UNIT # 6: COMPUTER SECURITY AND ETHICS

EXERCISE
Q1 Select the best answer for the following MCQs
I II III IV V VI VII VIII IX X
C D B C C D D C D B
SHORT QUESTIONS
Q2 Write short answers of the following questions.
I Define Cybercrime
Ans Any crime done by means of computer and information technology by having unlawful
access to others computers is called cybercrime
II What is the importance of computer security?
Ans Computer security refers to protecting computer hardware, software and information
stored on computer from threats
Importance of Computer Security
 Computer users exchange information with each other over internet. This can infect
a user’s computer with virus or other types of malicious software
 Computer security or safety is important for computer users to protect their computer
from different threats
 It is necessary to install security software such as firewall, antivirus and spyware on
computers.
III Differentiate between hacker and cracker
Ans Difference between hacker and cracker
Hacker Cracker
A person who illegally breaks into A person who breaks into computer
others computer systems is known as systems without permission using
hacker hacking tools is known as cracker
Hacker are computer experts who try to Most of the crackers do not have
gain unauthorized access to computer professional computer skill to hack
systems for stealing and corrupting computer systems but they have
information knowledge about using hacking tools
Hackers have in-depth knowledge of Crackers break into computers and
network programming and can create cause serious damage
tools and malicious software. Most of the
hackers break into computers for
financial benefits
For example, a hacker develops software For example, they also break into web
in which a dictionary files is loaded that servers and replace the home page of a
contains all the dictionary words. This website with a page of their own design
method works if the user is having a
simple password that exists in the
dictionary.
IV Describe any five symptoms of malware
Ans  The computer does not start or it reboots automatically when it is on
 Different types of error messages appear on the screen
 Programs do not run in a normal way
 Computers run very slow
1
UNIT # 6: COMPUTER SECURITY AND ETHICS

 New files or folders are created on the hard disk

 Folders are deleted or changed on the hard disk
V Differentiate between authentication and authorization
Ans Authentication Authorization
Authentication means identifying a Authorization means to give someone
person based on a method such as permission to do something
username and password
For example, when a user wants to login For example, if correct username and
to his email account, he is asked to enter password are entered, the user is
username and password to verify his authorized or allowed to check his emails,
identity. This is authentication send email or perform other tasks related
with email service. This is authorization
VI Which authentication methodology provides highly secure identification and
verification? Justify your answer
Ans Biometrics provides highly secure identification and personal verification characteristics
of individuals such as features of face, hand geometry, retina, voice and fingerprint.
Biometrics based systems are used for financial transactions, electronic banking and
personal data privacy
Justification
 Biometrics provides more accurate authentication than using username and
password or PIN
 Biometrics is associated with a particular individual
 Hence, it cannot be borrowed, stolen or forgotten
 Forgoing in biometrics is practically impossible
VII What is meant by information privacy?
Ans Information privacy refers to an individual right to the privacy of personal information.
In modern information age, people are concerned that computers may be taking away
their privacy.
VIII Give any thee drawbacks of software piracy?
Ans  Downloading files illegally have a risk of viruses and spywares. Pirated software can
carry viruses or may not function at all.
 Unlicensed users do not receive quality documentation. It also deprives consumers
of the basic protections offered by properly licensed software like money-back
guarantees, installation support, maintenance releases and upgrade rebates
 Piracy can expose end-users to potential risks of identity theft if criminals who sell
fake software CDs obtain a buyer’s name, address, credit card and other information
during purchase. This increases identity theft risk
IX What types of problems may be faced if computer users do not comply with the
moral guidelines of computer ethics?
Ans If computer users do not comply with the moral guidelines of computer ethics they may
face the following problems
(i) Computer users may be faced with bad language while chatting and social
networking
(ii) Other people will not respect the views of computer users and criticize them
(iii) Computer users will face the problem of downloading copyrighted material
(iv) A computer user may see something on the internet that is morally objectionable
or illegal
2
UNIT # 6: COMPUTER SECURITY AND ETHICS

X Name any three places where authentication of people is required

Ans Following are three places where authentication of people is required
 Banks
 Airports
 Universities / Hospitals

SOME EXTRA SHORT QUESTION

I Who create the first computer virus and when?
Ans Two Pakistani brothers, Basit Farooq Alvi and Amjad Farooq Alvi in Lahore in 1986
created the first computer virus named ‘Brain’.
II Define authentication mechanisms
Ans Authentication means identifying a person based on his username and password.
Personal Identification Number (PIN) etc. Various types of authentication mechanisms
have been developed to protect the computer systems from unauthorized access.
III What is a firewall?
Ans Firewall is a software or piece of hardware used to prevent unauthorized internet users
from accessing computer systems that are connected to internet.
IV What is the difference between authorized and unauthorized access?
Ans Authorized access Unauthorized access
When a person’s identity is approved by If a person gains access to computer
entering information such as username system without identity approval then he
and password or PIN, he has authorized has unauthorized access which is a crime
access to a computer or computer
network
V What do you mean by multimodal authentication?
Ans The process of verifying user identification using multiple authentication methods is
known as multimodal authentication. For example a multimodal authentication can be
performed by scanning both the fingerprint and eye retina of the user. The user will be
able to access the system only if both systems identify the user successfully.
VI Define password. Write the purpose of password. Also how can we create a
strong password?
Ans Password is a secret word that is used to protect a computer system or program. The
user has to type the password to access the computer system. The purpose of
password is to protect data stored on a computer. Password can be changed only by
authorized person. A strong password is the combination of upper case, lower case,
numbers and special symbols.
VII What is Personal Identification Number (PIN)?
What do you known about Passcode?
Ans A PIN is a numeric password that is used to authenticate a user to access a system.
It is also known as passcode. It is typically used with username or access cards.

3
UNIT # 6: COMPUTER SECURITY AND ETHICS

EXTENSIVE QUESTIONS
Q3 Write long answers of the following questions.
I Define malware and describe its types
Ans Malware is malicious software. It comprises of a number of harmful software that are
threats to all computer users. Malware is created for attack on privacy, spying,
destruction and financial benefits
Types of Malware
Most common types of malware are
1. Computer Viruses
Computer virus is a program that may disturb the normal working of computer without
the knowledge or permission of the user. It is the most common and well known
computer security threat. Virus attached itself to the files in flash, drives, hard disks and
email attachments. A file containing a virus is called infected file. The virus is activated
when the infected file is executed. Some examples of computer virus include I Love
You, MyDoom, Cascade and FRODO. The virus I Love You is spread as an email
attachment. The MyDoom virus was discovered in 2004. It infected about one million
computers.
2. Worms
A worm is a malware that copied itself repeatedly in memory or on disk until there left
no space. The computer may also stop working in this situation. Worm spreads from
one computer to other through networks without any human action. It typically enters a
computer due to any weakness in the operating system. Some examples of worms are
Code Red, Fizzer and Blaster. The worm Code Red was spread in 2011. It infected
about 360,000 computers in a day. The worm Fizzer records the keystrokes. It allows
the attacker to access the infected computer.
3. Adware
Adware is a type of software that automatically downloads and displays advertisements
on computer without the permission of the user. The advertisements may appear in the
form of banner or pop-up windows. Adware records the interests of the user while using
the internet. It displays the advertisements according to the interests of the user. It may
also download some malicious software on the computer. Some examples of adware
are as Dollar Revenue, Mirar Toolbar and Comet Cursor.
4. Spyware
Spyware is a program that secretly collects information from computer. It may also
collect keystrokes from the keyboard to find the email address, password and credit
card information. The information is sent to the person who designed the spyware. This
information can be used for unauthorized access. The example of spyware is Flame
that was discovered in 2012. It attacks the computers that use Windows operating
system. It can record keystrokes, screenshots and network traffic etc. It can also record
the conversation over skype.
II Explain how malware spreads
Ans The following are different ways malware can spread in computers
1. Infected Flash Drives / CDs
USB flash drivers are the common cause of spreading viruses among computers.
These drives are used to transfer data from one computer to other. A malware can also
be copied from one computer to other when the user copies infected files from flash
drives. It is always a good practice to scan USB before transferring any data from it.

4
UNIT # 6: COMPUTER SECURITY AND ETHICS

2. Pirated Software
The illegal copy of software is known as pirated software. A variety of pirated software
is available on CD/DVD and the internet. Pirated software may contain malicious
programs. These malicious program can spread if the user installs pirated software. It
is always a good practice to buy original software instead of using pirated software.
3. Network and Internet
The networks and internet are also a common cause of spreading virus. The malicious
software on any computer of the network may spread quickly to all computers
connected to that network. Many insecure websites also infect computer with malicious
programs. It is a good practice to open only reliable websites.
4. Email Attachments
Email attachment is a common cause of spreading malicious software. Email
attachment is a file that is sent along with an email. An email may contain an infected
file attachment. Malicious software can spread if the user opens and download an email
attachment. It may hard the computer when it is activated. It is a good practice not to
open suspicious emails to avoid infected attachments.
III Explain how to protect computer systems from virus attacks
Ans Following are some ways to protect computer systems from virus attacks
1. Install a Firewall
A firewall is a software program or piece of hardware that blocks hackers from entering
and using your computer. Hackers search the internet the way some telemarketers
automatically dial random phone numbers. They send out pings (calls) to thousands of
computers and wait for responses. Firewalls prevent your computer from responding to
these random calls. A firewall blocks communication to and from sources, you do not
permit. This is especially important if you have a high speed internet connection like
DSL
2. Use Antivirus Software
Antivirus software protects your computer from viruses that can destroy your data slow
down or crash your computer or allow spammers to send email through your account.
Antivirus protection scans your computer and your incoming email for viruses and then
deletes them. You must keep your antivirus software updated to cope with the latest
‘bugs’ circulating the internet. Some examples of antivirus software are
Norton Antivirus, McAfee, AVG, Kaspersky, BitDefender, NOD32
3. Use Anti-Spyware Software
Spyware is a software installed without your knowledge that can monitor your online
activities and collect personal information you surf the Web. Some kinds of spyware,
called key loggers, record everything you key in – including your passwords and
financial information. Signs that your computer may be infected with spyware included
a sudden flurry (burst) of pop-up ads, being taken to Websites you do not want to go
to, and generally slowed performance. Some examples are: Spysweeper, Spybot
Search & Destroy, Spyware Doctor, Ad-Aware, Spyware Blaster
4. Use Great Caution When Opening Attachments
Configure your antivirus software to automatically scan all email and instant message
attachments. Make sure your email program does not automatically open attachments
or automatically render graphics, and ensure that the preview pane is turned off. Never
open unsolicited emails or attachments that you are not expecting, even from people
you know.

5
UNIT # 6: COMPUTER SECURITY AND ETHICS

5. Be Careful When Using P2P File Sharing

Trojans hide within file-sharing programs waiting to be downloaded. Use the same
precautions when downloading shared files that you do for email and instant
messaging. Avoid downloading files with the extensions .exe, .scr, .lnk, .bat, .vbs, .dll,
.bin and .cmd
IV What are the common methodologies used for authentication?
OR Describe different authorization methodologies
Ans Different authorization methodologies are as follows
1) Username and PasswordA username consists of letters, numbers and special
characters that identifies a specific user. Each user of a specific system has a unique
username. It is also known as User ID. A password that associated with a specific
username is used to authenticate a user. The user has to type the username and
password to access a system and its resources. This method is used to protect the
system and its resources. It only allows an authorized user to access the system. The
level of access for different users is based on this method.
2) PIN (Personal Identification Number)
A PIN is a numeric password that is used to authenticate a user to access a system. It
is also known as passcode. It is typically used with username or access cards. For
example, PIN is required to access ATM using ATM card to withdraw money.
3) Access Card
An access card is a plastic card that is used to gain access to a system. It looks similar
to a credit card. It generally does not require username, password or PIN. An access
card has a chip or magnetic strip that contains encoded data. The data is read by the
card reading devices. The common use of access card are as follows
 Opening security gates in the office
 Opening barriers in the parking areas
 Opening hotel room
4) Biometrics
Biometrics is a technology that authenticates the user by verifying personal
characteristics. A biometric identifier is a physiological or behavioral characteristic of
a person. Some examples of biometric identifiers are fingerprints, hand geometry, facial
features, voice and retina. Some important biometric techniques are explained here:
Fingerprint Recognition
The fingerprint of every person is unique, it can be used to authenticate a user. A
fingerprint recorder can identify a person by scanning the fingerprint. Some latest
mobiles and notebook computers allow user to log on the system using fingerprints.
Facial Recognition
A facial recognition system captures the face image of a person. It compares it with
another image stored in the computer to authenticate the user. Some notebook
computers use this system to protect computer system.
Palm or Hand Recognition
The palm or hand recognition system verifies the identity of a user by checking the
shape and size of hand. It can be used to authenticate a user to access the system and
its resources.
Voice Recognition
A voice recognition system compares the voice of a person with the stored voice. It can
be used to authenticate a user to access the system and its resources. The financial
organizations use this system in secure telephone bankingtransactions.
6
UNIT # 6: COMPUTER SECURITY AND ETHICS

Signature Recognition
A signature recognition system identifies the shape of handwritten signature. It also
measures the pressure and motion used to write the signature. It uses special pen and
tablet.
Eye Scan
An Iris recognition system scans the patterns in iris or retina of an eye. It authenticates
the user by verifying the unique pattern in the eyes of the user. It is very expensive and
is used by large organizations and financial institutes.
V Define computer ethics and write some important guidelines for ethical use of
computer technology.
Ans Computer Ethics
Computer ethics are the moral rules and guidelines that determine the proper use of
computer system. The computer should be used according to the ethics in order to
avoid any problem in the security.
Moral Guidelines for Ethical Use of Computer
Some moral guidelines for ethical use of computers are as follows
 Computer should not be used to harm others
 Computer should not be used to steal anything such as credit card numbers
 Computer should not be used to develop and spread viruses or worms etc.
 The user should not use any other’s computer resources without permission
 The copy righted software should not be copied illegally
 The personal email messages of other people should not be read
 An attempt to access the account of other people of organization is illegal
 The rumors or false information should not be spread over the internet
 The hacking of a computer or network is not good
 The software and hardware must be used with responsibility for positive purpose

EXTRA EXTENSIVE QUESTION

Q Explain the main areas of computer ethics
Ans: The main areas of computer ethics are explain below
Information Accuracy: Information stored on computers must be accurate, up-to-date and
complete. If wrong information is entered in computer, it can be very harmful. People may suffer
because of inaccurate information stored on computer.
Information Ownership / Intellectual Rights: Information ownership or intellectual rights
means persons who create ideas in any form are the actual owners .Ideas many be in the form
of poems, plats, novels, films, drawings, paintings, software etc. Intellectual rights protect
creative work from unauthorized use by other people and allow creators to benefit financially
from their work.
Intellectual Property: Intellectual property means the legal rights of an individual or a
corporation that result from intellectual activity in literary, artistic, scientific and industrial fields.
Countries have law to protect intellectual property to foster innovation and promote creativity.
Software Piracy: Software piracy means making illegal copies of software for use or sale for
financial benefit. When computer users buy licensed software, they have the right to use it on a
single computer. Software Copyright Law does not allow to make illegal copies o software and
install it on other computers. .
Information Privacy: Information privacy refers to an individual’s right to the privacy of personal
information. In modern information age, people are concerned that computers may be taking
7
UNIT # 6: COMPUTER SECURITY AND ETHICS

away their privacy. The Data Protection Act protects the rights of the individuals against misuse
of personal information by organizations.
Internet and Privacy: People who use internet are worried that it may be eroding their privacy.
Internet users post their personal information such as full name, date of birth, place of residence,
phone numbers, pictures, videos etc. on the Wen and it stays there Internet users enter personal
information in websites to sign up or register for services without realizing that this may lead to
invasions of privacy. This information can be accessed by hackers and used for harmful purpose.
This poses a serious threat to privacy as unauthorized people can access personal information
of individuals. Therefore, people are concerned about assault of computer and internet
technology into people’s privacy.