1 / 17

Responsible Computing

Responsible Computing. Mr. A. Craig Dixon, M.S. Madisonville Community College http://www.madisonville.kctcs.edu/facstaf/cdixon/ New Horizons Teaching and Learning Conference May 16, 2007. Computing Dangers.

priscilla-boyd
Télécharger la présentation

Responsible Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Responsible Computing Mr. A. Craig Dixon, M.S. Madisonville Community College http://www.madisonville.kctcs.edu/facstaf/cdixon/ New Horizons Teaching and Learning Conference May 16, 2007

  2. Computing Dangers • The Internet, while a powerful and useful tool, has made it easier than ever to bother people with a host of ills. Among those we will discuss are: • Scams and hoaxes • Spam • Viruses • Spyware and adware

  3. Scams and Hoaxes • The ease with which a person can send an email or publish a web page has lead to the creation and quick distribution of several falsehoods. These primarily fall into two categories: • Chain letters • Phishingscams

  4. Chain Letters • The old adage “Don’t believe everything you read” goes double for anything you read on the Internet. • Email hoaxes abound; some misrepresent the facts, others are out-and-out lies. • Many involve famous people like Dr. James Dobson; others big-name companies from AOL to Cracker Barrel. Still others warn of non-existent computer viruses or show phony or doctored photographs.

  5. Examples of Chain Letters • Nigerian officials do not need your help in retrieving money from a government bank account. (This is known as the 419 scheme.) • There is no such thing as an email tracker that counts how many people you send an email to. Any email promising money, gift certificates, donations to charity, answers to jokes, etc. based on an email counter are hoaxes. • CBS did not cancel Touched By An Angel due to pressure from Madeline Murray O’Hare (who has been dead for years.) • No one has died from dirty needles in the room of balls a Chuck-E-Cheese or anywhere else. • Almost no legitimate petition is conducted through forwarding email. Most use a web site connected to a database. • There is not a rash of viruses hiding in emails with the subject line “It Takes Guts to Say Jesus” or “A Card for You,” although this may occur on a case-by-case basis.

  6. Ways to Identify Chain Letters • Check out www.snopes.com. It is one of the most popular urban-legend-busting sites on the Internet. • For virus warnings or other alleged computer maladies, search the web site of a credible anti-virus maker like Symantec (makers of Norton Antivirus.) • If a famous person or company is mentioned, check the person or company’s official web site. Most are quick to post explanations or denials of false claims. Use site searches when possible; many of these hoaxes are very old. • If all else fails, type a unique word or phrase from the email into a search engine. Many times there will be several hits to sites that debunk the myth.

  7. Phishing • Phishing is a dangerous scam to entice people to give away passwords or account information to malicious entities. • Most phishing scams involve sending email to an unsuspecting user that appears to be from a trusted company like eBay or Citibank, claiming the user needs to verify their account information. • The email contains a link to a site that is not affiliated with the company. When the user enters his or her information on this site, it is collected by the malicious entity and may be used for identity theft or other malevolent purposes.

  8. Avoiding Phishing Scams • Don’t trust an email simply because it comes from a legitimate-looking address. It is very easy to create this illusion using a technique called email spoofing. • Company logos are also easy to steal and include. • Learn to identify how your browser denotes a secure site. (This is still not a guarantee of legitimacy.) • Most companies won’t ask for sensitive information like user names and passwords in an email. It is best to confirm the request by phone or by a means of contact posted on the company’s official site. • Counter-intuitively, many phishing emails claim that by entering your personal data, you are protecting your identity. • Phishing emails often convey a sense of urgency in dealing with the purported problem. Don’t be fooled; take your time and get the facts. • Many companies have ways to report phishing. If you believe you have been targeted in a phishing attack, save the email so you can forward it to the company via the proper channels.

  9. Spam • Anyone with an email address is familiar with the scourge of inboxes… spam. • Spam originally denoted repetitive postings to a newsgroup, but has come to mean, in the vernacular, all undesirable email. • By some estimates, spam accounts for over 80% of all email traffic on the Internet. • Spam takes its name from a Monty Python sketch that uses the word “spam” over 100 times in a matter of minutes.

  10. Methods of Obtaining Addresses • Spammers are often unscrupulous in obtaining email addresses. Below are some of their tactics. • Email spiders – Similar to search engine spiders, except they search web pages for anything of the form name@domain.tld and report it as an email address. • Dictionary attacks – Once the spammer identifies a domain (e.g. kctcs.edu) he or she has a program that sends email to addresses constructed by adding @kctcs.edu to the end of a group of characters that might be a user name. If the email is not returned, the address is assumed valid and added to the list. AOL’s mail server bounces millions of messages a day. • Buying a list of email addresses from companies or other spammers – These lists sell for up to 5 cents per address.

  11. Methods of Dealing with Spam • Use a spam blocker; many ISPs and mail services provide these for free. Microsoft Outlook has a spam filter built in. • Employ a black list, a list of addresses to block email from, or a white list, a list of addresses to accept email from. • When posting email addresses online, some users prefer to list their address as user (at) domain.tld or userNOSPAM@domain.tld to confuse email spiders. • Do not click on remove links. Many spammers use these links to detect live email addresses and sell them.

  12. Viruses • A virus is a program that covertly installs itself in order to destroy data or otherwise disrupt normal computer functions. • Wormsare viruses that exploit vulnerabilities in applications or the operating system itself. • Trojan horsesare viruses that pose as legitimate programs, but silently drop a damaging payload as well. • Executable virusesmust be run by the user, and are thus usually attached to an email with a cleverly vague body that convinces the user to run the file. • Boot sector viruses infect a critical area of the disk that is read every time the disk is accessed. It rewrites this section to make the computer copy the virus onto any computer into which the disk is inserted. • Macro viruses hide in files that support macros, which are small programs that automate repetitive tasks.

  13. Avoiding Viruses • Buy quality antivirus software and keep it updated! New virus definitions are released almost daily. Downloading these updates usually takes a minute or less. • Watch for updates for your major applications and your operating system to be posted by the manufacturer. Windows users should run Windows Update frequently. • Before using a portable storage medium in another computer, turn on its write protection. (There is usually a small switch on the medium itself.) This prevents anything from being written to the medium. This is not an option if you need to save something to the medium. • Be very careful when opening email attachments. It is a good idea to verify that the person who was supposed to have sent it actually did. Even after that, you should scan it for viruses before opening it. Viruses typically hide in files with the extensions .exe, .pif, .vbx, .bat, and .zip. Viruses can also be hidden in Microsoft Office files (.doc, .xls, .mdb, and .ppt) using macros.

  14. Adware and Spyware • Both adware and spyware are similar to viruses in that they are almost always installed without the user’s knowledge. • Both differ from viruses in that they do not attempt to destroy data. • Adware attempts to display unsolicited advertisements such as pop-up ads on the user’s computer. It may also search the user’s hard drive for email addresses and attempt to spam them, or hijack the user’s browser to make it display pages the user did not request. • Spyware silently records a user’s actions (particularly the web sites he or she visits) and reports them back to a third-party, usually for marketing purposes, although spyware has been used for identity theft.

  15. More about Adware and Spyware • Adware and spyware makers often pay legitimate software makers to include malware in their product’s install. Peer-to-peer (P2P) file sharing programs like Kazaa and Morpheus are notorious for this practice. • Some adware and spyware is installed simply by visiting the wrong web site. • Common adware and spyware programs include Gator/GAIN/Claria, Alexa, Bonzi Buddy, and WhenU. • Designers of this malware often do not care how much of a system’s resources their software uses; consequently, the system’s performance can be significantly affected.

  16. Avoiding Adware and Spyware • Avoid P2P software; its uses are mostly illegal anyway. • Do not click on pop-up ads or links in spam email. • Install a firewall, a program that controls incoming and outgoing data from your computer. • A firewall can be configured to only allow traffic from programs you specify (your browser, email client, etc.) to access the Internet. • Zone Labs provides a free firewall called ZoneAlarm. Symantec includes a commercial firewall in its Internet Security suite. • Install a spyware/adware removal tool, keep it updated, and run it often. Two of the most popular and reliable removal tools are Lavasoft AdAware and Spybot Search and Destroy. Both are free and may be used together for maximum protection.

  17. Choosing a Browser • Use a modern browser. Most new browsers include popup blockers. • Consider an alternative browser. • Despite recent surges by competitors, Microsoft Internet Explorer still controls 80% of the browser market. This, combined with numerous security flaws in its code, make it the most attractive target for malware creators. • Many alternative browsers also reject ActiveX controls, which many computer experts consider inherently unsafe. This may limit a site’s functionality, but it also limits the user’s vulnerability. • A great alternative browser is Firefox from the Mozilla Corporation. You can download it at www.mozilla.com. • Explore the add-ons available for browsers. Besides being handy, toolbars like those from Yahoo, Google, and MSN provide additional tools to prevent malware attacks. Some even include “anti-phishing” features that warn you if you are accessing a site known to be involved in phishing attacks.

More Related