Developing E-Learning Content
Total Page:16
File Type:pdf, Size:1020Kb
Unit Notes ICASAS206A - Detect and protect from spam and destructive software
Topic 1 – Detect and remove destructive software © Copyright, 2018 by TAFE NSW - North Coast Institute
Date last saved: 13 August 2013 by Rod Version: 1.0 # of Pages = 21 MillerJackson, Cassandra
Copyright of this material is reserved to the Crown in the right of the State of New South Wales. Reproduction or transmittal in whole, or in part, other than in accordance with the provisions of the Copyright Act, is prohibited without written authority of TAFE NSW - North Coast Institute. Disclaimer: In compiling the information contained within, and accessed through, this document ("Information") DET has used its best endeavours to ensure that the Information is correct and current at the time of publication but takes no responsibility for any error, omission or defect therein. To the extent permitted by law, DET and its employees, agents and consultants exclude all liability for any loss or damage (including indirect, special or consequential loss or damage) arising from the use of, or reliance on, the Information whether or not caused by any negligent act or omission. If any law prohibits the exclusion of such liability, DET limits its liability to the extent permitted by law, to the re-supply of the Information. Third party sites/links disclaimer: This document may contain website contains links to third party sites. DET is not responsible for the condition or the content of those sites as they are not under DET's control. The link(s) are provided solely for your convenience and do not indicate, expressly or impliedly, any endorsement of the site(s) or the products or services provided there. You access those sites and use their products and services solely at your own risk.
Page 2 of 22 ICASAS206A - Detect and protect from spam and destructive software Table of Contents Getting Started with ICASAS206A - Detect and protect from spam and destructive software4 About this Unit 5 Topic 1 - Detect and remove destructive software 6 1.1 Learning Activity – Check your protection software (Windows users)...... 12 1.2 Learning Activity – Check for installed Service Packs (Windows users)...... 13 1.3 Learning Activity – Run the Windows Malicious Software Removal Tool (Windows users)...... 15 1.4 Learning Activity – Make sure you are using Updated Anti-Virus Software.....15 1.5 Learning Activity – Make sure you are using Updated Anti-Virus Software.....15 1.6 Learning Activity – Get Notified for Microsoft Security Alerts...... 17 1.7 Learning Activity – Make Sure the Patch is Installed...... 17 Check Your Understanding...... 18 Glossary of Terms...... 19
Page 3 of 22 ICASAS206A - Detect and protect from spam and destructive software Getting Started with ICASAS206A - Detect and protect from spam and destructive software In this unit, ICASAS206A - Detect and protect from spam and destructive software, you will learn how to reduce the risk of a computer's operation being affected by spam or malware. In this topic, you will learn how to deal with spam and malware, specifically to: 1. Detect and remove destructive software You will learn to identify common types of destructive software and to select and install virus protection compatible with the operating system in use, installing updates on a regular basis. You will investigate an advanced system of protection, e.g. a firewall. You will learn to configure software security settings to run virus-protection and you will also look at an example of protective software detecting and reporting on a find. 2. Identify and take action to stop spam In this topic you will learn about the common types of spam and how to configure and use a filter. You will also get some tips on how to avoid spam and report any spam to the appropriate organisation.
Suggested learning pathway; 1. Read the unit notes and terms 2. Complete learning tasks, research and activities 3. Complete and return assessment tasks
Using the Unit Notes Icons and symbols are used throughout the guide to provide quick visual references. They indicate the following:
Icon Meaning Icon Meaning ACTIVITY: An activity is ACTIVITY: A Learning listed to be completed activity requiring some physical action
WWW: A web link is listed REFLECTION: A point is to be considered and thought about more deeply
IMPORTANT: A pivotal point SEARCH: A particular item / is detailed book etc needs to be found and applied
Page 4 of 22 ICASAS206A - Detect and protect from spam and destructive software About this Unit In this unit, ICASAS206A - Detect and protect from spam and destructive software, you learn how to reduce the risk of a computer's operation being affected by spam or malware. Please read the Glossary of Terms at the end of this document to help you understand the terminology for this unit.
Malware Destructive software is referred to as malware (malicious software) and the term includes viruses, worms, logic bombs, rootkits, Trojan horses, adware, keystroke loggers and spyware. Data-stealing malware is a threat that divests victims of personal or proprietary information with the intent of monetizing stolen data through direct use or distribution. This type of malware includes key loggers, screen scrapers, spyware, adware, backdoors and bots. Malware's most common pathway from criminals or malicious developers to users is through the Internet: primarily by email and the World Wide Web. The target of malicious software can be a single computer and its operating system, a network or an application.
Spam Spam is the use of electronic messaging to send unsolicited bulk messages indiscriminately. In the year 2013 the estimated figure for spam messages will be around seven trillion! The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers which have been forced to add extra capacity to cope with the deluge. In 2013 the cost is believed to be around $600 Billion, which counts for loss of productivity, costs of software & hardware upgrades and the time taken to repair problems from malicious software.
Page 5 of 22 ICASAS206A - Detect and protect from spam and destructive software Topic 1 - Detect and remove destructive software We used to call everything a virus, however there are more precise names to further categorize malware – among them virus, worm, Trojan, spyware, malware and adware, to name a few. Infection can have a devastating effect on the functioning of stand-alone machines and networks and can cause irretrievable damage to data and other resources. It is imperative to develop mechanisms to avoid infection. Detecting malware is a very sophisticated and well-defined process. Consequently, network administrators rely often rely on third party products to manage this process.
Protection Software There is a variety of software packages available for both single device or Enterprise/Networked devices.
Single Use There are many kinds of protection available for a single use device. Among them are Avast AVG Avira Bitdefender BullGuard Emsisoft ESET NOD32 Fortinet F-Secure GData Kaspersky Kingsoft McAfee Microsoft Security Essentials Panda Cloud Qihoo 360 Sophos ThreatTrack Vipre Trend Micro Titanium
Page 6 of 22 ICASAS206A - Detect and protect from spam and destructive software Specialised software for removal such as Spybot Search & Destroy, Malwarebytes anti-malware and WinZip Malware Protector. Other specialised programs that can block certain known IP addresses of hackers, unwanted advertising companies. One program that does this is PeerBlock. PeerBlock blocks "known bad" computers from accessing yours, and vice versa. Depending on the lists you have it set up to use, you can block governments, corporations, machines flagged for anti-peer-to-peer activities, even entire countries. The down side of this is that you will have to keep an eye on the program as it can block legitimate sites just because they have possibly been used for hacking attempts.
PeerBlock – What happens when blocking TAFE website With Peerblock you can edit your lists and add or remove addresses from the lists so that you can still control which computers you can or cannot access. Multi User/Enterprise Even though small business antivirus software is usually priced on a per-user basis with a cost that is on par with individual-user products, it often gives business owners important additional features such as the ability to install and manage all installations from a central location. Some of the available products are: Bitdefender Small Business Pack Kaspersky Endpoint Security for Business F-Secure Small Business Suite Symantec Endpoint Protection G Data AntiVirus Business
Page 7 of 22 ICASAS206A - Detect and protect from spam and destructive software Webroot Secure Anywhere Business Vipre Business Premium avast! Endpoint Protection Suite Panda Security for Business Total Defense Threat Manage
Anti-Virus Software An anti-virus program works in the background and performs the following tasks: It can stop a virus before it infects your system It can warn you about the presence of malicious software It can remove a virus from the system and clean infected files The on-access/real-time scanner component of Anti-Virus software runs as a background process to check all files that are accessed, in order to protect the system continuously against malware threats. For example, on-access scanners scan files as soon as they are accessed, while behaviour blockers, web browser scanners, add a different layer of protection and monitors what the executed program does while it is running. These require background services and processes to be running to cover these tasks and take up more of the devices memory and other system resources which may slow down the device as opposed to a standalone, run once a day virus scanner. A good security program needs to be integrated & working actively deep in the system in order to protect it from malicious software. This means that it needs to be active from initial boot up to shutdown, scanning each process or program and how it interacts with the system. It is therefore important when choosing a virus scanner that protects the system from all kinds of malicious software but also that it doesn’t degrade the devices ability to function. Cleaning infected files is not always possible. This can result in the need to re-install the operating system and applications. This is drastic and time-consuming and can usually be avoided with good, regularly updated anti-virus software. The anti-virus software detects known viruses so it is important to get updates. The software usually comes with a subscription that entitles a user to online updates whenever they are available.
Tips to boost your malware defence and protect your PC 1. Install antivirus and antispyware programs from a trusted source Never download anything in response to a warning from a program you didn't install or don't recognize that claims to protect your PC or offers to remove viruses. It is highly likely to do the opposite! Get reputable anti-malware programs from a vendor you trust. (Microsoft Security Essentials offers free real-time protection against malicious software for your PC. Or, choose from a list of Microsoft partners who provide anti-malware software). Other reputable defenders include McAfee, Kaspersky, Norton’s, and AVG. Here is a link to Ad-Aware with anti-virus http://www.lavasoft.com/products/ad_aware_free.php
Page 8 of 22 ICASAS206A - Detect and protect from spam and destructive software Note: The website has an overview and describes the features of this particular product. See screenshots below.
Figure 1 - an example of Antivirus & Spyware detection tool
Figure 2 - an example of scanning a computer
Page 9 of 22 ICASAS206A - Detect and protect from spam and destructive software Figure 3 - a completed scan report
2. Update software regularly Cybercriminals are endlessly inventive in their efforts to exploit vulnerabilities in software, and many software companies work tirelessly to combat these threats. That is why you should: Regularly install updates for all your software, namely your antivirus and antispyware programs, browsers (like Windows Internet Explorer), operating systems (like Windows), and word processing and other programs. Software updates repair vulnerabilities as they are discovered. Subscribe to automatic software updates whenever they are offered—for example, you can automatically update all Microsoft software. Uninstall software that you don't use. You can remove it using Windows Control Panel. 3. Use strong passwords and keep them safe Strong passwords are at least 14 characters long and include a combination of letters, numbers, and symbols. Don't share passwords with anyone. Don’t use the same password on all sites. If it is stolen, all the information it protects is also at risk. Create different strong passwords for the router and the wireless key of your wireless connection at home. Find out how from the company that provides your router.
Page 10 of 22 ICASAS206A - Detect and protect from spam and destructive software 4. Never turn off your firewall A firewall protects networked computers from hostile intrusion. It may be a hardware device or a software programme. In either case, it has at least 2 network interfaces – one for the network or computer that it is protecting and one for the network that it is exposed to. Often the case is of a private network/computer and the Internet. A firewall prevents computers outside the protected area from gaining access. Windows Vista, Windows 7, Server 2008 and Linux all make use of software firewalls. Below is a screenshot of Windows 7 firewall settings. These can be seen in Windows Vista by clicking on Start and then Administrative Tools and then Security.
Figure 4 - Windows Firewall settings on a machine also protected by a third party application - Norton Internet Security Examine your settings. In Windows 7 type “firewall” into the “search programs and files” box at the Start button OR by activating the Control Panel and clicking on Windows Firewall. As you can see by the screen shot below, the Norton Internet Security is also installed and operating on this PC. A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a minute increases the risk that your PC will be infected with malware. 5. Use flash drive with caution Minimize the chance that you'll infect your computer with malware: Don't put an unknown flash (or thumb) drive into your PC. Hold down the SHIFT key when you insert the drive into your computer. Holding down "Shift" will keep the computer from auto-playing the device. If
Page 11 of 22 ICASAS206A - Detect and protect from spam and destructive software you forget to do this, click in the upper-right corner to close any flash drive- related pop-up windows. Don't open any files on your drive that you're not expecting.
Don't be tricked into downloading malware Follow this advice: Be very cautious about opening attachments or clicking links in email or IM (Instant Messaging), or in posts on social networks (like Facebook)—even if you know the sender. Call to ask if a friend sent it; if not, delete it or close the IM window. Avoid clicking “Agree”, “OK”, or “I Accept” in banner ads, in unexpected pop- up windows or warnings, on websites that may not seem legitimate, or in offers to remove spyware or viruses. Instead, press CTRL + F4 on your keyboard. (CTRL + F4 closes the Window) If that doesn’t close the window, press ALT + F4 on your keyboard to close the browser. If asked, close all tabs and don’t save any tabs for the next time you start the browser. Only download software from websites you trust. Be cautious of "free" offers of music, games, videos, and the like. They are notorious for including malware in the download.
1.1 Learning Activity – Check your protection software (Windows users) Check the status of the malware protection on your computer. Depending on your operating system, how you do this may vary. A good place to start on Windows machines is in the Control Panel. There is usually an icon in the system tray in the bottom right of the task bar for third party applications. Check the protection settings. This will include; how often scans are done any items to exclude from scans (some software and 3rd party applications are not compatible) boot time protection real time protection web surfing (phishing protection, malicious site watch) automatic updates email antivirus scanning; antispam. There may be more or fewer features than those listed depending on how feature- rich the 3rd party application you are using is.
Page 12 of 22 ICASAS206A - Detect and protect from spam and destructive software 1.2 Learning Activity – Check for installed Service Packs (Windows users) Check to see what version operating system you are running and what service pack/s is/are installed. To do this:
1. Click Start, and then click Run. 2. In the Run Window, type in the following run command: winver and press Enter. You will see a small pop-up window as in Figure 5 below.
Figure 5 – Operating system build and service pack OR Right Click on your computer icon on your desktop and select properties. Figure 6 below.
Figure 6 – Bringing up the system properties This will then bring up the computers system properties, showing Service Pack installed, CPU, RAM and Type of Operating system. Figure 7 below.
Page 13 of 22 ICASAS206A - Detect and protect from spam and destructive software Figure 7- Windows 7 system properties OR (for Windows Vista) 1. Click on your "Start" button in the lower-left corner. 2. Click on "Control Panel" and wait for the new window to open. Then click on the "Add/Remove" button. Wait for the information to load. 3. Scroll down to "W" in the panel. When you find the "W," you will see "Windows Service Pack" and the number of the service pack you have installed. 4. Check to see if you have the latest service pack available. Visit the Microsoft website. If you do not have the latest service pack, download it.
OR (for Windows XP) 1. Click on Start, then right-click My Computer, go down and left-click on Properties. 2. You will see a pop-up window that says System Properties, under the General tab, there is a section on the top called System. The System section will display the operating system that is currently installed on your computer and the version and the service pack.
OR 1. Another method you can try (pre-Windows 7) is to click Start, then click on Run. 2. In the Run Window, type in the following run command: msinfo32 and then press Enter. You will see a pop up window that has System Information. 3. On the left hand pane of the System Information window, make sure you have System Summary selected. On the top you will see Operating System Name and Version, which will show you the type of operating system, version, build and service pack currently installed on your computer.
Page 14 of 22 ICASAS206A - Detect and protect from spam and destructive software TIP a quick way to run the Run command is to hold down the Windows key and tap the letter R.
1.3 Learning Activity – Run the Windows Malicious Software Removal Tool (Windows users) Though it is NOT a replacement for an anti-virus product, the Windows Malicious Software Removal Tool will remove specific malicious software. The tool checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software— including Blaster, Sasser, and Mydoom—and helps remove any infection found. It is available free from Microsoft Downloads. Here is the link: http://www.microsoft.com/security/malwareremove/default.aspx
1.4 Learning Activity – Make sure you are using Updated Anti-Virus Software Regardless of your operating system, you should always make sure you are using Updated Anti-Virus Software. This is one of the most important steps in keeping yourself safe. You need to make sure that your anti-virus software is enabled and properly working! Here’s a quick list of what you should do upon opening your anti-virus software: Make sure your virus definition updates are automatically updated. Make sure that real-time scanning is enabled. Run a full scan (optional but useful)
1.5 Learning Activity – Make sure you are using Updated Anti-Virus Software Make sure that your copy of Windows is fully patched and Windows Updates are enabled. You cannot protect a PC against worms and hackers if you are running an out-of-date version of Windows that isn’t patched. Patching is a very important step that repairs known vulnerabilities and is key to keeping your computer safe against internet worms. 1. Open Windows Updates from the Control Panel. Note: make sure to click “Check for updates” and install every security patch recommended 2. Click the Change settings link
Page 15 of 22 ICASAS206A - Detect and protect from spam and destructive software Figure 8 - Windows Vista "Check for Updates"
Figure 9 - Windows 7 "Check for Updates" in action. Go to Control Panel\All Control Panel Items\Windows Update.
3. Make sure you have it set to check for updates automatically. Installing updates automatically is a good option.
Figure 10 - setting in Windows Vista to install updates automatically - go to Control Panel\System and Security\Windows Update\Change settings
Page 16 of 22 ICASAS206A - Detect and protect from spam and destructive software 1.6 Learning Activity – Get Notified for Microsoft Security Alerts Sign up for alerts from Microsoft whenever there is an important patch that needs to be installed. You can also check the current security bulletins at any time by visiting their security bulletin home page.
1.7 Learning Activity – Make Sure the Patch is Installed If Windows Update says that you are up to date, check for a particular patch by clicking on “View update history” on the left-hand side.
Figure 11 - viewing the update history Consider a network with 20 workstations and one server. All the workstations are used during the standard working day and on occasions Saturdays. How might you protect the network resources from virus infection?
Answer: Many people believe that virus infections are due to Internet activity but this is not necessarily the case. Users may bring CDs or USB memory sticks to the work environment and contaminate the network that way. For this reason some network managers choose to disable external drives while others choose to have completely diskless workstations. There are two basic methods to test for virus infections: 1. Virus scanning software can be installed on each machine. It should be licensed and updated from each machine to ensure up-to-date scanning. 2. Specialised virus scanning software designed for server management automatically deploys and updates all configured clients with the appropriate scanning applications.
Quick Quiz 1. What are computer viruses? a. Programmes which copy themselves b. Diseases you can catch online c. People who try to break into a computer
Page 17 of 22 ICASAS206A - Detect and protect from spam and destructive software 2. How does a computer get a virus or malware? a. From the Internet and/or email b. From dodgy software CDs or downloads c. All of the above 3. How do you spot malware in email? a. It may be something from someone you don’t know b. It may ask you to click on a link or to download an attachment c. Both of the above 4. The contents of a Trojan can be a virus or a worm. True or False
Check Your Understanding 1. I can now Identify common types of destructive software Select, install and update protection software Configure security settings
Page 18 of 22 ICASAS206A - Detect and protect from spam and destructive software Glossary of Terms
Term Definition Adware is software that loads itself onto a computer and tracks the user's browsing habits or pops up advertisements while the adware computer is in use. Adware and spyware disrupt your privacy and can slow down your computer as well as contaminate your operating system or data files backdoor an undocumented way to get access to a computer system or the data it contains also known as Crawlers or Spiders, bots are search engine programs that perform bots automated tasks on the internet – they follow links, and read through the pages in order to index the site in a search engine a digit representing the sum of the digits in an instance of digital data; used to check whether checksum errors have occurred in transmission or storage a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program click fraud imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target Disaster Recovery Plan; sometimes referred to as a business continuity plan (BCP) or business DRP process contingency plan (BPCP) - describes how an organization is to deal with potential disasters a security system consisting of a combination of hardware and software that limits the exposure of a computer firewall or computer network to attack from crackers; commonly used on local area networks that are connected to the internet a general term sometimes used as a classification for applications that behave in a manner that is annoying or undesirable but less serious or troublesome than malware; greyware encompasses spyware, adware, Greyware (grayware) dialers, joke programs, remote access tools, and any other unwelcome files and programs apart from viruses that are designed to harm the performance of computers on your network. Heuristic-based detection malicious activity detection, used to identify
Page 19 of 22 ICASAS206A - Detect and protect from spam and destructive software unknown viruses Microsoft's version of patches. Microsoft hotfix bundles hotfixes into service packs for easier installation. a form of real-time direct text-based IM (Instant Messaging) communication between two or more people using personal computers or other devices the practice of tracking (or logging) the keys struck on a keyboard, typically in a covert keystroke logger manner so that the person using the keyboard is unaware that their actions are being monitored set of instructions inserted into a program that are designed to execute (or `explode') if a particular condition is satisfied; when exploded it may delete or corrupt data, or print a logic bombs spurious message, or have other harmful effects; it could be triggered by a change in a file, by a particular input sequence to the program, or at a particular time or date. With the rise of the Microsoft Windows platform in the 1990s, and the flexible macros of its applications, it became possible to write infectious code in the macro language of Macro virus Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications (executables), but rely on the fact that macros in a Word document are a form of executable code. short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent; hostile, malware intrusive, or annoying software; examples of malware include viruses, worms, Trojan horses, and spyware. a program that makes changes to software installed on a computer. Software companies patches issue patches to fix bugs in their programs, address security problems, or add functionality. the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an phishing electronic communication such as sending email that falsely claims to be from a legitimate organization or through the use of an illegal web site (or a simple page) with the same 'look and feel' as a legitimate site a type of malware that is designed to gain rootkit administrative-level control over a computer system without being detected
Page 20 of 22 ICASAS206A - Detect and protect from spam and destructive software To extract data from (a source such as a Screen-scrape webpage) by picking it out from among the human-readable content a collection of updates, fixes and/or service packs enhancements to a software program delivered in the form of a single installable package searching for known patterns of data within Signature-based detection executable code the abuse of electronic messaging to send SPAM unsolicited bulk messages indiscriminately. software that obtains information from a user's spyware computer without the user's knowledge or consent A Trojan, as the name implies, secretly carries often-damaging software in the guise of an Trojan horse innocuous program, often in an email attachment. a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to Virus other types of malware, adware, and spyware programs that do not have the reproductive ability.
Page 21 of 22 ICASAS206A - Detect and protect from spam and destructive software Write Once, Read Many (alternatively Write One, Read Multiple or WORM); a software program capable of reproducing itself that can spread from one computer to the next over a WORM network; WORMs take advantage of automatic file sending and receiving features found on many computers; self-replicating Malware computer program; An infected computers used as a proxy to send zombie out spam messages
Page 22 of 22 ICASAS206A - Detect and protect from spam and destructive software