt files or email files on the host computer. A very common payload
for a worm is to install a backdoor in the infected computer to allow the creation of a
"zombie" computer under control of the worm author. Computer worms can often
spread via email such as the SoBig and MyDoom worms did (from 2003 and 2004
respectively).

Spyware:

Spyware is a newer type of program that damages your computer system. Spyware is
also not a computer virus in the traditional sense, but it is harmful. Spyware works by
getting into your computer system for the purpose of taking partial control over your
use, or collecting personal information without your knowledge. Spyware often ends up
on your computer after downloading & installing free software - be very careful what
software you download, and which websites you download from.

While different in the functions they perform, Viruses, Trojans, Worms and Spyware are
all damaging to your computer. It is of the utmost importance that you make sure you
have proper computer protection software in place that will protect you from these
things so they cannot get into your computer and cause damage.

10
5. Spyware [1]

Because of its popularity, the internet has become an ideal target for advertising. As a
result, spyware, or adware, has become increasingly prevalent. When troubleshooting
problems with your computer, you may discover that the source of the problem is
spyware software that has been installed on your machine without your knowledge.

Despite its name, the term "spyware" doesn't refer to something used by undercover
operatives, but rather by the advertising industry. In fact, spyware is also known as
"adware." It refers to a category of software that, when installed on your computer,
may send you pop-up ads, redirect your browser to certain web sites, or monitor the
web sites that you visit. Some extreme, invasive versions of spyware may track exactly
what keys you type. Attackers may also use spyware for malicious purposes.

Because of the extra processing, spyware may cause your computer to become slow or
sluggish. There are also privacy implications:

 What information is being gathered?


 Who is receiving it?
 How is it being used?

Realizing the presence of spyware on your computer

The following symptoms may indicate that spyware is installed on your computer:

 you are subjected to endless pop-up windows


 you are redirected to web sites other than the one you typed into your browser
 new, unexpected toolbars appear in your web browser
 new, unexpected icons appear in the task tray at the bottom of your screen
 your browser's home page suddenly changed

11
 the search engine your browser opens when you click "search" has been
changed
 certain keys fail to work in your browser (e.g., the tab key doesn't work when
you are moving to the next field within a form)
 random Windows error messages begin to appear
 your computer suddenly seems very slow when opening programs or processing
tasks (saving files, etc.)

Prevent spyware from installing on your computer

To avoid unintentionally installing it yourself, follow these good security practices:

 Don't click on links within pop-up windows - Because pop-up windows are often
a product of spyware, clicking on the window may install spyware software on
your computer. To close the pop-up window, click on the "X" icon in the titlebar
instead of a "close" link within the window.
 Choose "no" when asked unexpected questions - Be wary of unexpected dialog
boxes asking whether you want to run a particular program or perform another
type of task. Always select "no" or "cancel," or close the dialog box by clicking
the "X" icon in the titlebar.
 Be wary of free downloadable software - There are many sites that offer
customized toolbars or other features that appeal to users. Don't download
programs from sites you don't trust, and realize that you may be exposing your
computer to spyware by downloading some of these programs.
 Don't follow email links claiming to offer anti-spyware software - Like email
viruses, the links may serve the opposite purpose and actually install the
spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might
have spyware on your machine and want to minimize the impact, consider taking the
following action:

12
 Adjust your browser preferences to limit pop-up windows and cookies - Pop-up
windows are often generated by some kind of scripting or active content.
Adjusting the settings within your browser to reduce or prevent scripting or
active content may reduce the number of pop-up windows that appear. Some
browsers offer a specific option to block or limit pop-up windows. Certain types
of cookies are sometimes considered spyware because they reveal what web
pages you have visited. You can adjust your privacy settings to only allow cookies
for the web site you are visiting.

Removing spyware

 Run a full scan on your computer with your anti-virus software - Some anti-
virus software will find and remove spyware, but it may not find the spyware
when it is monitoring your computer in real time. Set your anti-virus software to
prompt you to run a full scan periodically.
 Run a legitimate product specifically designed to remove spyware - Many
vendors offer products that will scan your computer for spyware and remove any
spyware software. Popular products include Lavasoft's Ad-Aware, Microsoft's
Window Defender, Webroot's SpySweeper, and Spybot Search and Destroy.
 Make sure that your anti-virus and anti-spyware software are compatible -
Take a phased approach to installing the software to ensure that you don't
unintentionally introduce problems.

13
6. Malware [1]

Malware, short for "malicious software," includes viruses and spyware to steal personal
information, send spam, and commit fraud. Criminals create appealing websites,
desirable downloads, and compelling stories to lure you to links that will download
malware – especially on computers that don't use adequate security software. But you
can minimize the havoc that malware can wreak and reclaim your computer and
electronic information.

If you suspect malware is on your computer:

 Stop shopping, banking, and other online activities that involve user names,
passwords, or other sensitive information.
 Confirm that your security software is active and current. At a minimum, your
computer should have anti-virus and anti-spyware software, and a firewall.
 Once your security software is up-to-date, run it to scan your computer for
viruses and spyware, deleting anything the program identifies as a problem.
 If you suspect your computer is still infected, you may want to run a second anti-
virus or anti-spyware program – or call in professional help.
 Once your computer is back up and running, think about how malware could
have been downloaded to your machine, and what you could do to avoid it in
the future.

Malware is short for "malicious software;" it includes viruses – programs that copy
themselves without your permission – and spyware, programs installed without your
consent to monitor or control your computer activity. Criminals are hard at work
thinking up creative ways to get malware on your computer. They create appealing web
sites, desirable downloads, and compelling stories to lure you to links that will download
malware, especially on computers that don't use adequate security software. Then, they
use the malware to steal personal information, send spam, and commit fraud.

14
It doesn't have to be that way. OnGuardOnline.gov says consumers can minimize the
havoc malware can wreak, and reclaim their computers and their electronic
information.

Computers may be infected with malware if they:

 Slow down, malfunction, or display repeated error messages


 Won't shut down or restart
 Serve up a lot of pop-up ads, or display them when you're not surfing the web
 Display web pages or programs you didn't intend to use, or send emails you
didn't write.

If you suspect malware is lurking on your computer, stop shopping, banking, and other
online activities that involve user names, passwords, or other sensitive information.
Malware on your computer could be sending your personal information to identity
thieves.

Then, confirm that your security software is active and current: at a minimum, your
computer should have anti-virus and anti-spyware software, and a firewall. You can buy
stand-alone programs for each element – or a security "suite" that includes these
programs – from a variety of sources, including commercial vendors or from your
Internet Service Provider. Security software that comes pre-installed on a computer
generally works for a short time unless you pay a subscription fee to keep it in effect. In
any case, security software protects against the newest threats only if it is up-to-date.
That's why it is critical to set your security software and operating system (like Windows
or Apple's OS) to update automatically.

Some scam artists distribute malware disguised as anti-spyware software.


OnGuardOnline offers a list of security tools from legitimate security vendors selected
by GetNetWise, a project of the Internet Education Foundation. Resist buying software
in response to unexpected pop-up messages or emails, especially ads that claim to have

15
scanned your computer and detected malware. That's a tactic scammers have used to
spread malware, and that has attracted the attention of the Federal Trade Commission,
the nation's consumer protection agency, as well as a number of state law enforcement
agencies.

Once you confirm that your security software is up-to-date, run it to scan your computer
for viruses and spyware. Delete everything the program identifies as a problem. You
may have to restart your computer for the changes to take effect.

If you suspect that your computer still is infected, you may want to run a second anti-
spyware or anti-virus program. Some computer security experts recommend installing
one program for real-time protection, and another for periodic scans of your machine as
a way to stop malware that might have slipped past the first program.

Finally, if the problem persists after you exhaust your own ability to diagnose and treat
it, you might want to call for professional help. If your computer is covered by a
warranty that offers free tech support, contact the manufacturer. Before you call, write
down the model and serial number of your computer, the name of any software you've
installed, and a short description of the problem. Your notes will help you give an
accurate description to the technician.

If you need professional help, if your machine isn't covered by a warranty, or if your
security software isn't doing the job properly, you may need to pay for technical
support. Many companies – including some affiliated with retail stores – offer tech
support via the phone, online, at their store, or in your home. Telephone or online help
generally are the least expensive ways to access support services – especially if there's a
toll-free helpline – but you may have to do some of the work yourself. Taking your
computer to a store usually is less expensive than hiring a technician or repair person to
come into your home.

16
Once your computer is back up and running, think about how malware could have been
downloaded to your machine, and what you could do to avoid it in the future. If your
security software or operating system was out-of-date, download the newest version
and set it to update automatically. Use the opportunity to back up important files by
copying them onto a removable disc. Other ways to minimize the chances of a malware
download in the future:

 Don't click on a link in an email or open an attachment unless you know who
sent it and what it is. Links in email can send you to sites that automatically
download malware to your machine. Opening attachments – even those that
appear to come from a friend or co-worker – also can install malware on your
computer.
 Download and install software only from websites you know and trust.
Downloading free games, file-sharing programs, and customized toolbars may
sound appealing, but free software can come with malware.
 Talk about safe computing. Tell your kids that some online activity can put a
computer at risk: clicking on pop-ups, downloading "free" games or programs, or
posting personal information.

Finally, monitor your computer for unusual behavior. If you suspect your machine has
been exposed to malware, take action immediately.

17
7. Recovering from Viruses, Worms, and Trojan Horses [1] [2]

Unfortunately, many users are victims of viruses, worms, or Trojan horses. If your
computer gets infected with malicious code, there are steps you can take to recover.

Unfortunately, there is no particular way to identify that your computer has been
infected with malicious code. Some infections may completely destroy files and shut
down your computer, while others may only subtly affect your computer's normal
operations. Be aware of any unusual or unexpected behaviors. If you are running anti-
virus software, it may alert you that it has found malicious code on your computer. The
anti-virus software may be able to clean the malicious code automatically, but if it can't,
you will need to take additional steps.

Steps to follow if you are infected

1. Minimize the damage - If you are at work and have access to an IT department,
contact them immediately. The sooner they can investigate and clean your
computer, the less damage to your computer and other computers on the
network. If you are on your home computer or a laptop, disconnect your
computer from the internet. By removing the internet connection, you prevent
an attacker or virus from being able to access your computer and perform tasks
such as locating personal data, manipulating or deleting files, or using your
computer to attack other computers.
2. Remove the malicious code - If you have anti-virus software installed on your
computer, update the virus definitions (if possible), and perform a manual scan
of your entire system. If you do not have anti-virus software, you can purchase it
at a local computer store. If the software can't locate and remove the infection,
you may need to reinstall your operating system, usually with a system restore
disk that is often supplied with a new computer. Note that reinstalling or
restoring the operating system typically erases all of your files and any additional

18
software that you have installed on your computer. After reinstalling the
operating system and any other software, install all of the appropriate patches to
fix known vulnerabilities

Reducing the risk of another infection

Dealing with the presence of malicious code on your computer can be a frustrating
experience that can cost you time, money, and data. The following recommendations
will build your defense against future infections:

 Use and maintain anti-virus software - Anti-virus software recognizes and


protects your computer against most known viruses. However, attackers are
continually writing new viruses, so it is important to keep your anti-virus
software current.
 Change your passwords - Your original passwords may have been compromised
during the infection, so you should change them. This includes passwords for
web sites that may have been cached in your browser. Make the passwords
difficult for attackers to guess
 Keep software up to date - Install software patches so that attackers can't take
advantage of known problems or vulnerabilities Many operating systems offer
automatic updates. If this option is available, you should enable it.
 Install or enable a firewall - Firewalls may be able to prevent some types of
infection by blocking malicious traffic before it can enter your computer. Some
operating systems actually include a firewall, but you need to make sure it is
enabled.
 Use anti-spyware tools - Spyware is a common source of viruses, but you can
minimize the number of infections by using a legitimate program that identifies
and removes spyware.

19
 Follow good security practices - Take appropriate precautions when using email
and web browsers so that you reduce the risk that your actions will trigger an
infection.

As a precaution, maintain backups of your files on CDs or DVDs so that you have saved
copies if you do get infected again.

20
8. Antivirus [1]

Antivirus or Anti-Virus Software is a computer program that can be used to scan files to
identify and eliminate computer viruses, worms, trojan horses and other malicious
software (malware).

While the Internet has ostensibly become a safer place (people know more than ever
before about safe surfing habits and the browsers are always trying to stay ahead of the
malicious coders), there is still no excuse for surfing the web without an antivirus
program. Antivirus software is a user’s last line of defense against the many harmful
programs out there that can destroy your computer.

Fig 2:

Functions offered by antivirus software

 Scanning Files: Most good antivirus programs come with a scanning function.
With this, you can do a thorough scan of your computer and make sure you
aren't infected with anything that might be breaching your security or causing
your computer to slow down.
 Removing Infections: Every antivirus program has its own ways in which it
responds to threats or viruses found on a computer. It may quarantine the
infected programs in case they are not really viruses, but rather something you
need for your computer to run smoothly. Usually, it will ask the user whether or
not he wants to delete the infected programs.

21
 Virus Protection: The main purpose of antivirus software is, of course, to protect
the computer from getting a virus. It does this by scanning downloads and
attachments for viruses, and by running in the background when the user is
surfing the Internet. Should the user come across a virus, the program will warn
the user and give her the option of getting rid of it before it infects.
 Spyware: The best antivirus programs are equipped and updated to protect the
user against spyware and adware, two scourges of the Internet world. These
malicious programs enter a computer through the browser, usually as a result of
pop-up ads or a bad Internet site. The antivirus program will usually block these
pop-up ads, but if one gets through, the program will warn the user and let him
eliminate the threat before it attacks the computer.
 Real-Time Scanning: Anti-virus programs provide real-time scanning, which
means the program is always on and checking for viruses as you perform tasks.
This is important because a virus scanner works after the fact and may not remove
the virus completely.
 Websites: As you visit websites, small programs in the background called scripts
could possibly have viruses or Trojans embedded in the programming. Some are
benign, but most are malicious.
 Email: With email, attachments are capable of transmitting viruses. Use an anti-
virus program that scans email and email attachments so any infections or fake
emails (which used to get you to click on a link that appears legit) can be caught.

 Data Mining: Sometimes, data trackers get installed on your computer for one
purpose: to track your computing habits. The websites you visit, the products
you purchase and web programs you use all assist advertisers for targeted
marketing.

Operation: anti-virus software

Although details may vary between packages, anti-virus software scans files or your
computer's memory for certain patterns that may indicate an infection. The patterns it

22
looks for are based on the signatures, or definitions, of known viruses. Virus authors are
continually releasing new and updated viruses, so it is important that you have the
latest definitions installed on your computer.

Once you have installed an anti-virus package, you should scan your entire computer
periodically.

 Automatic scans - Depending what software you choose, you may be able to
configure it to automatically scan specific files or directories and prompt you at
set intervals to perform complete scans.
 Manual scans - It is also a good idea to manually scan files you receive from an
outside source before opening them. This includes
o saving and scanning email attachments or web downloads rather than
selecting the option to open them directly from the source
o scanning media, including CDs and DVDs, for viruses before opening any
of the files

Detecting computer threats

Most commercial anti-virus software uses both of these approaches, with an emphasis
on the virus dictionary approach.

 Virus dictionary approach: In the virus dictionary approach, when the anti-virus
software examines a file, it refers to a dictionary of known viruses that have been
identified by the author of the anti-virus software. If a piece of code in the file
matches any virus identified in the dictionary, then the anti-virus software can then
either delete the file, quarantine it so that the file is inaccessible to other programs
and its virus is unable to spread, or attempt to repair the file by removing the virus
itself from the file.

23
To be successful in the medium and long term, the virus dictionary approach
requires periodic online downloads of updated virus dictionary entries. As new
viruses are identified "in the wild", civically minded and technically inclined users
can send their infected files to the authors of anti-virus software, who then include
information about the new viruses in their dictionaries.

Dictionary-based anti-virus software typically examines files when the computer's


operating system creates, opens, and closes them; and when the files are e-mailed.
In this way, a known virus can be detected immediately upon receipt. The software
can also typically be scheduled to examine all files on the user's hard disk on a
regular basis.

Although the dictionary approach is considered effective, virus authors have tried to
stay a step ahead of such software by writing "polymorphic viruses", which encrypt
parts of themselves or otherwise modify themselves as a method of disguise, so as
to not match the virus's signature in the dictionary.

 Suspicious behavior approach: The suspicious behavior approach, by contrast,


doesn't attempt to identify known viruses, but instead monitors the behavior of all
programs. If one program tries to write data to an executable program, for example,
this is flagged as suspicious behavior and the user is alerted to this, and asked what
to do.

Unlike the dictionary approach, the suspicious behavior approach therefore provides
protection against brand-new viruses that do not yet exist in any virus dictionaries.
However, it also sounds a large number of false positives, and users probably
become desensitized to all the warnings. If the user clicks "Accept" on every such
warning, then the anti-virus software is obviously useless to that user. This problem
has especially been made worse over the past 7 years, since many more non-
malicious program designs chose to modify other .exes without regards to this false

24
positive issue. Thus, most modern anti virus software uses this technique less and
less.

 Other ways to detect viruses: Some antivirus-software will try to emulate the
beginning of the code of each new executable that is being executed before
transferring control to the executable. If the program seems to be using self-
modifying code or otherwise appears as a virus (it immediately tries to find other
executables), one could assume that the executable has been infected with a virus.
However, this method results in a lot of false positives.

On detecting a virus

Each package has its own method of response when it locates a virus, and the response
may differ according to whether the software locates the virus during an automatic or a
manual scan. Sometimes the software will produce a dialog box alerting you that it has
found a virus and asking whether you want it to "clean" the file (to remove the virus). In
other cases, the software may attempt to remove the virus without asking you first.
When you select an anti-virus package, familiarize yourself with its features so you know
what to expect.

Choosing the right antivirus software

There are many vendors who produce anti-virus software, and deciding which one to
choose can be confusing. All anti-virus software performs the same function, so your
decision may be driven by recommendations, particular features, availability, or price.
Installing any anti-virus software, regardless of which package you choose, increases
your level of protection.

25
Updating to the current virus information

This process may differ depending what product you choose, so find out what your anti-
virus software requires. Many anti-virus packages include an option to automatically
receive updated virus definitions. Because new information is added frequently, it is a
good idea to take advantage of this option. Resist believing email chain letters that claim
that a well-known anti-virus vendor has recently detected the "worst virus in history"
that will destroy your computer's hard drive. These emails are usually hoaxes. You can
confirm virus information through your anti-virus vendor or through resources offered
by other anti-virus vendors.

While installing anti-virus software is one of the easiest and most effective ways to
protect your computer, it has its limitations. Because it relies on signatures, anti-virus
software can only detect viruses that have signatures installed on your computer, so it is
important to keep these signatures up to date. You will still be susceptible to viruses
that circulate before the anti-virus vendors add their signatures, so continue to take
other safety precautions as well.

Issues of concern:

 Macro viruses, arguably the most destructive and widespread computer viruses,
could be prevented far more inexpensively and effectively, and without the need of
all users to buy anti-virus software, if Microsoft would fix security flaws in Microsoft
Outlook and Microsoft Office related to the execution of downloaded code and to
the ability of document macros to spread and wreak havoc.
 User education is as important as anti-virus software; simply training users in safe
computing practices, such as not downloading and executing unknown programs
from the Internet, would slow the spread of viruses, without the need of anti-virus
software.

26
 Computer users should not always run with administrator access to their own
machine. If they would simply run in user mode then some types of viruses would
not be able to spread.
 The dictionary approach to detecting viruses is often insufficient due to the
continual creation of new viruses, yet the suspicious behavior approach is ineffective
due to the false positive problem; hence, the current understanding of anti-virus
software will never conquer computer viruses.
 There are various methods of encrypting and packing malicious software which will
make even well-known viruses undetectable to anti-virus software. Detecting these
"camouflaged" viruses requires a powerful unpacking engine, which can decrypt the
files before examining them. Unfortunately, many popular anti-virus programs do
not have this and thus are often unable to detect encrypted viruses.
 Companies that sell anti-virus software seem to have a financial incentive for viruses
to be written and to spread, and for the public to panic over the threat.

27
9. Firewall [1]

Function of a firewall

Firewalls provide protection against outside attackers by shielding your computer or


network from malicious or unnecessary Internet traffic. Firewalls can be configured to
block data from certain locations while allowing the relevant and necessary data
through. They are especially important for users who rely on "always on" connections
such as cable or DSL modems.

Choosing the right type of firewall

Firewalls are offered in two forms: hardware (external) and software (internal). While
both have their advantages and disadvantages, the decision to use a firewall is far more
important than deciding which type you use.

 Hardware - Typically called network firewalls, these external devices are


positioned between your computer or network and your cable or DSL modem.
Many vendors and some Internet service providers (ISPs) offer devices called
"routers" that also include firewall features. Hardware-based firewalls are
particularly useful for protecting multiple computers but also offer a high degree
of protection for a single computer. If you only have one computer behind the
firewall, or if you are certain that all of the other computers on the network are
up to date on patches and are free from viruses, worms, or other malicious code,
you may not need the extra protection of a software firewall. Hardware-based
firewalls have the advantage of being separate devices running their own
operating systems, so they provide an additional line of defense against attacks.
Their major drawback is cost, but many products are available for less than $100
(and there are even some for less than $50).

28
 Software - Some operating systems include a built-in firewall; if yours does,
consider enabling it to add another layer of protection even if you have an
external firewall. If you don't have a built-in firewall, you can obtain a software
firewall for relatively little or no cost from your local computer store, software
vendors, or ISP. Because of the risks associated with downloading software from
the Internet onto an unprotected computer, it is best to install the firewall from
a CD or DVD. If you do download software from the Internet, make sure it is a
reputable, secure website. Although relying on a software firewall alone does
provide some protection, realize that having the firewall on the same computer
as the information you're trying to protect may hinder the firewall's ability to
catch malicious traffic before it enters your system.

Applying the right configuration settings

Most commercially available firewall products, both hardware- and software-based,


come configured in a manner that is acceptably secure for most users. Since each
firewall is different, you'll need to read and understand the documentation that comes
with it to determine whether or not the default settings on your firewall are sufficient
for your needs.. Also, alerts about current viruses or worms sometimes include
information about restrictions you can implement through your firewall.

Unfortunately, while properly configured firewalls may be effective at blocking some


attacks, don't be lulled into a false sense of security. Although they do offer a certain
amount of protection, firewalls do not guarantee that your computer will not be
attacked. In particular, a firewall offers little to no protection against viruses that work
by having you run the infected program on your computer, as many email-borne viruses
do. However, using a firewall in conjunction with other protective measures (such as
anti-virus software and "safe" computing practices) will strengthen your resistance to
attacks.

29
10. Phishing [1] [3] [5]

Social engineering [1]

In a social engineering attack, an attacker uses human interaction (social skills) to obtain
or compromise information about an organization or its computer systems. An attacker
may seem unassuming and respectable, possibly claiming to be a new employee, repair
person, or researcher and even offering credentials to support that identity. However,
by asking questions, he or she may be able to piece together enough information to
infiltrate an organization's network. If an attacker is not able to gather enough
information from one source, he or she may contact another source within the same
organization and rely on the information from the first source to add to his or her
credibility.

Phishing [3]

Phishing is a form of social engineering. As a cyber crime, phishing involves the attempt
to defraud an online user by posing as a trusted entity or by blatantly lying about a
situation, which may compel the user to send money or goods.

Phishing is the attempt to acquire valuable personal and sensitive information such as
credit card numbers, passwords, usernames, etc by pretending to be a trustworthy
individual, business or an individual you know.

What makes this kind of online crime so successful is the wide array of guises it takes
on; there is not one clear-cut appearance of the illegal activity that a consumer could
learn to avoid. Not surprisingly, cyber crime prevention specialists understand that the
best offense is an education in the various looks and modus operandi of phishing
operations.

30
Phishing: Not Just for E-mail

E-mail is the most common way to distribute phishing lures, but some scammers seek
out victims through:

 Instant messages
 Cell phone text (SMS) messages
 Chat rooms
 Fake banner ads
 Message boards and mailing lists
 Fake job search sites and job offers
 Fake browser toolbars

In-session Phishing [4]

In-session phishing is a form of phishing attack which relies on one web


browsing session being able to detect the presence of another session (such as a visit to
an online banking website) on the same web browser, and to then launch a pop-up
window that pretends to have been opened from the targeted session. This pop-up
window, which the user now believes to be part of the targeted session, is then used to
steal user data in the same way as with other phishing attacks.

The advantage of in-session phishing to the attacker is that it does not need the
targeted website to be compromised in any way, relying instead on a combination of
data leakage within the web browser, the capacity of web browsers to run active
content, the ability of modern web browsers to support more than one session at a
time, and social engineering of the user.

31
Phishing Detecting and Prevention [3]

How is it that people can get caught in a phishing scam? Anyone can be tricked by a
stylish phishing scam, but simple phishing scams can easily be spotted, even those that
seem like the real thing.

Here are some popular phrases to look for in your emails, if you suspect message to be a
phishing scam.

 Emails offering free goods and services: The simplest phishing emails involve the
use of an unsolicited communication (or spam) that offers free goods and
services in return for a signup. When the consumer enters the requested
information, it is harvested and sold to mailing list companies. Even though spam
is illegal, enforcement is spotty and even the best email spam filters cannot
remove all of these emails
 “Verify your account”: This is probably one of the more popular scams. As
mentioned above, these types of emails state that you will need to verify your
account by clicking on a link below. Such emails offer convenient links that lead
to a third party website, where the username and password are captured. Thus
equipped, the cyber criminals now access the bank account holder’s real account
and transfer money or simply withdraw it.

The best way to avoid this is to not click anything within the email. Instead, open
another browser tab or window and go to your banking institution's website or
give them a call. Most institutions now have separate areas to report phishing;
remember that your bank will never ask you for your personal information
through email.

 "You have won the lottery": This is one of the most common phishing scams
around, also known as fee fraud'. The message informs you have won a large
amount of money and asks you to reply to the message with your address, bank

32
details and other personal information. These scams often come pretending to
be from reputed organizations such as IBM, Microsoft, etc
 Your account will be closed if you do not respond within 24 hours: This is done
to scare people, especially with so many of us using several types of online
accounts. In past, it has been received by Hotmail account holders, which
purports to be from Microsoft or Hotmail itself. It threatens account closure
unless the email account holder verifies his account with the login information
and birth date. Because of the scare, people won't look at the clues that clearly
state that this is a fake email. Look at the way the words are said or spelled in
the email; often, these emails are not sent by an English speaking person. As
with the above, open up a separate browser and check the owner's site.
 Compassion emails: Phishing tactics also feed off emotions. If a person receives
an email with an attachment to a link about a tragic event, out of curiosity or
compassion they may click on the link to find out more.
 Amazon: As of July 2009, Amazon was the top brand to be exploited by phishers.
 Facebook: Users of the popular social networking site are subject to threats both
within Facebook and via email. Using the services security settings you can
reduce the threat from phishing attacks by making your contact and email details
private.
 eBay: The popular auction site is another big name that is often mimicked in
order to gain personal information.

As with the SunTrust example, this eBay phishing email includes the eBay logo in
an attempt to gain credibility. The email warns that a billing error may have been
made on the account and urges the eBay member to login and verify the
charges.

33
Fig 3: A phishing example, showing how eBay logo is used to hoodwink users.

 HSBC, Santander, CommonWealth Bank: Customers of these large international


banks have also been the subject of phishing scams. You might have noticed that
some of these sites are very popular. Phishers use tools to “mine” email
addresses and other contact details wherever possible in order to draw you into
their scam. Awareness of these methods is the first step in protecting yourself
from the threat.

You might have noticed that some of these sites are very popular. Phishers use tools
to “mine” email addresses and other contact details wherever possible in order to

34
draw you into their scam. Awareness of these methods is the first step in protecting
yourself from the threat.

Fig 4: Phishing HSBC customers

 Use anti-virus and anti-spyware software, as well as a firewall, and update


them all regularly: Some phishing emails contain software that can harm your
computer or track your activities on the Internet without your knowledge.
Anti-virus software and a firewall can protect you from inadvertently accepting
such unwanted files.

Link manipulation

Most methods of phishing use some form of technical deception designed to make
a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed

35
organization. Misspelled URLs or the use of subdomains are common tricks used by
phishers. In the following example URL, http://www.yourbank.example.com/, it appears as
though the URL will take you to the example section of the yourbank website; actually
this URL points to the "yourbank" (i.e. phishing) section of the example website. Another
common trick is to make the displayed text for a link (the text between the <A> tags)
suggest a reliable destination, when the link actually goes to the phishers' site. The
following example link, http://en.wikipedia.org/wiki/Genuine, appears to take you to an
article entitled "Genuine"; clicking on it will in fact take you to the article entitled
"Deception". In the lower left hand corner of most browsers you can preview and verify
where the link is going to take you. Hovering your cursor over the link for a couple of
seconds will do a similar thing.

An old method of spoofing used links containing the '@' symbol, originally intended as a
way to include a username and password (contrary to the standard). For example, the
linkhttp://www.google.com@members.tripod.com/ might deceive a casual observer into
believing that it will open a page on www.google.com, whereas it actually directs the
browser to a page on members.tripod.com, using a username of www.google.com: the page
opens normally, regardless of the username supplied. Such URLs were disabled in
Internet Explorer, while Mozilla Firefox and Opera present a warning message and give
the option of continuing to the site or canceling.

A further problem with URLs has been found in the handling of Internationalized domain
names (IDN) in web browsers, that might allow visually identical web addresses to lead
to different, possibly malicious, websites. Despite the publicity surrounding the flaw,
known as IDN spoofing or homograph attack, phishers have taken advantage of a similar
risk, using open URL redirectors on the websites of trusted organizations to disguise
malicious URLs with a trusted domain. Even digital certificates do not solve this problem
because it is quite possible for a phisher to purchase a valid certificate and subsequently
change content to spoof a genuine website.

36
Filter evasion

Phishers have used images instead of text to make it harder for anti-phishing filters to
detect text commonly used in phishing e-mails.

Website forgery

Once a victim visits the phishing website the deception is not over. Some phishing scams
use JavaScript commands in order to alter the address bar. This is done either by placing
a picture of a legitimate URL over the address bar, or by closing the original address bar
and opening a new one with the legitimate URL.

A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a


simple-to-use interface that allows a phisher to convincingly reproduce websites and
capture log-in details entered at the fake site.

To avoid anti-phishing techniques that scan websites for phishing-related text, phishers
have begun to use Flash-based websites. These look much like the real website, but hide
the text in a multimedia object.

Protection from phishers can also be acquired by regularly updating your security
software in order to prevent you from innocently submitting information to top phishing
threats. If you use a desktop email client and your security software doesn’t have any
inbox protection, you should consider a specialist application to protect your emails.

Tools to help you avoid phishing scams

Microsoft offers several tools to help you avoid phishing scams when you browse the
web or read your email.

37
 Windows Internet Explorer. In Internet Explorer, the domain name in the
address bar is emphasized with black type and the remainder of the address
appears gray to make it easy to identify a website's true identity.

 Windows Live Hotmail. Microsoft's free webmail program also uses SmartScreen
technology to screen email. SmartScreen helps identify and separate phishing
threats and other junk email from legitimate email.

 Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2010, Outlook 2007,
and other Microsoft email programs evaluates each incoming message to see if it
includes suspicious characteristics common to phishing scams.

In case you are a victim

 If you believe you might have revealed sensitive information about your
organization, report it to the appropriate people within the organization,
including network administrators. They can be alert for any suspicious or unusual
activity.
 If you believe your financial accounts may be compromised, contact your
financial institution immediately and close any accounts that may have been
compromised. Watch for any unexplainable charges to your account.
 Immediately change any passwords you might have revealed. If you used the
same password for multiple resources, make sure to change it for each account,
and do not use that password in the future.
 Watch for other signs of identity.
 Consider reporting the attack to the police, and file a report with the Federal
Trade Commission (http://www.ftc.gov/).

38
11. POP-Ups [6]

A pop-up is a graphical user interface (GUI) display area, usually a small window that
suddenly appears ("pops up") in the foreground of the visual interface. Pop-ups can be
initiated by a single or double mouse click or rollover (sometimes called a mouseover),
and also possibly by voice command or can simply be timed to occur. A pop-up window
must be smaller than the background window or interface; otherwise, it's a replacement
interface. [7]

Pop-up ads or pop-ups are a form of online advertising on the World Wide
Web intended to attract web traffic or capture email addresses. Pop-ups are generally
new web browser windows to display advertisements. The pop-up window containing
an advertisement is usually generated by JavaScript, but can be generated by other
means as well.

Some pop-up ads contain extensive animations or sound elements that can be
distracting to surfers or even make it impossible to navigate through a Web page.
Sometimes a user might prompt three more windows to open just as he manages to
close the first one. Even worse, some pop-ups contain malicious code
like spyware or computer viruses.

 Certain types of downloaded content, such as images, free music, and others,
can cause pop ups, especially pornographic sites' pop ups. Also, the pop ups will
sometimes look like ordinary web pages, and the name of the site will show up in
a search bar. Many websites use pop-ups to display information without
disrupting the page currently open. For example, if you were to fill in a form on a
web page and needed extra guidance, a pop-up would give you extra
information without causing loss of any information already entered into the
form. Most pop-up blockers will allow this kind of pop-up. However, some will
reload the page, causing loss of any information that had been entered.

39
 Some web based installers, such as that used by McAfee, use a pop-up to install
software.
 On many internet browsers, holding down the ctrl key while clicking a link will
allow it to bypass the popup filter.
 Clicking (even accidentally) on one pop-up may lead to other pop-up ads
opening.

Fig 5: Several pop-up ads on computer screen

POP-Up Blocker

Opera was the first major browser to incorporate tools to block pop-up ads;
the Mozilla browser later improved on this by blocking only pop-ups generated as the
page loads. In the early 2000s, all major web browsers except Internet Explorer allowed
the user to block unwanted pop-ups almost completely. In 2004, Microsoft
released Windows XP SP2, which added pop-up blocking to Internet Explorer. All major
advertisers support the Network Advertising Initiative which allows users to opt out of
pop-under advertising.

40
Most modern browsers come with pop-up blocking tools; third-party tools tend to
include other features such as ad filtering.

Pop-up Blocker Software


Most pop-up ads are programmed in the Javascript programming language. When you
click on a Web page that has pop-up ads, the ads activate as the page loads into your
browser. The code for the pop-ups can be found within the code for the page itself. Pop-
up blockers are programmed to scan a Web page's source code and search for any signs
of a program telling your browser to open a new window. If the blocker finds this code,
it deactivates the command and you don't get any pop-ups.

Not all pop-ups open when the Web page loads, though. Some activate when you click
on a link or when you scroll your mouse over an activation site on the Web page. A good
pop-up blocker can detect the code for these ads as well, though some are only able to
deactivate a pop-up after it starts to open. If you've ever seen a pop-up quickly appear
and disappear when you have a pop-up blocker activated, that's what happened. The
blocker detected the ad after it activated, then disabled it.

Some pop-ups use other programming languages, such as Flash. A Javascript pop-up
blocker is helpless against flash pop-ups because it's a completely different
programming language. To block Flash ads, you'll need Flashblock program. These
programs are similar to pop-up blockers in that they disable the commands found in
Web pages that activate Flash animation. You can find programs that incorporate
Javascript and flash ad blockers in one package.

41
Fig 6: A POP-Up blocking software

Circumventing pop-up blocker

A combination of a banner ad and a popup window is the "hover ad", which


uses DHTML to appear in front of the browser screen. With the use of JavaScript, an
advertisement can be superimposed over a webpage in a transparent layer. This
advertisement can appear as almost anything the author of the advertisement wants.
For example, an advertisement can contain an Adobe Flash animation linking to the
advertiser's site. An advertisement can also look like a regular window. Because the
advertisement is a part of the web page, it cannot be blocked with a pop-up blocker, but
it can be blocked with third-party ad blockers such as Adblock or by using custom style
sheets. DHTML ads can be very CPU intensive, sometimes bogging down older
computers to the point of unusability.

42
Pop-under ads

Pop-under ads are similar to pop-up ads, but the ad window appears hidden behind the
main browser window rather than superimposed in front of it. As pop-up ads became
widespread and took up whole computer screens, many users learned to immediately
close the popup ads that appeared over a site without looking at them. Pop-under ads
do not immediately impede a user's ability to view the site content, and thus usually
remain unnoticed until the main browser window is closed, leaving the user's attention
free for the advertisement. Although the pop-under ad is ubiquitous with annoying
methodologies it still is used by major publishers such as CNN.com and The Wall Street
Journal.

43
12. Digital Footprint [8]

A digital footprint is a collection of activities and behaviours recorded when an entity


(such as a person) interacts in a digital environment. It may include the recording of
activities such as system login and logouts, visits to a web-page, accessed or created
files, or emails and chat messages. The digital footprint allows interested parties to
access this data; possibly for data mining, or profiling purposes.

Early usage of the term focused on information left by web activity alone, but came to
represent data created and consumed by all devices and sensors.

Active digital footprints can be also be stored in many ways depending on the situation.
In an online environment, a footprint can be stored by a user being logged into a site
when making a post or edit, with the registered name being connected to the edit. In an
off line environment a footprint may be stored in files, when the owner of the computer
uses a keylogger, so logs can show the actions performed on the machine, and who
performed them.

Web browsing

The digital footprint applicable specifically to the World Wide Web is the internet
footprint; also known as cyber shadow or digital shadow, information is left behind as a
result of a user's web-browsing activities, including through the use of cookies. The term
usually applies to an individual person, but can also refer to a business, organization,
corporation or object.

Information may be intentionally or unintentionally left behind by the user; with it being
either passively or actively collected by other interested parties. Depending on the
amount of information left behind, it may be simple for other parties to gather large
amounts of information on that individual using simple search engines. Internet
footprints are used by interested parties for several reasons; including cyber-vetting,

44
where interviewers could research applicants based on their online activities. Internet
footprints are also used by law enforcement agencies, to provide information that
would be unavailable otherwise due to a lack of probable cause.

Social networking systems may record activities of individuals, with data becoming a life
stream. Such usage of social media and roaming services allow digital tracing data to
include individual interests, social groups, behaviours, and location. Such data can be
gathered from sensors within devices, and collected and analyzed without user
awareness.

Privacy issues

Digital footprints are controversial in that privacy and openness are in competition.
While a digital footprint can be used to infer personal information without their
knowledge, it also exposes individual’s private psychological sphere into the social
sphere. Lifelogging is an example of indiscriminate collection of information concerning
an individual’s life and behaviour

45
13. Keystroke logging [9] [10]

Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys
struck on a keyboard, typically in a covert manner so that the person using the keyboard
is unaware that their actions are being monitored. There are numerous keylogging
methods, ranging from hardware and software-based approaches
to electromagnetic and acoustic analysis.

Software-based keyloggers

These are software programs designed to work on the target computer’s operating
system. From a technical perspective there are five categories:

 Hypervisor-based: The keylogger can theoretically reside in


a malware hypervisor running underneath the operating system, which
remains untouched. It effectively becomes a virtual machine. Blue Pill is a
conceptual example.
 Kernel based: This method is difficult both to write and to combat. Such
keyloggers reside at the kernel level and are thus difficult to detect,
especially for user-mode applications. They are frequently implemented
as rootkits that subvert the operating system kernel and gain unauthorized
access to the hardware, making them very powerful. A keylogger using this
method can act as a keyboard driver for example, and thus gain access to any
information typed on the keyboard as it goes to the operating system.
 API-based: These keyloggers hook keyboard APIs; the operating system then
notifies the keylogger each time a key is pressed and the keylogger simply
records it. APIs such as GetAsyncKeyState(), GetForegroundWindow(), etc.
are used to poll the state of the keyboard or to subscribe to keyboard events.
These types of keyloggers are the easiest to write, but where constant polling

46
of each key is required, they can cause a noticeable increase in CPU usage,
and can also miss the occasional key.
 Form Grabber based: Form Grabber-based keyloggers log web
form submissions by recording the web browsing onSubmit event functions.
This records form data before it is passed over the internet and
bypasses https encryption.
 Packet analyzers: This involves capturing network traffic associated
with HTTP POST events to retrieve unencrypted passwords.

Fig 7: A logfile from a software based keylogger

Fig 8: Screen capture of what the software-based keylogger above was logging

47
Remote access software keyloggers

These are local software keyloggers with an added feature that allows access to the
locally recorded data from a remote location. Remote communication may be achieved
using one of these methods:

 Data is uploaded to a website, database or an FTP server.


 Data is periodically emailed to a pre-defined email address.
 Data is wirelessly transmitted by means of an attached hardware system.
 The software enables a remote login to the local machine from the Internet
or the local network, for data logs stored on the target machine to be
accessed.

Related features

Software Keyloggers may be augmented with features that capture user information
without relying on keyboard key presses as the sole input. Some of these features
include:

 Clipboard logging: Anything that has been copied to the clipboard can be
captured by the program.
 Screen logging: Screenshots are taken in order to capture graphics-based
information. Applications with screen logging abilities may take screenshots
of the whole screen, just one application or even just around the mouse
cursor. They may take these screenshots periodically or in response to user
behaviours (for example, when a user has clicked the mouse). A practical
application used by some keyloggers with this screen logging ability is to take
small screenshots around where a mouse has just clicked; these defeat web-
based keyboards (for example, the web-based screen keyboards that are
often used by banks) and any web-based on-screen keyboard without
screenshot protection.
48
 Programmatically capturing the text in a control: The Microsoft
Windows API allows programs to request the text 'value' in some controls.
This means that some passwords may be captured, even if they are hidden
behind password masks (usually asterisks).
 The recording of every program/folder/window opened including a
screenshot of each and every website visited, also including a screenshot of
each.
 The recording of search engines queries, Instant Messenger Conversations,
FTP Downloads and other internet based activities (including the bandwidth
used).
 In some advanced software keyloggers, sound can be recorded from a user's
microphone and video from a user's webcam.

Countermeasures

The effectiveness of countermeasures varies, because keyloggers use a variety of


techniques to capture data and the countermeasure needs to be effective against the
particular data capture technique. For example, an on-screen keyboard will be effective
against hardware keyloggers, transparency will defeat some screenloggers - but not all -
and an anti-spyware application that can only disable hook-based keyloggers will be
ineffective against kernel-based keyloggers.

Also, keylogger software authors may be able to update the code to adapt to
countermeasures that may have proven to be effective against them.

49
 Live CD/USB: Rebooting the computer using a Live CD or write-protected Live
USB is a possible countermeasure against software keyloggers if the CD is clean
of malware and the operating system contained on it is secured and fully
patched so that it cannot be infected as soon as it is started. Booting a different
operating system does not impact the use of a hardware keylogger.

 Anti-spyware: Many anti-spyware applications are able to detect software


keyloggers and quarantine, disable or cleanse them. These applications are able
to detect software-based keyloggers based on patterns in executable
code, heuristics and keylogger behaviours (such as the use of hooks and
certain APIs).

No software-based anti-spyware application can be 100% effective against all


keyloggers. Also, software-based anti-spyware cannot defeat non-software
keyloggers (for example, hardware keyloggers)

However, the particular technique that the anti-spyware application uses will
influence its potential effectiveness against software keyloggers. As a general
rule, anti-spyware applications with higher privileges will defeat keyloggers with
lower privileges. For example, a hook-based anti-spyware application cannot
defeat a kernel-based keylogger (as the keylogger will receive the keystroke
messages before the anti-spyware application), but it could potentially defeat
hook- and API-based keyloggers.

 Network monitors: Network monitors (also known as reverse-firewalls) can be


used to alert the user whenever an application attempts to make a network
connection. This gives the user the chance to prevent the keylogger from
"phoning home" with his or her typed information.

 Automatic form filler programs: Automatic form-filling programs may prevent


keylogging by removing the requirement for a user to type personal details and
passwords using the keyboard. Form fillers are primarily designed for web

50
browsers to fill in checkout pages and log users into their accounts. Once the
user's account and credit card information has been entered into the program, it
will be automatically entered into forms without ever using the keyboard
or clipboard, thereby reducing the possibility that private data is being recorded.
However someone with physical access to the machine may still be able to install
software that is able to intercept this information elsewhere in the operating
system or while in transit on the network. (Transport Layer Security prevents the
interception of data in transit by network sniffers and proxy tools.)

 Security Tokens: Use of smart cards or other security tokens may improve
security against replay attacks in the face of a successful keylogging attack, as
accessing protected information would require both the (hardware) security
token as well as the appropriate password/passphrase. Knowing the keystrokes,
mouse actions, display, clipboard etc used on one computer will not
subsequently help an attacker gain access to the protected resource.

 One-time passwords (OTP): Using one-time passwords may be keylogger-safe,


as each password is invalidated as soon as it's used. This solution may be useful
for someone using a public computer, however an attacker who has remote
control over such a computer can simply wait for the victim to enter his/her
credentials before performing unauthorised transactions on their behalf while
their session is active. One-time passwords also prevent replay attacks where an
attacker uses the old information to impersonate. One example is online
banking where one-time passwords are implemented to protect accounts from
keylogging attacks as well as replay attacks.

 On-screen keyboards: Most on screen keyboards (such as the onscreen


keyboard that comes with Microsoft Windows XP) send normal keyboard event
messages to the external target program to type text. Every software keylogger
can log these typed characters sent from one program to another. Additionally,
keylogging software can take screenshots of what is displayed on the screen
(periodically, and/or upon each mouse click).

51
Fig 9: On Screen Keyboard

 Speech recognition: Similar to on-screen keyboards, speech-to-text


conversion software can also be used against keyloggers, since there are no
typing or mouse movements involved. The weakest point of using voice-
recognition software may be how the software sends the recognized text to
target software after the recognition took place.

 Keystroke interference software: Keystroke Interference software is also


available. These programs attempt to trick keyloggers by introducing random
keystrokes, although this simply results in the keylogger recording more
information than it needs to. An attacker has the task of extracting the keystrokes
of interest—the security of this mechanism, specifically how well it stands up to
cryptanalysis, is unclear.

 Handwriting recognition and mouse gestures: Also, many PDAs and lately Tablet
PCs can already convert pen (also called stylus) movements on
their touchscreens to computer understandable text successfully. Mouse
gestures utilize this principle by using mouse movements instead of a stylus.
Mouse gesture programs convert these strokes to user-definable actions, such as
typing text. Similarly, graphics tablets and light pens can be used to input these
gestures, however these are less common everyday. The same potential
weakness of speech recognition applies to this technique as well.

52
14. E-mail Security [1] [11]

There are many security threats to an email and these threats are caused due to weaker
security settings, hacking attacks, phishing, unencrypted messages and virus/spyware
attacks. Low security settings in your email program and web browsers may lead to
hacking attacks, viruses, spyware, phishing and unauthorized access to your computer.
Email vulnerabilities may lead to the loss of your personal and financial information. The
insecure emails require special considerations, security settings and policies. Email
Protocols send the user’s data in the plain text and a person with some computer
knowledge can hack your password and other account’s detail with the packet sniffer.

Due to weaker security settings sometimes you receive too much spam emails, which
waste your time and computer resources. You need to build up proper email security
solutions to protect the emails of the employees of your organization. Your email
security not only affect you but it also the compromise the security of the others, who
sends the email in your email account.

The usefulness of email is being threatened by four phenomena: email


bombardment, spamming, phishing, and email worms. [13]

Spamming

Spamming is unsolicited commercial (or bulk) email. Because of the very low cost of
sending email, spammers can send hundreds of millions of email messages each day
over an inexpensive Internet connection. Hundreds of active spammers sending this
volume of mail results in information overload for many computer users who receive
voluminous unsolicited email each day.

A number of anti-spam techniques mitigate the impact of spam. In the United


States, U.S. Congress has also passed a law, the Can Spam Act of 2003, attempting to
regulate such email. Australia also has very strict spam laws restricting the sending of

53
spam from an Australian ISP, but its impact has been minimal since most spam comes
from regimes that seem reluctant to regulate the sending of spam.

Email worms

Email worms use email as a way of replicating themselves into vulnerable computers.
Although the first email worm affected UNIX computers, the problem is most common
today on the more popular Microsoft Windows operating system.

The combination of spam and worm programs results in users receiving a constant
drizzle of junk email, which reduces the usefulness of email as a practical tool.

Email spoofing

Email spoofing occurs when the header information of an email is altered to make the
message appear to come from a known or trusted source. It is often used as a ruse to
collect personal information.

Email bombing

Email bombing is the intentional sending of large volumes of messages to a target


address. The overloading of the target email address can render it unusable and can
even cause the mail server to crash.

Privacy concerns

Today it can be important to distinguish between Internet and internal email systems.
Internet email may travel and be stored on networks and computers without the
sender's or the recipient's control. During the transit time it is possible that third parties
read or even modify the content. Internal mail systems, in which the information never
leaves the organizational network, may be more secure, although information

54
technology personnel and others whose function may involve monitoring or managing
may be accessing the email of other employees.

Email privacy, without some security precautions, can be compromised because:

 email messages are generally not encrypted.


 email messages have to go through intermediate computers before reaching
their destination, meaning it is relatively easy for others to intercept and read
messages.
 many Internet Service Providers (ISP) store copies of email messages on their
mail servers before they are delivered. The backups of these can remain for up
to several months on their server, despite deletion from the mailbox.
 the "Received:"-fields and other information in the email can often identify the
sender, preventing anonymous communication.

Steps to protect yourself and others in your address book [12]

 Be wary of unsolicited attachments, even from people you know - Just because
an email message looks like it came from your mom, grandma, or boss doesn't
mean that it did. Many viruses can "spoof" the return address, making it look like
the message came from someone else. If you can, check with the person who
supposedly sent the message to make sure it's legitimate before opening any
attachments. This includes email messages that appear to be from your ISP or
software vendor and claim to include patches or anti-virus software. ISPs and
software vendors do not send patches or software in email.
 Keep software up to date - Install software patches so that attackers can't take
advantage of known problems or vulnerabilities. Many operating systems offer
automatic updates. If this option is available, you should enable it.
 Trust your instincts - If an email or email attachment seems suspicious, don't
open it, even if your anti-virus software indicates that the message is clean.

55
Attackers are constantly releasing new viruses, and the anti-virus software might
not have the signature. At the very least, contact the person who supposedly
sent the message to make sure it's legitimate before you open the attachment.
However, especially in the case of forwards, even messages sent by a legitimate
sender might contain a virus. If something about the email or the attachment
makes you uncomfortable, there may be a good reason. Don't let your curiosity
put your computer at risk.
 Save and scan any attachments before opening them - If you have to open an
attachment before you can verify the source, take the following steps:
1. Be sure the signatures in your anti-virus software are up to date.
2. Save the file to your computer or a disk.
3. Manually scan the file using your anti-virus software.
4. If the file is clean and doesn't seem suspicious, go ahead and open it.
 Turn off the option to automatically download attachments - To simplify the
process of reading email, many email programs offer the feature to
automatically download attachments. Check your settings to see if your software
offers the option, and make sure to disable it.
 Consider creating separate accounts on your computer - Most operating
systems give you the option of creating multiple user accounts with different
privileges. Consider reading your email on an account with restricted privileges.
Some viruses need "administrator" privileges to infect a computer.
 Apply additional security practices - You may be able to filter certain types of
attachments through your email software or a firewall.

56
15. Secure Online Transactions [14]

Secure Connection

A secure connection is an encrypted exchange of information between the website you


are visiting and Internet Explorer. Encryption is provided through a document the
website provides called a certificate. When you send information to the website, it is
encrypted at your computer and decrypted at the website. Under normal
circumstances, the information cannot be read or tampered with while it is being sent,
but it's possible that someone might find a way to crack the encryption. Even if the
connection between your computer and the website is encrypted, it does not guarantee
that the website is trustworthy. Your privacy can still be compromised by the way the
website uses or distributes your information.

Privacy of secure connections

Secure connections are not necessarily private. Even though the information you are
sending and receiving is encrypted (encoded), an intermediate party might be able to
see the website you are connecting to. By knowing the website you are connecting to,
the other party might have a pretty good idea what you are doing on that site. For
example, if you're looking for a new job using a computer at work, your company might
watch for key words in websites or keep a log of visited sites. If you upload a resume to
a job website, the document might be encrypted, but your company would still know
you're looking for a new job.

Telling whether a connection is secure or not

In Internet Explorer, you will see a lock icon in the Security Status bar. The Security
Status bar is located on the right side of the Address bar.
For Mozilla FireFox, the web address background color at the top of the page changes to

57
a different color, and a little lock appears next to the URL [web address].The certificate
that is used to encrypt the connection also contains information about the identity of
the website owner or organization. You can click the lock to view the identity of the
website.

Different colours in the Security status bar

When you visit a website that uses a secure connection, the color of the Security Status
bar tells you whether the certificate is valid or not, and it displays the level of validation
that was performed by the certifying organization.

Table 1: Table describing what the Security Status bar colors mean.

Color What it means

Red The certificate is out of date, invalid, or has an error.

Yellow The authenticity of the certificate or certification authority that issued it cannot be
verified. This might indicate a problem with the certification authority's website.

White The certificate has normal validation. This means that communication between your
browser and the website is encrypted. The certification authority makes no assertion
about the business practices of the website.

Green The certificate uses extended validation. This means that communication between
your browser and website is encrypted and that the certification authority has
confirmed the website is owned or operated by a business that is legally organized
under the jurisdiction shown in the certificate and on the Security Status bar. The
certification authority makes no assertion about the business practices of the website.

58
Increasing the safety of my online transactions

While there is no guarantee of safety on the web, you can minimize online privacy or
security problems by using websites you know and trust. Internet Explorer cannot tell if
a website owner is trustworthy. Try to use sites you've used previously or that are
recommended by trusted friends or family. You should also turn on Internet Explorer's
Phishing Filter to help identify fraudulent websites.

Having both secure and non-secure (mixed) content

Secure and non-secure content, or mixed content, means that a webpage is trying to
display elements using both secure (HTTPS/SSL) and non-secure (HTTP) web server
connections. This often happens with online stores or financial sites that display images,
banners, or scripts that are coming from a server that is not secured.

The risk of displaying mixed content is that a non-secure webpage or script might be
able to access information from the secure content

NOTE:

Internet Explorer uses an encrypted protocol called Secure Sockets Layer (SSL) to access
secure webpages. These pages use the prefix HTTPS, while regular webpages use HTTP.

In order best protect yourself and to be relatively secure, you should:

 Ensure that your Operating System is up to date by visiting the Windows Update
web site on a regular basis.
 Ensure you have the latest web browser installed. Internet Explorer 6 comes
standard with 128-bit encryption for secure transactions. Even if you don't use

59
Internet Explorer (IE), download the latest version anyway, because IE is a core
component of the Windows Operating System and needs to be up-to-date.
 If you use a wireless router with your Internet connection, ensure that you are
operating on a secure network and that it is not open to the public.
 Always scan your system regularly for Spyware [key loggers]

60
16. P2P Security [1]

Quick Facts

Peer-to-peer (P2P) file-sharing allows users to share files online through an informal
network of computers running the same software. File-sharing can give you access to a
wealth of information, but it also has a number of risks. You could download copyright-
protected material, pornography, or viruses without meaning to. Or you could
mistakenly allow other people to copy files you don't mean to share.

If you're considering P2P file-sharing:

 Install file-sharing software carefully, so that you know what's being shared.
Changes you make to the default settings of the "save" or "shared" folder might
cause you to share folders and subfolders you don't want to share. Check the
proper settings so that other users of the file-sharing network won't have access
to your private files, folders, or sub-folders.
 Use a security program from a vendor you know and trust; keep that software
and your operating system up-to-date. Some file-sharing software may install
malware or adware, and some files may include unwanted content.
 You may want to adjust the file-sharing program's controls so that it is not
connected to the P2P network all the time. Some file-sharing programs
automatically open every time you turn on your computer and continue to
operate even when you "close" them.
 Consider setting up separate user accounts, in addition to the administrator's
account, if your computer has multiple users. Limiting rights on user accounts
may help protect your computer from unwanted software and your data from
unwelcome sharing.
 Back up data you don't want to lose in case of a computer crash, and use a
password to protect any files that contain sensitive information.

61
P2P File-Sharing: Evaluating the Risks

Every day, millions of computer users share files online. Whether it is music, games, or
software, file-sharing can give people access to a wealth of information. To share files
through a P2P network, you download special software that connects your computer to
other computers running the same software. Millions of users could be connected to
each other through this software at one time. The software often is free.

Sounds promising, right? Maybe, but make sure that you consider the trade-offs.
OnGuard Online cautions that file-sharing can have a number of risks. For example,
when you are connected to file-sharing programs, you may unknowingly allow others to
copy private files – even giving access to entire folders and subfolders – you never
intended to share. You may download material that is protected by copyright laws and
find yourself mired in legal issues. You may download a virus or facilitate a security
breach. Or you may unwittingly download pornography labeled as something else.

To secure the personal information stored on your computer, OnGuard Online suggests
that you:

 Install file-sharing software carefully, so that you know what's being shared.
When you load a file-sharing application onto your computer, any changes you
make to the P2P software's default settings during installation could cause
serious problems. For example, if you change the defaults when you set up the
"shared" or "save" folder, you may let other P2P users into any of your folders –
and all its subfolders. You could inadvertently share information on your hard
drive – like your tax returns, email messages, medical records, photos, or other
personal documents – along with the files you want to share. And almost all P2P
file-sharing applications will, by default, share the downloads in your "save" or
"download" folder – unless you set it not to.
 Use security software and keep it and your operating system up-to-date. Some
file-sharing programs may install malware that monitors a user's computer use

62
and then sends that data to third parties. Files you download may also hide
malware, viruses, or other unwanted content. And when you install a P2P file-
sharing application, you might be required to install "adware" that monitors your
browsing habits and serves you advertising.

Malware and adware can be difficult to detect and remove. Before you use any
file-sharing program, get a security program that includes anti-virus and anti-
spyware protection from a vendor you know and trust and make sure that your
operating system is up to date. Set your security software and operating system
to be updated regularly. Make sure your security software and firewall are
running whenever your computer is connected to the internet. Delete any
software the security program detects that you don't want on your computer.
And before you open or play any downloaded files, scan them with your security
software to detect malware or viruses.

 Close your connection. In some instances, closing the file-sharing program


window does not actually close your connection to the network. That allows file-
sharing to continue and could increase your security risk. If you have a high-
speed or "broadband" connection to the internet, you stay connected to the
internet unless you turn off the computer or disconnect your internet service.
These "always on" connections may allow others to copy your shared files at any
time. To be sure your file-sharing program is closed, take the time to "exit" the
program, rather than just clicking "X" or "closing" it. What's more, some file-
sharing programs automatically open every time you turn on your computer. As
a preventive measure, you may want to adjust the file-sharing program's
controls to prevent the file-sharing program from automatically opening.
 Create separate user accounts. If more than one person uses your computer,
consider setting up separate user accounts, in addition to the administrator's
account, and give those user accounts only limited rights. Since only a user with
administrator rights can install software, this can help protect against software

63
you don't want on your computer. It also can keep users from accessing other
users' folders and subfolders, since users with limited rights generally don't have
access to each other's information. Also use a password to protect your firewall
and security software so no one else can disable them or grant themselves rights
that you don't want them to have on your machine.
 Back up sensitive documents. Back up files that you'd want to keep if your
computer crashes. Store them on CDs, DVDs, or detachable drives that you keep
in a safe place.
 Talk with your family about file-sharing. If you're a parent, ask your children
whether they've downloaded file-sharing software, and if they've exchanged
games, videos, music, or other material. Talk to your kids about the security and
other risks involved with file-sharing and how to install the software correctly, if
they're going to use P2P file-sharing at all. If you're a teen or tween interested in
file-sharing, talk with your parents before downloading software or exchanging
files.

64
17. Securing Wireless Networks [1] [15]

Wireless networks are becoming increasingly popular, but they introduce additional
security risks. If you have a wireless network, make sure to take appropriate precautions
to protect your information.

Working of wireless networks

As the name suggests, wireless networks, sometimes called WiFi, allow you to connect
to the internet without relying on wires. If your home, office, airport, or even local
coffee shop has a wireless connection, you can access the network from anywhere that
is within that wireless area.

Wireless networks rely on radio waves rather than wires to connect computers to the
internet. A transmitter, known as a wireless access point or gateway, is wired into an
internet connection. This provides a "hotspot" that transmits the connectivity over radio
waves. Hotspots have identifying information, including an item called an SSID (service
set identifier), that allow computers to locate them. Computers that have a wireless
card and have permission to access the wireless frequency can take advantage of the
network connection. Some computers may automatically identify open wireless
networks in a given area, while others may require that you locate and manually enter
information such as the SSID.

Security threats are associated with wireless networks

Because wireless networks do not require a wire between a computer and the internet
connection, it is possible for attackers who are within range to hijack or intercept an
unprotected connection. A practice known as wardriving involves individuals equipped
with a computer, a wireless card, and a GPS device driving through areas in search of
wireless networks and identifying the specific coordinates of a network location. This
information is then usually posted online. Some individuals who participate in or take

65
advantage of wardriving have malicious intent and could use this information to hijack
your home wireless network or intercept the connection between your computer and a
particular hotspot.

Minimizing the risks to your wireless network

 Change default passwords - Most network devices, including wireless access


points, are pre-configured with default administrator passwords to simplify
setup. These default passwords are easily found online, so they don't provide
any protection. Changing default passwords makes it harder for attackers to take
control of the device.
 Restrict access - Only allow authorized users to access your network. Each piece
of hardware connected to a network has a MAC (media access control) address.
You can restrict or allow access to your network by filtering MAC addresses.
Consult your user documentation to get specific information about enabling
these features. There are also several technologies available that require
wireless users to authenticate before accessing the network.
 Encrypt the data on your network - WEP (Wired Equivalent Privacy) and WPA
(Wi-Fi Protected Access) both encrypt information on wireless devices. However,
WEP has a number of security issues that make it less effective than WPA, so you
should specifically look for gear that supports encryption via WPA. Encrypting
the data would prevent anyone who might be able to access your network from
viewing your data.
 Protect your SSID - To avoid outsiders easily accessing your network, avoid
publicizing your SSID. Consult your user documentation to see if you can change
the default SSID to make it more difficult to guess.
 Install a firewall - While it is a good security practice to install a firewall on your
network, you should also install a firewall directly on your wireless devices (a
host-based firewall). Attackers who can directly tap into your wireless network

66
may be able to circumvent your network firewall—a host-based firewall will add
a layer of protection to the data on your computer.
 Maintain anti-virus software - You can reduce the damage attackers may be
able to inflict on your network and wireless computer by installing anti-virus
software and keeping your virus definitions up to date. Many of these programs
also have additional features that may protect against or detect spyware and
Trojan horses.

67
18. Browsing Safely: Understanding Active Content and
Cookies[1][16]

Many people browse the Internet without much thought to what is happening behind
the scenes. Active content and cookies are common elements that may pose hidden
risks when viewed in a browser or email client.

Active content

To increase functionality or add design embellishments, web sites often rely on scripts
that execute programs within the web browser. This active content can be used to
create "splash pages" or options like drop-down menus. Unfortunately, these scripts are
often a way for attackers to download or execute malicious code on a user's computer.

 JavaScript - JavaScript is just one of many web scripts (other examples are
VBScript, ECMAScript, and JScript) and is probably the most recognized. Used on
almost every web site now, JavaScript and other scripts are popular because
users expect the functionality and "look" that it provides, and it's easy to
incorporate (many common software programs for building web sites have the
capability to add JavaScript features with little effort or knowledge required of
the user). However, because of these reasons, attackers can manipulate it to
their own purposes. A popular type of attack that relies on JavaScript involves
redirecting users from a legitimate web site to a malicious one that may
download viruses or collect personal information.
 Java and ActiveX controls - Different from JavaScript, Java and ActiveX controls
are actual programs that reside on your computer or can be downloaded over
the network into your browser. If executed by attackers, untrustworthy ActiveX
controls may be able to do anything on your computer that you can do (such as
running spyware and collecting personal information, connecting to other
computers, and potentially doing other damage). Java applets usually run in a

68
more restricted environment, but if that environment isn't secure, then
malicious Java applets may create opportunities for attack as well.

JavaScript and other forms of active content are not always dangerous, but they are
common tools for attackers. You can prevent active content from running in most
browsers, but realize that the added security may limit functionality and break features
of some sites you visit. Before clicking on a link to a web site that you are not familiar
with or do not trust, take the precaution of disabling active content.

These same risks may also apply to the email program you use. Many email clients use
the same programs as web browsers to display HTML, so vulnerabilities that affect
active content like JavaScript and ActiveX often apply to email. Viewing messages as
plain text may resolve this problem.

Cookies

When you browse the Internet, information about your computer may be collected and
stored. This information might be general information about your computer (such as IP
address, the domain you used to connect (e.g., .edu, .com, .net), and the type of
browser you used). It might also be more specific information about your browsing
habits (such as the last time you visited a particular web site or your personal
preferences for viewing that site).

Cookies can be saved for varying lengths of time:

 Session cookies - Session cookies store information only as long as you're using
the browser; once you close the browser, the information is erased. The primary
purpose of session cookies is to help with navigation, such as by indicating
whether or not you've already visited a particular page and retaining information
about your preferences once you've visited a page.

69
 Persistent cookies - Persistent cookies are stored on your computer so that your
personal preferences can be retained. In most browsers, you can adjust the
length of time that persistent cookies are stored. It is because of these cookies
that your email address appears by default when you open your Yahoo! or
Hotmail email account, or your personalized home page appears when you visit
your favorite online merchant. If an attacker gains access to your computer, he
or she may be able to gather personal information about you through these files.

To increase your level of security, consider adjusting your privacy and security settings
to block or limit cookies in your web browser. To make sure that other sites are not
collecting personal information about you without your knowledge, choose to only
allow cookies for the web site you are visiting; block or limit cookies from a third-party.
If you are using a public computer, you should make sure that cookies are disabled to
prevent other people from accessing or using your personal information.

Evaluating Your Web Browser's Security Settings

Check the security settings in your web browser to make sure they are at an appropriate
level. While increasing your security may affect the functionality of some web sites, it
could prevent you from being attacked.

Importance of Security Settings for Web Browser

Your web browser is your primary connection to the rest of the internet, and multiple
applications may rely on your browser, or elements within your browser, to function.
This makes the security settings within your browser even more important. Many web
applications try to enhance your browsing experience by enabling different types of
functionality, but this functionality might be unnecessary and may leave you susceptible
to being attacked. The safest policy is to disable the majority of those features unless
you decide they are necessary. If you determine that a site is trustworthy, you can

70
choose to enable the functionality temporarily and then disable it once you are finished
visiting the site.

Finding the Settings

Each web browser is different, so you may have to look around. For example, in Internet
Explorer, you can find them by clicking Tools on your menu bar, selecting Internet
Options..., choosing the Security tab, and clicking the Custom Level... button. However,
in Firefox, you click Tools on the menu bar and select Options.... Click the Content,
Privacy, and Security tabs to explore the basic security options. Browsers have different
security options and configurations, so familiarize yourself with the menu options, check
the help feature, or refer to the vendor's web site.

While every application has settings that are selected by default, you may discover that
your browser also has predefined security levels that you can select. For example,
Internet Explorer offers custom settings that allow you to select a particular level of
security; features are enabled or disabled based on your selection. Even with these
guides, it is helpful to have an understanding of what the different terms mean so that
you can evaluate the features to determine which settings are appropriate for you.

Settings to make

Ideally, you would set your security for the highest level possible. However, restricting
certain features may limit some web pages from loading or functioning properly. The
best approach is to adopt the highest level of security and only enable features when
you require their functionality.

Meaning of Different Terms

Different browsers use different terms, but here are some terms and options you may
find:

71
 Zones - Your browser may give you the option of putting web sites into different
segments, or zones, and allow you to define different security restrictions for
each zone.

For example, Internet Explorer identifies the following zones:

o Internet - This is the general zone for all public web sites. When you
browse the internet, the settings for this zone are automatically applied
to the sites you visit. To give you the best protection as you browse, you
should set the security to the highest level; at the very least, you should
maintain a medium level.
o Local intranet - If you are in an office setting that has its own intranet,
this zone contains those internal pages. Because the web content is
maintained on an internal web server, it is usually safe to have less
restrictive settings for these pages. However, some viruses have tapped
into this zone, so be aware of what sites are listed and what privileges
they are being given.
o Trusted sites - If you believe that certain sites are designed with security
in mind, and you feel that content from the site can be trusted not to
contain malicious materials, you can add them to your trusted sites and
apply settings accordingly. You may also require that only sites that
implement Secure Sockets Layer (SSL) can be active in this zone. This
permits you to verify that the site you are visiting is the site that it claims
to be. This is an optional zone but may be useful if you personally
maintain multiple web sites or if your organization has multiple sites.
Even if you trust them, avoid applying low security levels to external
sites—if they are attacked, you might also become a victim.
o Restricted sites - If there are particular sites you think might not be safe,
you can identify them and define heightened security settings. Because
the security settings may not be enough to protect you, the best

72
precaution is to avoid navigating to any sites that make you question
whether or not they're safe.
 JavaScript - Some web sites rely on web scripts such as JavaScript to achieve a
certain appearance or functionality, but these scripts may be used in attacks.
 Java and ActiveX controls - These programs are used to develop or execute
active content that provides some functionality, but they may put you at risk.
 Plug-ins - Sometimes browsers require the installation of additional software
known as plug-ins to provide additional functionality. Like Java and ActiveX
controls, plug-ins may be used in an attack, so before installing them, make sure
that they are necessary and that the site you have to download them from is
trustworthy.

You may also find options that allow you to take the following security measures:

 Manage cookies - You can disable, restrict, or allow cookies as appropriate.


Generally, it is best to disable cookies and then enable them if you visit a site you
trust that requires them.
 Block pop-up windows - Although turning this feature on could restrict the
functionality of certain web sites, it will also minimize the number of pop-up ads
you receive, some of which may be malicious.

73
Table 2: Internet Security Threats & Solutions: At a Glance

What’s the
What Puts You at Risk? What Can Happen? How Do You Protect Yourself?
Threat?

Downloading files from file- Spyware can make your Install and regularly update anti-
sharing services; playing computer unstable or spyware software; perform
Spyware interactive games online; unusable; enables others to frequent spyware scans; avoid
installing free software from record your keystrokes and sites and activities that can invite
unknown, untrusted sources steal your private data. spyware

Install and regularly update


Your computer files can be
Reading e-mail from antivirus software; perform
Viruses, destroyed; hackers can gain
unknown senders; opening frequent antivirus scans; never
worms, Trojan control over your computer;
unknown e-mail open e-mail attachments you
horses and viruses can quickly spread
attachments aren’t expecting or e-mails from
to other computers
people you don’t know

Install and regularly update PC


Going on the Internet Hackers can access your PC
firewall software on every PC you
without firewall without your knowledge to
own. Make sure the firewall can
Hackers protection—particularly steal your private data or use
protect you against unauthorized
when using an always-on, your computer for their own
inbound and outbound
broadband connection purposes
communications

Shopping, banking, or Thieves can steal your social Make sure every online financial
conducting other financial security number, credit-card transaction is encrypted; avoid
Identity
transactions at unsecure number, banking passwords, clicking on pop-up ads; don’t
thieves
online sites or on unsecure and more, costing you allow third-party cookies to be
connections thousands of dollars downloaded onto your computer

Never reply to e-mails asking for


Replying to a phishing scam
E-mails that appear to be your passwords, account
can cause you to unknowingly
Phishing scams from legitimate institutions, numbers, or other private
provide criminals with your
urging you to reply information—no matter how
personal financial information
legitimate they may appear to be

Marketers and others can learn Install and regularly update a PC


Clicking on pop-up ads; about your online habits, firewall with privacy controls,
Privacy
cookies that track your Web subjecting you to more pop- such as pop-up ad blocking; never
intrusions
surfing habits; ups; identity theft is a click on pop-ups; block third-
possibility party cookies

Use spam blocking tools in


Internet security suites, e-mail
Your inbox fills up with useless,
Having an active e-mail applications, and other programs;
Spam annoying, even pornographic
account find out what your Internet
junk e-mail messages
Service Provider offers for
blocking spam

74
19. Software Analysis [17] [18]

19.1 Anti-Spyware Softwares


19.1.1 Spy Sweeper [19]
Fig 10: Spy Sweeper Window

Highlights

 Most comprehensive antispyware solution available - 360 degrees of protection


 Continuous monitoring stops spyware before it can attack
 Advanced detection and removal capabilities for stubborn spyware
 Automatic defense updates keep you protected from the latest threats
 FREE customer support

75
o Advanced Anti-spyware Detection and Removal- Webroot Spy Sweeper's
advanced detection and spyware removal software is effective at fully removing
even the most malicious spyware programs in a single sweep. You won't have to
scan and restart your PC a number of times with Spy Sweeper - one sweep and
your PC is clean.

o Real-Time Anti-spyware Solution-This new version of Spy Sweeper advances the


industry-standard in spyware removal software—stopping threats like Trojan-
Downloader-LowZones and SpySheriff from ever installing in the first place.

o Enhanced Rootkit Discovery Methods-Malicious spyware uses rootkit


technology to bury its files deep within your PC. Webroot Spy Sweeper finds and
destroys these programs with robust rootkit discovery methods, a feature many
other antispyware programs lack.

o Always the most Current Anti-spyware solution-Outdated security is one of the


biggest vulnerabilities home PC users face. Webroot's VersionGuard® ensures
your protection is always current by automatically installing free updates to
Webroot Spy Sweeper as soon as they are released.

o Easy to Use-Webroot Spy Sweeper is antispyware for Windows7, XP and Vista


and installs quickly and easily. With a streamlined security console and
customizable options, Webroot Spy Sweeper makes scanning for spyware a
breeze.

o Minimal Impact on Computer Performance-With our spyware removal


software, your security is optimized for speed and efficiency, but not at the
expense of protection. Scanning can be initiated in the background or after hours
to minimize any impact to desktop performance.

76
o Accurate Risk Assessment-Spy Sweeper gives you a quick overview of each
threat, what it does, and its potential danger. It's just another way that we help
you make educated decisions to keep or remove unwanted programs.

o Uninterrupted Games and Movies-Our convenient Gamer Mode ensures you


are not interrupted while playing online games or watching movies.

Table 3: Review of Spy Sweeper

Ease of Setup/Use 5/5

Detection Effectiveness 5/5

Removal Effectiveness 5/5

System Performance 4/5

Scan Performance 4/5

Support/Documentation 4/5

19.1.2 Spybot- Search and Destroy [22]

Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat
not yet covered by common anti-virus applications. Spyware silently tracks your surfing
behaviour to create a marketing profile for you that is transmitted without your
knowledge to the compilers and sold to advertising companies.

77
If you see new toolbars in your Internet Explorer that you haven't intentionally installed,
if your browser crashes inexplicably, or if your home page has been "hijacked" (or
changed without your knowledge), your computer is most probably infected with
spyware.

Even if you don't see the symptoms, your computer may be infected, because more and
more spyware is emerging. Spybot-S&D is free, so there's no harm giving it a try to see if
something has invaded your computer.

Fig 11: Spybot Window

Spybot-S&D can also clean usage tracks, an interesting function if you share your
computer with other users and don't want them to see what you have been working on.
And for professional users, Spybot-S&D allows you to fix some registry inconsistencies
and extended reports.

78
It also features several interface improvements, including multiple skins for dressing up
its appearance. Scan results now appear arranged by groups in a tree, and a sliding
panel lets you instantly view information about a selected item to help you decide
whether to kill it or not. The Immunize feature blocks a plethora of uninvited Web-
borne flotsam before it reaches your computer. Other useful tools, including Secure
Shredder, complement the program's basic functionality for completely destroying files.
Hosts File blocks adware servers from your computer, and System Startup lets you
review which apps load when you start your computer.

Table 4: Review of Spybot

Ease of Setup/Use 5/5

Detection Effectiveness 4.5/5

Removal Effectiveness 4.5/5

System Performance 3.5/5

Scan Performance 4/5

Support/Documentation 4/5

79
19.2 Anti-Malware Softwares

19.2.1 Malwarebytes Anti-Malware [20]

Fig 12: Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware can detect and remove malware that even the most well
known anti-virus and anti-malware applications fail to detect. Malwarebytes' Anti-
Malware monitors every process and stops malicious processes before they even start.

Key Features:

 Light speed quick scanning.


 Ability to perform full scans for all drives.
 Malwarebytes' Anti-Malware Protection Module. (requires registration)
 Database updates released daily.

80
 Quarantine to hold threats and restore them at your convenience.
 Ignore list for both the scanner and Protection Module.
 Settings to enhance your Malwarebytes' Anti-Malware performance.
 A small list of extra utilities to help remove malware manually.
 Multi-lingual support.
 Works together with other anti-malware utilities.
 Command line support for quick scanning.
 Context menu integration to scan files on demand.

Malwarebytes Anti-Malware is a surprisingly effective freeware anti-malware tool. It's a


relatively speedy malware remover, with the quick scan taking about 8 minutes even
with other high-resource programs running. The heuristics engine proved on multiple
computers during empirical testing that it was capable of determining the difference
between false positives and dangerous apps.

Table 5: Review of Malwarebytes

Ease of Setup/Use 5/5

Detection Effectiveness 4/5

Removal Effectiveness 4.5/5

System Performance 5/5

Scan Performance 4/5

Support/Documentation 3.5/5

81
19.2.2 Ad-Aware [21]
Fig 13: Ad-aware window

Ad-Aware gives you comprehensive malware protection. Ad-Aware provides core


protection against Internet threats. Featuring real-time anti-malware protection,
advanced Genotype detection technology, rootkit protection, a scheduler, Ad-Aware
Free Internet Security gives you the power to protect yourself online. Ad-Aware Free
version is a complete malware protection that now combines Lavasoft's pioneer
technology for anti-spyware with traditional anti-virus protection.

With real-time monitoring, threat alerts, and automatic updates you can rest easy
knowing that you are protected.

82
 Shop, bank, and make travel arrangements online - We keep you safe from
password stealers, keyloggers, spyware, trojans, online fraudsters, identity
thieves and other potential cyber criminals.
 Control your privacy - Erase tracks left behind while surfing the Web - on
browsers such as Internet Explorer, Opera, and Firefox - in one easy click.
 Get Peace of Mind - Know that your personal information is kept safe from
dangerous intruders and prying eyes.

Lavasoft first started changing Ad-Aware's protection engine more than a year ago in
version 8.1, when it introduced Genotype. This heuristics-based technology identified
identical snippets of code across multiple threat mutations. In version 9, Genotype
receives support from what Lavasoft calls "Dedicated Detection." This tech looks inside
files, analyzes the code, and creates a loose pattern for finding families of related
malware. The company touts that a single dedicated detection signature can detect
hundreds of thousands of threats.
Table 6: Review of Ad-aware

Ease of Setup/Use 4/5

Detection Effectiveness 4/5

Removal Effectiveness 3.5/5

System Performance 3.5/5

Scan Performance 3.5/5

Support/Documentation 4/5

83
19.3 Firewalls
19.3.1 Zone alarm Firewall [23]

Fig 14: Zone alarm Firewall

ZoneAlarm Free Firewall is a standalone software firewall that stops traffic threats that
are arriving or departing from a personal computer. The firewall cooperates with
antivirus software and antispyware from competing vendors. Check Point also offers
security suites that bundle the firewall with complementary security modules. It blocks
hackers from infiltrating your home PC by hiding your computer from unsolicited
network traffic. By detecting and preventing intrusions, ZoneAlarm Free Firewall keeps
your PC free from viruses that slow down performance, and spyware that steals your
personal information, passwords, and financial data.

 Essential firewall protection


 Be invisible to others online
 New interface makes it even easier - smaller size keeps it light

84
 Systematically identifies hackers and blocks access attempts

Table 7: Review of Zone Alarm Firewall

Firewall Features 3/5

Additional Security
4.5/5
Features

Ease Of Use 5/5

Support/Documentation 5/5

19.3.2 Comodo Internet Security [24]

Fig 15: Comodo Internet Security Window

85
Comodo claim that their firewall is unique in that it passes all known leak tests to ensure
the integrity of data entering and exiting your system. Comodo has put firewall through
all kinds of sophisticated tests to ensure its firewall powerful enough to ward off these
attacks with default settings.

 Secures against internal and external attacks


 Blocks internet access to malicious Trojan programs
 Safeguards your Personal data against theft
 Delivers total end-point security for Personal Computers and Networks

Because Comodo Internet Security is more than a firewall, it has the wherewithal to
detect and block viruses, Trojan horses, worms, keyloggers, rootkits and other malware
in real time. For any program that attempts to run on the PC, the product checks the
signature against a database of files known to be good or bad. Comodo runs unknown
files in a virtual sandbox until their behavior reveals whether they should be released or
removed.
Table 8: Review of Comodo Internet Security

Firewall Features 5/5

Additional Security
5/5
Features

Ease Of Use 4.5/5

Support/Documentation 5/5

86
19.4 Antivirus Softwares

19.4.1 Bit-Defender Antivirus 2011 [25]


Fig 16: Bit Defender Antivirus 2011 window

Graph 1: User ratings for Bit-Defender

100

80

60
Bit Defender
40

20

0
Performance Design

87
Table 9: Review Of Bit-Defender

ATTRIBUTE POINTS REMARKS

Search Advisor built-in tool for the internet


browser and provides protection while surfing
Scope Of Protection 4/5 online.
Active Virus Control to detect and demolish stealth
threats.
Extremely effective, successfully blocking,
Effectiveness 4/5 removing, neutralizing and (better yet) preventing
malware infections.
Installation is actually very quick, and includes
step-by-step instructions for initial setup. The
Ease of Installation 4/5 process includes a pre-installation scan, and
doesn’t require a reboot before you’re up and
running.
Provides different profiles- Basic, Intermediate and
Ease of Use 4/5 Expert to meet your level of experience and
desired level of interaction
The best aspect of the software is its unmatched
level of security, but there are also several features
Features 4/5 that back up the end goal of security while adding
better performance, optimization, flexibility and
general ease of use.
BitDefender is set to perform updates
automatically, and run in the background without
slowing down your computer. You don’t have to
Updates 4/5
manually update (though you can if you want), and
more importantly, you don’t have to worry about
updates slowing down your system.
It is designed to be easy to use, and is fairly
intuitive. But for those times when you need
additional assistance or support with a specific
Help & Support 4/5 problem, help is always close at hand. The
dedicated help section includes articles, a
knowledgebase, help files, troubleshooting and a
variety of video tutorials.

88
 Stop Viruses and Spyware Cold- Proactive protection stops new viruses and
malware that other products miss.
 Safeguard Your Privacy- Eliminate the chances your data and conversations are
leaked to others over email, social media networks, IM, or websites that track
your online activities.
 Surf Safely- Automatically get warnings about unsafe pages displayed in search
results.
 Play and Work Seamlessly- Automatically activate Game, Laptop, or Silent Mode
to minimize interruptions, prolong battery life, or reduce system load to ensure
seamless and secure computing.
 Smart Tips- When online explorations take you into dangerous terrain,
BitDefender prompts you with a series of suggested privacy safeguards, relevant
to your most recent activity.
 Video Library- A new collection of step-by-step videos helps you navigate
through common security challenges.
 Find Support Fast- Troubleshoot issues with the new video library or call for free
technical assistance for the duration of your software license. Search relevant
results from the Knowledge Base, Help file, Troubleshooting and Video Tutorials

Pros

 Preinstall scan eases installation.


 Best suite protection against phishing.
 Impressive performance optimizer.
 Above-average parental control.
 Local, remote, and advanced backup.
 PC Tune-up.
 Effective spam filtering.
 Configurable UI.
 Private data protection.

89
 Remote management.
 Game/laptop/silent mode.

Cons

 Mediocre malware removal and blocking.


 Parental control's IM management easily evaded.
 Old-school firewall passes security decisions to the user.

Bottom Line

BitDefender doesn’t score as well as previous versions on anti-malware tests.


Still, its performance optimization tool and and its phishing protection is
excellent. It's a good security suite with a full-featured backup system.

19.4.2 Kaspersky 2011 Antivirus [26]

Fig 17: Kaspersky 2011 Antivirus window

90
Graph 2: User ratings for Kaspersky

90
89
88
87
86
85 Kaspersky
84
83
82
81
Performance Features Design

 Real-time protection - Kaspersky (KAV) 2011 will monitor the computer for
malicious activity to prevent viruses, spyware, Trojans, rootkits, adware, worms,
and other types of malware infections.
 Disinfection - Detected infections are easily removed.
 Proactive Defense - In addition to signature-based detection, KAV 2011 provides
detection of malware that has similar behaviors of known malware.
 System Watcher - A new feature in Kaspersky AV is that it will monitor
application activities to allow roll-back changes from malicious actions.
 Windows Gadget - Users of Windows Sidebar for Vista and Gadget in Windows 7
will now see Kaspersky Windows Gadget, an easy access to the antivirus settings
or reports.
 Mail and Web Antivirus - KAV 2011 will monitor incoming and outgoing
messages for viruses. It will also monitor the browsing activity for malicious
content.
 IM Antivirus and Anti-Phishing - Fraud and instant messenger protections are
also included in Kaspersky AV 2011.
 Virtual Keyboard - A tool to prevent keyloggers to intercept entered keys via
keyboard.
 Privacy Cleaner - Clears IE history, cookies, logs, prefetch, and other data.

91
 Vulnerability scanner - An option to scan installed applications for
vulnerabilities.
 Rescue Disk - An option to create a bootable CD or USB flash drive with tools to
detect and remove malware.
 Automatic or Manual Updates - Kaspersky AV 2011 automatically updates its
signature detection. Users may also install the updates manually.
 Quarantine and Exclusions - Detected or deleted threats are backed-up in the
Quarantine Manager with the option to restore or clear from the system. There
is also exclusion list, if you do not want the program to scan other partitions or
folders.
 Scanning - Full, Critical and Context menu scans are also available in KAV 2011.
 Scheduler - An option to schedule an update or system scan.

Pros

Attractive easy interface. Excellent results in independent lab tests. Effective


built-in support. Speed full scan. Bonus system tuning and privacy features.
Rescue Disk can scan even systems that won't boot.

Cons

Earned mediocre scores in my hands-on malware removal and blocking tests.


Erroneously identified two PCMag utilities as malware (false positives).

Bottom Line

Kaspersky's latest antivirus looks better than ever, and independent labs
consistently put it at or near the top. In hands-on tests it scored well below what
the labs would suggest, though, and it made a couple of serious faux pas false
positives.

92
Table 10: Review of Kaspersky

ATTRIBUTE POINTS REMARKS

The software is designed to protect users from


several angles, effectively detecting, preventing
and removing all forms of malware. The antivirus
Scope Of Protection 4/5 software is equipped to protect users from
traditional viruses, but also has advanced
technology to protect from even new unknown
threats
The software works in real-time, protecting you as
Effectiveness 4/5 you surf the web, download files, send and receive
emails, and access files and documents.
Installation is quick and straightforward, and
Ease of Installation 4/5
doesn’t require a restart.
The interface is effectively organized and user-
friendly. The interface features a color-coded
graphic so you always know your security status.
Ease of Use 4/5
One of the best parts of this security program is
that you can set your preferences and let it protect
you without constantly monitoring it.
The Kaspersky URL Advisor continues to protect
users while online. The browser plug-in is available
for IE and Firefox, and stops you from navigating to
Features 4/5 infected websites.
The software also utilizes the proprietary iChecker
and iSwift scanning technologies to keep you
protected without hogging your resources.
Kaspersky Anti-Virus updates on a regular basis for
continual security. Updates run in the background
Updates 4/5 automatically, and are frequent enough that they
aren’t very big, so you shouldn’t notice any
slowdown.
Technical support comes in the form of a
searchable online knowledgebase, FAQs, product
Help & Support 4/5 manuals and an active form. You can easily access
these resources online or from the program itself.
The software also includes context-sensitive helps.

93
19.4.3 ESET NOD 32 Antivirus [27]
Fig 18: ESET NOD 32 window

Graph 3: User ratings for ESET NOD 32

90
80
70
60
50
40 ESET NOD 32
30
20
10
0
Performance Features Design

94
ESET NOD32 Antivirus is the most effective protection you can find to combat today's
huge volumes of Internet and email threats. It provides comprehensive antivirus and
antispyware protection without affecting your computer's performance.

Using advanced ThreatSense® technology, ESET NOD32 Antivirus proactively protects


you from new attacks, even during the critical first hours when other vendors' products
aren't aware the attack even exists. ESET NOD32 Antivirus detects and disables both
known and unknown viruses, trojans, worms, adware, spyware, rootkits and other
Internet threats. ESET NOD32 Antivirus is also one of the fastest antivirus solutions, so
fast you won't even notice it running. And it's both incredibly easy to use yet simple to
tailor for your specific needs.

Key Benefits:

 Protection from the Unknown


 Finds Malware Other AV Companies Missed
 Built for Speed
 Easy on Your System

Pros

Proven security without the slowdown, ESET features heuristic detection and
advanced diagnostic tools.

Cons

ESET has all the essentials covered, but misses others like IM protection and
antiphishing. The interface is good, but not great.

Bottom Line

Although Eset NOD32 Antivirus 4 is fast, its malware detection and cleanup
capabilities are lacking.

95
Table 11:Review of ESET NOD 32

ATTRIBUTE POINTS REMARKS

Eset Nod32 is equipped with all the essential


technologies and features to keep your PC
protected from traditional threats (viruses, worms,
Scope Of Protection 3.5/5 Trojans, spyware, and even rootkits), but is also
fully armed to completely protect you while you’re
online. Eset works behind the scenes to deliver
protection from dialers, adware, and keyloggers.
While Eset Nod32 isn’t the most effective, the
software is consistently near the top in
Effectiveness 4/5
independent antivirus tests. Eset certainly holds its
own with competitors for efficacy and efficiency.
Eset Nod32 is certainly easy to install and
implement. The software is ready to run from the
get-go. Setting up manual scans and scheduling
Ease of Installation 3.5/5
specific scans is straightforward, or you can simply
let Eset work in the background and take care of
itself (and your computer) automatically.
Eset Nod32 Antivirus is one of the easiest antivirus
programs to use. The whole program is designed to
Ease of Use 4/5 accommodate beginners, and doesn’t require a lot
of tweaking and/or manual maintenance to keep
running properly.
Current top of the line antivirus software providers
like Eset Nod32 have implemented heuristic
technology to help catch viruses that are so new
traditional signatures haven’t been developed yet.
Features 4/5
Eset’s refined ThreatSense technology provides
proactive protection from malware, protecting you
from viruses that would otherwise sneak past
solely signature-based solutions.
Eset doesn’t rely solely on virus signatures, but it’s
still an essential part of the multi-layered security
Updates 4/5 approach. As such, they have regular updates set
to run automatically to keep the signature
database current.
Eset stands by their products with additional help
and support as needed. The software is complete
Help & Support 4/5
with a fairly in-depth product manual and in-
program links to additional support resources.

96
19.4.4 AVG Antivirus 2011 [28]

Fig 19: AVG Antivirus 2011 window

Graph 4: User Ratings Of AVG 2011

88

86

84

82
AVG 2011
80

78

76
Performance Features Design

97
AVG Anti-Virus Free Edition 2011 allows you to:

 Surf and search with confidence AVG LinkScanner's® real-time protection


 Stay protected on social networks with AVG Social Networking Protection
 Enjoy a faster running PC AVG Smart Scanning works while you're away and runs
in low-priority mode when you return
 Stay up-to-date with the latest threat information from the AVG Community
Protection Network and AVG Protective Cloud Technology

Pros

 Excellent scores in independent tests.


 Fast antivirus scan.
 Above average in malware removal tests.
 LinkScanner add-in blocks malicious exploits.
 No false positives.
 Free identity theft recovery.

Cons

 Doesn't thoroughly remove detected threats.


 LinkScanner missed many phishing sites.
 Below-average rootkit and scareware blocking.

Bottom Line

AVG Anti-Virus Free 2011 is better at removing malware than most free
solutions, but not at malware blocking. With the current release it has the full
power of AVG's paid solutions, and the independent labs give it top marks. Add
some unusual bonus features and you've got a solid choice for free antivirus
protection.

98
Table 12: Review Of AVG 2011

ATTRIBUTE POINTS REMARKS

The software includes antivirus and anti-spyware


Scope Of Protection 3.5/5 protection, as well as complete online protection
from harmful sites and downloads.
AVG is perfectly adequate antivirus software, and
is certainly effective. Their detection rates aren’t as
Effectiveness 4/5 impressive as some of the other antivirus software
we reviewed, but the security software is by no
means ineffective.
AVG Anti-Virus is easy to download and install. The
installation is straightforward and doesn’t require a
Ease of Installation 4/5
restart. And while it’s not the fastest, it’s relatively
quick and performs an update immediately.
AVG Anti-Virus is straightforward to use and simple
to navigate. The streamlined user interface hasn’t
dramatically changed for a couple of years (which
isn’t a bad thing), but has been slightly updated,
Ease of Use 4/5
now including a one-click scan button and one-click
fix button. Beginners and expert users will both
appreciate the easy-to-use antivirus software with
simple yet powerful controls.
It is loaded with features like the gamer mode,
which allows you to enjoy full-screen games (or
movies, presentations, etc.) without interruptions
Features 4/5 or popup announcements. AVG Anti-Virus even
includes a PC system optimizer utility. The PC
Analyzer scans your system and locates registry
errors, junk files, disk errors and broken shortcuts.
Keeping your protection up to date with AVG Anti-
Virus is no problem. Regular definition updates are
Updates 4/5
checked for automatically and can be set to
perform every hour (every 4 hours is the default).
In-program help is available with a user manual
and links to additional resources online. The online
Help & Support 3/5 support center has the usual FAQs section and
knowledgebase. AVG offers email support for
specific inquiries, but no phone support.

99
19.4.5 NORTON 2011 Antivirus [29]
Fig 20: NORTON 2011 Antivirus window

Graph 5: User Ratings Of Norton 2011

100

80

60
Norton 2011
40

20

0
Performance Features Design

100
Norton AntiVirus 2011 is top-notch antivirus with impressive bonuses. It doesn't ace
most of the tests, but it did very well. You won't go wrong with Norton for
protection.

 Protects against viruses, spyware, Trojan horses, worms, bots, and rootkits.
 Provides continuous automatic protection against new threats
 Reduces scan time with smart scanning, so you can work and play uninterrupted
 Protects against web-based attacks that use vulnerabilities in your browser
 Protects against the latest threats with a proactive, multilayered protection
system
 Prevents others from taking control of your PC and using it to attack other PCs
 Helps secure and monitor your home network
 Automatically secures your PC when connecting to public wireless hotspots

Pros

Quick installation. Automated help. High rating independent lab ratings. Best
malware-removal score yet. Checks files from Web, e-mail, IM, more. Effective
intrusion prevention system. Interactive threat map. Proactive performance
warnings.

Cons

Beaten in malware blocking and specific malware removal tests. Info displays are
informative, but unduly complex for some users.

Bottom Line

Norton AntiVirus 2011 is top-notch antivirus with impressive bonuses. It doesn't


ace most of the tests, but it did very well. You won't go wrong with Norton for
protection.

101
19.5 Virus Total.com [30]

Fig 21: VirusTotal.com interface

VirusTotal is a service developed by Hispasec Sistemas that analyzes suspicious files and
URLs enabling the identification of viruses, worms, trojans and other kinds of malicious
content detected by antivirus engines and web analysis toolbars.

VirusTotal's main characteristics are:

 Free, independent service.


 Runs multiple antivirus engines.

102
 Runs multiple file characterization tools.
 Real time automatic updates of virus signatures.
 Detailed results from each antivirus engine.
 Runs multiple web site inspection toolbars.
 Real time global statistics.
 Analysis automation API.
 Online malware research community.
 Desktop applications (VTUploader, VTzilla) for interacting with the service.

It uses up to 43 different antivirus products. Files can be sent either through the website
or via email. The variety of products used by the website allows a user to check for
viruses that the user's own antivirus solution may have missed, or to verify against false
positives.
The drawback to using VirusTotal is that it can only scan submitted files, and
cannot perform system-wide scans on the user's computer. Another restriction users
would face is that the size of the file uploaded or emailed to virustotal for scanning is up
to 20 MB.

103
Fig 22: Scan Report of a Test File

104
19.6 Sandboxie (Isolation Program) [31]

Sandboxie runs your programs in an isolated space which prevents them from making
permanent changes to other programs and data in your computer. It creates a sandbox-
like isolated operating environment in which applications can be run or installed without
permanently modifying the local or mapped drive. An isolated virtual environment
allows controlled testing of untrusted programs and web surfing.

Fig 23: Sandboxie

The red arrows indicate changes flowing from a running program into your computer.
The box labeled Hard disk (no sandbox) shows changes by a program running normally.
The box labeled Hard disk (with sandbox) shows changes by a program running under
Sandboxie.

105
Benefits of the Isolated Sandbox

 Secure Web Browsing: Running your Web browser under the protection of
Sandboxie means that all malicious software downloaded by the browser is
trapped in the sandbox and can be discarded trivially.

 Enhanced Privacy: Browsing history, cookies, and cached temporary files


collected while Web browsing stay in the sandbox and don't leak into Windows.

 Secure E-mail: Viruses and other malicious software that might be hiding in your
email can't break out of the sandbox and can't infect your real system.

106
20. INFORMATION TECHNOLOGY ACT, 2000
-Certain provisions pertaining Cyber Security
The IT Act 2000 was mainly to ensure legal recognition of e commerce within India. Due to
this most provisions are mainly concerned with establishing digital certification processes
within the country. Cyber crime as a term was not defined in the act. It only delved with few
instances of computer related crime.

IT Amendment Act, 2008


IT Act Amendment which came into force after Presidential assent in Feb 2009 has
following salient features:

S. No Feature Section

1 Liability of body corporate towards Sensitive Section 43


Personal Data

2 Introduction of virus, manipulating accounts, Section 66


denial of services etc made punishable

3 Phishing and Spam While this has not been


mentioned specifically but
this can be interpreted in
the provisions mentioned
here in section 66 A.

4 Stolen Computer resource or communication Section 66B


device

5 Misuse of Digital Signature Section 66C

6 Cheating Section 66d

7 Cyber terrorism Section 66F

8 Child pornography Section 67 b

9 Intermediary’s liability Sections 67C

10 Surveillance, Interception and Monitoring Sections 69

107
108
21. Survey and Analysis

A survey was conducted among a total of hundred students &


professionals to study the level of awareness regarding network threats
and the knowledge of software products available in the market to
counter such network threats.

Based on the conducted survey and the market research, a comparative


analysis of various products and techniques to enhance network security
was done.

21.1 Awareness about various threats

Surveyed Individuals = 100

Graph 6: Bar graph depicting awareness about various threats

Spam
E-mail
Keylogger
Phishing
Identity Theft
Malware
Spyware
Worm
Trojan
Virus

0% 20% 40% 60% 80% 100%

Conclusion: Most individuals surveyed were aware of the basic threats to network
security but very little percentage of individuals had knowledge of relatively newer
and more lethal threats like spywares, malwares, identity theft, phishing and
keyloggers.

109
110
21.2 Antivirus Softwares Used

Surveyed Individuals = 100

Graph 7: Bar graph depicting Antivirus softwares used

McAfee

Bit Defender

Avira

Quick Heal

NORTON
0% 10% 20% 30% 40%

Conclusion: Even though as stated earlier, on the basis of online surveys and review
sites, Bit Defender and Kaspersky Antivirus Softwares are rated as the best. However, on
a more local level as depicted by the results of the survey above, a large percentage of
individuals prefer Avast and AVG Antivirus, which are freewares, probably indicating
that general preference is to Freeware Softwares at the expense of better network
security which is being offered by the afore mentioned paid products.

111
112
21.3 Awareness about Security Measures

Surveyed Individuals = 100

Graph 8: Bar graph depicting awareness about security measures

Firewall
(Purchased)

Firewall
(Windows)

Anti-
Malware

Anti-
Spyware

0% 20% 40% 60% 80%

Conclusion: As shown by Graph. 1 (Analysis of various threats), due to limited


awareness about newer threats like spyware and malware, the outcome is reflected in
the above bar graph as well, wherein very few individuals cared to invest in security
measures like Anti-spyware and Anti-malware to counter the same.

113
114
References
1. http://www.us-cert.gov/cas/tips/
2. http://www.ehow.com/how_11818_rid-computer-virus.html
3. http://en.wikipedia.org/wiki/Phishing
4. en.wikipedia.org/wiki/In-session_phishing
5. http://computer.howstuffworks.com/phishing.htm
6. en.wikipedia.org/wiki/Pop-up_ad
7. http://whatis.techtarget.com/definition/0,,sid9_gci212806,00.html
8. en.wikipedia.org/wiki/Digital_signature
9. en.wikipedia.org/wiki/Keystroke_logging
10. www.ask.com/questions-about/Keylogger
11. http://www.net-security.org/article.php?id=816
12. http://www.itsecurity.com/features/25-common-email-security-mistakes-
022807/
13. http://en.wikipedia.org/wiki/Email
14. http://windows.microsoft.com/en-IN/windows-vista/How-to-know-if-an-online-
transaction-is-secure
15. en.wikipedia.org/wiki/Wireless_security
16. en.wikipedia.org/wiki/HTTP_cookie

17. http://anti-virus-software-review.toptenreviews.com/
18. http://www.filehippo.com/search?q=Antivirus
19. http://www.webroot.com/En_US/consumer-products-spysweeper.html
20. http://www.malwarebytes.org/mbam.php
21. http://www.lavasoft.com/
22. http://www.safer-networking.org/en/index.html.
23. http://www.zonealarm.com/security/en-us/zonealarm-pc-security-free-
firewall.htm
24. http://www.comodo.com/home/internet-security/firewall.php
25. http://www.bitdefender.com/
115
26. http://www.kaspersky.com/kaspersky_anti-virus
27. http://www.esetindia.com/home/smart-security/
28. http://free.avg.com/in-en/download-avg-antivirus?cmpid=fs_in_avban_hp-
avpro
29. http://antivirus.norton.com/norton/ps/3up_in_en_navnis360.html?om_sem_cid
=hho_sem_ic:in:ggl:en:e|kw0000092004
30. http://www.virustotal.com/
31. http://www.sandboxie.com/

116

You might also like