INTERNET SECURITY: USER’S PERSPECTIVE

A PROJECT REPORT Submitted in partial fulfillment for the award of the degree of

BACHELOR OF ENGINEERING
in ELECTRONICS & COMMUNICATION ENGINEERING

SUBMITTED TO: Dr. Hitesh Kapoor Assistant Professor Dept. of Applied Sciences

SUBMITTED BY: Siddharth Bhardwaj (UE 85094) Surbhi Vijh (UE 85098)

UNIVERSITY INSTITUTE OF ENGINEERING & TECHNOLOGY

PANJAB UNIVERSITY CHANDIGARH

MAY 2011

PANJAB UNIVERSITY, CHANDIGARH

CERTIFICATE

Certified that this project report “Internet Security: User’s Perspective” is the bona fide work of “Siddharth Bhardwaj and Surbhi Vijh” who carried out the project work under my supervision.

PROF. RENU VIG Director U.I.E.T.

DR. HITESH KAPOOR Assistant Professor Dept. of Applied Sciences

i

ACKNOWLEDGEMENT
We owe a great many thanks to a great many people who helped and supported us during the writing of this book. Our deepest thanks to Assistant Professor and our teacher, Dr. Hitesh Kapoor, for guiding and correcting various documents of ours with attention and care. He has taken pain to go through the project and make necessary corrections as and when needed.

We also express our thanks to the Director of UNIVERSITY INSTITUTE OF ENGINEERING & TECHNOLOGY, PANJAB UNIVERSITY, Prof. Renu Vig for extending her support.

We would also like to thank all the individuals who participated in the survey conducted by us, to develop a detailed analysis as a part of the project.

We would also thank our Institution and our faculty members without whom this project would have been a distant reality. We also extend our heartfelt thanks to our families and well wishers.

ii

Abstract
The computer is the great invention of 20th century which has been now the part of our life. Gradually it became necessary to connect different computers that lead to establish local network. The network field grew up by leaps and bound that lead to huge matrix of computer network. This great invention is known as Internet. It benefited to human being in each & every field, which is now part of our life. But as we know each coin has two sides. Similarly the darkness of network field is an unimaginable. Now the big question is how to provide protection to your machine & secure our data & information? The only answer is “Network Security”.

Internet (a network of networks) security is a complicated subject, historically only tackled by well trained and experienced experts. However, as more and more people become ``wired'', an increasing number of people need to understand the basics of security in a networked world. It explains the concepts needed to read through hype in the marketplace and understand risks and how to deal with them.

In this project, we have covered the various practices and precautions a user must undertake to protect his/her computer system from the viable threats when connected in a computer network (internet).

The topic is aimed at understanding the various threats that are encountered on a widespread basis and the various security measures that need to be implemented so as to counter them. It considers network security (issues and remedial measures) from a common user’s perspective, a brief understanding of the various threats (like viruses, worms, trojans, spyware, malware etc.). Futher, it covers topics like secure online transactions, understanding Phishing Sites, Keyloggers, Malicious Scripts, Popups etc, threats to network security via emails and need and role of Antivirus, Antispyware, Firewall. Internet security is indeed the hot topic of discussion amongst all computers enthusiastic & it has also become a major concern in broad room across the globe. iii

Companies have started taking computer security very seriously and dedicated teams who maintain & secure the companies sensitive information round the clock. Even individuals who use ultimate tool the internet have started to show an increase4d demand for tools or ways to protect their system against criminal. It is totally impossible to create 100% foolproof firewall or network without compromising the services that network has offer being aware and regularly updating one’s network in tune with latest updating in field of computer security, is one trick that internet user must have in his or her armory of defense against computer infiltration.

It is hoped that the reader will have a wider perspective on security in general, and better understand how to reduce and manage risk personally, at home, and in the workplace.

iv

List of Tables
S.No. Table No.
1 2 3 4 5 6 7 8 9 10 11 12 Table 1 Table 2 Table 3 Table 4 Table 5 Table 6 Table 7 Table 8 Table 9 Table 10 Table 11 Table 12

About
Significance of Security Status bar colours Internet Security Threats & Solutions: At a Glance Review of Spy Sweeper Review of Spybot Review of Malwarebytes Review of Ad-aware Review of Zone Alarm Firewall Review of Comodo Internet Security Review Of Bit-Defender Review of Kaspersky Review of ESET NOD 32 Review Of AVG 2011

Page No.
58 74 77 79 81 83 85 86 88 93 96 99

v

List of Figures
S.no Figure No.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 Fig 1 Fig 2 Fig 3 Fig 4 Fig 5 Fig 6 Fig 7 Fig 8 Fig 9 Fig 10 Fig 11 Fig 12 Fig 13 Fig 14 Fig 15 Fig 16 Fig 17 Fig 18 Fig 19 Fig 20 Fig 21 Fig 22 Fig 23 Internet Antivirus A phishing example, showing how eBay logo is used to hoodwink users. Phishing HSBC customers Several pop-up ads on computer screen A POP-Up blocking software A logfile from a software based keylogger Screen capture of what the software-based keylogger above was logging On Screen Keyboard Spy Sweeper Window Spybot Window Malwarebytes Anti-Malware Ad-aware window Zone alarm Firewall Comodo Internet Security Window Bit Defender Antivirus 2011 window Kaspersky 2011 Antivirus window ESET NOD 32 window AVG Antivirus 2011 window NORTON 2011 Antivirus window VirusTotal.com interface Scan Report of a Test File Sandboxie

About

Page no.
1 21 34 35 40 42 47 47 52 75 78 80 82 84 85 87 90 94 97 100 102 104 105

vi

List of Graphs

S.No.
1 2 3 4 5 6 7 8

Graph No.
Graph 1 Graph 2 Graph 3 Graph 4 Graph 5 Graph 6 Graph 7 Graph 8

About
User ratings for Bit-Defender User ratings for Kaspersky User ratings for ESET NOD 32 User Ratings Of AVG 2011 User Ratings Of Norton 2011
Bar graph depicting awareness about various threats Bar graph depicting Antivirus softwares used

Page No.
87 91 94 97 100 107 109 111

Bar graph depicting awareness about security measures

vii

TABLE OF CONTENTS
S. No.
Abstract List of tables List of figures List of graphs

Title

Page No.
iii v vi vii

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

Internet Internet Security Good Security Habbits Viruses, Trojans, Worms & Spyware Spyware Malware Recovering from Viruses, Worms, and Trojan Horses Antivirus Firewalls Phishing Pop ups Digital Footprint Keystroke logging E-mail Security Secure Online Transactions P2P Security Securing Wireless Networks Browsing Safely: Understanding Active Content and Cookies

1 3 6 9 11 14 18 21 28 30 39 44 46 53 57 61 65 68

19

Software Analysis

75

19.1 Anti-Spyware Softwares 19.1.1 Spy Sweeper 19.1.2 Spybot- Search and Destroy 19.2 Anti-Malware Softwares 19.2.1 Malwarebytes Anti-Malware 19.2.2 Ad-Aware 19.3 Firewalls 19.3.1 Zone alarm Firewall 19.3.2 Comodo Internet Security 19.4 Antivirus Softwares 19.4.1 Bit-Defender Antivirus 2011 19.4.2 Kaspersky 2011 Antivirus 19.4.3 ESET NOD 32 Antivirus 19.4.4 AVG Antivirus 2011 19.4.5 NORTON 2011 Antivirus 19.5 Virus Total.com 19.6 Sandboxie (Isolation Program) 20 21 INFORMATION TECHNOLOGY ACT, 2000 -Certain provisions pertaining Cyber Security Survey and Analysis 21.1 Awareness about various threats 21.2 Antivirus Softwares Used 21.3 Awareness about Security Measures 22 References

75 75 77 80 80 82 84 84 85 87 87 90 94 97 100 102 105 107 109 109 111 113 115

1. Internet [1]
Definition:  The Internet is a worldwide system of computer networks - a network of networks in which users at any one computer can, if they have permission, get information from any other computer (and sometimes talk directly to users at other computers).
Fig 1: Internet

History:   The Internet was conceived by the Advanced Research Projects Agency (ARPA) of the U.S. government in 1969 and was first known as the ARPANet. The original aim was to create a network that would allow users of a research computer at one university to be able to "talk to" research computers at other universities.  A side benefit of ARPANet's design was that, because messages could be routed or rerouted in more than one direction, the network could continue to function

1

even if parts of it were destroyed in the event of a military attack or other disaster. Applications:  The most widely used part of the Internet is the World Wide Web ("WWW"). Using the Web, we have access to millions of pages of information. Web browsing is done with a Web browser, the most popular of which are Microsoft Internet Explorer and Mozilla Firefox    Electronic mail (email) is the most widely used application on the Net. More recently, Internet telephony hardware and software allows real-time voice conversations. File sharing is another application which allows transferring large amounts of data across the Internet. A computer file can be e-mailed to customers, colleagues and friends as an attachment. It can be uploaded to a website or FTP server for easy download by others.

2

2. Internet Security [1]
 Internet security is a branch of computer security specifically related to the Internet. Its objective is to establish rules and measures to use against attacks over the Internet. The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. 

Internet security is often neglected when people begin shopping, banking and doing other financial or personal activities online. With identity fraud and online theft rising every day, the first thing that should be done before engaging in any sensitive matters online is making sure that the computer and its connection are secure. Contrary to popular belief, it does not take a certified network engineer to enhance the safety of a home computer system. By following a few simple guidelines, even a novice can go a long way toward protecting his or her identity and financial information from those who would prey upon it.

Need for Internet Security
 Even if you don't think you have anything worth protecting on your computer, it's still important that you keep it locked down. Your files are not the only thing at stake when we talk of network security. If someone gains access to your computer, it can be used as a "zombie" for hacking into other computer, hiding the trail of the person who is actually doing it. How would you like to get a call from your local police telling you that there's been a virus attack that has been traced back to your computer?  No, even if your computer isn't used for anything critical you need to run security software such as an antivirus and a firewall. These programs will keep your computer "hidden" from prying eyes over the internet, as well as protected from viruses and other malware that can be spread through email or other methods.

3

Working: Internet Security
Basic Defense: The first line of defense for dial-up, high speed and wireless Internet access is a firewall. When it is active, your computer will only allow connections from computers at trusted sources. Depending on your operating system, you can allow exceptions and add programs and websites. Virus and spyware protection software will help you safeguard your files and your operating system. Malicious computer users (hackers) insert viruses and spyware in html codes, text files and software programs. Once downloaded and activated, these programs can destroy files, copy passwords and damage software applications to the extent that your computer no longer functions.

Passwords and Privacy: Almost every website, forum and even your email program requires you to enter a password. For added security, do not use the same password repeatedly. Combine random letters and numbers for strong password security. Avoid giving your personal email address to every site that you visit. It is better to sign up on new sites with a disposable email address. Despite aggressive legislation and prosecution, spam is still a major problem for Internet users. Review every website's privacy policy before providing personal information including your home address.

Email Security: Pay particular attention to common email security threats. Do not open email file attachments from unknown sources because this tends to be a major source of viruses. Clicking on active links in emails can redirect your browser to sites that contain spyware, adware or worse. Phishing, phony emails from trusted sources that ask for personal and financial information, can lead to identity theft. In general, your bank or credit card will never email a request for you update your information. 4

Stay Secure: New Internet threats appear daily. Keeping your security software updated is essential to your security plan. Review the default Internet security settings and update settings for your operating system, browser, email program and all installed security software often. Schedule a daily or weekly time for your virus and spyware software to run and report your security status. If you are frequently finding that your computer has been invaded by spyware or viruses, upgrade your software or select stronger protection options.

5

3. Good Security Habits [1]
There are some simple habits you can adopt that, if performed consistently, may dramatically reduce the chances that the information on your computer will be lost or corrupted.

Minimizing the access other people have to your information
You may be able to easily identify people who could, legitimately or not, gain physical access to your computer—family members, roommates, co-workers, members of a cleaning crew, and maybe others. Identifying the people who could gain remote access to your computer becomes much more difficult. As long as you have a computer and connect it to a network, you are vulnerable to someone or something else accessing or corrupting your information; however, you can develop habits that make it more difficult.

Lock your computer when you are away from it. Even if you only step away from your computer for a few minutes, it's enough time for someone else to destroy or corrupt your information. Locking your computer prevents another person from being able to simply sit down at your computer and access all of your information.

Disconnect your computer from the Internet when you aren't using it. The development of technologies such as DSL and cable modems has made it possible for users to be online all the time, but this convenience comes with risks. The likelihood that attackers or viruses scanning the network for available computers will target your computer becomes much higher if your computer is always connected. Depending on what method you use to connect to the Internet, disconnecting may mean disabling a wireless connection, turning off your computer or modem, or disconnecting cables. When you are connected, make sure that you have a firewall enabled. 6

Evaluate your security settings. Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements. Enabling certain features to increase convenience or functionality may leave you more vulnerable to being attacked. It is important to examine the settings, particularly the security settings, and select options that meet your needs without putting you at increased risk. If you install a patch or a new version of the software, or if you hear of something that might affect your settings, reevaluate your settings to make sure they are still appropriate.

Other measures
Sometimes the threats to your information aren't from other people but from natural or technological causes. Although there is no way to control or prevent these problems, you can prepare for them and try to minimize the damage. Protect your computer against power surges and brief outages. Aside from providing outlets to plug in your computer and all of its peripherals, some power strips protect your computer against power surges. Many power strips now advertise compensation if they do not effectively protect your computer. Power strips alone will not protect you from power outages, but there are products that do offer an uninterruptible power supply when there are power surges or outages. During a lightning storm or construction work that increases the odds of power surges, consider shutting your computer down and unplugging it from all power sources. Back up all of your data. Whether or not you take steps to protect yourself, there will always be a possibility that something will happen to destroy your data. You have probably already experienced this at least once— losing one or more files due to an accident, a virus or worm, a natural event, or a problem with your equipment. Regularly backing up your data on a CD or network reduces the stress and other negative consequences that result from losing important information. Determining how often to back up your data is a personal decision. If you are constantly adding or changing data, 7

you may find weekly backups to be the best alternative; if your content rarely changes, you may decide that your backups do not need to be as frequent. You don't need to back up software that you own on CD-ROM or DVD-ROM—you can reinstall the software from the original media if necessary.

8

4. Viruses, Trojans, Worms & Spyware [1]

There are many different types of computer viruses circulating in the cyber world, including regular Computer Viruses, Worms, Trojans, and Spyware. Each is different in how they work, but they all share one thing in common; the ability to do a great deal of damage to your computer system. Computer Viruses: Computer Viruses have been around since the early 1980's. A computer virus is a program that gets into a computer system by means of hardware or software without the knowledge of the computer user, and then attaches itself to a program file. The virus then starts to replicate itself and do the damage it has been programmed to do. There are many different kinds of computer viruses out there and each has a different way that they work. They can be quite damaging to a computer system, so it is important that you have a good anti-virus program in place to protect your computer Trojan Horses: A Trojan is not a computer virus in the sense that it doesn't get into your computer and self-replicate. The Trojan derives its name from the ancient Greek story of the Trojan Horse, where a group of warriors invades a city by hiding within a giant wooden horse. The residents of the city thought the horse to be a gift, never knowing what was hidden inside, so they rolled the horse in bringing their enemy within the city walls with it. The Greek Trojan horse appeared to be something that it was not, just as the computer Trojan appears to be something that it is not. A computer Trojan is software that appears to function in a certain way (such as a program that you may have downloaded to remove viruses or spyware), when in reality it performs another action, unknown to the user. A Trojan is not always harmful and damaging to your computer, but it can 9

open a Backdoor for hackers to get into your computer and cause damage or retrieve information. A good firewall program is the most effective means to stop a Trojan Horse (also regular computer updates and an antivirus program help prevent Trojan Horses). Computer Worms: Computer Worms are like a virus in the fact that they do self-replicate themselves within your computer system. However, a computer worm does not have to attach itself to a program in your system like a computer virus does in order to function. Also, unlike a computer virus that generally corrupts and modifies files on your computer to cause damage, a computer worm generally localizes its damage to the computer network by causing increased bandwidth. However, computer worms may have a "payload" that can delete files, encrypt files or email files on the host computer. A very common payload for a worm is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. Computer worms can often spread via email such as the SoBig and MyDoom worms did (from 2003 and 2004 respectively). Spyware: Spyware is a newer type of program that damages your computer system. Spyware is also not a computer virus in the traditional sense, but it is harmful. Spyware works by getting into your computer system for the purpose of taking partial control over your use, or collecting personal information without your knowledge. Spyware often ends up on your computer after downloading & installing free software - be very careful what software you download, and which websites you download from. While different in the functions they perform, Viruses, Trojans, Worms and Spyware are all damaging to your computer. It is of the utmost importance that you make sure you have proper computer protection software in place that will protect you from these things so they cannot get into your computer and cause damage. 10

5. Spyware [1]
Because of its popularity, the internet has become an ideal target for advertising. As a result, spyware, or adware, has become increasingly prevalent. When troubleshooting problems with your computer, you may discover that the source of the problem is spyware software that has been installed on your machine without your knowledge. Despite its name, the term "spyware" doesn't refer to something used by undercover operatives, but rather by the advertising industry. In fact, spyware is also known as "adware." It refers to a category of software that, when installed on your computer, may send you pop-up ads, redirect your browser to certain web sites, or monitor the web sites that you visit. Some extreme, invasive versions of spyware may track exactly what keys you type. Attackers may also use spyware for malicious purposes. Because of the extra processing, spyware may cause your computer to become slow or sluggish. There are also privacy implications:
  

What information is being gathered? Who is receiving it? How is it being used?

Realizing the presence of spyware on your computer
The following symptoms may indicate that spyware is installed on your computer:
    

you are subjected to endless pop-up windows you are redirected to web sites other than the one you typed into your browser new, unexpected toolbars appear in your web browser new, unexpected icons appear in the task tray at the bottom of your screen your browser's home page suddenly changed

11

the search engine your browser opens when you click "search" has been changed

certain keys fail to work in your browser (e.g., the tab key doesn't work when you are moving to the next field within a form)

 

random Windows error messages begin to appear your computer suddenly seems very slow when opening programs or processing tasks (saving files, etc.)

Prevent spyware from installing on your computer
To avoid unintentionally installing it yourself, follow these good security practices:

Don't click on links within pop-up windows - Because pop-up windows are often a product of spyware, clicking on the window may install spyware software on your computer. To close the pop-up window, click on the "X" icon in the titlebar instead of a "close" link within the window.

Choose "no" when asked unexpected questions - Be wary of unexpected dialog boxes asking whether you want to run a particular program or perform another type of task. Always select "no" or "cancel," or close the dialog box by clicking the "X" icon in the titlebar.

Be wary of free downloadable software - There are many sites that offer customized toolbars or other features that appeal to users. Don't download programs from sites you don't trust, and realize that you may be exposing your computer to spyware by downloading some of these programs.

Don't follow email links claiming to offer anti-spyware software - Like email viruses, the links may serve the opposite purpose and actually install the spyware it claims to be eliminating.

As an additional good security practice, especially if you are concerned that you might have spyware on your machine and want to minimize the impact, consider taking the following action: 12

Adjust your browser preferences to limit pop-up windows and cookies - Pop-up windows are often generated by some kind of scripting or active content. Adjusting the settings within your browser to reduce or prevent scripting or active content may reduce the number of pop-up windows that appear. Some browsers offer a specific option to block or limit pop-up windows. Certain types of cookies are sometimes considered spyware because they reveal what web pages you have visited. You can adjust your privacy settings to only allow cookies for the web site you are visiting.

Removing spyware

Run a full scan on your computer with your anti-virus software - Some antivirus software will find and remove spyware, but it may not find the spyware when it is monitoring your computer in real time. Set your anti-virus software to prompt you to run a full scan periodically.

Run a legitimate product specifically designed to remove spyware - Many vendors offer products that will scan your computer for spyware and remove any spyware software. Popular products include Lavasoft's Ad-Aware, Microsoft's Window Defender, Webroot's SpySweeper, and Spybot Search and Destroy.

Make sure that your anti-virus and anti-spyware software are compatible Take a phased approach to installing the software to ensure that you don't unintentionally introduce problems.

13

6. Malware [1]
Malware, short for "malicious software," includes viruses and spyware to steal personal information, send spam, and commit fraud. Criminals create appealing websites, desirable downloads, and compelling stories to lure you to links that will download malware – especially on computers that don't use adequate security software. But you can minimize the havoc that malware can wreak and reclaim your computer and electronic information. If you suspect malware is on your computer:

Stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information.

Confirm that your security software is active and current. At a minimum, your computer should have anti-virus and anti-spyware software, and a firewall.

Once your security software is up-to-date, run it to scan your computer for viruses and spyware, deleting anything the program identifies as a problem.

If you suspect your computer is still infected, you may want to run a second antivirus or anti-spyware program – or call in professional help.

Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future.

Malware is short for "malicious software;" it includes viruses – programs that copy themselves without your permission – and spyware, programs installed without your consent to monitor or control your computer activity. Criminals are hard at work thinking up creative ways to get malware on your computer. They create appealing web sites, desirable downloads, and compelling stories to lure you to links that will download malware, especially on computers that don't use adequate security software. Then, they use the malware to steal personal information, send spam, and commit fraud.

14

It doesn't have to be that way. OnGuardOnline.gov says consumers can minimize the havoc malware can wreak, and reclaim their computers and their electronic information. Computers may be infected with malware if they:
   

Slow down, malfunction, or display repeated error messages Won't shut down or restart Serve up a lot of pop-up ads, or display them when you're not surfing the web Display web pages or programs you didn't intend to use, or send emails you didn't write.

If you suspect malware is lurking on your computer, stop shopping, banking, and other online activities that involve user names, passwords, or other sensitive information. Malware on your computer could be sending your personal information to identity thieves. Then, confirm that your security software is active and current: at a minimum, your computer should have anti-virus and anti-spyware software, and a firewall. You can buy stand-alone programs for each element – or a security "suite" that includes these programs – from a variety of sources, including commercial vendors or from your Internet Service Provider. Security software that comes pre-installed on a computer generally works for a short time unless you pay a subscription fee to keep it in effect. In any case, security software protects against the newest threats only if it is up-to-date. That's why it is critical to set your security software and operating system (like Windows or Apple's OS) to update automatically. Some scam artists distribute malware disguised as anti-spyware software. OnGuardOnline offers a list of security tools from legitimate security vendors selected by GetNetWise, a project of the Internet Education Foundation. Resist buying software in response to unexpected pop-up messages or emails, especially ads that claim to have 15

scanned your computer and detected malware. That's a tactic scammers have used to spread malware, and that has attracted the attention of the Federal Trade Commission, the nation's consumer protection agency, as well as a number of state law enforcement agencies. Once you confirm that your security software is up-to-date, run it to scan your computer for viruses and spyware. Delete everything the program identifies as a problem. You may have to restart your computer for the changes to take effect. If you suspect that your computer still is infected, you may want to run a second antispyware or anti-virus program. Some computer security experts recommend installing one program for real-time protection, and another for periodic scans of your machine as a way to stop malware that might have slipped past the first program. Finally, if the problem persists after you exhaust your own ability to diagnose and treat it, you might want to call for professional help. If your computer is covered by a warranty that offers free tech support, contact the manufacturer. Before you call, write down the model and serial number of your computer, the name of any software you've installed, and a short description of the problem. Your notes will help you give an accurate description to the technician. If you need professional help, if your machine isn't covered by a warranty, or if your security software isn't doing the job properly, you may need to pay for technical support. Many companies – including some affiliated with retail stores – offer tech support via the phone, online, at their store, or in your home. Telephone or online help generally are the least expensive ways to access support services – especially if there's a toll-free helpline – but you may have to do some of the work yourself. Taking your computer to a store usually is less expensive than hiring a technician or repair person to come into your home.

16

Once your computer is back up and running, think about how malware could have been downloaded to your machine, and what you could do to avoid it in the future. If your security software or operating system was out-of-date, download the newest version and set it to update automatically. Use the opportunity to back up important files by copying them onto a removable disc. Other ways to minimize the chances of a malware download in the future:

Don't click on a link in an email or open an attachment unless you know who sent it and what it is. Links in email can send you to sites that automatically download malware to your machine. Opening attachments – even those that appear to come from a friend or co-worker – also can install malware on your computer.

Download and install software only from websites you know and trust. Downloading free games, file-sharing programs, and customized toolbars may sound appealing, but free software can come with malware.

Talk about safe computing. Tell your kids that some online activity can put a computer at risk: clicking on pop-ups, downloading "free" games or programs, or posting personal information.

Finally, monitor your computer for unusual behavior. If you suspect your machine has been exposed to malware, take action immediately.

17

7. Recovering from Viruses, Worms, and Trojan Horses [1] [2]
Unfortunately, many users are victims of viruses, worms, or Trojan horses. If your computer gets infected with malicious code, there are steps you can take to recover. Unfortunately, there is no particular way to identify that your computer has been infected with malicious code. Some infections may completely destroy files and shut down your computer, while others may only subtly affect your computer's normal operations. Be aware of any unusual or unexpected behaviors. If you are running antivirus software, it may alert you that it has found malicious code on your computer. The anti-virus software may be able to clean the malicious code automatically, but if it can't, you will need to take additional steps.

Steps to follow if you are infected
1. Minimize the damage - If you are at work and have access to an IT department, contact them immediately. The sooner they can investigate and clean your computer, the less damage to your computer and other computers on the network. If you are on your home computer or a laptop, disconnect your computer from the internet. By removing the internet connection, you prevent an attacker or virus from being able to access your computer and perform tasks such as locating personal data, manipulating or deleting files, or using your computer to attack other computers. 2. Remove the malicious code - If you have anti-virus software installed on your computer, update the virus definitions (if possible), and perform a manual scan of your entire system. If you do not have anti-virus software, you can purchase it at a local computer store. If the software can't locate and remove the infection, you may need to reinstall your operating system, usually with a system restore disk that is often supplied with a new computer. Note that reinstalling or restoring the operating system typically erases all of your files and any additional 18

software that you have installed on your computer. After reinstalling the operating system and any other software, install all of the appropriate patches to fix known vulnerabilities

Reducing the risk of another infection
Dealing with the presence of malicious code on your computer can be a frustrating experience that can cost you time, money, and data. The following recommendations will build your defense against future infections:

Use and maintain anti-virus software - Anti-virus software recognizes and protects your computer against most known viruses. However, attackers are continually writing new viruses, so it is important to keep your anti-virus software current.

Change your passwords - Your original passwords may have been compromised during the infection, so you should change them. This includes passwords for web sites that may have been cached in your browser. Make the passwords difficult for attackers to guess

Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities Many operating systems offer automatic updates. If this option is available, you should enable it.

Install or enable a firewall - Firewalls may be able to prevent some types of infection by blocking malicious traffic before it can enter your computer. Some operating systems actually include a firewall, but you need to make sure it is enabled.

Use anti-spyware tools - Spyware is a common source of viruses, but you can minimize the number of infections by using a legitimate program that identifies and removes spyware.

19

Follow good security practices - Take appropriate precautions when using email and web browsers so that you reduce the risk that your actions will trigger an infection.

As a precaution, maintain backups of your files on CDs or DVDs so that you have saved copies if you do get infected again.

20

8. Antivirus [1]
Antivirus or Anti-Virus Software is a computer program that can be used to scan files to identify and eliminate computer viruses, worms, trojan horses and other malicious software (malware). While the Internet has ostensibly become a safer place (people know more than ever before about safe surfing habits and the browsers are always trying to stay ahead of the malicious coders), there is still no excuse for surfing the web without an antivirus program. Antivirus software is a user’s last line of defense against the many harmful programs out there that can destroy your computer.
Fig 2:

Functions offered by antivirus software
 Scanning Files: Most good antivirus programs come with a scanning function. With this, you can do a thorough scan of your computer and make sure you aren't infected with anything that might be breaching your security or causing your computer to slow down.  Removing Infections: Every antivirus program has its own ways in which it responds to threats or viruses found on a computer. It may quarantine the infected programs in case they are not really viruses, but rather something you need for your computer to run smoothly. Usually, it will ask the user whether or not he wants to delete the infected programs. 21

Virus Protection: The main purpose of antivirus software is, of course, to protect the computer from getting a virus. It does this by scanning downloads and attachments for viruses, and by running in the background when the user is surfing the Internet. Should the user come across a virus, the program will warn the user and give her the option of getting rid of it before it infects.

Spyware: The best antivirus programs are equipped and updated to protect the user against spyware and adware, two scourges of the Internet world. These malicious programs enter a computer through the browser, usually as a result of pop-up ads or a bad Internet site. The antivirus program will usually block these pop-up ads, but if one gets through, the program will warn the user and let him eliminate the threat before it attacks the computer.

Real-Time Scanning: Anti-virus programs provide real-time scanning, which means the program is always on and checking for viruses as you perform tasks. This is important because a virus scanner works after the fact and may not remove the virus completely.

Websites: As you visit websites, small programs in the background called scripts could possibly have viruses or Trojans embedded in the programming. Some are benign, but most are malicious.

Email: With email, attachments are capable of transmitting viruses. Use an antivirus program that scans email and email attachments so any infections or fake emails (which used to get you to click on a link that appears legit) can be caught.

Data Mining: Sometimes, data trackers get installed on your computer for one purpose: to track your computing habits. The websites you visit, the products you purchase and web programs you use all assist advertisers for targeted marketing.

Operation: anti-virus software
Although details may vary between packages, anti-virus software scans files or your computer's memory for certain patterns that may indicate an infection. The patterns it 22

looks for are based on the signatures, or definitions, of known viruses. Virus authors are continually releasing new and updated viruses, so it is important that you have the latest definitions installed on your computer. Once you have installed an anti-virus package, you should scan your entire computer periodically.

Automatic scans - Depending what software you choose, you may be able to configure it to automatically scan specific files or directories and prompt you at set intervals to perform complete scans.

Manual scans - It is also a good idea to manually scan files you receive from an outside source before opening them. This includes
o

saving and scanning email attachments or web downloads rather than selecting the option to open them directly from the source

o

scanning media, including CDs and DVDs, for viruses before opening any of the files

Detecting computer threats
Most commercial anti-virus software uses both of these approaches, with an emphasis on the virus dictionary approach.  Virus dictionary approach: In the virus dictionary approach, when the anti-virus software examines a file, it refers to a dictionary of known viruses that have been identified by the author of the anti-virus software. If a piece of code in the file matches any virus identified in the dictionary, then the anti-virus software can then either delete the file, quarantine it so that the file is inaccessible to other programs and its virus is unable to spread, or attempt to repair the file by removing the virus itself from the file.

23

To be successful in the medium and long term, the virus dictionary approach requires periodic online downloads of updated virus dictionary entries. As new viruses are identified "in the wild", civically minded and technically inclined users can send their infected files to the authors of anti-virus software, who then include information about the new viruses in their dictionaries. Dictionary-based anti-virus software typically examines files when the computer's operating system creates, opens, and closes them; and when the files are e-mailed. In this way, a known virus can be detected immediately upon receipt. The software can also typically be scheduled to examine all files on the user's hard disk on a regular basis. Although the dictionary approach is considered effective, virus authors have tried to stay a step ahead of such software by writing "polymorphic viruses", which encrypt parts of themselves or otherwise modify themselves as a method of disguise, so as to not match the virus's signature in the dictionary.  Suspicious behavior approach: The suspicious behavior approach, by contrast, doesn't attempt to identify known viruses, but instead monitors the behavior of all programs. If one program tries to write data to an executable program, for example, this is flagged as suspicious behavior and the user is alerted to this, and asked what to do. Unlike the dictionary approach, the suspicious behavior approach therefore provides protection against brand-new viruses that do not yet exist in any virus dictionaries. However, it also sounds a large number of false positives, and users probably become desensitized to all the warnings. If the user clicks "Accept" on every such warning, then the anti-virus software is obviously useless to that user. This problem has especially been made worse over the past 7 years, since many more nonmalicious program designs chose to modify other .exes without regards to this false

24

positive issue. Thus, most modern anti virus software uses this technique less and less.  Other ways to detect viruses: Some antivirus-software will try to emulate the beginning of the code of each new executable that is being executed before transferring control to the executable. If the program seems to be using selfmodifying code or otherwise appears as a virus (it immediately tries to find other executables), one could assume that the executable has been infected with a virus. However, this method results in a lot of false positives.

On detecting a virus
Each package has its own method of response when it locates a virus, and the response may differ according to whether the software locates the virus during an automatic or a manual scan. Sometimes the software will produce a dialog box alerting you that it has found a virus and asking whether you want it to "clean" the file (to remove the virus). In other cases, the software may attempt to remove the virus without asking you first. When you select an anti-virus package, familiarize yourself with its features so you know what to expect.

Choosing the right antivirus software
There are many vendors who produce anti-virus software, and deciding which one to choose can be confusing. All anti-virus software performs the same function, so your decision may be driven by recommendations, particular features, availability, or price. Installing any anti-virus software, regardless of which package you choose, increases your level of protection.

25

Updating to the current virus information
This process may differ depending what product you choose, so find out what your antivirus software requires. Many anti-virus packages include an option to automatically receive updated virus definitions. Because new information is added frequently, it is a good idea to take advantage of this option. Resist believing email chain letters that claim that a well-known anti-virus vendor has recently detected the "worst virus in history" that will destroy your computer's hard drive. These emails are usually hoaxes. You can confirm virus information through your anti-virus vendor or through resources offered by other anti-virus vendors. While installing anti-virus software is one of the easiest and most effective ways to protect your computer, it has its limitations. Because it relies on signatures, anti-virus software can only detect viruses that have signatures installed on your computer, so it is important to keep these signatures up to date. You will still be susceptible to viruses that circulate before the anti-virus vendors add their signatures, so continue to take other safety precautions as well.

Issues of concern:
 Macro viruses, arguably the most destructive and widespread computer viruses, could be prevented far more inexpensively and effectively, and without the need of all users to buy anti-virus software, if Microsoft would fix security flaws in Microsoft Outlook and Microsoft Office related to the execution of downloaded code and to the ability of document macros to spread and wreak havoc.  User education is as important as anti-virus software; simply training users in safe computing practices, such as not downloading and executing unknown programs from the Internet, would slow the spread of viruses, without the need of anti-virus software.

26

Computer users should not always run with administrator access to their own machine. If they would simply run in user mode then some types of viruses would not be able to spread.

The dictionary approach to detecting viruses is often insufficient due to the continual creation of new viruses, yet the suspicious behavior approach is ineffective due to the false positive problem; hence, the current understanding of anti-virus software will never conquer computer viruses.

There are various methods of encrypting and packing malicious software which will make even well-known viruses undetectable to anti-virus software. Detecting these "camouflaged" viruses requires a powerful unpacking engine, which can decrypt the files before examining them. Unfortunately, many popular anti-virus programs do not have this and thus are often unable to detect encrypted viruses.

Companies that sell anti-virus software seem to have a financial incentive for viruses to be written and to spread, and for the public to panic over the threat.

27

9. Firewall [1]
Function of a firewall
Firewalls provide protection against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. Firewalls can be configured to block data from certain locations while allowing the relevant and necessary data through. They are especially important for users who rely on "always on" connections such as cable or DSL modems.

Choosing the right type of firewall
Firewalls are offered in two forms: hardware (external) and software (internal). While both have their advantages and disadvantages, the decision to use a firewall is far more important than deciding which type you use.

Hardware - Typically called network firewalls, these external devices are positioned between your computer or network and your cable or DSL modem. Many vendors and some Internet service providers (ISPs) offer devices called "routers" that also include firewall features. Hardware-based firewalls are particularly useful for protecting multiple computers but also offer a high degree of protection for a single computer. If you only have one computer behind the firewall, or if you are certain that all of the other computers on the network are up to date on patches and are free from viruses, worms, or other malicious code, you may not need the extra protection of a software firewall. Hardware-based firewalls have the advantage of being separate devices running their own operating systems, so they provide an additional line of defense against attacks. Their major drawback is cost, but many products are available for less than $100 (and there are even some for less than $50).

28

Software - Some operating systems include a built-in firewall; if yours does, consider enabling it to add another layer of protection even if you have an external firewall. If you don't have a built-in firewall, you can obtain a software firewall for relatively little or no cost from your local computer store, software vendors, or ISP. Because of the risks associated with downloading software from the Internet onto an unprotected computer, it is best to install the firewall from a CD or DVD. If you do download software from the Internet, make sure it is a reputable, secure website. Although relying on a software firewall alone does provide some protection, realize that having the firewall on the same computer as the information you're trying to protect may hinder the firewall's ability to catch malicious traffic before it enters your system.

Applying the right configuration settings
Most commercially available firewall products, both hardware- and software-based, come configured in a manner that is acceptably secure for most users. Since each firewall is different, you'll need to read and understand the documentation that comes with it to determine whether or not the default settings on your firewall are sufficient for your needs.. Also, alerts about current viruses or worms sometimes include information about restrictions you can implement through your firewall. Unfortunately, while properly configured firewalls may be effective at blocking some attacks, don't be lulled into a false sense of security. Although they do offer a certain amount of protection, firewalls do not guarantee that your computer will not be attacked. In particular, a firewall offers little to no protection against viruses that work by having you run the infected program on your computer, as many email-borne viruses do. However, using a firewall in conjunction with other protective measures (such as anti-virus software and "safe" computing practices) will strengthen your resistance to attacks.

29

10. Phishing [1] [3] [5]
Social engineering [1]
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization's network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.

Phishing [3]
Phishing is a form of social engineering. As a cyber crime, phishing involves the attempt to defraud an online user by posing as a trusted entity or by blatantly lying about a situation, which may compel the user to send money or goods. Phishing is the attempt to acquire valuable personal and sensitive information such as credit card numbers, passwords, usernames, etc by pretending to be a trustworthy individual, business or an individual you know. What makes this kind of online crime so successful is the wide array of guises it takes on; there is not one clear-cut appearance of the illegal activity that a consumer could learn to avoid. Not surprisingly, cyber crime prevention specialists understand that the best offense is an education in the various looks and modus operandi of phishing operations.

30

Phishing: Not Just for E-mail
E-mail is the most common way to distribute phishing lures, but some scammers seek out victims through:
      

Instant messages Cell phone text (SMS) messages Chat rooms Fake banner ads Message boards and mailing lists Fake job search sites and job offers Fake browser toolbars

In-session Phishing [4]
In-session phishing is a form of phishing attack which relies on one web

browsing session being able to detect the presence of another session (such as a visit to an online banking website) on the same web browser, and to then launch a pop-up window that pretends to have been opened from the targeted session. This pop-up window, which the user now believes to be part of the targeted session, is then used to steal user data in the same way as with other phishing attacks. The advantage of in-session phishing to the attacker is that it does not need the targeted website to be compromised in any way, relying instead on a combination of data leakage within the web browser, the capacity of web browsers to run active content, the ability of modern web browsers to support more than one session at a time, and social engineering of the user.

31

Phishing Detecting and Prevention [3]
How is it that people can get caught in a phishing scam? Anyone can be tricked by a stylish phishing scam, but simple phishing scams can easily be spotted, even those that seem like the real thing. Here are some popular phrases to look for in your emails, if you suspect message to be a phishing scam.  Emails offering free goods and services: The simplest phishing emails involve the use of an unsolicited communication (or spam) that offers free goods and services in return for a signup. When the consumer enters the requested information, it is harvested and sold to mailing list companies. Even though spam is illegal, enforcement is spotty and even the best email spam filters cannot remove all of these emails  “Verify your account”: This is probably one of the more popular scams. As mentioned above, these types of emails state that you will need to verify your account by clicking on a link below. Such emails offer convenient links that lead to a third party website, where the username and password are captured. Thus equipped, the cyber criminals now access the bank account holder’s real account and transfer money or simply withdraw it. The best way to avoid this is to not click anything within the email. Instead, open another browser tab or window and go to your banking institution's website or give them a call. Most institutions now have separate areas to report phishing; remember that your bank will never ask you for your personal information through email.  "You have won the lottery": This is one of the most common phishing scams around, also known as fee fraud'. The message informs you have won a large amount of money and asks you to reply to the message with your address, bank 32

details and other personal information. These scams often come pretending to be from reputed organizations such as IBM, Microsoft, etc  Your account will be closed if you do not respond within 24 hours: This is done to scare people, especially with so many of us using several types of online accounts. In past, it has been received by Hotmail account holders, which purports to be from Microsoft or Hotmail itself. It threatens account closure unless the email account holder verifies his account with the login information and birth date. Because of the scare, people won't look at the clues that clearly state that this is a fake email. Look at the way the words are said or spelled in the email; often, these emails are not sent by an English speaking person. As with the above, open up a separate browser and check the owner's site.  Compassion emails: Phishing tactics also feed off emotions. If a person receives an email with an attachment to a link about a tragic event, out of curiosity or compassion they may click on the link to find out more.   Amazon: As of July 2009, Amazon was the top brand to be exploited by phishers. Facebook: Users of the popular social networking site are subject to threats both within Facebook and via email. Using the services security settings you can reduce the threat from phishing attacks by making your contact and email details private.  eBay: The popular auction site is another big name that is often mimicked in order to gain personal information. As with the SunTrust example, this eBay phishing email includes the eBay logo in an attempt to gain credibility. The email warns that a billing error may have been made on the account and urges the eBay member to login and verify the charges.

33

Fig 3: A phishing example, showing how eBay logo is used to hoodwink users.

HSBC, Santander, CommonWealth Bank: Customers of these large international banks have also been the subject of phishing scams. You might have noticed that some of these sites are very popular. Phishers use tools to “mine” email addresses and other contact details wherever possible in order to draw you into their scam. Awareness of these methods is the first step in protecting yourself from the threat.

You might have noticed that some of these sites are very popular. Phishers use tools to “mine” email addresses and other contact details wherever possible in order to

34

draw you into their scam. Awareness of these methods is the first step in protecting yourself from the threat.
Fig 4: Phishing HSBC customers

Use anti-virus and anti-spyware software, as well as a firewall, and update them all regularly: Some phishing emails contain software that can harm your computer or track your activities on the Internet without your knowledge. Anti-virus software and a firewall can protect you from inadvertently accepting such unwanted files.

Link manipulation
Most methods of phishing use some form of technical deception designed to make a link in an e-mail (and the spoofed website it leads to) appear to belong to the spoofed

35

organization. Misspelled URLs or the use of subdomains are common tricks used by phishers. In the following example URL, http://www.yourbank.example.com/, it appears as though the URL will take you to the example section of the yourbank website; actually this URL points to the "yourbank" (i.e. phishing) section of the example website. Another common trick is to make the displayed text for a link (the text between the <A> tags) suggest a reliable destination, when the link actually goes to the phishers' site. The following example link, http://en.wikipedia.org/wiki/Genuine, appears to take you to an article entitled "Genuine"; clicking on it will in fact take you to the article entitled "Deception". In the lower left hand corner of most browsers you can preview and verify where the link is going to take you. Hovering your cursor over the link for a couple of seconds will do a similar thing. An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard). For example, the linkhttp://www.google.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.google.com, whereas it actually directs the browser to a page on members.tripod.com, using a username of www.google.com: the page opens normally, regardless of the username supplied. Such URLs were disabled in Internet Explorer, while Mozilla Firefox and Opera present a warning message and give the option of continuing to the site or canceling. A further problem with URLs has been found in the handling of Internationalized domain names (IDN) in web browsers, that might allow visually identical web addresses to lead to different, possibly malicious, websites. Despite the publicity surrounding the flaw, known as IDN spoofing or homograph attack, phishers have taken advantage of a similar risk, using open URL redirectors on the websites of trusted organizations to disguise malicious URLs with a trusted domain. Even digital certificates do not solve this problem because it is quite possible for a phisher to purchase a valid certificate and subsequently change content to spoof a genuine website.

36

Filter evasion
Phishers have used images instead of text to make it harder for anti-phishing filters to detect text commonly used in phishing e-mails.

Website forgery
Once a victim visits the phishing website the deception is not over. Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL. A Universal Man-in-the-middle (MITM) Phishing Kit, discovered in 2007, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site. To avoid anti-phishing techniques that scan websites for phishing-related text, phishers have begun to use Flash-based websites. These look much like the real website, but hide the text in a multimedia object. Protection from phishers can also be acquired by regularly updating your security software in order to prevent you from innocently submitting information to top phishing threats. If you use a desktop email client and your security software doesn’t have any inbox protection, you should consider a specialist application to protect your emails.

Tools to help you avoid phishing scams
Microsoft offers several tools to help you avoid phishing scams when you browse the web or read your email.

37

Windows Internet Explorer. In Internet Explorer, the domain name in the address bar is emphasized with black type and the remainder of the address appears gray to make it easy to identify a website's true identity.

Windows Live Hotmail. Microsoft's free webmail program also uses SmartScreen technology to screen email. SmartScreen helps identify and separate phishing threats and other junk email from legitimate email.

Microsoft Office Outlook. The Junk E-mail Filter in Outlook 2010, Outlook 2007, and other Microsoft email programs evaluates each incoming message to see if it includes suspicious characteristics common to phishing scams.

In case you are a victim

If you believe you might have revealed sensitive information about your organization, report it to the appropriate people within the organization, including network administrators. They can be alert for any suspicious or unusual activity.

If you believe your financial accounts may be compromised, contact your financial institution immediately and close any accounts that may have been compromised. Watch for any unexplainable charges to your account.

Immediately change any passwords you might have revealed. If you used the same password for multiple resources, make sure to change it for each account, and do not use that password in the future.

 

Watch for other signs of identity. Consider reporting the attack to the police, and file a report with the Federal Trade Commission (http://www.ftc.gov/).

38

11. POP-Ups [6]
A pop-up is a graphical user interface (GUI) display area, usually a small window that suddenly appears ("pops up") in the foreground of the visual interface. Pop-ups can be initiated by a single or double mouse click or rollover (sometimes called a mouseover), and also possibly by voice command or can simply be timed to occur. A pop-up window must be smaller than the background window or interface; otherwise, it's a replacement interface. [7] Pop-up ads or pop-ups are a form of online advertising on the World Wide Web intended to attract web traffic or capture email addresses. Pop-ups are generally new web browser windows to display advertisements. The pop-up window containing an advertisement is usually generated by JavaScript, but can be generated by other means as well. Some pop-up ads contain extensive animations or sound elements that can be distracting to surfers or even make it impossible to navigate through a Web page. Sometimes a user might prompt three more windows to open just as he manages to close the first one. Even worse, some pop-ups contain malicious code

like spyware or computer viruses.

Certain types of downloaded content, such as images, free music, and others, can cause pop ups, especially pornographic sites' pop ups. Also, the pop ups will sometimes look like ordinary web pages, and the name of the site will show up in a search bar. Many websites use pop-ups to display information without disrupting the page currently open. For example, if you were to fill in a form on a web page and needed extra guidance, a pop-up would give you extra information without causing loss of any information already entered into the form. Most pop-up blockers will allow this kind of pop-up. However, some will reload the page, causing loss of any information that had been entered.

39

Some web based installers, such as that used by McAfee, use a pop-up to install software.

On many internet browsers, holding down the ctrl key while clicking a link will allow it to bypass the popup filter.

Clicking (even accidentally) on one pop-up may lead to other pop-up ads opening.
Fig 5: Several pop-up ads on computer screen

POP-Up Blocker
Opera was the first major browser to incorporate tools to block pop-up ads; the Mozilla browser later improved on this by blocking only pop-ups generated as the page loads. In the early 2000s, all major web browsers except Internet Explorer allowed the user to block unwanted pop-ups almost completely. In 2004, Microsoft released Windows XP SP2, which added pop-up blocking to Internet Explorer. All major advertisers support the Network Advertising Initiative which allows users to opt out of pop-under advertising.

40

Most modern browsers come with pop-up blocking tools; third-party tools tend to include other features such as ad filtering.

Pop-up Blocker Software
Most pop-up ads are programmed in the Javascript programming language. When you click on a Web page that has pop-up ads, the ads activate as the page loads into your browser. The code for the pop-ups can be found within the code for the page itself. Popup blockers are programmed to scan a Web page's source code and search for any signs of a program telling your browser to open a new window. If the blocker finds this code, it deactivates the command and you don't get any pop-ups. Not all pop-ups open when the Web page loads, though. Some activate when you click on a link or when you scroll your mouse over an activation site on the Web page. A good pop-up blocker can detect the code for these ads as well, though some are only able to deactivate a pop-up after it starts to open. If you've ever seen a pop-up quickly appear and disappear when you have a pop-up blocker activated, that's what happened. The blocker detected the ad after it activated, then disabled it. Some pop-ups use other programming languages, such as Flash. A Javascript pop-up blocker is helpless against flash pop-ups because it's a completely different programming language. To block Flash ads, you'll need Flashblock program. These programs are similar to pop-up blockers in that they disable the commands found in Web pages that activate Flash animation. You can find programs that incorporate Javascript and flash ad blockers in one package.

41

Fig 6: A POP-Up blocking software

Circumventing pop-up blocker
A combination of a banner ad and a popup window is the "hover ad", which uses DHTML to appear in front of the browser screen. With the use of JavaScript, an advertisement can be superimposed over a webpage in a transparent layer. This advertisement can appear as almost anything the author of the advertisement wants. For example, an advertisement can contain an Adobe Flash animation linking to the advertiser's site. An advertisement can also look like a regular window. Because the advertisement is a part of the web page, it cannot be blocked with a pop-up blocker, but it can be blocked with third-party ad blockers such as Adblock or by using custom style sheets. DHTML ads can be very CPU intensive, sometimes bogging down older computers to the point of unusability.

42

Pop-under ads
Pop-under ads are similar to pop-up ads, but the ad window appears hidden behind the main browser window rather than superimposed in front of it. As pop-up ads became widespread and took up whole computer screens, many users learned to immediately close the popup ads that appeared over a site without looking at them. Pop-under ads do not immediately impede a user's ability to view the site content, and thus usually remain unnoticed until the main browser window is closed, leaving the user's attention free for the advertisement. Although the pop-under ad is ubiquitous with annoying methodologies it still is used by major publishers such as CNN.com and The Wall Street Journal.

43

12. Digital Footprint [8]
A digital footprint is a collection of activities and behaviours recorded when an entity (such as a person) interacts in a digital environment. It may include the recording of activities such as system login and logouts, visits to a web-page, accessed or created files, or emails and chat messages. The digital footprint allows interested parties to access this data; possibly for data mining, or profiling purposes. Early usage of the term focused on information left by web activity alone, but came to represent data created and consumed by all devices and sensors. Active digital footprints can be also be stored in many ways depending on the situation. In an online environment, a footprint can be stored by a user being logged into a site when making a post or edit, with the registered name being connected to the edit. In an off line environment a footprint may be stored in files, when the owner of the computer uses a keylogger, so logs can show the actions performed on the machine, and who performed them. Web browsing The digital footprint applicable specifically to the World Wide Web is the internet footprint; also known as cyber shadow or digital shadow, information is left behind as a result of a user's web-browsing activities, including through the use of cookies. The term usually applies to an individual person, but can also refer to a business, organization, corporation or object. Information may be intentionally or unintentionally left behind by the user; with it being either passively or actively collected by other interested parties. Depending on the amount of information left behind, it may be simple for other parties to gather large amounts of information on that individual using simple search engines. Internet footprints are used by interested parties for several reasons; including cyber-vetting, 44

where interviewers could research applicants based on their online activities. Internet footprints are also used by law enforcement agencies, to provide information that would be unavailable otherwise due to a lack of probable cause. Social networking systems may record activities of individuals, with data becoming a life stream. Such usage of social media and roaming services allow digital tracing data to include individual interests, social groups, behaviours, and location. Such data can be gathered from sensors within devices, and collected and analyzed without user awareness.

Privacy issues
Digital footprints are controversial in that privacy and openness are in competition. While a digital footprint can be used to infer personal information without their knowledge, it also exposes individual’s private psychological sphere into the social sphere. Lifelogging is an example of indiscriminate collection of information concerning an individual’s life and behaviour

45

13. Keystroke logging [9] [10]
Keystroke logging (often called keylogging) is the action of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored. There are numerous keylogging methods, ranging from hardware and software-based approaches

to electromagnetic and acoustic analysis.

Software-based keyloggers
These are software programs designed to work on the target computer’s operating system. From a technical perspective there are five categories:  Hypervisor-based: The keylogger can theoretically reside in

a malware hypervisor running underneath the operating system, which remains untouched. It effectively becomes a virtual machine. Blue Pill is a conceptual example.  Kernel based: This method is difficult both to write and to combat. Such keyloggers reside at the kernel level and are thus difficult to detect, especially for user-mode applications. They are frequently implemented as rootkits that subvert the operating system kernel and gain unauthorized access to the hardware, making them very powerful. A keylogger using this method can act as a keyboard driver for example, and thus gain access to any information typed on the keyboard as it goes to the operating system.  API-based: These keyloggers hook keyboard APIs; the operating system then notifies the keylogger each time a key is pressed and the keylogger simply records it. APIs such as GetAsyncKeyState(), GetForegroundWindow(), etc. are used to poll the state of the keyboard or to subscribe to keyboard events. These types of keyloggers are the easiest to write, but where constant polling

46

of each key is required, they can cause a noticeable increase in CPU usage, and can also miss the occasional key.  Form Grabber based: Form Grabber-based keyloggers log web

form submissions by recording the web browsing onSubmit event functions. This records form data before it is passed over the internet and bypasses https encryption.  Packet analyzers: This involves capturing network traffic associated with HTTP POST events to retrieve unencrypted passwords.
Fig 7: A logfile from a software based keylogger

Fig 8: Screen capture of what the software-based keylogger above was logging

47

Remote access software keyloggers
These are local software keyloggers with an added feature that allows access to the locally recorded data from a remote location. Remote communication may be achieved using one of these methods:
   

Data is uploaded to a website, database or an FTP server. Data is periodically emailed to a pre-defined email address. Data is wirelessly transmitted by means of an attached hardware system. The software enables a remote login to the local machine from the Internet or the local network, for data logs stored on the target machine to be accessed.

Related features
Software Keyloggers may be augmented with features that capture user information without relying on keyboard key presses as the sole input. Some of these features include:  Clipboard logging: Anything that has been copied to the clipboard can be captured by the program.  Screen logging: Screenshots are taken in order to capture graphics-based information. Applications with screen logging abilities may take screenshots of the whole screen, just one application or even just around the mouse cursor. They may take these screenshots periodically or in response to user behaviours (for example, when a user has clicked the mouse). A practical application used by some keyloggers with this screen logging ability is to take small screenshots around where a mouse has just clicked; these defeat webbased keyboards (for example, the web-based screen keyboards that are often used by banks) and any web-based on-screen keyboard without screenshot protection. 48

Programmatically

capturing

the

text

in

a control:

The Microsoft

Windows API allows programs to request the text 'value' in some controls. This means that some passwords may be captured, even if they are hidden behind password masks (usually asterisks).  The recording of every program/folder/window opened including a screenshot of each and every website visited, also including a screenshot of each.  The recording of search engines queries, Instant Messenger Conversations, FTP Downloads and other internet based activities (including the bandwidth used).  In some advanced software keyloggers, sound can be recorded from a user's microphone and video from a user's webcam.

Countermeasures
The effectiveness of countermeasures varies, because keyloggers use a variety of techniques to capture data and the countermeasure needs to be effective against the particular data capture technique. For example, an on-screen keyboard will be effective against hardware keyloggers, transparency will defeat some screenloggers - but not all and an anti-spyware application that can only disable hook-based keyloggers will be ineffective against kernel-based keyloggers. Also, keylogger software authors may be able to update the code to adapt to countermeasures that may have proven to be effective against them.

49

 Live CD/USB: Rebooting the computer using a Live CD or write-protected Live
USB is a possible countermeasure against software keyloggers if the CD is clean of malware and the operating system contained on it is secured and fully patched so that it cannot be infected as soon as it is started. Booting a different operating system does not impact the use of a hardware keylogger.  Anti-spyware: Many anti-spyware applications are able to detect software keyloggers and quarantine, disable or cleanse them. These applications are able to detect software-based keyloggers based on patterns in executable code, heuristics and keylogger behaviours (such as the use of hooks and certain APIs). No software-based anti-spyware application can be 100% effective against all keyloggers. Also, software-based anti-spyware cannot defeat non-software

keyloggers (for example, hardware keyloggers) However, the particular technique that the anti-spyware application uses will influence its potential effectiveness against software keyloggers. As a general rule, anti-spyware applications with higher privileges will defeat keyloggers with lower privileges. For example, a hook-based anti-spyware application cannot defeat a kernel-based keylogger (as the keylogger will receive the keystroke messages before the anti-spyware application), but it could potentially defeat hook- and API-based keyloggers.  Network monitors: Network monitors (also known as reverse-firewalls) can be used to alert the user whenever an application attempts to make a network connection. This gives the user the chance to prevent the keylogger from "phoning home" with his or her typed information.  Automatic form filler programs: Automatic form-filling programs may prevent keylogging by removing the requirement for a user to type personal details and passwords using the keyboard. Form fillers are primarily designed for web 50

browsers to fill in checkout pages and log users into their accounts. Once the user's account and credit card information has been entered into the program, it will be automatically entered into forms without ever using the keyboard or clipboard, thereby reducing the possibility that private data is being recorded. However someone with physical access to the machine may still be able to install software that is able to intercept this information elsewhere in the operating system or while in transit on the network. (Transport Layer Security prevents the interception of data in transit by network sniffers and proxy tools.)  Security Tokens: Use of smart cards or other security tokens may improve security against replay attacks in the face of a successful keylogging attack, as accessing protected information would require both the (hardware) security token as well as the appropriate password/passphrase. Knowing the keystrokes, mouse actions, display, clipboard etc used on one computer will not subsequently help an attacker gain access to the protected resource.  One-time passwords (OTP): Using one-time passwords may be keylogger-safe, as each password is invalidated as soon as it's used. This solution may be useful for someone using a public computer, however an attacker who has remote control over such a computer can simply wait for the victim to enter his/her credentials before performing unauthorised transactions on their behalf while their session is active. One-time passwords also prevent replay attacks where an attacker uses the old information to impersonate. One example is online banking where one-time passwords are implemented to protect accounts from keylogging attacks as well as replay attacks.  On-screen keyboards: Most on screen keyboards (such as the onscreen keyboard that comes with Microsoft Windows XP) send normal keyboard event messages to the external target program to type text. Every software keylogger can log these typed characters sent from one program to another. Additionally, keylogging software can take screenshots of what is displayed on the screen (periodically, and/or upon each mouse click). 51

Fig 9: On Screen Keyboard

Speech

recognition:

Similar

to

on-screen

keyboards, speech-to-text

conversion software can also be used against keyloggers, since there are no typing or mouse movements involved. The weakest point of using voicerecognition software may be how the software sends the recognized text to target software after the recognition took place.  Keystroke interference software: Keystroke Interference software is also available. These programs attempt to trick keyloggers by introducing random keystrokes, although this simply results in the keylogger recording more information than it needs to. An attacker has the task of extracting the keystrokes of interest—the security of this mechanism, specifically how well it stands up to cryptanalysis, is unclear.  Handwriting recognition and mouse gestures: Also, many PDAs and lately Tablet PCs can already convert pen (also called stylus) text movements on

their touchscreens to

computer

understandable

successfully. Mouse

gestures utilize this principle by using mouse movements instead of a stylus. Mouse gesture programs convert these strokes to user-definable actions, such as typing text. Similarly, graphics tablets and light pens can be used to input these gestures, however these are less common everyday. The same potential weakness of speech recognition applies to this technique as well.

52

14. E-mail Security [1] [11]
There are many security threats to an email and these threats are caused due to weaker security settings, hacking attacks, phishing, unencrypted messages and virus/spyware attacks. Low security settings in your email program and web browsers may lead to hacking attacks, viruses, spyware, phishing and unauthorized access to your computer. Email vulnerabilities may lead to the loss of your personal and financial information. The insecure emails require special considerations, security settings and policies. Email Protocols send the user’s data in the plain text and a person with some computer knowledge can hack your password and other account’s detail with the packet sniffer. Due to weaker security settings sometimes you receive too much spam emails, which waste your time and computer resources. You need to build up proper email security solutions to protect the emails of the employees of your organization. Your email security not only affect you but it also the compromise the security of the others, who sends the email in your email account. The usefulness of email is being threatened by four phenomena: email

bombardment, spamming, phishing, and email worms. [13]

Spamming
Spamming is unsolicited commercial (or bulk) email. Because of the very low cost of sending email, spammers can send hundreds of millions of email messages each day over an inexpensive Internet connection. Hundreds of active spammers sending this volume of mail results in information overload for many computer users who receive voluminous unsolicited email each day. A number of anti-spam techniques mitigate the impact of spam. In the United States, U.S. Congress has also passed a law, the Can Spam Act of 2003, attempting to regulate such email. Australia also has very strict spam laws restricting the sending of 53

spam from an Australian ISP, but its impact has been minimal since most spam comes from regimes that seem reluctant to regulate the sending of spam.

Email worms
Email worms use email as a way of replicating themselves into vulnerable computers. Although the first email worm affected UNIX computers, the problem is most common today on the more popular Microsoft Windows operating system. The combination of spam and worm programs results in users receiving a constant drizzle of junk email, which reduces the usefulness of email as a practical tool.

Email spoofing
Email spoofing occurs when the header information of an email is altered to make the message appear to come from a known or trusted source. It is often used as a ruse to collect personal information.

Email bombing
Email bombing is the intentional sending of large volumes of messages to a target address. The overloading of the target email address can render it unusable and can even cause the mail server to crash.

Privacy concerns
Today it can be important to distinguish between Internet and internal email systems. Internet email may travel and be stored on networks and computers without the sender's or the recipient's control. During the transit time it is possible that third parties read or even modify the content. Internal mail systems, in which the information never leaves the organizational network, may be more secure, although information

54

technology personnel and others whose function may involve monitoring or managing may be accessing the email of other employees. Email privacy, without some security precautions, can be compromised because:
 

email messages are generally not encrypted. email messages have to go through intermediate computers before reaching their destination, meaning it is relatively easy for others to intercept and read messages.

many Internet Service Providers (ISP) store copies of email messages on their mail servers before they are delivered. The backups of these can remain for up to several months on their server, despite deletion from the mailbox.

the "Received:"-fields and other information in the email can often identify the sender, preventing anonymous communication.

Steps to protect yourself and others in your address book [12]

Be wary of unsolicited attachments, even from people you know - Just because an email message looks like it came from your mom, grandma, or boss doesn't mean that it did. Many viruses can "spoof" the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it's legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email.

Keep software up to date - Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it.

Trust your instincts - If an email or email attachment seems suspicious, don't open it, even if your anti-virus software indicates that the message is clean.

55

Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. At the very least, contact the person who supposedly sent the message to make sure it's legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don't let your curiosity put your computer at risk.

Save and scan any attachments before opening them - If you have to open an attachment before you can verify the source, take the following steps: 1. Be sure the signatures in your anti-virus software are up to date. 2. Save the file to your computer or a disk. 3. Manually scan the file using your anti-virus software. 4. If the file is clean and doesn't seem suspicious, go ahead and open it.

Turn off the option to automatically download attachments - To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and make sure to disable it.

Consider creating separate accounts on your computer - Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need "administrator" privileges to infect a computer.

Apply additional security practices - You may be able to filter certain types of attachments through your email software or a firewall.

56

15. Secure Online Transactions [14]
Secure Connection
A secure connection is an encrypted exchange of information between the website you are visiting and Internet Explorer. Encryption is provided through a document the website provides called a certificate. When you send information to the website, it is encrypted at your computer and decrypted at the website. Under normal circumstances, the information cannot be read or tampered with while it is being sent, but it's possible that someone might find a way to crack the encryption. Even if the connection between your computer and the website is encrypted, it does not guarantee that the website is trustworthy. Your privacy can still be compromised by the way the website uses or distributes your information.

Privacy of secure connections
Secure connections are not necessarily private. Even though the information you are sending and receiving is encrypted (encoded), an intermediate party might be able to see the website you are connecting to. By knowing the website you are connecting to, the other party might have a pretty good idea what you are doing on that site. For example, if you're looking for a new job using a computer at work, your company might watch for key words in websites or keep a log of visited sites. If you upload a resume to a job website, the document might be encrypted, but your company would still know you're looking for a new job.

Telling whether a connection is secure or not
In Internet Explorer, you will see a lock icon Status bar is located on the in the Security Status bar. The Security side of the Address bar.

right

For Mozilla FireFox, the web address background color at the top of the page changes to 57

a different color, and a little lock appears next to the URL [web address].The certificate that is used to encrypt the connection also contains information about the identity of the website owner or organization. You can click the lock to view the identity of the website.

Different colours in the Security status bar
When you visit a website that uses a secure connection, the color of the Security Status bar tells you whether the certificate is valid or not, and it displays the level of validation that was performed by the certifying organization.
Table 1: Table describing what the Security Status bar colors mean.

Color Red Yellow

What it means The certificate is out of date, invalid, or has an error. The authenticity of the certificate or certification authority that issued it cannot be verified. This might indicate a problem with the certification authority's website.

White

The certificate has normal validation. This means that communication between your browser and the website is encrypted. The certification authority makes no assertion about the business practices of the website.

Green

The certificate uses extended validation. This means that communication between your browser and website is encrypted and that the certification authority has confirmed the website is owned or operated by a business that is legally organized under the jurisdiction shown in the certificate and on the Security Status bar. The certification authority makes no assertion about the business practices of the website.

58

Increasing the safety of my online transactions
While there is no guarantee of safety on the web, you can minimize online privacy or security problems by using websites you know and trust. Internet Explorer cannot tell if a website owner is trustworthy. Try to use sites you've used previously or that are recommended by trusted friends or family. You should also turn on Internet Explorer's Phishing Filter to help identify fraudulent websites.

Having both secure and non-secure (mixed) content
Secure and non-secure content, or mixed content, means that a webpage is trying to display elements using both secure (HTTPS/SSL) and non-secure (HTTP) web server connections. This often happens with online stores or financial sites that display images, banners, or scripts that are coming from a server that is not secured. The risk of displaying mixed content is that a non-secure webpage or script might be able to access information from the secure content

NOTE: Internet Explorer uses an encrypted protocol called Secure Sockets Layer (SSL) to access secure webpages. These pages use the prefix HTTPS, while regular webpages use HTTP.

In order best protect yourself and to be relatively secure, you should:   Ensure that your Operating System is up to date by visiting the Windows Update web site on a regular basis. Ensure you have the latest web browser installed. Internet Explorer 6 comes standard with 128-bit encryption for secure transactions. Even if you don't use

59

Internet Explorer (IE), download the latest version anyway, because IE is a core component of the Windows Operating System and needs to be up-to-date.   If you use a wireless router with your Internet connection, ensure that you are operating on a secure network and that it is not open to the public. Always scan your system regularly for Spyware [key loggers]

60

16. P2P Security [1]
Quick Facts
Peer-to-peer (P2P) file-sharing allows users to share files online through an informal network of computers running the same software. File-sharing can give you access to a wealth of information, but it also has a number of risks. You could download copyrightprotected material, pornography, or viruses without meaning to. Or you could mistakenly allow other people to copy files you don't mean to share. If you're considering P2P file-sharing:

Install file-sharing software carefully, so that you know what's being shared. Changes you make to the default settings of the "save" or "shared" folder might cause you to share folders and subfolders you don't want to share. Check the proper settings so that other users of the file-sharing network won't have access to your private files, folders, or sub-folders.

Use a security program from a vendor you know and trust; keep that software and your operating system up-to-date. Some file-sharing software may install malware or adware, and some files may include unwanted content.

You may want to adjust the file-sharing program's controls so that it is not connected to the P2P network all the time. Some file-sharing programs automatically open every time you turn on your computer and continue to operate even when you "close" them.

Consider setting up separate user accounts, in addition to the administrator's account, if your computer has multiple users. Limiting rights on user accounts may help protect your computer from unwanted software and your data from unwelcome sharing.

Back up data you don't want to lose in case of a computer crash, and use a password to protect any files that contain sensitive information. 61

P2P File-Sharing: Evaluating the Risks
Every day, millions of computer users share files online. Whether it is music, games, or software, file-sharing can give people access to a wealth of information. To share files through a P2P network, you download special software that connects your computer to other computers running the same software. Millions of users could be connected to each other through this software at one time. The software often is free. Sounds promising, right? Maybe, but make sure that you consider the trade-offs. OnGuard Online cautions that file-sharing can have a number of risks. For example, when you are connected to file-sharing programs, you may unknowingly allow others to copy private files – even giving access to entire folders and subfolders – you never intended to share. You may download material that is protected by copyright laws and find yourself mired in legal issues. You may download a virus or facilitate a security breach. Or you may unwittingly download pornography labeled as something else. To secure the personal information stored on your computer, OnGuard Online suggests that you:

Install file-sharing software carefully, so that you know what's being shared. When you load a file-sharing application onto your computer, any changes you make to the P2P software's default settings during installation could cause serious problems. For example, if you change the defaults when you set up the "shared" or "save" folder, you may let other P2P users into any of your folders – and all its subfolders. You could inadvertently share information on your hard drive – like your tax returns, email messages, medical records, photos, or other personal documents – along with the files you want to share. And almost all P2P file-sharing applications will, by default, share the downloads in your "save" or "download" folder – unless you set it not to.

Use security software and keep it and your operating system up-to-date. Some file-sharing programs may install malware that monitors a user's computer use 62

and then sends that data to third parties. Files you download may also hide malware, viruses, or other unwanted content. And when you install a P2P filesharing application, you might be required to install "adware" that monitors your browsing habits and serves you advertising. Malware and adware can be difficult to detect and remove. Before you use any file-sharing program, get a security program that includes anti-virus and antispyware protection from a vendor you know and trust and make sure that your operating system is up to date. Set your security software and operating system to be updated regularly. Make sure your security software and firewall are running whenever your computer is connected to the internet. Delete any software the security program detects that you don't want on your computer. And before you open or play any downloaded files, scan them with your security software to detect malware or viruses.

Close your connection. In some instances, closing the file-sharing program window does not actually close your connection to the network. That allows filesharing to continue and could increase your security risk. If you have a highspeed or "broadband" connection to the internet, you stay connected to the internet unless you turn off the computer or disconnect your internet service. These "always on" connections may allow others to copy your shared files at any time. To be sure your file-sharing program is closed, take the time to "exit" the program, rather than just clicking "X" or "closing" it. What's more, some filesharing programs automatically open every time you turn on your computer. As a preventive measure, you may want to adjust the file-sharing program's controls to prevent the file-sharing program from automatically opening.

Create separate user accounts. If more than one person uses your computer, consider setting up separate user accounts, in addition to the administrator's account, and give those user accounts only limited rights. Since only a user with administrator rights can install software, this can help protect against software 63

you don't want on your computer. It also can keep users from accessing other users' folders and subfolders, since users with limited rights generally don't have access to each other's information. Also use a password to protect your firewall and security software so no one else can disable them or grant themselves rights that you don't want them to have on your machine.

Back up sensitive documents. Back up files that you'd want to keep if your computer crashes. Store them on CDs, DVDs, or detachable drives that you keep in a safe place.

Talk with your family about file-sharing. If you're a parent, ask your children whether they've downloaded file-sharing software, and if they've exchanged games, videos, music, or other material. Talk to your kids about the security and other risks involved with file-sharing and how to install the software correctly, if they're going to use P2P file-sharing at all. If you're a teen or tween interested in file-sharing, talk with your parents before downloading software or exchanging files.

64

17. Securing Wireless Networks [1] [15]
Wireless networks are becoming increasingly popular, but they introduce additional security risks. If you have a wireless network, make sure to take appropriate precautions to protect your information.

Working of wireless networks
As the name suggests, wireless networks, sometimes called WiFi, allow you to connect to the internet without relying on wires. If your home, office, airport, or even local coffee shop has a wireless connection, you can access the network from anywhere that is within that wireless area. Wireless networks rely on radio waves rather than wires to connect computers to the internet. A transmitter, known as a wireless access point or gateway, is wired into an internet connection. This provides a "hotspot" that transmits the connectivity over radio waves. Hotspots have identifying information, including an item called an SSID (service set identifier), that allow computers to locate them. Computers that have a wireless card and have permission to access the wireless frequency can take advantage of the network connection. Some computers may automatically identify open wireless networks in a given area, while others may require that you locate and manually enter information such as the SSID.

Security threats are associated with wireless networks
Because wireless networks do not require a wire between a computer and the internet connection, it is possible for attackers who are within range to hijack or intercept an unprotected connection. A practice known as wardriving involves individuals equipped with a computer, a wireless card, and a GPS device driving through areas in search of wireless networks and identifying the specific coordinates of a network location. This information is then usually posted online. Some individuals who participate in or take 65

advantage of wardriving have malicious intent and could use this information to hijack your home wireless network or intercept the connection between your computer and a particular hotspot.

Minimizing the risks to your wireless network

Change default passwords - Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily found online, so they don't provide any protection. Changing default passwords makes it harder for attackers to take control of the device.

Restrict access - Only allow authorized users to access your network. Each piece of hardware connected to a network has a MAC (media access control) address. You can restrict or allow access to your network by filtering MAC addresses. Consult your user documentation to get specific information about enabling these features. There are also several technologies available that require wireless users to authenticate before accessing the network.

Encrypt the data on your network - WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to access your network from viewing your data.

Protect your SSID - To avoid outsiders easily accessing your network, avoid publicizing your SSID. Consult your user documentation to see if you can change the default SSID to make it more difficult to guess.

Install a firewall - While it is a good security practice to install a firewall on your network, you should also install a firewall directly on your wireless devices (a host-based firewall). Attackers who can directly tap into your wireless network

66

may be able to circumvent your network firewall—a host-based firewall will add a layer of protection to the data on your computer.

Maintain anti-virus software - You can reduce the damage attackers may be able to inflict on your network and wireless computer by installing anti-virus software and keeping your virus definitions up to date. Many of these programs also have additional features that may protect against or detect spyware and Trojan horses.

67

18. Browsing Safely: Understanding Active Content and Cookies[1][16]
Many people browse the Internet without much thought to what is happening behind the scenes. Active content and cookies are common elements that may pose hidden risks when viewed in a browser or email client.

Active content
To increase functionality or add design embellishments, web sites often rely on scripts that execute programs within the web browser. This active content can be used to create "splash pages" or options like drop-down menus. Unfortunately, these scripts are often a way for attackers to download or execute malicious code on a user's computer.

JavaScript - JavaScript is just one of many web scripts (other examples are VBScript, ECMAScript, and JScript) and is probably the most recognized. Used on almost every web site now, JavaScript and other scripts are popular because users expect the functionality and "look" that it provides, and it's easy to incorporate (many common software programs for building web sites have the capability to add JavaScript features with little effort or knowledge required of the user). However, because of these reasons, attackers can manipulate it to their own purposes. A popular type of attack that relies on JavaScript involves redirecting users from a legitimate web site to a malicious one that may download viruses or collect personal information.

Java and ActiveX controls - Different from JavaScript, Java and ActiveX controls are actual programs that reside on your computer or can be downloaded over the network into your browser. If executed by attackers, untrustworthy ActiveX controls may be able to do anything on your computer that you can do (such as running spyware and collecting personal information, connecting to other computers, and potentially doing other damage). Java applets usually run in a 68

more restricted environment, but if that environment isn't secure, then malicious Java applets may create opportunities for attack as well. JavaScript and other forms of active content are not always dangerous, but they are common tools for attackers. You can prevent active content from running in most browsers, but realize that the added security may limit functionality and break features of some sites you visit. Before clicking on a link to a web site that you are not familiar with or do not trust, take the precaution of disabling active content. These same risks may also apply to the email program you use. Many email clients use the same programs as web browsers to display HTML, so vulnerabilities that affect active content like JavaScript and ActiveX often apply to email. Viewing messages as plain text may resolve this problem.

Cookies
When you browse the Internet, information about your computer may be collected and stored. This information might be general information about your computer (such as IP address, the domain you used to connect (e.g., .edu, .com, .net), and the type of browser you used). It might also be more specific information about your browsing habits (such as the last time you visited a particular web site or your personal preferences for viewing that site). Cookies can be saved for varying lengths of time:

Session cookies - Session cookies store information only as long as you're using the browser; once you close the browser, the information is erased. The primary purpose of session cookies is to help with navigation, such as by indicating whether or not you've already visited a particular page and retaining information about your preferences once you've visited a page.

69

Persistent cookies - Persistent cookies are stored on your computer so that your personal preferences can be retained. In most browsers, you can adjust the length of time that persistent cookies are stored. It is because of these cookies that your email address appears by default when you open your Yahoo! or Hotmail email account, or your personalized home page appears when you visit your favorite online merchant. If an attacker gains access to your computer, he or she may be able to gather personal information about you through these files.

To increase your level of security, consider adjusting your privacy and security settings to block or limit cookies in your web browser. To make sure that other sites are not collecting personal information about you without your knowledge, choose to only allow cookies for the web site you are visiting; block or limit cookies from a third-party. If you are using a public computer, you should make sure that cookies are disabled to prevent other people from accessing or using your personal information.

Evaluating Your Web Browser's Security Settings
Check the security settings in your web browser to make sure they are at an appropriate level. While increasing your security may affect the functionality of some web sites, it could prevent you from being attacked.

Importance of Security Settings for Web Browser
Your web browser is your primary connection to the rest of the internet, and multiple applications may rely on your browser, or elements within your browser, to function. This makes the security settings within your browser even more important. Many web applications try to enhance your browsing experience by enabling different types of functionality, but this functionality might be unnecessary and may leave you susceptible to being attacked. The safest policy is to disable the majority of those features unless you decide they are necessary. If you determine that a site is trustworthy, you can

70

choose to enable the functionality temporarily and then disable it once you are finished visiting the site.

Finding the Settings
Each web browser is different, so you may have to look around. For example, in Internet Explorer, you can find them by clicking Tools on your menu bar, selecting Internet Options..., choosing the Security tab, and clicking the Custom Level... button. However, in Firefox, you click Tools on the menu bar and select Options.... Click the Content, Privacy, and Security tabs to explore the basic security options. Browsers have different security options and configurations, so familiarize yourself with the menu options, check the help feature, or refer to the vendor's web site. While every application has settings that are selected by default, you may discover that your browser also has predefined security levels that you can select. For example, Internet Explorer offers custom settings that allow you to select a particular level of security; features are enabled or disabled based on your selection. Even with these guides, it is helpful to have an understanding of what the different terms mean so that you can evaluate the features to determine which settings are appropriate for you.

Settings to make
Ideally, you would set your security for the highest level possible. However, restricting certain features may limit some web pages from loading or functioning properly. The best approach is to adopt the highest level of security and only enable features when you require their functionality.

Meaning of Different Terms
Different browsers use different terms, but here are some terms and options you may find:

71

Zones - Your browser may give you the option of putting web sites into different segments, or zones, and allow you to define different security restrictions for each zone. For example, Internet Explorer identifies the following zones:
o

Internet - This is the general zone for all public web sites. When you browse the internet, the settings for this zone are automatically applied to the sites you visit. To give you the best protection as you browse, you should set the security to the highest level; at the very least, you should maintain a medium level.

o

Local intranet - If you are in an office setting that has its own intranet, this zone contains those internal pages. Because the web content is maintained on an internal web server, it is usually safe to have less restrictive settings for these pages. However, some viruses have tapped into this zone, so be aware of what sites are listed and what privileges they are being given.

o

Trusted sites - If you believe that certain sites are designed with security in mind, and you feel that content from the site can be trusted not to contain malicious materials, you can add them to your trusted sites and apply settings accordingly. You may also require that only sites that implement Secure Sockets Layer (SSL) can be active in this zone. This permits you to verify that the site you are visiting is the site that it claims to be. This is an optional zone but may be useful if you personally maintain multiple web sites or if your organization has multiple sites. Even if you trust them, avoid applying low security levels to external sites—if they are attacked, you might also become a victim.

o

Restricted sites - If there are particular sites you think might not be safe, you can identify them and define heightened security settings. Because the security settings may not be enough to protect you, the best 72

precaution is to avoid navigating to any sites that make you question whether or not they're safe.

JavaScript - Some web sites rely on web scripts such as JavaScript to achieve a certain appearance or functionality, but these scripts may be used in attacks.

Java and ActiveX controls - These programs are used to develop or execute active content that provides some functionality, but they may put you at risk.

Plug-ins - Sometimes browsers require the installation of additional software known as plug-ins to provide additional functionality. Like Java and ActiveX controls, plug-ins may be used in an attack, so before installing them, make sure that they are necessary and that the site you have to download them from is trustworthy.

You may also find options that allow you to take the following security measures:

Manage cookies - You can disable, restrict, or allow cookies as appropriate. Generally, it is best to disable cookies and then enable them if you visit a site you trust that requires them.

Block pop-up windows - Although turning this feature on could restrict the functionality of certain web sites, it will also minimize the number of pop-up ads you receive, some of which may be malicious.

73

Table 2: Internet Security Threats & Solutions: At a Glance

What’s the Threat?

What Puts You at Risk?

What Can Happen?

How Do You Protect Yourself?

Spyware

Downloading files from filesharing services; playing interactive games online; installing free software from unknown, untrusted sources

Spyware can make your computer unstable or unusable; enables others to record your keystrokes and steal your private data. Your computer files can be destroyed; hackers can gain control over your computer; and viruses can quickly spread to other computers Hackers can access your PC without your knowledge to steal your private data or use your computer for their own purposes Thieves can steal your social security number, credit-card number, banking passwords, and more, costing you thousands of dollars

Install and regularly update antispyware software; perform frequent spyware scans; avoid sites and activities that can invite spyware Install and regularly update antivirus software; perform frequent antivirus scans; never open e-mail attachments you aren’t expecting or e-mails from people you don’t know Install and regularly update PC firewall software on every PC you own. Make sure the firewall can protect you against unauthorized inbound and outbound communications Make sure every online financial transaction is encrypted; avoid clicking on pop-up ads; don’t allow third-party cookies to be downloaded onto your computer Never reply to e-mails asking for your passwords, account numbers, or other private information—no matter how legitimate they may appear to be Install and regularly update a PC firewall with privacy controls, such as pop-up ad blocking; never click on pop-ups; block thirdparty cookies Use spam blocking tools in Internet security suites, e-mail applications, and other programs; find out what your Internet Service Provider offers for blocking spam

Viruses, worms, Trojan horses

Reading e-mail from unknown senders; opening unknown e-mail attachments

Hackers

Going on the Internet without firewall protection—particularly when using an always-on, broadband connection Shopping, banking, or conducting other financial transactions at unsecure online sites or on unsecure connections

Identity thieves

Phishing scams

E-mails that appear to be from legitimate institutions, urging you to reply

Replying to a phishing scam can cause you to unknowingly provide criminals with your personal financial information

Privacy intrusions

Clicking on pop-up ads; cookies that track your Web surfing habits;

Marketers and others can learn about your online habits, subjecting you to more popups; identity theft is a possibility

Spam

Having an account

active

e-mail

Your inbox fills up with useless, annoying, even pornographic junk e-mail messages

74

19. Software Analysis [17] [18] 19.1 Anti-Spyware Softwares
19.1.1 Spy Sweeper [19]
Fig 10: Spy Sweeper Window

Highlights
    

Most comprehensive antispyware solution available - 360 degrees of protection Continuous monitoring stops spyware before it can attack Advanced detection and removal capabilities for stubborn spyware Automatic defense updates keep you protected from the latest threats FREE customer support

75

o Advanced Anti-spyware Detection and Removal- Webroot Spy Sweeper's advanced detection and spyware removal software is effective at fully removing even the most malicious spyware programs in a single sweep. You won't have to scan and restart your PC a number of times with Spy Sweeper - one sweep and your PC is clean. o Real-Time Anti-spyware Solution-This new version of Spy Sweeper advances the industry-standard in spyware removal software—stopping threats like TrojanDownloader-LowZones and SpySheriff from ever installing in the first place. o Enhanced Rootkit Discovery Methods-Malicious spyware uses rootkit technology to bury its files deep within your PC. Webroot Spy Sweeper finds and destroys these programs with robust rootkit discovery methods, a feature many other antispyware programs lack. o Always the most Current Anti-spyware solution-Outdated security is one of the biggest vulnerabilities home PC users face. Webroot's VersionGuard® ensures your protection is always current by automatically installing free updates to Webroot Spy Sweeper as soon as they are released. o Easy to Use-Webroot Spy Sweeper is antispyware for Windows7, XP and Vista and installs quickly and easily. With a streamlined security console and customizable options, Webroot Spy Sweeper makes scanning for spyware a breeze. o Minimal Impact on Computer Performance-With our spyware removal software, your security is optimized for speed and efficiency, but not at the expense of protection. Scanning can be initiated in the background or after hours to minimize any impact to desktop performance.

76

o Accurate Risk Assessment-Spy Sweeper gives you a quick overview of each threat, what it does, and its potential danger. It's just another way that we help you make educated decisions to keep or remove unwanted programs. o Uninterrupted Games and Movies-Our convenient Gamer Mode ensures you are not interrupted while playing online games or watching movies.

Table 3: Review of Spy Sweeper

Ease of Setup/Use

5/5

Detection Effectiveness

5/5

Removal Effectiveness

5/5

System Performance

4/5

Scan Performance

4/5

Support/Documentation

4/5

19.1.2 Spybot- Search and Destroy [22]
Spybot - Search & Destroy detects and removes spyware, a relatively new kind of threat not yet covered by common anti-virus applications. Spyware silently tracks your surfing behaviour to create a marketing profile for you that is transmitted without your knowledge to the compilers and sold to advertising companies.

77

If you see new toolbars in your Internet Explorer that you haven't intentionally installed, if your browser crashes inexplicably, or if your home page has been "hijacked" (or changed without your knowledge), your computer is most probably infected with spyware. Even if you don't see the symptoms, your computer may be infected, because more and more spyware is emerging. Spybot-S&D is free, so there's no harm giving it a try to see if something has invaded your computer.
Fig 11: Spybot Window

Spybot-S&D can also clean usage tracks, an interesting function if you share your computer with other users and don't want them to see what you have been working on. And for professional users, Spybot-S&D allows you to fix some registry inconsistencies and extended reports.

78

It also features several interface improvements, including multiple skins for dressing up its appearance. Scan results now appear arranged by groups in a tree, and a sliding panel lets you instantly view information about a selected item to help you decide whether to kill it or not. The Immunize feature blocks a plethora of uninvited Webborne flotsam before it reaches your computer. Other useful tools, including Secure Shredder, complement the program's basic functionality for completely destroying files. Hosts File blocks adware servers from your computer, and System Startup lets you review which apps load when you start your computer.
Table 4: Review of Spybot

Ease of Setup/Use

5/5

Detection Effectiveness

4.5/5

Removal Effectiveness

4.5/5

System Performance

3.5/5

Scan Performance

4/5

Support/Documentation

4/5

79

19.2 Anti-Malware Softwares
19.2.1 Malwarebytes Anti-Malware [20]
Fig 12: Malwarebytes Anti-Malware

Malwarebytes' Anti-Malware can detect and remove malware that even the most well known anti-virus and anti-malware applications fail to detect. Malwarebytes' AntiMalware monitors every process and stops malicious processes before they even start. Key Features:
   

Light speed quick scanning. Ability to perform full scans for all drives. Malwarebytes' Anti-Malware Protection Module. (requires registration) Database updates released daily. 80

       

Quarantine to hold threats and restore them at your convenience. Ignore list for both the scanner and Protection Module. Settings to enhance your Malwarebytes' Anti-Malware performance. A small list of extra utilities to help remove malware manually. Multi-lingual support. Works together with other anti-malware utilities. Command line support for quick scanning. Context menu integration to scan files on demand.

Malwarebytes Anti-Malware is a surprisingly effective freeware anti-malware tool. It's a relatively speedy malware remover, with the quick scan taking about 8 minutes even with other high-resource programs running. The heuristics engine proved on multiple computers during empirical testing that it was capable of determining the difference between false positives and dangerous apps.

Table 5: Review of Malwarebytes

Ease of Setup/Use

5/5

Detection Effectiveness

4/5

Removal Effectiveness

4.5/5

System Performance

5/5

Scan Performance

4/5

Support/Documentation

3.5/5

81

19.2.2 Ad-Aware [21]
Fig 13: Ad-aware window

Ad-Aware gives you comprehensive malware protection. Ad-Aware provides core protection against Internet threats. Featuring real-time anti-malware protection, advanced Genotype detection technology, rootkit protection, a scheduler, Ad-Aware Free Internet Security gives you the power to protect yourself online. Ad-Aware Free version is a complete malware protection that now combines Lavasoft's pioneer technology for anti-spyware with traditional anti-virus protection.

With real-time monitoring, threat alerts, and automatic updates you can rest easy knowing that you are protected.

82

Shop, bank, and make travel arrangements online - We keep you safe from password stealers, keyloggers, spyware, trojans, online fraudsters, identity thieves and other potential cyber criminals.

Control your privacy - Erase tracks left behind while surfing the Web - on browsers such as Internet Explorer, Opera, and Firefox - in one easy click.

Get Peace of Mind - Know that your personal information is kept safe from dangerous intruders and prying eyes.

Lavasoft first started changing Ad-Aware's protection engine more than a year ago in version 8.1, when it introduced Genotype. This heuristics-based technology identified identical snippets of code across multiple threat mutations. In version 9, Genotype receives support from what Lavasoft calls "Dedicated Detection." This tech looks inside files, analyzes the code, and creates a loose pattern for finding families of related malware. The company touts that a single dedicated detection signature can detect hundreds of thousands of threats.
Table 6: Review of Ad-aware

Ease of Setup/Use

4/5

Detection Effectiveness

4/5

Removal Effectiveness

3.5/5

System Performance

3.5/5

Scan Performance

3.5/5

Support/Documentation

4/5

83

19.3 Firewalls
19.3.1 Zone alarm Firewall [23]
Fig 14: Zone alarm Firewall

ZoneAlarm Free Firewall is a standalone software firewall that stops traffic threats that are arriving or departing from a personal computer. The firewall cooperates with antivirus software and antispyware from competing vendors. Check Point also offers security suites that bundle the firewall with complementary security modules. It blocks hackers from infiltrating your home PC by hiding your computer from unsolicited network traffic. By detecting and preventing intrusions, ZoneAlarm Free Firewall keeps your PC free from viruses that slow down performance, and spyware that steals your personal information, passwords, and financial data.
  

Essential firewall protection Be invisible to others online New interface makes it even easier - smaller size keeps it light

84

Systematically identifies hackers and blocks access attempts
Table 7: Review of Zone Alarm Firewall

Firewall Features

3/5

Additional Security Features

4.5/5

Ease Of Use

5/5

Support/Documentation

5/5

19.3.2 Comodo Internet Security [24]
Fig 15: Comodo Internet Security Window

85

Comodo claim that their firewall is unique in that it passes all known leak tests to ensure the integrity of data entering and exiting your system. Comodo has put firewall through all kinds of sophisticated tests to ensure its firewall powerful enough to ward off these attacks with default settings.
   

Secures against internal and external attacks Blocks internet access to malicious Trojan programs Safeguards your Personal data against theft Delivers total end-point security for Personal Computers and Networks

Because Comodo Internet Security is more than a firewall, it has the wherewithal to detect and block viruses, Trojan horses, worms, keyloggers, rootkits and other malware in real time. For any program that attempts to run on the PC, the product checks the signature against a database of files known to be good or bad. Comodo runs unknown files in a virtual sandbox until their behavior reveals whether they should be released or removed. Table 8: Review of Comodo Internet Security

Firewall Features

5/5

Additional Security Features

5/5

Ease Of Use

4.5/5

Support/Documentation

5/5

86

19.4 Antivirus Softwares
19.4.1 Bit-Defender Antivirus 2011 [25]
Fig 16: Bit Defender Antivirus 2011 window

Graph 1: User ratings for Bit-Defender

100 80 60 40 20 0 Performance Design Bit Defender

87

Table 9: Review Of Bit-Defender

ATTRIBUTE

POINTS

REMARKS Search Advisor built-in tool for the internet browser and provides protection while surfing online. Active Virus Control to detect and demolish stealth threats. Extremely effective, successfully blocking, removing, neutralizing and (better yet) preventing malware infections. Installation is actually very quick, and includes step-by-step instructions for initial setup. The process includes a pre-installation scan, and doesn’t require a reboot before you’re up and running. Provides different profiles- Basic, Intermediate and Expert to meet your level of experience and desired level of interaction The best aspect of the software is its unmatched level of security, but there are also several features that back up the end goal of security while adding better performance, optimization, flexibility and general ease of use. BitDefender is set to perform updates automatically, and run in the background without slowing down your computer. You don’t have to manually update (though you can if you want), and more importantly, you don’t have to worry about updates slowing down your system. It is designed to be easy to use, and is fairly intuitive. But for those times when you need additional assistance or support with a specific problem, help is always close at hand. The dedicated help section includes articles, a knowledgebase, help files, troubleshooting and a variety of video tutorials.

Scope Of Protection

4/5

Effectiveness

4/5

Ease of Installation

4/5

Ease of Use

4/5

Features

4/5

Updates

4/5

Help & Support

4/5

88

 

Stop Viruses and Spyware Cold- Proactive protection stops new viruses and malware that other products miss. Safeguard Your Privacy- Eliminate the chances your data and conversations are leaked to others over email, social media networks, IM, or websites that track your online activities.

 

Surf Safely- Automatically get warnings about unsafe pages displayed in search results. Play and Work Seamlessly- Automatically activate Game, Laptop, or Silent Mode to minimize interruptions, prolong battery life, or reduce system load to ensure seamless and secure computing.

Smart Tips- When online explorations take you into dangerous terrain, BitDefender prompts you with a series of suggested privacy safeguards, relevant to your most recent activity.

Video Library- A new collection of step-by-step videos helps you navigate through common security challenges.

Find Support Fast- Troubleshoot issues with the new video library or call for free technical assistance for the duration of your software license. Search relevant results from the Knowledge Base, Help file, Troubleshooting and Video Tutorials

Pros          Preinstall scan eases installation. Best suite protection against phishing. Impressive performance optimizer. Above-average parental control. Local, remote, and advanced backup. PC Tune-up. Effective spam filtering. Configurable UI. Private data protection. 89

  Cons   

Remote management. Game/laptop/silent mode.

Mediocre malware removal and blocking. Parental control's IM management easily evaded. Old-school firewall passes security decisions to the user.

Bottom Line BitDefender doesn’t score as well as previous versions on anti-malware tests. Still, its performance optimization tool and and its phishing protection is excellent. It's a good security suite with a full-featured backup system.

19.4.2 Kaspersky 2011 Antivirus [26]
Fig 17: Kaspersky 2011 Antivirus window

90

Graph 2: User ratings for Kaspersky
90 89 88 87 86 85 84 83 82 81 Performance Features Design

Kaspersky

Real-time protection - Kaspersky (KAV) 2011 will monitor the computer for malicious activity to prevent viruses, spyware, Trojans, rootkits, adware, worms, and other types of malware infections.

   

Disinfection - Detected infections are easily removed. Proactive Defense - In addition to signature-based detection, KAV 2011 provides detection of malware that has similar behaviors of known malware. System Watcher - A new feature in Kaspersky AV is that it will monitor application activities to allow roll-back changes from malicious actions. Windows Gadget - Users of Windows Sidebar for Vista and Gadget in Windows 7 will now see Kaspersky Windows Gadget, an easy access to the antivirus settings or reports.

Mail and Web Antivirus - KAV 2011 will monitor incoming and outgoing messages for viruses. It will also monitor the browsing activity for malicious content.

  

IM Antivirus and Anti-Phishing - Fraud and instant messenger protections are also included in Kaspersky AV 2011. Virtual Keyboard - A tool to prevent keyloggers to intercept entered keys via keyboard. Privacy Cleaner - Clears IE history, cookies, logs, prefetch, and other data.

91

   

Vulnerability scanner - An option to scan installed applications for vulnerabilities. Rescue Disk - An option to create a bootable CD or USB flash drive with tools to detect and remove malware. Automatic or Manual Updates - Kaspersky AV 2011 automatically updates its signature detection. Users may also install the updates manually. Quarantine and Exclusions - Detected or deleted threats are backed-up in the Quarantine Manager with the option to restore or clear from the system. There is also exclusion list, if you do not want the program to scan other partitions or folders.

 

Scanning - Full, Critical and Context menu scans are also available in KAV 2011. Scheduler - An option to schedule an update or system scan.

Pros Attractive easy interface. Excellent results in independent lab tests. Effective built-in support. Speed full scan. Bonus system tuning and privacy features. Rescue Disk can scan even systems that won't boot. Cons Earned mediocre scores in my hands-on malware removal and blocking tests. Erroneously identified two PCMag utilities as malware (false positives). Bottom Line Kaspersky's latest antivirus looks better than ever, and independent labs consistently put it at or near the top. In hands-on tests it scored well below what the labs would suggest, though, and it made a couple of serious faux pas false positives.

92

Table 10: Review of Kaspersky

ATTRIBUTE

POINTS

REMARKS The software is designed to protect users from several angles, effectively detecting, preventing and removing all forms of malware. The antivirus software is equipped to protect users from traditional viruses, but also has advanced technology to protect from even new unknown threats The software works in real-time, protecting you as you surf the web, download files, send and receive emails, and access files and documents. Installation is quick and straightforward, and doesn’t require a restart. The interface is effectively organized and userfriendly. The interface features a color-coded graphic so you always know your security status. One of the best parts of this security program is that you can set your preferences and let it protect you without constantly monitoring it. The Kaspersky URL Advisor continues to protect users while online. The browser plug-in is available for IE and Firefox, and stops you from navigating to infected websites. The software also utilizes the proprietary iChecker and iSwift scanning technologies to keep you protected without hogging your resources. Kaspersky Anti-Virus updates on a regular basis for continual security. Updates run in the background automatically, and are frequent enough that they aren’t very big, so you shouldn’t notice any slowdown. Technical support comes in the form of a searchable online knowledgebase, FAQs, product manuals and an active form. You can easily access these resources online or from the program itself. The software also includes context-sensitive helps.

Scope Of Protection

4/5

Effectiveness Ease of Installation

4/5 4/5

Ease of Use

4/5

Features

4/5

Updates

4/5

Help & Support

4/5

93

19.4.3 ESET NOD 32 Antivirus [27]
Fig 18: ESET NOD 32 window

Graph 3: User ratings for ESET NOD 32

90 80 70 60 50 40 30 20 10 0 Performance Features Design

ESET NOD 32

94

ESET NOD32 Antivirus is the most effective protection you can find to combat today's huge volumes of Internet and email threats. It provides comprehensive antivirus and antispyware protection without affecting your computer's performance. Using advanced ThreatSense® technology, ESET NOD32 Antivirus proactively protects you from new attacks, even during the critical first hours when other vendors' products aren't aware the attack even exists. ESET NOD32 Antivirus detects and disables both known and unknown viruses, trojans, worms, adware, spyware, rootkits and other Internet threats. ESET NOD32 Antivirus is also one of the fastest antivirus solutions, so fast you won't even notice it running. And it's both incredibly easy to use yet simple to tailor for your specific needs. Key Benefits:
   

Protection from the Unknown Finds Malware Other AV Companies Missed Built for Speed Easy on Your System

Pros Proven security without the slowdown, ESET features heuristic detection and advanced diagnostic tools. Cons ESET has all the essentials covered, but misses others like IM protection and antiphishing. The interface is good, but not great. Bottom Line Although Eset NOD32 Antivirus 4 is fast, its malware detection and cleanup capabilities are lacking. 95

Table 11:Review of ESET NOD 32

ATTRIBUTE

POINTS

REMARKS Eset Nod32 is equipped with all the essential technologies and features to keep your PC protected from traditional threats (viruses, worms, Trojans, spyware, and even rootkits), but is also fully armed to completely protect you while you’re online. Eset works behind the scenes to deliver protection from dialers, adware, and keyloggers. While Eset Nod32 isn’t the most effective, the software is consistently near the top in independent antivirus tests. Eset certainly holds its own with competitors for efficacy and efficiency. Eset Nod32 is certainly easy to install and implement. The software is ready to run from the get-go. Setting up manual scans and scheduling specific scans is straightforward, or you can simply let Eset work in the background and take care of itself (and your computer) automatically. Eset Nod32 Antivirus is one of the easiest antivirus programs to use. The whole program is designed to accommodate beginners, and doesn’t require a lot of tweaking and/or manual maintenance to keep running properly. Current top of the line antivirus software providers like Eset Nod32 have implemented heuristic technology to help catch viruses that are so new traditional signatures haven’t been developed yet. Eset’s refined ThreatSense technology provides proactive protection from malware, protecting you from viruses that would otherwise sneak past solely signature-based solutions. Eset doesn’t rely solely on virus signatures, but it’s still an essential part of the multi-layered security approach. As such, they have regular updates set to run automatically to keep the signature database current. Eset stands by their products with additional help and support as needed. The software is complete with a fairly in-depth product manual and inprogram links to additional support resources. 96

Scope Of Protection

3.5/5

Effectiveness

4/5

Ease of Installation

3.5/5

Ease of Use

4/5

Features

4/5

Updates

4/5

Help & Support

4/5

19.4.4 AVG Antivirus 2011 [28]
Fig 19: AVG Antivirus 2011 window

Graph 4: User Ratings Of AVG 2011

88 86 84 82 80 78 76 Performance Features Design AVG 2011

97

AVG Anti-Virus Free Edition 2011 allows you to:
  

Surf and search with confidence AVG LinkScanner's® real-time protection Stay protected on social networks with AVG Social Networking Protection Enjoy a faster running PC AVG Smart Scanning works while you're away and runs in low-priority mode when you return

Stay up-to-date with the latest threat information from the AVG Community Protection Network and AVG Protective Cloud Technology

Pros       Cons    Doesn't thoroughly remove detected threats. LinkScanner missed many phishing sites. Below-average rootkit and scareware blocking. Excellent scores in independent tests. Fast antivirus scan. Above average in malware removal tests. LinkScanner add-in blocks malicious exploits. No false positives. Free identity theft recovery.

Bottom Line AVG Anti-Virus Free 2011 is better at removing malware than most free solutions, but not at malware blocking. With the current release it has the full power of AVG's paid solutions, and the independent labs give it top marks. Add some unusual bonus features and you've got a solid choice for free antivirus protection.

98

Table 12: Review Of AVG 2011

ATTRIBUTE Scope Of Protection

POINTS 3.5/5

REMARKS The software includes antivirus and anti-spyware protection, as well as complete online protection from harmful sites and downloads. AVG is perfectly adequate antivirus software, and is certainly effective. Their detection rates aren’t as impressive as some of the other antivirus software we reviewed, but the security software is by no means ineffective. AVG Anti-Virus is easy to download and install. The installation is straightforward and doesn’t require a restart. And while it’s not the fastest, it’s relatively quick and performs an update immediately. AVG Anti-Virus is straightforward to use and simple to navigate. The streamlined user interface hasn’t dramatically changed for a couple of years (which isn’t a bad thing), but has been slightly updated, now including a one-click scan button and one-click fix button. Beginners and expert users will both appreciate the easy-to-use antivirus software with simple yet powerful controls. It is loaded with features like the gamer mode, which allows you to enjoy full-screen games (or movies, presentations, etc.) without interruptions or popup announcements. AVG Anti-Virus even includes a PC system optimizer utility. The PC Analyzer scans your system and locates registry errors, junk files, disk errors and broken shortcuts. Keeping your protection up to date with AVG AntiVirus is no problem. Regular definition updates are checked for automatically and can be set to perform every hour (every 4 hours is the default). In-program help is available with a user manual and links to additional resources online. The online support center has the usual FAQs section and knowledgebase. AVG offers email support for specific inquiries, but no phone support.

Effectiveness

4/5

Ease of Installation

4/5

Ease of Use

4/5

Features

4/5

Updates

4/5

Help & Support

3/5

99

19.4.5 NORTON 2011 Antivirus [29]
Fig 20: NORTON 2011 Antivirus window

Graph 5: User Ratings Of Norton 2011

100 80 60 40 20 0 Performance Features Design Norton 2011

100

Norton AntiVirus 2011 is top-notch antivirus with impressive bonuses. It doesn't ace most of the tests, but it did very well. You won't go wrong with Norton for protection.         Protects against viruses, spyware, Trojan horses, worms, bots, and rootkits. Provides continuous automatic protection against new threats Reduces scan time with smart scanning, so you can work and play uninterrupted Protects against web-based attacks that use vulnerabilities in your browser Protects against the latest threats with a proactive, multilayered protection system Prevents others from taking control of your PC and using it to attack other PCs Helps secure and monitor your home network Automatically secures your PC when connecting to public wireless hotspots

Pros Quick installation. Automated help. High rating independent lab ratings. Best malware-removal score yet. Checks files from Web, e-mail, IM, more. Effective intrusion prevention system. Interactive threat map. Proactive performance warnings. Cons Beaten in malware blocking and specific malware removal tests. Info displays are informative, but unduly complex for some users. Bottom Line Norton AntiVirus 2011 is top-notch antivirus with impressive bonuses. It doesn't ace most of the tests, but it did very well. You won't go wrong with Norton for protection.

101

19.5 Virus Total.com [30]
Fig 21: VirusTotal.com interface

VirusTotal is a service developed by Hispasec Sistemas that analyzes suspicious files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and web analysis toolbars. VirusTotal's main characteristics are:
 

Free, independent service. Runs multiple antivirus engines. 102

       

Runs multiple file characterization tools. Real time automatic updates of virus signatures. Detailed results from each antivirus engine. Runs multiple web site inspection toolbars. Real time global statistics. Analysis automation API. Online malware research community. Desktop applications (VTUploader, VTzilla) for interacting with the service.

It uses up to 43 different antivirus products. Files can be sent either through the website or via email. The variety of products used by the website allows a user to check for viruses that the user's own antivirus solution may have missed, or to verify against false positives. The drawback to using VirusTotal is that it can only scan submitted files, and cannot perform system-wide scans on the user's computer. Another restriction users would face is that the size of the file uploaded or emailed to virustotal for scanning is up to 20 MB.

103

Fig 22: Scan Report of a Test File

104

19.6 Sandboxie (Isolation Program) [31]
Sandboxie runs your programs in an isolated space which prevents them from making permanent changes to other programs and data in your computer. It creates a sandboxlike isolated operating environment in which applications can be run or installed without permanently modifying the local or mapped drive. An isolated virtual environment allows controlled testing of untrusted programs and web surfing.

Fig 23: Sandboxie

The red arrows indicate changes flowing from a running program into your computer. The box labeled Hard disk (no sandbox) shows changes by a program running normally. The box labeled Hard disk (with sandbox) shows changes by a program running under Sandboxie.

105

Benefits of the Isolated Sandbox

Secure Web Browsing: Running your Web browser under the protection of Sandboxie means that all malicious software downloaded by the browser is trapped in the sandbox and can be discarded trivially.

Enhanced Privacy: Browsing history, cookies, and cached temporary files collected while Web browsing stay in the sandbox and don't leak into Windows.

Secure E-mail: Viruses and other malicious software that might be hiding in your email can't break out of the sandbox and can't infect your real system.

106

20. INFORMATION TECHNOLOGY ACT, 2000
-Certain provisions pertaining Cyber Security
The IT Act 2000 was mainly to ensure legal recognition of e commerce within India. Due to this most provisions are mainly concerned with establishing digital certification processes within the country. Cyber crime as a term was not defined in the act. It only delved with few instances of computer related crime.

IT Amendment Act, 2008
IT Act Amendment which came into force after Presidential assent in Feb 2009 has following salient features:

S. No
1

Feature

Section

Liability of body corporate towards Sensitive Section 43 Personal Data Introduction of virus, manipulating accounts, Section 66 denial of services etc made punishable Phishing and Spam While this has not been mentioned specifically but this can be interpreted in the provisions mentioned here in section 66 A.

2

3

4

Stolen Computer resource or communication Section 66B device Misuse of Digital Signature Cheating Cyber terrorism Child pornography Intermediary’s liability Surveillance, Interception and Monitoring Section 66C Section 66d Section 66F Section 67 b Sections 67C Sections 69

5 6 7 8 9 10

107

108

21. Survey and Analysis
A survey was conducted among a total of hundred students & professionals to study the level of awareness regarding network threats and the knowledge of software products available in the market to counter such network threats. Based on the conducted survey and the market research, a comparative analysis of various products and techniques to enhance network security was done.

21.1 Awareness about various threats
Surveyed Individuals = 100
Graph 6: Bar graph depicting awareness about various threats

Spam E-mail Keylogger Phishing Identity Theft Malware Spyware Worm Trojan Virus 0% 20% 40% 60% 80% 100%

Conclusion: Most individuals surveyed were aware of the basic threats to network security but very little percentage of individuals had knowledge of relatively newer and more lethal threats like spywares, malwares, identity theft, phishing and keyloggers.

109

110

21.2 Antivirus Softwares Used
Surveyed Individuals = 100

Graph 7: Bar graph depicting Antivirus softwares used

McAfee Bit Defender Avira Quick Heal NORTON 0% 10% 20% 30% 40%

Conclusion: Even though as stated earlier, on the basis of online surveys and review sites, Bit Defender and Kaspersky Antivirus Softwares are rated as the best. However, on a more local level as depicted by the results of the survey above, a large percentage of individuals prefer Avast and AVG Antivirus, which are freewares, probably indicating that general preference is to Freeware Softwares at the expense of better network security which is being offered by the afore mentioned paid products.

111

112

21.3 Awareness about Security Measures

Surveyed Individuals = 100

Graph 8: Bar graph depicting awareness about security measures

Firewall (Purchased)

Firewall (Windows) AntiMalware

AntiSpyware 0% 20% 40% 60% 80%

Conclusion: As shown by Graph. 1 (Analysis of various threats), due to limited awareness about newer threats like spyware and malware, the outcome is reflected in the above bar graph as well, wherein very few individuals cared to invest in security measures like Anti-spyware and Anti-malware to counter the same.

113

114

References
1. http://www.us-cert.gov/cas/tips/ 2. http://www.ehow.com/how_11818_rid-computer-virus.html 3. http://en.wikipedia.org/wiki/Phishing 4. en.wikipedia.org/wiki/In-session_phishing 5. http://computer.howstuffworks.com/phishing.htm 6. en.wikipedia.org/wiki/Pop-up_ad 7. http://whatis.techtarget.com/definition/0,,sid9_gci212806,00.html 8. en.wikipedia.org/wiki/Digital_signature 9. en.wikipedia.org/wiki/Keystroke_logging 10. www.ask.com/questions-about/Keylogger 11. http://www.net-security.org/article.php?id=816 12. http://www.itsecurity.com/features/25-common-email-security-mistakes022807/ 13. http://en.wikipedia.org/wiki/Email 14. http://windows.microsoft.com/en-IN/windows-vista/How-to-know-if-an-onlinetransaction-is-secure 15. en.wikipedia.org/wiki/Wireless_security 16. en.wikipedia.org/wiki/HTTP_cookie 17. http://anti-virus-software-review.toptenreviews.com/ 18. http://www.filehippo.com/search?q=Antivirus 19. http://www.webroot.com/En_US/consumer-products-spysweeper.html 20. http://www.malwarebytes.org/mbam.php 21. http://www.lavasoft.com/ 22. http://www.safer-networking.org/en/index.html. 23. http://www.zonealarm.com/security/en-us/zonealarm-pc-security-freefirewall.htm 24. http://www.comodo.com/home/internet-security/firewall.php 25. http://www.bitdefender.com/ 115

26. http://www.kaspersky.com/kaspersky_anti-virus 27. http://www.esetindia.com/home/smart-security/ 28. http://free.avg.com/in-en/download-avg-antivirus?cmpid=fs_in_avban_hpavpro 29. http://antivirus.norton.com/norton/ps/3up_in_en_navnis360.html?om_sem_cid =hho_sem_ic:in:ggl:en:e|kw0000092004 30. http://www.virustotal.com/ 31. http://www.sandboxie.com/

116