Chapter 8: Ethics and Security in information system

Discussion Questions

1. Briefly describe the following computer security threats.

Society has been impacted by computer security in a number of ways. Computer security ensures
users that their personal, financial, and other information will be kept secret from the eyes of others.
It impacts businesses and organizations by keeping their confidential data safe from view and harm
and helping them in staying successful. It allows users to share files and resources, an increased
amount of storage space, and an increase in cost efficiency. As well as protecting information,
computer security has impacted users and their computers from nasty viruses, threats, and malware
as well. Computer security is an important piece of technology that has impacted society since its
beginning.

a) Malware

Malware is the one of collective name for a number of malicious software, including viruses, ransom
ware and spyware. Malware consists of code developed by cyber attackers, designed to cause
extensive damage to data and systems or to gain unauthorized access to a network. Malware is
typically delivered in the form of a link or file over email. “Malware” is the general term covering all
the different types of threats to our computer safety such as viruses, spyware, worms, Trojans,
rootkits and so on. Malware has actually been a threat to individuals and organizations since the
early 1970s when the Creeper virus first appeared. Since then, the world has been under attack from
hundreds of thousands of different malware variants, all with the intent of causing the most
disruption and damage as possible. Various forms of malicious software caused trouble for the
computer users of the 1990s, performing actions ranging from deleting data and corrupting hard
drives, to just annoying victims by playing sounds or putting ridiculous messages on their machines.
Some of the attacks may have looked simple, but it was these that laid the foundations for malware
as we know it today -- and all the damage it has caused around the world.

Spyware

Spyware is becoming a reoccurring topic of conversation with most computer users nowadays. It has
evolved into one of the most annoying and frustrating problems your computer can encounter.
Although it is not a virus, it can still rob the computer of vital processing power. It is not there to
actually harm the computer, but to hide behind the scenes and view the computer’s activity. In some
cases, this is actually worse than a virus. Spyware is a general term for any bad ware or malware that
is installed onto computers and collects little bits of information at a time about users without their
knowledge. It is typically hidden from the user, and can be difficult to detect. Sometimes, however,
spywares such as key loggers are installed by the owner of a shared, corporate, or public computer
on purpose in order to secretly monitor other users. It started out as advertising supported software
but has grown into a big monster as the internet has gradually developed. Nowadays it is used in
more malicious ways but initially it was developed to help pay for free distributed software by
bundling the advertising within the software. Spyware or tracking cookies can be easily dropped into
the system by visiting certain websites. The security patches should be kept up to date in order to
prevent this.
For example, someone downloading a toolbar for their web browser may find it comes packed with
spyware for the purposes of monitoring their internet activity and computer use, or malicious
adverts can secretly drop the code onto a computer via a drive-by download. In some cases, spyware
is actively sold as software designed for purposes such as parents monitoring their child's internet
use and is designed to explicitly be ignored by antivirus and security software.

Adware

Adware is the most popular kind of spyware, and they are generally small online malwares.
Computer users view them as pop-ups, pop-over and pop-under sent by the computer adware upon
detection of online connection. Adware is the name given to programs that are designed to display
advertisements on our computer, redirect our search requests to advertising websites and collect
marketing-type data about us for example, the types of websites that we visit so that customised
adverts can be displayed. Other than displaying advertisements and collecting data, Adware doesn’t
generally make its presence known. Usually, there will be no signs of the program in your
computer’s system tray and no indication in your program menu that files have been installed on
your machine.

There are two main ways in which Adware can get onto your computer:

Via freeware or shareware

Adware can be included within some freeware or shareware programs – as a legitimate way of
generating advertising revenues that help to fund the development and distribution of the freeware
or shareware program.

Infected websites

A visit to an infected website can result in unauthorised installation of Adware on your machine.
Hacker technologies are often used. For instance, your computer can be penetrated via a browser
vulnerability, and Trojans that are designed for stealthy installation can be used. Adware programs
that work in this way are often called Browser Hijackers.

Viruses

Even if you’re careful, you can pick up computer viruses through normal Web activities like:

Sharing music, files, or photos with other users

Visiting an infected website

Opening spam email or an email attachment

Downloading free games, toolbars, media players and other system utilities

Installing mainstream software applications without thoroughly reading license agreements

What does a computer virus do?

Some computer viruses are programmed to harm your computer by damaging programs, deleting
files, or reformatting the hard drive. Others simply replicate themselves or flood a network with
traffic, making it impossible to perform any internet activity. Even less harmful computer viruses can
significantly disrupt your system’s performance, sapping computer memory and causing frequent
computer crashes.

What are the symptoms of a computer virus?

Your computer may be infected if you recognize any of these malware symptoms:

Slow computer performance

Erratic computer behavior

Unexplained data loss

Frequent computer crashes

A computer virus, much like a flu virus, is designed to spread from host to host and has the ability to
replicate itself. Similarly, in the same way that flu viruses cannot reproduce without a host cell,
computer viruses cannot reproduce and spread without programming such as a file or document.
In more technical terms, a computer virus is a type of malicious code or program written to alter the
way a computer operates and is designed to spread from one computer to another. A virus operates
by inserting or attaching itself to a legitimate program or document that supports macros in order to
execute its code. In the process, a virus has the potential to cause unexpected or damaging effects,
such as harming the system software by corrupting or destroying data. Once a virus has successfully
attached to a program, file, or document, the virus will lie dormant until circumstances cause the
computer or device to execute its code. In order for a virus to infect your computer, you have to run
the infected program, which in turn causes the virus code to be executed.

This means that a virus can remain dormant on your computer, without showing major signs or
symptoms. However, once the virus infects your computer, the virus can infect other computers on
the same network. Stealing passwords or data, logging keystrokes, corrupting files, spamming your
email contacts, and even taking over your machine are just some of the devastating and irritating
things a virus can do.

While some viruses can be playful in intent and effect, others can have profound and damaging
effects. This includes erasing data or causing permanent damage to your hard disk. Worse yet, some
viruses are designed with financial gains in mind.

cookies

With a few variations, cookies in the cyber world come in two flavors: session and persistent. Session
cookies are used only while navigating a website. They are stored in random access memory and are
never written to the hard drive. With a few variations, cookies in the cyber world come in two
flavors: session and persistent. Session cookies are used only while navigating a website. They are
stored in random access memory and are never written to the hard drive.

When the session ends, session cookies are automatically deleted. They also help the "back" button
or third-party anonymizer plugins work. These plugins are designed for specific browsers to work,
and help maintain user privacy.

Persistent cookies remain on a computer indefinitely, although many include an expiration date and
are automatically removed when that date is reached.

Persistent cookies are used for two primary purposes:

Authentication: These cookies track whether a user is logged in and under what name. They also
streamline login information so users don't have to remember site passwords.
Tracking: These cookies track multiple visits to the same site over time. Some online merchants, for
example, use cookies to track visits from particular users, including the pages and products viewed.
The information they gain allows them to suggest other items that might interest visitors. Gradually,
a profile is built based on a user's browsing history on that site.

Beware Third-Party Cookies

Third-party cookies are more troubling. They are generated by websites that are different from the
web pages users are currently surfing, usually because they're linked to ads on that page.

Visiting a site with 10 ads may generate 10 cookies, even if users never click on those ads.

Third-party cookies let advertisers or analytics companies track an individual's browsing history
across the web on any sites that contain their ads. Consequently, the advertiser could determine
that a user first searched for running apparel at a specific outdoor store before checking a particular
sporting goods site and then a certain online sportswear boutique.

Some third-party cookies may be zombies. Zombie cookies are permanently installed on users'
computers, even when they opt not to install cookies. They also reappear after they've been
deleted. When zombie cookies first appeared, they were created from data stored in the Adobe
Flash storage bin. They are sometimes called flash cookies and are extremely difficult to remove.

Like other third-party cookies, zombie cookies can be used by web analytics companies to track
unique individuals' browsing histories. Websites may also use zombies to ban specific users.

Cookies Themselves Aren't Harmful

Because the data in cookies doesn't change, cookies themselves aren't harmful. They can't infect
computers with viruses or other malware, although some cyber attacks can hijack cookies and,
therefore, browsing sessions. The danger lies in their ability to track individuals' browsing histories.
Such "Big Brother" type of behavior can pose a security concern.

Allowing or Removing Cookies

To streamline surfing, users can find the cookie section — typically under Settings, Privacy — and
click the boxes to allow cookies. Sometimes the option says, "Allow local data." Kaspersky Lab offers
step-by-step instructions for removing cookies from the most popular web browsers.

Removing normal cookies is easy, but it could make certain web sites harder to navigate. Without
cookies, users may have to re-enter their data for each visit. Different browsers store cookies in
different places, but the Settings, Privacy section — sometimes listed under Tools, Internet Options,
or Advanced — is most common. Options are available to manage or remove cookies.

Before removing cookies, evaluate the ease of use expected from a website that uses cookies. In
most cases, cookies improve the web experience, but they should be handled carefully.

When the session ends, session cookies are automatically deleted. They also help the "back" button
or third-party anonymizer plugins work. These plugins are designed for specific browsers to work,
and help maintain user privacy.

Persistent cookies remain on a computer indefinitely, although many include an expiration date and
are automatically removed when that date is reached.

Persistent cookies are used for two primary purposes:

Authentication: These cookies track whether a user is logged in and under what name. They also
streamline login information so users don't have to remember site passwords.

Tracking: These cookies track multiple visits to the same site over time. Some online merchants, for
example, use cookies to track visits from particular users, including the pages and products viewed.
The information they gain allows them to suggest other items that might interest visitors. Gradually,
a profile is built based on a user's browsing history on that site.

Beware Third-Party Cookies

Third-party cookies are more troubling. They are generated by websites that are different from the
web pages users are currently surfing, usually because they're linked to ads on that page.

Visiting a site with 10 ads may generate 10 cookies, even if users never click on those ads.
Third-party cookies let advertisers or analytics companies track an individual's browsing history
across the web on any sites that contain their ads. Consequently, the advertiser could determine
that a user first searched for running apparel at a specific outdoor store before checking a particular
sporting goods site and then a certain online sportswear boutique.

Some third-party cookies may be zombies. Zombie cookies are permanently installed on users'
computers, even when they opt not to install cookies. They also reappear after they've been
deleted. When zombie cookies first appeared, they were created from data stored in the Adobe
Flash storage bin. They are sometimes called flash cookies and are extremely difficult to remove.

Like other third-party cookies, zombie cookies can be used by web analytics companies to track
unique individuals' browsing histories. Websites may also use zombies to ban specific users.

Cookies Themselves Aren't Harmful

Because the data in cookies doesn't change, cookies themselves aren't harmful. They can't infect
computers with viruses or other malware, although some cyber attacks can hijack cookies and,
therefore, browsing sessions. The danger lies in their ability to track individuals' browsing histories.
Such "Big Brother" type of behavior can pose a security concern.

Allowing or Removing Cookies

To streamline surfing, users can find the cookie section — typically under Settings, Privacy — and
click the boxes to allow cookies. Sometimes the option says, "Allow local data." Kaspersky Lab offers
step-by-step instructions for removing cookies from the most popular web browsers.

Removing normal cookies is easy, but it could make certain web sites harder to navigate. Without
cookies, users may have to re-enter their data for each visit. Different browsers store cookies in
different places, but the Settings, Privacy section — sometimes listed under Tools, Internet Options,
or Advanced — is most common. Options are available to manage or remove cookies.

Before removing cookies, evaluate the ease of use expected from a website that uses cookies. In
most cases, cookies improve the web experience, but they should be handled carefully.
Describe any two (2) security measures to protect information systems from threats

questions 2

With the wide use and availability of the Internet comes convenience. But the Internet also brings all
sorts of threats.

1. Keep All Software Updated

As pesky as those update alerts can be, they are vital to your network’s health. From anti-virus
software to computer operating systems, ensure your software is updated. When a new version of
software is released, the version usually includes fixes for security vulnerabilities. Manual software
updates can be time-consuming. Use automatic software updates for as many programs as possible.
Most modern software and applications update automatically, but make sure you agree to install
updates when prompted. The common software to keep updated are:

operating systems, for example Windows, Mac OS, iOS, Android

antivirus and security software

browsers, for example Internet Explorer, Firefox, Chrome

web plugins, for example Adobe Flash, Reader, Skype, Apple Quicktime, iTunes, Java, ActiveX

other types of applications, for example Microsoft Office

2. Use Network Protection Measures

Protecting your network is crucial. To keep your network and its traffic secured:

Install a firewall

Ensure proper access controls

Use IDS/IPS to track potential packet floods

Use network segmentation

Use a virtual private network (VPN)

Conduct proper maintenance