COMPUTER SCIENCE – 11

Chapter 6
Security, Copyright
and the Law
Contents
• Computer Security
• Computer Virus
• Antivirus Software
• Data Security
• Security Threats
• Data Protection
• Privacy Issue
• Data Protection Legislation
• Copyright
• Password
• Backup of Data
Computer Security
Q.1What is computer security? How it is maintained on a computer?
 Computer Security
• Computer Security  Protecting a computer system and data stored in it from being
damaged or accessed by unauthorized persons
• Different methods or techniques to ensure the security of computer system
• What you have (Physical Access)?
• Unauthorized access  protected by  providing a key, token, or plastic card to authorized
• Authorized user use any of these  to gain access to server room or a building
• What you know (User ID & Password)?
• Authorized users  User-IDs & Passwords
• Must be entered to get access to system
• Only those users who know user-ID & password  access
• What you do (Confirmation of authorized user)?
• Authorized users  asked to enter signature to confirm
• What you are (Authorization through the human body)?
• Biometrics approach
• biological means for identification  fingerprints, voice recognition, eye retina, etc.
Computer Virus
Q.2What is a computer virus? How can it affect the computer?
• Causes of Viruses
• Activation of a Virus
• Types of Viruses
• Safeguarding against Viruses
 Computer Virus
• Computer virus  small computer program that affect computer system
• Damage or destroy valuable data stored in computer system
• Load into user’s computer (primary or secondary memory) without his/her knowledge
• Replicate itself  make many copies in memory or on disk
• Code for computer virus  written in programming language
• Code attached to program file
• Infected File  File containing a virus
• When infected file copied to a disk
• virus also copied & attaches to other files on disk
• Infected Disk  disk that contains virus/viruses
• Problems created by viruses
• Damage software like operating system
• Damage or corrupt important data files stored on computer
• Destroy all data stored in hard disk by formatting it
• Change boot sector' of hard disk. (If boot sector affected, computer cannot boot)
• Slow down speed of computer system
• Make resources unavailable to users
• Detect passwords, pin codes, and credit card numbers, etc.
 Causes of Viruses
(i) E-Mail
• Viruses spread through e-mail messages
• Email  infected file attachment
• User opens infected email attachment
• Virus may infect computer
• Virus transferred to other computers  when email sent from infected computer
(ii) Networks
• Major source of virus  computer network (i.e. Internet)
• If computer infected by virus  infect other computers in network also
• Example
• when users access infected computer in network  then viruses transferred or copied
• when user downloads infected file  virus transferred also
• Infect files stored on computer
 Causes of Viruses
(iii) Removable Storage Media
• Removable storage media (such as USB flash drives and CDs)
• used for transferring files
• In flash drive  infected files
• When user copies infected files  viruses also transferred/copied
(iv) Pirated Software
• ‘pirated’  ‘copied illegally’
• Pirated software  software which is installed and used illegally (or without a
license)
• Major source of spreading viruses
• Software companies intentionally attach viruses with software
• When software installed illegally  viruses activated & damage computers
• Viruses activated only  when license file not found
 Activation of a Virus
• Activation of virus  When virus performs its actions
• Different computer viruses  activated in different ways
• Example: Some viruses activation  on certain date
• Virus  Part of application programs or OS
• Application program run
• Checks system date
• If system date matches with activation date  virus activated
 Types of Viruses
(i) Boot Sector Virus
• Disk divided into  logical tracks
• Each track further divided into  sectors
• Data stored in sectors
• OS on disk  special program in its first sector boot sector
• When computer turned on  boot sector program automatically loaded into memory
• This program  loads OS into memory
• Boot sector virus  modifies program in boot sector
• Once boot sector infected  boot sector virus loaded into memory whenever computer turned on
• Attached with executable files i.e. .exe, .com & .dll files
• Files used by user  attached virus activated
• Infects other files, performs destructive activities, destroys data files
(ii) Chernobal Virus
• Chernobal  Microsoft Windows virus
• Most harmful virus
• Deletes all Microsoft Office files and other data
• Also deletes partition information from disk & corrupts system’s BIOS (Basic Input/Output System)
 Types of Viruses
(iii) Logic Bomb
• Activated  when specified conditions met
• Example:
• activated on specific date & time
• activated when special files not found
• When virus activated  important data deleted or corrupted
• Mostly attached with pirated software
• Often called Time Bomb
(iv) Trojan Horse
• Attached to some programs or other files
• Trojan virus activated  When infected programs executed (or opened)
• Affect performance of computer
• Damage data stored on hard disk
• Example of Trojan horse: FormatC
• Allows unauthorized access to a computer system
• Allow hacker to access remote computer
• Hacker  perform various destructive operations on remote computer
 Types of Viruses
(v) Redlof
• Redlof virus  polymorphic virus
• Polymorphic  "change nature with passage of time“
• Virus changes its nature with the passage of time
• Difficult to catch with antivirus program
• Written in Visual Basic Script
• Depends on Microsoft ActiveX Component to execute itself
• Execution of Virus  locates "Folder.htt" file & infects
• "Folder.htt" file  part of Windows Active Desktop feature
Some other Viruses
• viruses  detect some special information & send to other
• Information  like passwords, or any sensitive data
• Example  Virus program read password, Pin Code, or credit card number, then send to another user
• Viruses  make resources unavailable to users
• Example: virus after copying itself on all computers  affect communication activity on network
• Network become unavailable for users
 Safeguarding against Viruses
• Always use antivirus programs with latest versions
• to detect & remove viruses
• Minimize data transfer between computers through removable storage media
• Removable storage media  USB flash drive, CD, and floppy disks
• Scan for viruses removable storage media
• Never open Junk or unknown e-mails
• Should not install pirated software
• Always use licensed software
• Freeware and shareware software downloaded from Internet  contain
viruses
• Scan with latest antivirus program before using them
• Always keep backup of data
• Backup of data  used if virus deletes data or modifies it
Antivirus Software
Q.6What is antivirus software? Give some examples of antiviruses
 Antivirus Software
• Antivirus software  Software that used to detect and remove viruses from computer
• Prevents viruses from entering computer
• Available antivirus programs
• contain a list of known viruses
• contain methods for removing viruses from infected files or disks
• No single antivirus software  can remove all viruses
• Many new viruses are developing and spreading through Internet
• Latest antivirus software must be installed on computer to save computer from new viruses
• Upgrade antivirus software and scan computer system regularly
• Examples of famous antivirus programs
• Norton antivirus
• McAfee
• Kaspersky
• AVG
• NOD 32
Data Security
Q.7What is data security? Describe its importance.
 Data Security
• Data Security  Protection of data
• Important data of organization  can be lost, deleted, or destroyed accidentally or intentionally
• Data is more valuable  than computer hardware & software
• Failure of hardware  replace hardware
• Software loss  re-install software
• Data loss  difficult to recover in time
• To ensure data security  Necessary arrangements must be taken
• Organization is responsible for data security
• Online services provided by organization to their customers/users
• A credit card company put data of its customers online
• A bank providing online services
• University provide facility of viewing results online, online exams (GRE, GUAT, etc.)
Importance of Data Security
• If some unauthorized user ("intruder") gains access to data of organization
• organization may suffer serious problems
• Examples:
• Unauthorized user may use credit card number of another user for shopping
• Unauthorized user may delete important data of a business or an organization
• Protect data from illegal and unauthorized access
 Security Violation
• Someone may enter computer room
• Take away all storage devices on which sensitive data is stored
• Unauthorized user may take access to personal data of someone
• Gain advantages
• Example: gets access to credit card number and Pin Code,
• then use it for online shopping
• Unauthorized user may use an online mail server
• Online mail server  "mail.yahoo.com“
• May view e-mail messages of other users
• Someone can send a virus program onto a network
• Virus  slow down network
• may corrupt important data
• Unauthorized access to bank accounts
• Transfer a large amount of money from other accounts to his account
• A person may make a computer so busy by sending many requests
• Computer may become unavailable to authorized users
• denial of service situation
Security Threats
Q.9What is meant by security threats? Discuss different threats to data security.
What are the solutions to these threats?
 Security Threats
• Threat  computer program, a person, or an event that violates (or breaks) the security system
• Causes loss of data & attacks data privacy
• Different threats to data security
(1) Unintentional Threat
• Unintentional  "by mistake or by chance“
• Authorized user  may delete sensitive data by mistake or accidentally
• Data may be corrupted or deleted due to:
• technical failure of hardware
• sudden breakdown of electric supply
• failure of some program running on the computer
• viruses etc.
• Solutions
• Backup  Regular Backup of data
• Can be used to recover the deleted data
• Antivirus  Latest antivirus software
• Scan all data coming into the computer
 Security Threats
(2) Intentional Threat
• Intentional  planned or with a purpose
• Unauthorized (or authorized) user  may delete sensitive data intentionally
• User  angry employee of an organization or any other unauthorized person
• Usually, hackers
• person who is technically a computer expert
• breaks security for deleting or modifying data
• Gets access to data through computer network  using computer software, tools, or other techniques
• Solutions
• Users Rights  Assigned proper rights to minimize intentional security threats
• Only authorized users  allowed to delete or modify data (step-by-step process)
• Password Password must be used for accessing any resource
• Log file  maintained to keep track of all activities performed on data or files
• Authorized users should change their passwords periodically
• Password should not be very short
• Common word should not be used as a password
• Encryption  Process of encoding data in such a way that only an authorized person can understand & use it
• Conversion of readable data into an unreadable format
• Sensitive data encoded  before storage or transmission over a network
• If anyone (unauthorized person) gets access to data, he may not be able to understand it
• Lock Computers and all backing storage devices should be placed in locked rooms
• Only authorized users should be allowed to access these resources
Data Protection
Q.10 What is meant by data protection?
 Data Protection
• Data Protection  Process of hiding personal data from unauthorized persons or organizations
• Almost all departments and organizations collect and maintain their data on computers
• Police department  maintains records of different people
• Bank  maintains records of financial dealings
• Hospital  maintains data about disease history of different patients etc.
• Owner of personal data  person to whom it belongs
• Personal data  can be used only for purpose for which it was obtained
• Use of this data for any other purpose  against person privacy
• Example:
• Hospital  provide personal data of one or more patients to medical researchers
• Use data for research purposes or to make some other decisions
• If hospital management distributes personal data of particular patient somewhere else
• then this may disturb patient (e.g. in the case when the patient has some mental disorder or has a bad
history)
• Data protection rules  do not allow anyone (or organization) to misuse personal data of any
person
Privacy Issue
Q.11 What is the privacy issue? How is data privacy ensured?
 Privacy Issue
• Privacy issue  any person (an individual) has the right to see data collected
about him
• Submit an application to view personal data
• A person also has right to stop processing of his data by the organization
• No worker of organization is allowed  to disclose or use data
• If data is used without person’s permission  crime committed
• Data protection act  tries to minimize misuse of personal information
• Organization  collect necessary data
Ensuring Data Privacy
• Organization is responsible for keeping data updated
• Organization should keep data for specified period of time only
• Not keep data longer than the necessary time period
• Organization is responsible for all kinds of security of data
Data Protection Legislation
Q.12 What is data protection legislation? Describe the principles of data
protection act.
 Data Protection Legislation
• Data protection legislation (or principle)
• defines laws that ensure data protection
• Many countries have defined data protection legislation
• Some advanced western countries enforce this law properly
• Basic principles  Data protection legislation of different countries is based
Principles of Data Protection Act
• Purpose of keeping personal data must be clearly defined
• by organization obtaining that data
• Individual about whom the data is collected must be informed
• about identity of organization or individual that collects data
 Important Privacy Acts
1980 Privacy Protection Act
• Prohibits agents of federal government from making unannounced searches of press office
1984 Cable Communications Policy Act
• Restricts cable companies in collection & sharing of information about their customers
• First legislation (or principle) to regulate the use of information  which is processed on the computer
Data Protection Act 1984
• Purpose  to protect individual’s data from unauthorized use and disclosure of personal information
• Eight principles
• Information in personal data shall be obtained and processed fairly & lawfully
• Personal data shall be held only for one or more specified & lawful purposes
• Personal data held for any purpose shall not be used or disclosed in any manner
• Personal data held for any purpose shall be relevant to the specified purpose
• Personal data shall be accurate and where necessary, kept up to date
• Personal data held for any purpose(s) shall not be kept for longer than is necessary for that purpose
• Personal data shall be made available to a person on his request, to whom data refers
• Appropriate security measures shall be taken against unauthorized access, or alteration, disclosure, accidental loss, or destruction
of personal data
1987 Computer Security Act
• This Act makes actions that affect computer security files & telecommunication illegal
 Important Privacy Acts
Video Privacy Protection Act 1988
• Prevents disclosure of a person’s video rental records without a court order
Matching Privacy Protection Act of 1988
• Prevents government from comparing certain records to find a match
Computer Misuse Act 1990
• This Act makes provision for securing computer material against unauthorized access or modification
• Passed to deal with the problem of hacking
• Key offences
• Unauthorized access to computer material
• Unauthorized access to commit or facilitate offences
• Unauthorized modification of computer material
1998 Data Protection Act
• Came into force early in 1999
• Covers how information about living an identifiable person is used
• Computerized personal data
• Personal data held in structured manual files
Copyright
Q.14 What is meant by Copyright? Briefly discuss software copyright and
copyright act.
 Copyright
• Copyright  branch of law
• Protects creative work from illegal use
• Ensure that copyrighted materials cannot be used without getting permission from the
creators
• Violation of copyright  piracy
• Categories of works that copyright protects
• software, books (or any other written material), pictures, videos or music, and many other
products etc.
Software Copyright
• Right to use software on the computer
• Software remains property of company that designed it
• Only gives a license for use of software to those who purchase it
• When commercial software purchased, pay for a license to use the software
• One copy of software  used by only one person
 Copyright
Copyright Act
• Principal law governing software piracy  "Copyright Act 1976“
• Amendments to law  1983
• Now "software piracy"  believed to be a punishable crime
• Involve huge amounts of penalties
• Software  believed to be an "intellectual property“
• that develops it & brought into market after a lot of effort & cost
Password
Q.15 What is password? Give some examples of using password
 Password
• Password  secret code
• consists of alphabets, digits, or a combination of both
• Protect a computer system, software, or other resources from unauthorized access
• Only persons who know password can use computer system or software
• Points about a password
• At least eight characters long
• Contain uppercase letters, lowercase letters, numbers, and different symbols
• Should be difficult to guess or crack
• Should not be a commonly used word
• Should not contain your name, your kid's name, or your company name
• Should be changed at least once a month
• New password  different from previously used passwords
• Examples
• Password setting  computer, login
• E-mail account protected with a password
Backup of Data
Q.16 What is backup of data? Why we use it? Discuss different types of backup.
 Backup of Data
• Backup of Data  Duplicate copy of data taken on secondary storage
• Regular backup
• Data lost, deleted, or corrupted due to any reason
• Backup of data  recover deleted data or corrupted data
• Storage media for backup of data  CD-ROM, USB drive, floppy disk, or Zip disk, magnetic tape,
etc.
Reasons for using Backup
• Storage device  hard disk, reliable storage device
• Develop problems due to voltage fluctuations or other reasons
• If hard disk damaged  all data lost, cannot retrieved
• Retrieve from data backup
• Computer stolen or fire may damage it
• In these circumstances  backup of data is used
• Accidentally delete file
• Overwrite a part or whole of an existing file
• Virus attack
 Types of Backup
1. Complete Backup
• Backup of all data stored on the hard disk
+Copy of the entire hard disk is created
• Entire data can be restored  if damaged
- Takes more time to create a backup of the entire hard disk
2. Incremental Backup
• Backup of only new files and those files that are changed since the last
backup
• Backup software  Process performed automatically by using some software
• Backup of entire hard disk is not created
• Takes less time than complete backup
For more details, refers to

PM Series

Computer Science
ICS Part-1

by
CM Aslam, Aqsa Aslam, Mudassir Ahmad & Atif
Mansoor

Publisher: Majeed Sons

22- Urdu Bazar, Lahore