Professional Documents
Culture Documents
Chapter 6
Security, Copyright
and the Law
Contents
• Computer Security
• Computer Virus
• Antivirus Software
• Data Security
• Security Threats
• Data Protection
• Privacy Issue
• Data Protection Legislation
• Copyright
• Password
• Backup of Data
Computer Security
Q.1What is computer security? How it is maintained on a computer?
Computer Security
• Computer Security Protecting a computer system and data stored in it from being
damaged or accessed by unauthorized persons
• Different methods or techniques to ensure the security of computer system
• What you have (Physical Access)?
• Unauthorized access protected by providing a key, token, or plastic card to authorized
• Authorized user use any of these to gain access to server room or a building
• What you know (User ID & Password)?
• Authorized users User-IDs & Passwords
• Must be entered to get access to system
• Only those users who know user-ID & password access
• What you do (Confirmation of authorized user)?
• Authorized users asked to enter signature to confirm
• What you are (Authorization through the human body)?
• Biometrics approach
• biological means for identification fingerprints, voice recognition, eye retina, etc.
Computer Virus
Q.2What is a computer virus? How can it affect the computer?
• Causes of Viruses
• Activation of a Virus
• Types of Viruses
• Safeguarding against Viruses
Computer Virus
• Computer virus small computer program that affect computer system
• Damage or destroy valuable data stored in computer system
• Load into user’s computer (primary or secondary memory) without his/her knowledge
• Replicate itself make many copies in memory or on disk
• Code for computer virus written in programming language
• Code attached to program file
• Infected File File containing a virus
• When infected file copied to a disk
• virus also copied & attaches to other files on disk
• Infected Disk disk that contains virus/viruses
• Problems created by viruses
• Damage software like operating system
• Damage or corrupt important data files stored on computer
• Destroy all data stored in hard disk by formatting it
• Change boot sector' of hard disk. (If boot sector affected, computer cannot boot)
• Slow down speed of computer system
• Make resources unavailable to users
• Detect passwords, pin codes, and credit card numbers, etc.
Causes of Viruses
(i) E-Mail
• Viruses spread through e-mail messages
• Email infected file attachment
• User opens infected email attachment
• Virus may infect computer
• Virus transferred to other computers when email sent from infected computer
(ii) Networks
• Major source of virus computer network (i.e. Internet)
• If computer infected by virus infect other computers in network also
• Example
• when users access infected computer in network then viruses transferred or copied
• when user downloads infected file virus transferred also
• Infect files stored on computer
Causes of Viruses
(iii) Removable Storage Media
• Removable storage media (such as USB flash drives and CDs)
• used for transferring files
• In flash drive infected files
• When user copies infected files viruses also transferred/copied
(iv) Pirated Software
• ‘pirated’ ‘copied illegally’
• Pirated software software which is installed and used illegally (or without a
license)
• Major source of spreading viruses
• Software companies intentionally attach viruses with software
• When software installed illegally viruses activated & damage computers
• Viruses activated only when license file not found
Activation of a Virus
• Activation of virus When virus performs its actions
• Different computer viruses activated in different ways
• Example: Some viruses activation on certain date
• Virus Part of application programs or OS
• Application program run
• Checks system date
• If system date matches with activation date virus activated
Types of Viruses
(i) Boot Sector Virus
• Disk divided into logical tracks
• Each track further divided into sectors
• Data stored in sectors
• OS on disk special program in its first sector boot sector
• When computer turned on boot sector program automatically loaded into memory
• This program loads OS into memory
• Boot sector virus modifies program in boot sector
• Once boot sector infected boot sector virus loaded into memory whenever computer turned on
• Attached with executable files i.e. .exe, .com & .dll files
• Files used by user attached virus activated
• Infects other files, performs destructive activities, destroys data files
(ii) Chernobal Virus
• Chernobal Microsoft Windows virus
• Most harmful virus
• Deletes all Microsoft Office files and other data
• Also deletes partition information from disk & corrupts system’s BIOS (Basic Input/Output System)
Types of Viruses
(iii) Logic Bomb
• Activated when specified conditions met
• Example:
• activated on specific date & time
• activated when special files not found
• When virus activated important data deleted or corrupted
• Mostly attached with pirated software
• Often called Time Bomb
(iv) Trojan Horse
• Attached to some programs or other files
• Trojan virus activated When infected programs executed (or opened)
• Affect performance of computer
• Damage data stored on hard disk
• Example of Trojan horse: FormatC
• Allows unauthorized access to a computer system
• Allow hacker to access remote computer
• Hacker perform various destructive operations on remote computer
Types of Viruses
(v) Redlof
• Redlof virus polymorphic virus
• Polymorphic "change nature with passage of time“
• Virus changes its nature with the passage of time
• Difficult to catch with antivirus program
• Written in Visual Basic Script
• Depends on Microsoft ActiveX Component to execute itself
• Execution of Virus locates "Folder.htt" file & infects
• "Folder.htt" file part of Windows Active Desktop feature
Some other Viruses
• viruses detect some special information & send to other
• Information like passwords, or any sensitive data
• Example Virus program read password, Pin Code, or credit card number, then send to another user
• Viruses make resources unavailable to users
• Example: virus after copying itself on all computers affect communication activity on network
• Network become unavailable for users
Safeguarding against Viruses
• Always use antivirus programs with latest versions
• to detect & remove viruses
• Minimize data transfer between computers through removable storage media
• Removable storage media USB flash drive, CD, and floppy disks
• Scan for viruses removable storage media
• Never open Junk or unknown e-mails
• Should not install pirated software
• Always use licensed software
• Freeware and shareware software downloaded from Internet contain
viruses
• Scan with latest antivirus program before using them
• Always keep backup of data
• Backup of data used if virus deletes data or modifies it
Antivirus Software
Q.6What is antivirus software? Give some examples of antiviruses
Antivirus Software
• Antivirus software Software that used to detect and remove viruses from computer
• Prevents viruses from entering computer
• Available antivirus programs
• contain a list of known viruses
• contain methods for removing viruses from infected files or disks
• No single antivirus software can remove all viruses
• Many new viruses are developing and spreading through Internet
• Latest antivirus software must be installed on computer to save computer from new viruses
• Upgrade antivirus software and scan computer system regularly
• Examples of famous antivirus programs
• Norton antivirus
• McAfee
• Kaspersky
• AVG
• NOD 32
Data Security
Q.7What is data security? Describe its importance.
Data Security
• Data Security Protection of data
• Important data of organization can be lost, deleted, or destroyed accidentally or intentionally
• Data is more valuable than computer hardware & software
• Failure of hardware replace hardware
• Software loss re-install software
• Data loss difficult to recover in time
• To ensure data security Necessary arrangements must be taken
• Organization is responsible for data security
• Online services provided by organization to their customers/users
• A credit card company put data of its customers online
• A bank providing online services
• University provide facility of viewing results online, online exams (GRE, GUAT, etc.)
Importance of Data Security
• If some unauthorized user ("intruder") gains access to data of organization
• organization may suffer serious problems
• Examples:
• Unauthorized user may use credit card number of another user for shopping
• Unauthorized user may delete important data of a business or an organization
• Protect data from illegal and unauthorized access
Security Violation
• Someone may enter computer room
• Take away all storage devices on which sensitive data is stored
• Unauthorized user may take access to personal data of someone
• Gain advantages
• Example: gets access to credit card number and Pin Code,
• then use it for online shopping
• Unauthorized user may use an online mail server
• Online mail server "mail.yahoo.com“
• May view e-mail messages of other users
• Someone can send a virus program onto a network
• Virus slow down network
• may corrupt important data
• Unauthorized access to bank accounts
• Transfer a large amount of money from other accounts to his account
• A person may make a computer so busy by sending many requests
• Computer may become unavailable to authorized users
• denial of service situation
Security Threats
Q.9What is meant by security threats? Discuss different threats to data security.
What are the solutions to these threats?
Security Threats
• Threat computer program, a person, or an event that violates (or breaks) the security system
• Causes loss of data & attacks data privacy
• Different threats to data security
(1) Unintentional Threat
• Unintentional "by mistake or by chance“
• Authorized user may delete sensitive data by mistake or accidentally
• Data may be corrupted or deleted due to:
• technical failure of hardware
• sudden breakdown of electric supply
• failure of some program running on the computer
• viruses etc.
• Solutions
• Backup Regular Backup of data
• Can be used to recover the deleted data
• Antivirus Latest antivirus software
• Scan all data coming into the computer
Security Threats
(2) Intentional Threat
• Intentional planned or with a purpose
• Unauthorized (or authorized) user may delete sensitive data intentionally
• User angry employee of an organization or any other unauthorized person
• Usually, hackers
• person who is technically a computer expert
• breaks security for deleting or modifying data
• Gets access to data through computer network using computer software, tools, or other techniques
• Solutions
• Users Rights Assigned proper rights to minimize intentional security threats
• Only authorized users allowed to delete or modify data (step-by-step process)
• Password Password must be used for accessing any resource
• Log file maintained to keep track of all activities performed on data or files
• Authorized users should change their passwords periodically
• Password should not be very short
• Common word should not be used as a password
• Encryption Process of encoding data in such a way that only an authorized person can understand & use it
• Conversion of readable data into an unreadable format
• Sensitive data encoded before storage or transmission over a network
• If anyone (unauthorized person) gets access to data, he may not be able to understand it
• Lock Computers and all backing storage devices should be placed in locked rooms
• Only authorized users should be allowed to access these resources
Data Protection
Q.10 What is meant by data protection?
Data Protection
• Data Protection Process of hiding personal data from unauthorized persons or organizations
• Almost all departments and organizations collect and maintain their data on computers
• Police department maintains records of different people
• Bank maintains records of financial dealings
• Hospital maintains data about disease history of different patients etc.
• Owner of personal data person to whom it belongs
• Personal data can be used only for purpose for which it was obtained
• Use of this data for any other purpose against person privacy
• Example:
• Hospital provide personal data of one or more patients to medical researchers
• Use data for research purposes or to make some other decisions
• If hospital management distributes personal data of particular patient somewhere else
• then this may disturb patient (e.g. in the case when the patient has some mental disorder or has a bad
history)
• Data protection rules do not allow anyone (or organization) to misuse personal data of any
person
Privacy Issue
Q.11 What is the privacy issue? How is data privacy ensured?
Privacy Issue
• Privacy issue any person (an individual) has the right to see data collected
about him
• Submit an application to view personal data
• A person also has right to stop processing of his data by the organization
• No worker of organization is allowed to disclose or use data
• If data is used without person’s permission crime committed
• Data protection act tries to minimize misuse of personal information
• Organization collect necessary data
Ensuring Data Privacy
• Organization is responsible for keeping data updated
• Organization should keep data for specified period of time only
• Not keep data longer than the necessary time period
• Organization is responsible for all kinds of security of data
Data Protection Legislation
Q.12 What is data protection legislation? Describe the principles of data
protection act.
Data Protection Legislation
• Data protection legislation (or principle)
• defines laws that ensure data protection
• Many countries have defined data protection legislation
• Some advanced western countries enforce this law properly
• Basic principles Data protection legislation of different countries is based
Principles of Data Protection Act
• Purpose of keeping personal data must be clearly defined
• by organization obtaining that data
• Individual about whom the data is collected must be informed
• about identity of organization or individual that collects data
Important Privacy Acts
1980 Privacy Protection Act
• Prohibits agents of federal government from making unannounced searches of press office
1984 Cable Communications Policy Act
• Restricts cable companies in collection & sharing of information about their customers
• First legislation (or principle) to regulate the use of information which is processed on the computer
Data Protection Act 1984
• Purpose to protect individual’s data from unauthorized use and disclosure of personal information
• Eight principles
• Information in personal data shall be obtained and processed fairly & lawfully
• Personal data shall be held only for one or more specified & lawful purposes
• Personal data held for any purpose shall not be used or disclosed in any manner
• Personal data held for any purpose shall be relevant to the specified purpose
• Personal data shall be accurate and where necessary, kept up to date
• Personal data held for any purpose(s) shall not be kept for longer than is necessary for that purpose
• Personal data shall be made available to a person on his request, to whom data refers
• Appropriate security measures shall be taken against unauthorized access, or alteration, disclosure, accidental loss, or destruction
of personal data
1987 Computer Security Act
• This Act makes actions that affect computer security files & telecommunication illegal
Important Privacy Acts
Video Privacy Protection Act 1988
• Prevents disclosure of a person’s video rental records without a court order
Matching Privacy Protection Act of 1988
• Prevents government from comparing certain records to find a match
Computer Misuse Act 1990
• This Act makes provision for securing computer material against unauthorized access or modification
• Passed to deal with the problem of hacking
• Key offences
• Unauthorized access to computer material
• Unauthorized access to commit or facilitate offences
• Unauthorized modification of computer material
1998 Data Protection Act
• Came into force early in 1999
• Covers how information about living an identifiable person is used
• Computerized personal data
• Personal data held in structured manual files
Copyright
Q.14 What is meant by Copyright? Briefly discuss software copyright and
copyright act.
Copyright
• Copyright branch of law
• Protects creative work from illegal use
• Ensure that copyrighted materials cannot be used without getting permission from the
creators
• Violation of copyright piracy
• Categories of works that copyright protects
• software, books (or any other written material), pictures, videos or music, and many other
products etc.
Software Copyright
• Right to use software on the computer
• Software remains property of company that designed it
• Only gives a license for use of software to those who purchase it
• When commercial software purchased, pay for a license to use the software
• One copy of software used by only one person
Copyright
Copyright Act
• Principal law governing software piracy "Copyright Act 1976“
• Amendments to law 1983
• Now "software piracy" believed to be a punishable crime
• Involve huge amounts of penalties
• Software believed to be an "intellectual property“
• that develops it & brought into market after a lot of effort & cost
Password
Q.15 What is password? Give some examples of using password
Password
• Password secret code
• consists of alphabets, digits, or a combination of both
• Protect a computer system, software, or other resources from unauthorized access
• Only persons who know password can use computer system or software
• Points about a password
• At least eight characters long
• Contain uppercase letters, lowercase letters, numbers, and different symbols
• Should be difficult to guess or crack
• Should not be a commonly used word
• Should not contain your name, your kid's name, or your company name
• Should be changed at least once a month
• New password different from previously used passwords
• Examples
• Password setting computer, login
• E-mail account protected with a password
Backup of Data
Q.16 What is backup of data? Why we use it? Discuss different types of backup.
Backup of Data
• Backup of Data Duplicate copy of data taken on secondary storage
• Regular backup
• Data lost, deleted, or corrupted due to any reason
• Backup of data recover deleted data or corrupted data
• Storage media for backup of data CD-ROM, USB drive, floppy disk, or Zip disk, magnetic tape,
etc.
Reasons for using Backup
• Storage device hard disk, reliable storage device
• Develop problems due to voltage fluctuations or other reasons
• If hard disk damaged all data lost, cannot retrieved
• Retrieve from data backup
• Computer stolen or fire may damage it
• In these circumstances backup of data is used
• Accidentally delete file
• Overwrite a part or whole of an existing file
• Virus attack
Types of Backup
1. Complete Backup
• Backup of all data stored on the hard disk
+Copy of the entire hard disk is created
• Entire data can be restored if damaged
- Takes more time to create a backup of the entire hard disk
2. Incremental Backup
• Backup of only new files and those files that are changed since the last
backup
• Backup software Process performed automatically by using some software
• Backup of entire hard disk is not created
• Takes less time than complete backup
For more details, refers to
PM Series
Computer Science
ICS Part-1
by
CM Aslam, Aqsa Aslam, Mudassir Ahmad & Atif
Mansoor