Home PC Security What PC Users and Law Enforcement Should Know Printing with “Notes” enabled with provide a script for each slide Bob Samson 11/20/2004

What is the Problem?  Hardware architecture of a PC  Complexity of computer software  Anonymity of the Internet  High speed connections  Dial up connections  Wireless connections

Hardware Architecture of a PC  There are 65,535 open ports on every Intel-based PC  Only a few ports are probably necessary for the average home user  Port 25 – SMTP Simple Mail Transport Protocol is used for sending  Port 53 – DNS Domain Name Server translates URLs into IP Addresses  Port 67/68 - When an ISP uses DHCP (Dynamic Host Configuration Protocol) to assign IP addresses when you logon  Port 80 - Your main Internet Connection  Port 110 – POP3 Post Office Protocol version 3 for retrieving  Games, the use of instant messaging, or other business uses all may add a few additional ports to this list

Complexity of Computer Software  Windows has about 40 million lines of code (instructions)  By the year 2010, Windows is projected to grow to 100 million lines of code  A Carnegie Mellon University study found that a programmer makes an error every 1,000 lines of code.  That means just in Windows, there are probably 40,000 errors. If you consider all of the other application software that runs on the average PC, there are hundreds of thousands of errors that can be exploited by computer hackers so that they can gain entry into your computer

Anonymity of the Internet  When you are connected to the Internet, you are only known by a numeric Internet Protocol address  IP Addresses are not a reliable source of identification (they can easily be changed)  There is no way to identify a physical location from an IP address  Since the Internet is a network of millions of interconnected computers, it is easy to hide one’s “trail” behind the numerous points of interconnection  There are three sources of hackers: geeks; socially deprived intellects; terrorists - all pose a threat

High Speed Connections  DSL and cable connections pose a greater risk than telephone modems because they process data more quickly  Without a firewall, anyone in the world can gain access to your computer [easily!]  If you have more than one computer and share files between them, every file may also shared with the world unless you have a firewall  Peer-to-Peer programs like Kazaa, Gnutella used to swap music files can share more than you intended such as password files  Leave your computer open to the world wide web, add a few web pages to your files and you can easily find your private files indexed and accessible through search engines such as Google

Dial Up Connections  Dial up connections or modems have risks associated with them  Risks include the hijacking of one’s telephone for generating bogus long distance charges  Be thoroughly familiar with spyware and how to avoid it  Never leave your PC on unattended while connected to your modem

Wireless Connections  If you can connect without a wire, your neighbor’s high school computer wizard can also connect to your computer and your Internet connection  A wireless network must have:  Encryption of the signal/connection  Data encryption may also be required for additional protection  Strong log in and password rules for your computer are a must  Don’t let children use the wireless feature to hide and connect to the Internet - use it to keep them in the accompaniment of an adult

What you risk when connected  Personal Information  Reputation  Financial resources (Identity Theft)

Personal Information  Surfing habits can be tracked so a profile of your interests developed for marketing purposes  Your address book and the addresses of all your friends can be copied  Financial information like bank records, tax records, social security numbers, etc. can be stolen  Information can be corrupted or deleted by a virus  Read those Privacy Policies - you could be giving up your personal information

Reputation  Your computer can be used to send Spam without your knowledge  Your address book containing all of your contacts can be ed pornographic content

Financial Resources  $53 billion dollars was lost in 2003 through identity theft  27.3 million Americans in the last 5 years reported that personal information was stolen [Identity Theft]  The cost to victims for recovery of their good name in 2003 was $5 million  In the last year, nearly 2 million Americans had their checking accounts raided by criminals

No One is Safe Even the unborn and the dead can be victims of identity theft

What can you do?  Use anti-virus software  Use a firewall  Learn about patch management  Change your behavior  Be careful with online purchases

Anti-virus Software  Purchase an anti-virus application to protect your computer  Update frequently - better yet, use anti-virus software that will update automatically  Stay alert to virus trends - the media is an excellent source of pending attacks

Use a Firewall  At a minimum, use a software firewall (port blocker)  Use a hardware firewall if you connect to the Internet via a cable modem or DSL  Both a software and hardware firewall together offer the best protection  Block as many ports as you can - this may mean that you cannot play some Internet Games

Learn About Patch Management  Patch management means updating software frequently with the changes that manufactures add to improve security  Software updates are usually free  Microsoft provides automatic updates as a service to their customers  If you are using Windows 95 or older, stop and upgrade - the older versions are no longer supported and leave you vulnerable  If you have to re-install software for any reason, you must update it again because the patches will be missing

Change Your Behavior  Don’t use illegal copies of software - it can be loaded with viruses and spyware and besides it is wrong to steal!  Don’t surf questionable web sites - Pornographic sites are one of the biggest sources for web bugs and spyware  Update your software frequently (patch management)  Never send credit card data in an - s should always be considered unsecured  Don’t open attachments without understanding that these are the largest cause of viruses - Even opening an attachment from a trusted address is not safe (your friend could have been infected and had their address book stolen)

Dangerous Extensions  ADE Microsoft Access Project Extension  MDB Microsoft Access Application  ADP Microsoft Access Project  MDE Microsoft Access  MDE Database  BAS Visual Basic® Class Module  MSC Microsoft Common Console Document  BAT Batch File MSI Windows Installer Package  CHM Compiled  HTML Help File  MSP Windows Installer Patch  CMD Windows NT® Command Script  MST Visual Test Source File  COM MS-DOS® Application  PCD Photo CD Image  CPL Control Panel Extension  PIF Shortcut to MS-DOS Program  CRT Security Certificate  REG Registration Entries  EXE Application  SCR Screen Saver  HLP Windows® Help File  SCT Windows Script Component  HTA HTML Applications  SHS Shell Scrap Object  INF Setup Information File  URL Internet Shortcut (Uniform Resource Locator)  INS Internet Communication Settings  VB VBScript File  ISP Internet Communication Settings  VBE VBScript Encoded Script File  JS JScript® File  VBS VBScript Script File  JSE JScript Encoded Script File  WSC Windows Script Component  LNK Shortcut  WSF Windows Script File  WSH Windows Scripting Host Settings File  ZIP Compressed File Format

Watch Out for Phishing  s from legitimate companies are copied to trick consumers into providing confidential information  Passwords  Credit card numbers and expiration dates  Banking account numbers  Even experts cannot tell by looking at the messages or the web site that you are directed to that this message is a forgery  Understand that no legitimate company ever asks you to validate personal information via an in this way  Never respond, even if you do business with the company. If you are concerned, call them first!

Do Not Join Social Networks  “Social Networks” are services joined to help you remember addresses and phone numbers  Some companies are Plaxo, Friendster, Tickle and others  You risk your personal information, privacy and the information contained in your own computer’s address book  Remember, joining free services will expose your information and possibly the information stored on your computer to misuse and theft

Change Your Behavior continued  Make backups of important information stored on your computer  Don’t download browser add-ons and other software from unknown sources - this is an easy way to give your personal information to anyone through spyware or adware  Set your browser’s security and privacy settings to protect you from 3rd party cookies - these are used to track you  Be careful of HTML - it can contain web bugs and spyware  Learn how to identify a “secured” web page - Never send your personal information over an unsecured web page  AND… Don’t click on “Unsubscribe” links

Change Your Behavior continued  Disable Java and ActiveX in your browser - These can be used to steal information from your computer  For Windows XP users, don’t log in with ADMINISTRATIVE RIGHTS  Use complex passwords created from phrases  Example: MwaiJ10 (My wedding anniversary is June 10 th )  Example: Gmlogmd1775 (Give me liberty or give me death 1775)  Learn how to tell if a web page is secure

What About SPAM?  Two Thirds of all is SPAM  One of the largest sources of SPAM is infected home computers  Trojan programs hijacking computers to send others SPAM (zombies)  Beware of spyware/adware and Trojan programs  Disguised as free programs, they track your surfing activities  Don’t use music download sites like KaZaA, GrokSter, Imesh  Free Screen Savers are a source of spyware  If your computer becomes infected, your Internet Service Provider may turn off your capability until you fix it

Be Smart About Online Purchases  Selling or purchasing online through groups like eBay carry risks  40% of all credit card fraud is committed by criminals overseas  The top five offending countries are:  Yugoslavia  Nigeria  Romania  Pakistan  Indonesia  Many con artists hide the real country of origin  Use protection services  Never pay with a check card or debit card - only true credit cards with online protection

Where to go for help  Your local computer store  Microsoft’s web site  A knowledgeable and trusted friend  Community Services  Senior community centers  Community college classes  State and Federal fraud assistance web sites  Your local police department (when you suspect that a crime has been committed)

Remember If you don’t bother to protect your computer, your privacy and your information, you are a victim just waiting for the crime to happen.