INTRODUCTION
Computer Security and Online Access, We live in a world at a time which is often called the information age where information is freely available from any part of the world. The Internet has revolutionized the world and people are getting used to having access to whatever information they want anytime, anywhere, and from a wider and wider scope of computing machines.
Unfortunately, this also has resulted in improved security problems. Now, even if you ensure not to use any external media on your computers but if you are connected to the Internet, your computer and data on it are even vulnerable.
This chapter talks about the threats that are associated with online access and the measures to prevent and counter them if ever they occur.
THREATS TO COMPUTER SECURITY
A threat is a potential violation of security. When a threat is actually executed, it becomes an attack. Those who execute such activities, or cause them to be executed are named attackers.
Some common threats the average computer user faces every day are given below :
NOTE
Malware is a general term used to guide to viruses, worms, spyware, adware, etc. In other words, it is unwanted software that someone else wants to operate on your computer. Malware infects your computer, causing it to behave in a way, which you do not agree with.
- Viruses: (i) Worms, (ii) Trojans
- Spyware
- Adware
- Spamming
- PC Intrusion: (i) Denial of service, (ii) Sweeping, (iii) password Guessing
- Phishing
Computer Viruses, Worms, and Trojan Horses
Computer viruses are malicious codes/programs that cause harm to data and files on a system. Viruses can attack any part of a computer’s software such as boot block, operating system, system locations, files, application-program-macros, etc.
All computer viruses are manmade. The computer viruses replicate themselves by copying themselves to other disks (pen drives etc. when they are inserted in an infected computer) and spread to other computers.
Computer viruses can be merely annoying or they can be vastly destructive to computer files, data, and software.
Examples of computer viruses are Macro virus, Boot virus, Logic Bomb virus, Directory virus, Resident virus, etc.
Two other similar programs also cause virus-like effects. These are :
- (a) Worms. A worm is a self-replicating program that eats up the entire disk space or memory. A worm holds on to making its copies until all the disk space or memory is loaded.
- (b) Trojans or Trojan Horses. A Trojan or a Trojan horse is a program that appears harmless (such as a text editor or a utility program) but actually performs malicious functions such as deleting or damaging files.
A Trojan Horse neither duplicates nor copies itself, but causes damage or compromises the safety of the computer. A Trojan Horse may reach in the form of a joke program or in the disguise of useful software of some sort. Trojans are often used to grab your logins and passwords (Keylogger). Examples of Trojan Horses have Remote Access Trojans (RATs), Backdoor Trojans (backdoors), IRC Trojans (IRCbots), Keylogging Trojans, etc.
Note
Types of Malware include Computer Viruses, Trojan horses, Worm, Spyware, Adware, Ransomware, and many more.
DAMAGE CAUSED BY VIRUSES, WORMS, AND TROJANS
Viruses can do the following if left runaway:
Damage or delete files.
Some viruses may delete or damage random documents or specific profiles that are crucial to your operating system-for example, operating system files. This damage can range from rendering useless just a few files to affecting your entire computer, possibly requiring you to reinstall your operating system and start from scratch.
Slow down your computer.
Viruses and Trojans can run in the background, without being seen, and may cause your computer to run extremely slow.
Invade your email program.
Some formats of viruses may wreak even more havoc by extending themselves to the contacts in your address book.
Eating up all the disk space.
Worms once start replicating, eat up nearly all your disks’ free space, making your computer unusable.
ΝΟΤΕ
Not all computer problems are caused by viruses. Even though your computer, or an individual program, may not be operating properly, this could be caused by other things, such as a bug (which is simply an error in the application’s code), or mission figuration of software or hardware.
Spyware
Spyware is software that is installed on your computer to spy on your activities and report this data to people willing to pay for it. It follows the user’s behavior and reports information back to the main source. These are used to spy on someone either for lawful or illegal purposes.
Note
Do you know that roughly 35% computers of in the world are infected with some type of malware?
Spyware mainly gets installed on your PC without your permission. Typically, spyware discovers its way onto PCs by “piggybacking” onto a file or getting downloaded from the Internet when you visit an individual website. Pests such as spyware can often creep silently on your computer until someone or something sets them off, or until they are discovered and properly terminated.
DAMAGE CAUSED BY SPYWARE
Spyware can perform like a peeping tom or, at more harmful, a geeky thief. For example, it :
Compromises your data, computing habits, and identity.
Spyware can monitor data about your computing routines, such as what websites you visit, or record your keystrokes, which in the end can guide to identity theft. For example, spyware can record the keystrokes that you use while keying in a credit card number and send this numeral to a “cyber thief.”
Alters PC settings.
Some formats of spyware can also modify computer settings like your web browser home page setting or the placement of your desktop icons. This doesn’t do much harm to your PC, but it’s really irritating.
Slows down your PC.
Spyware can rob your PC or system speed and Internet access efficiency. This can become a big issue when you’re testing to use the programs on your PC, watching videos online, or downloading big files.
Adware
These are the programs that provide unwanted ads to your computer (generally in Pop-Ups format). They down your network bandwidth. Adware is equal to spyware- however, it may be installed with your permission. So it is advised that you entirely read installation agreements before you permit the installation of software.
DAMAGE CAUSED BY ADWARE
Adware comes complete with the following disadvantages:
Adware tracks information just like spyware.
Adware tracks information about your data and computing habits to produce targeted advertising, such as pop-up ads, on your computer screen.
Displays arrays of annoying advertising.
When contaminated with adware, you will likely see regular pop-up ads appear out of nowhere. This may actually happen every time you open your web browser.
Slows down your PC.
The adware software performing in the background and the bombardment of ads can delay your PC to a crawl.
Spamming
Spamming directs to the sending of bulk mail by an identified or unidentified origin. In a non-malicious format, bulk- advertising mail is sent to multiple accounts. In malicious format (e.g., e-mail bombing), the attacker holds on sending bulk mail until the mail server runs out of disk space.
DAMAGE CAUSED BY SPAMMING
Spamming comes complete with the following disadvantages:
pam reduces productivity.
The billions of spam messages spreading across the Internet can disrupt email delivery, contaminate system performance, and decrease overall productivity.
Spam eats up your time.
Deleting spam emails seems like a simple solution, but it eats up a significant amount of productivity.
Spam can lead to worse things.
Spam messages may include offensive or dishonest material and can even be used to distribute viruses.
PC Intrusion
Every PC (personal computer) connected to the Internet is a possible target for hackers. Computers are under persistent attack from cyber vandals. PC Intrusion can surface in any of the following formats.
Sweeper Attack
This is another malicious program used by hackers. It cleans i.e., deletes all the data files from the system.
Denial of Services
This type of attack eats up all the resources of a system and the system or applications come to a break. An example of such an attack is bombing a system with junk mail.
Password Guessing
Most hackers crack or think passwords of system accounts and achieve entry into remote computer systems. And then they exploit it for causing cracks in one or another form.
Eavesdropping
Eavesdropping is an inactive attack in which an attacker achieves access to the communication medium via which some communication is taking place and then listens to the communication and gets details about the content of the message.
Unauthorized monitoring of other people’s transmissions is named Eavesdropping.
Eavesdropping can be carried out through all communication devices and media of today’s telephone systems, emails, instant messaging, other Internet services (e.g., chat rooms, social networking websites, etc.), mobile devices, etc. Eavesdropping activities do not affect the normal operation of transmission and communication; thus both the sender and the recipient can hardly notice that the data has been stolen, intercepted, or defaced.
For example, while sending emails, if the email message is not encrypted and the digital signature has not been used, then the attacker can exploit these security loopholes. Because of these security lapses, the attacker can launch a Man-in-the-Middle attack on the network and intercept the message being transmitted. The attacker can then deface the message and send it to the recipient. The recipient is then deceived into believing the defaced message is the real message and may act as per the defaced message and may provide personal or sensitive information.
Similarly sending or providing confidential information over insecure protocols like HTTP makes the information more prone to eavesdropping attacks.
Phishing and Pharming
It is the criminally dishonest process of trying to acquire sensitive data such as usernames, passwords, credit card information, account data, etc. In Phishing, a fraud uses an authentic-looking email or website to trick recipients into giving out exposed personal data. For instance, you may receive an email from your bank (which appears genuine to you) asking to update your information online by clicking on a specified link. Though it seems genuine, you may be brought to a fraudulent site where all your sensitive data is received and used after for cyber-crimes and frauds.
Pharming (pronounced “farming”) is an attack in which a hacker tries to redirect a website’s traffic to another, fake website. Via a pharming attack, the attacker points you to a malicious and illegitimate website by redirecting the honest URL. Even if the URL is entered perfectly, it can still be redirected to a fake website.
In this, the attacker convinces you that the site is real and legitimate by spoofing or looking almost identical to the actual site down to the smallest details. You may enter your personal details and unknowingly give them to someone with a malicious purpose.
