Chapter Nine Protecting Your Computer Spreading the Disease
Total Page:16
File Type:pdf, Size:1020Kb
Chapter Nine Protecting Your Computer Spreading the Disease Introduction This chapter ends our third module. The last chapter concentrated on the safety of Internet users and this chapter tidies up a few loose ends. It then moves on to concentrate on the security of our computer’s hardware. This will complete our look at computer hardware begun in module 2. Antivirus Email Plaintext Browser Hijacking Encryption Safe Mode Cipher https Secure Sites Cryptography Malware Throwaway Email Decryption Padlock Virus Email Safety Why should you not send email messages that you would not want to see on the cover of a newspaper? Are email messages archived? Why is it a good idea to have a “throwaway email account”? Why should you not open emails from people you do not know? Email can prove valuable in various circumstances; however, it also poses some threats. Unless you are encrypting your email, do not send anything in your email that you would not want to see on the front page of a newspaper. Email messages are archived on mail servers accessible to others through legal means such as a subpoena. (For more information on encryption and specific applications for email, check the cryptography section of this chapter.) Even if you do encrypt your emails, be careful what you say in them because you do not have control over what the recipient does with them. They may decide to print them out and give copies to passersby on the street. Perhaps they work for a government agency whose emails fall under the open records law, allowing the public to request copies. Moreover, remember that email servers archive email messages. It is worthwhile to consider having a throwaway email account. This is an account used when you must provide an email account to sign up for access to a forum or other Internet resource. An online account, such as Yahoo, Hotmail, etc. would be perfect for this application. This way all of the spam, or junk mail, you normally begin receiving after giving out your email address to access a desired service, comes to this throwaway account which you do not really care about. This leaves your main email account through which you carry out your business, relatively uncluttered. One final observation related to email. Often criminals send emails with innocent looking attachments that appear to be documents or photographs. However, when you click on the attachment to open it, something like a virus, spyware, or browser hijacker is installed on your computer. For this reason, your author does not open emails from people that he does not know. If they are from websites, it has to be from a website with which your author has done business. In either case, if the email subject field is blank, I simply delete the email. If it is something truly important, they will call or resend the email. If you follow this policy, informing your friends how you treat emails with blank subject fields, they will become meticulous about filling in an email’s subject field. To be meticulous is to be extremely careful and precise about how you do things. “Encarta Dictionary: English (North America),” accessed 7/22/2014. Secure Sites A web browser can send our sensitive information in a secure manner. What two things can we check to verify it is being done? What is the difference between a URL beginning with http and one beginning with https? When a website asks for sensitive information such as a password or credit card numbers, it is important that your information be transmitted in a secure manner. (The first exercise in this chapter shows one way we can transmit information such as passwords securely.) The secure method is for the website to encrypt your information so it travels the Internet in a coded form. What can we check to insure the website to which we are sending our information is secure? The first thing to check is the Figure 1 Padlock and HTTPS in Web Browser URL address of the website (see Figure 1). Normally the website’s address begins with http; however, when it asks you to enter sensitive information the address should begin with https. The https tells you that it is a secure connection. A second thing to look for is a padlock icon appearing in your web browser when you are securely connected to a website. In Internet Explorer and Mozilla Firefox, it appears in the URL area of the browser window. The padlock is not just a picture; it is a clickable link showing information about the website’s security. Cryptography What is cryptography? What is the name of the free program that can be used to encrypt your emails? Was email created to be secure? What are the potential downsides of encrypting documents on your computer? Cryptography is the taking of a plaintext message, and using some form of key to encrypt the plaintext, creating a cipher message (see figure 2). This example merely takes the plaintext message, shifts each letter to the right one space in the alphabet, and outputs the ciphertext as the result. A cipher based upon such a shift is known as a Caesar cipher. How does the recipient read the ciphertext that they receive? A valid recipient of the message, will have the necessary key to decrypt the message (i.e. convert it back to plaintext). (See figure 3 for an illustration of the decryption process.) Figure 2 Using Key to Convert Plaintext to Ciphertext The PGP program can be used to encrypt your email messages. However, the headings of your email cannot be encrypted and thus not only the path taken by your email, but also the Figure 3 Using Key to Convert Ciphertext to Plaintext sender and recipient information remain plaintext. This information, even when you encrypt the message, can reveal a lot to interested parties. Moreover, you have no control over what the recipient does with your email. Even if the email was encrypted, once Plaintext – Plaintext is the normal, everyday text that is easy the recipient decrypts it you no longer have to read. Encrypt – When you encrypt a control of it. If someone breaks into their message, you take the plaintext and apply a key to it. This key changes the plaintext into the computer, someone steals their computer, or ciphertext, which is unreadable without the correct key. they decide to share your email with others, Key – A key is some sort of function used to convert a you are toast. In summary, do not send plaintext message into an unreadable ciphertext or just the anything in email that you would not want to opposite. Ciphertext – This is the see being talked about on television or in a unreadable form of a message that is created by applying a key to the plaintext. newspaper. Email was not created to be Decrypt – When you decrypt a message, you take the ciphertext secure. and apply a key to it. This key changes the unreadable ciphertext into the plaintext which can be You can use software to encrypt the read. documents that you save on your computer’s hard drive. Depending on how you use your computer, this might be a good idea. However, you will have to wait for your documents to be decrypted before you can use them, to be encrypted before you can shut your computer off, and risk the loss of your password. Without the password, your documents would be gone forever. Browser Hijacking What is browser hijacking? How can we deal with browser hijacking? How do we enter “Safe Mode”? What are the three Safe Mode options available and when might you use each one? Have you ever opened your web browser and a homepage pops up that you have never seen before? When you search, it directs you to a page with links to retail or pornography websites. You decide to change your homepage back and go into your web browser settings or the add/remove programs portion of the Windows Control Panel. If listed in these places, you uninstall the rogue toolbars or reset your homepage; however, the next time you restart your computer it is back! Other times, it does not appear in these locations and you are at a loss as how to deal with it. What you have just experienced is browser hijacking. Without your permission, malware, spyware, or a virus has replaced your homepage or search page with its own. The process for dealing with browser hijacking is similar to that of dealing with spyware and viruses. Boot your computer into safe mode. (Figure 4 shows Figure 4 Menu Used to Reach Safe Mode the Windows Advanced Options Menu used to select Safe Mode in versions of Windows before Windows 8. (If you have Windows 8 or 10, skip down to the next section, Safe Mode in Windows Eight & Ten.) To reach this menu, hold down the F8 key while your computer is booting to Windows. (Note that some systems will see this as a frozen key and default to an error message. On these systems, it is necessary to tap the F8 key repeatedly while the system is booting.) In Figure 4, notice the option to boot to your Last Known Good Configuration. You can try this to help with the browser hijacking problem as well as other problems. It is a good option to keep in mind. However, this usually does not help with browser hijacking. Safe Mode is a state where a limited number of window’s drivers and other programs are loaded.