1 / 28

The Safety of Software Downloads

The Safety of Software Downloads. Dangers associated with downloading software How users get tricked into downloading malicious software How to lessen the threat associated with downloading software. Dangers of Downloading Software.

stormy
Télécharger la présentation

The Safety of Software Downloads

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Safety of Software Downloads

  2. Dangers associated with downloading software • How users get tricked into downloading malicious software • How to lessen the threat associated with downloading software

  3. Dangers of Downloading Software • The program or software you download can have malicious software attached • You may unknowingly install a malicious program once downloaded • You can compromise the security of your system after installing a malicious program • It can be difficult to tell if the software is from a trusted source

  4. Malware • Definition: Any software developed for the purpose of doing harm to a computer system. • Two common types: • Viruses • Worms

  5. Viruses and Worms • Things in common: Both are able to self replicate and spread copies of themselves. • Viruses spread across computers when the software or documents they attached themselves to are transferred from one computer to the other. • The difference between a virus and a worm is that a worm operates more or less independently of other files, whereas a virus depends on a host to spread itself.

  6. The virus host: • A common host for a virus is an executable file. • An executable file is a computer file containing step-by-step instructions in a form that the computer can follow. • The exe. file is one of the most useful types of files because it runs programs. • When you "open" an executable file, you can surrender control of your computer to its distant and potentially unknown author.

  7. According to Microsoft- • “If the file does not have a valid digital signature, there is no way for you to be sure that the file is actually from the source it claims to be from, or that it has not been tampered with (possibly by a virus) since it was published. It's safer to avoid opening the file unless you know for certain who created it and whether the contents are safe to open.” • Even a valid digital signature does not verify that the contents of the file are harmless. You must decide if you should trust the contents of the file based on the identity of the publisher and where you are downloading the file from.

  8. Worms • Worms are similar to viruses but are stand-alone software and thus do not require host files to spread themselves. • To spread, worms either exploit some vulnerability of the target system or use some kind of social engineering to trick users into executing them. • Social engineering is the manipulation of a person to perform certain tasks. • “Click here to receive your prize” • "Did you see this video of you? Check out this link!"

  9. Spyware • ASC (Anti-Spyware Coalition) defines spyware as: • Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over: • Material changes that affect their user experience, privacy, or system security; • Use of their system resources, including what programs are installed on their computers; and/or • Collection, use, and distribution of their personal or other sensitive information.

  10. Where does Spyware come from? • Spyware/malware programs are authored by programmers, and then delivered to your computer through internet installs. • Malware can piggyback on innocent-looking software such as game demos, MP3 players/media software, search toolbars, software, free subscriptions, and other things you download from the web.

  11. EULA • Before installing new downloaded software, you must accept an "end user license agreement" (EULA). • The fine print of the EULA will often include the phrase "the vendor is allowed to install third-party software on your computer". Sometimes you may notice spelling errors or poor grammar which can be an indication of malicious software. • Problem= Most users don't bother to read the EULA fine print.

  12. Malware/Spyware is a Serious Threat… • Malware can flood your browser with pop-up advertising. • Can be used to hijack your browser and redirect you to an advertising or a phishing-con web page. • Can be used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information. • Can steal your banking PIN, your eBay login, and your PayPal information. • Can collect personal information that can be shared widely or sold, resulting in fraud or ID theft.

  13. Typical Symptoms of an Infected Computer • Computer programs take longer to load than normal. • The computer's hard drive constantly runs out of free space. • The hard drive runs when you are not using it. • New files keep appearing on the system and you don't know where they came from. • Strange graphics/pop-ups are displayed on your computer monitor. • Files have strange names you don't recognize. • Program sizes keep changing. • Conventional memory is less than it used to be and you can't explain it. • Programs act erratically.

  14. “Scareware” and Tricking the User • Millions of people have been tricked into installing fake anti-virus software on their computers that actually makes them more vulnerable to fraud and identity theft. • According to Symantec (creator of Norton) “More than 40 million people have fallen victim to this scam”. (2009 Symantec)

  15. Smartbot.net • Odysseus Marketing • 2006- • ”The FTC sued both operations charging that the stealthy downloads of spyware were unfair and deceptive and violated federal law. Although the companies used different techniques to direct consumers to their Web sites and implement the downloads, the FTC alleged that both operations hijacked consumers’ computers without the consumers’ knowledge or approval, secretly changed their settings, and barraged consumers with pop-up ads. The spyware and other software the defendants installed caused many computers to malfunction, slow down, or crash, causing consumers to lose data stored on their computers.”- Federal Trade Commission

  16. Smartbot.Net “Smartbot.Net, exploited a security vulnerability in Microsoft’s Internet Explorer’s Web browser in order to distribute spyware. The spyware caused the CD-ROM tray on computers to open and then issued a “FINAL WARNING!!” to computer screens with a message that said, “If your cd-rom drive’s open . . .You DESPERATELY NEED to rid your system of spyware pop-ups IMMEDIATELY! Spyware programmers can control your computer hardware if you failed to protect your computer right at this moment! Download Spy Wiper NOW!” Spy Wiper and Spy Deleter, both advertised anti-spyware products the defendants promoted, sold for $30.” Federal Trade Commission Smartbot.net ordered to give up over $4,000,000.00 in “ill-gotten gains”

  17. Odysseus Marketing “FTC charged that Odysseus Marketing (Walter Rines), lured consumers to their Web site by advertising bogus software they claimed would allow users to engage in anonymous peer-to-peer file sharing. According to the FTC, the spyware and other software bundled with it hijacked search engines and reformatted search engine results, placing Rines’ clients first. The FTC later amended its complaint, charging that the defendants also distributed their spyware by exploiting security vulnerabilities in Internet Explorer and other applications, and that the defendants’ spyware captured consumers’ personal information, including their names, addresses, e-mail addresses, telephone numbers, Internet browsing and shopping history, and information about their online transactions. Once captured, the information was transmitted to the defendants’ Internet servers, where they compiled the information into a database in order to sell access to the data.” Odysseus Marketing ordered to give up over $1,000,000.00

  18. Other ways they trick you- • Scareware leaves computer users open to attack in three different ways. • First, people spend money on software they believe is protecting their PC from viruses, but is actually fake. Virus and Spyware software is one of the most common types “fake” software you can download. • Second, the programs are often malicious, allowing thieves to raid personal computers for financial and personal details that can then be traded or sold on the web. • Often use the same fonts and style as Microsoft or any other well known software provider. • The ads tell a user that his or her computer’s security has been compromised. • Ask you to “Unlock full version” once downloaded, by entering you credit card information.

  19. Microsoft Fonts-

  20. “Pop-Under Exploit” method • Users who are visiting a legitimate website are presented with a download request that appears to have been generated from that site. • The download request was actually launched from a web page that is hidden beneath the legitimate site. • It is likely that the user, who cannot easily view the underlying web page, will assume that the request came from the legitimate site and may choose to download the software for this reason. • Download takes place, user opens a program containing malicious software.

  21. “Ways to Lessen the Threat” • Use security software. • Use an updated web browser. • Research software before you download. • Research the site your downloading from . • Scan files before you open them with known legitimate software. • Read all security warnings, license agreements, and privacy statements associated with any software you download. • Remember: Virus scan software is some of the most common malicious software for downloading.

  22. “Prepare before it happens” • Create backups. • Backing-up is how a user prepares for the worst. • Backing up means: Saving copies of your important work files, music, photos etc… on CD or separate drives. • This way, if you ever experience the extreme spyware circumstance of having to reformat your hard drive, you can at least recover your important files.

  23. References http://www.microsoft.com/presspass/exec/friedberg/04-29Spyware.mspx http://www.online.tusc.k12.al.us/tutorials/viruses/viruses.htm http://www.changedetect.com/changedetect/member/benefits-detail.asp?bookmark=no-virus-risk http://www.antispywarecoalition.org/documents/definitions.htm http://www.ftc.gov/opa/2006/05/seismic.shtm http://www.physorg.com/news158396026.html http://technology.timesonline.co.uk/tol/news/tech_and_web/article6880746.ece

More Related