Developing e-learning content - WordPress.com · Web viewGet reputable anti-malware programs from a...

Unit NotesICASAS206A - Detect and protect from

spam and destructive software

Topic 1 – Detect and remove destructive software

© Copyright, 2023 by TAFE NSW - North Coast Institute

Date last saved: 13 August 2013 by Rod Miller Version: 1.0 # of Pages = 21

Copyright of this material is reserved to the Crown in the right of the State of New South Wales. Reproduction or transmittal in whole, or in part, other than in accordance with the provisions of the Copyright Act, is prohibited without written authority of TAFE NSW - North Coast Institute.

Disclaimer: In compiling the information contained within, and accessed through, this document ("Information") DET has used its best endeavours to ensure that the Information is correct and current at the time of publication but takes no responsibility for any error, omission or defect therein. To the extent permitted by law, DET and its employees, agents and consultants exclude all liability for any loss or damage (including indirect, special or consequential loss or damage) arising from the use of, or reliance on, the Information whether or not caused by any negligent act or omission. If any law prohibits the exclusion of such liability, DET limits its liability to the extent permitted by law, to the re-supply of the Information.

Third party sites/links disclaimer: This document may contain website contains links to third party sites. DET is not responsible for the condition or the content of those sites as they are not under DET's control. The link(s) are provided solely for your convenience and do not indicate, expressly or impliedly, any endorsement of the site(s) or the products or services provided there. You access those sites and use their products and services solely at your own risk.

Page 2 of 21

ICASAS206A - Detect and protect from spam and destructive software

Table of ContentsGetting Started with ICASAS206A - Detect and protect from spam and destructive software4About this Unit 5Topic 1 - Detect and remove destructive software 6

1.1 Learning Activity – Check your protection software (Windows users)..............12

1.2 Learning Activity – Check for installed Service Packs (Windows users)..........13

1.3 Learning Activity – Run the Windows Malicious Software Removal Tool (Windows users).....................................................................................................15

1.4 Learning Activity – Make sure you are using Updated Anti-Virus Software.....15

1.5 Learning Activity – Make sure you are using Updated Anti-Virus Software.....15

1.6 Learning Activity – Get Notified for Microsoft Security Alerts...........................17

1.7 Learning Activity – Make Sure the Patch is Installed........................................17

Check Your Understanding.....................................................................................18

Glossary of Terms...................................................................................................19

Page 3 of 21


Getting Started with ICASAS206A - Detect and protect from spam and destructive softwareIn this unit, ICASAS206A - Detect and protect from spam and destructive software, you will learn how to reduce the risk of a computer's operation being affected by spam or malware.

In this topic, you will learn how to deal with spam and malware, specifically to:

1. Detect and remove destructive softwareYou will learn to identify common types of destructive software and to select and install virus protection compatible with the operating system in use, installing updates on a regular basis. You will investigate an advanced system of protection, e.g. a firewall. You will learn to configure software security settings to run virus-protection and you will also look at an example of protective software detecting and reporting on a find.

2. Identify and take action to stop spamIn this topic you will learn about the common types of spam and how to configure and use a filter. You will also get some tips on how to avoid spam and report any spam to the appropriate organisation.

Suggested learning pathway;1. Read the unit notes and terms

2. Complete learning tasks, research and activities

3. Complete and return assessment tasks

Using the Unit NotesIcons and symbols are used throughout the guide to provide quick visual references. They indicate the following:

Icon Meaning Icon MeaningACTIVITY: An activity is listed to be completed

ACTIVITY: A Learning activity requiring some physical action

WWW: A web link is listed REFLECTION: A point is to be considered and thought about more deeply

IMPORTANT: A pivotal point is detailed

SEARCH: A particular item / book etc needs to be found and applied

Page 4 of 21


About this UnitIn this unit, ICASAS206A - Detect and protect from spam and destructive software, you learn how to reduce the risk of a computer's operation being affected by spam or malware.

Please read the Glossary of Terms at the end of this document to help you understand the terminology for this unit.

MalwareDestructive software is referred to as malware (malicious software) and the term includes viruses, worms, logic bombs, rootkits, Trojan horses, adware, keystroke loggers and spyware.

Data-stealing malware is a threat that divests victims of personal or proprietary information with the intent of monetizing stolen data through direct use or distribution. This type of malware includes key loggers, screen scrapers, spyware, adware, backdoors and bots. Malware's most common pathway from criminals or malicious developers to users is through the Internet: primarily by email and the World Wide Web.

The target of malicious software can be a single computer and its operating system, a network or an application.

SpamSpam is the use of electronic messaging to send unsolicited bulk messages indiscriminately. In the year 2013 the estimated figure for spam messages will be around seven trillion! The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers which have been forced to add extra capacity to cope with the deluge. In 2013 the cost is believed to be around $600 Billion, which counts for loss of productivity, costs of software & hardware upgrades and the time taken to repair problems from malicious software.

Page 5 of 21


Topic 1 - Detect and remove destructive softwareWe used to call everything a virus, however there are more precise names to further categorize malware – among them virus, worm, Trojan, spyware, malware and adware, to name a few.

Infection can have a devastating effect on the functioning of stand-alone machines and networks and can cause irretrievable damage to data and other resources. It is imperative to develop mechanisms to avoid infection. Detecting malware is a very sophisticated and well-defined process. Consequently, network administrators rely often rely on third party products to manage this process.

Protection SoftwareThere is a variety of software packages available for both single device or Enterprise/Networked devices.

Single UseThere are many kinds of protection available for a single use device. Among them are

Avast

AVG

Avira

Bitdefender

BullGuard

Emsisoft

ESET NOD32

Fortinet

F-Secure

GData

Kaspersky

Kingsoft

McAfee

Microsoft Security Essentials

Panda Cloud

Qihoo 360

Sophos

ThreatTrack Vipre

Trend Micro Titanium

Specialised software for removal such as Spybot Search & Destroy, Malwarebytes anti-malware and WinZip Malware Protector.

Page 6 of 21


Other specialised programs that can block certain known IP addresses of hackers, unwanted advertising companies. One program that does this is PeerBlock. PeerBlock blocks "known bad" computers from accessing yours, and vice versa. Depending on the lists you have it set up to use, you can block governments, corporations, machines flagged for anti-peer-to-peer activities, even entire countries. The down side of this is that you will have to keep an eye on the program as it can block legitimate sites just because they have possibly been used for hacking attempts.

PeerBlock – What happens when blocking TAFE websiteWith Peerblock you can edit your lists and add or remove addresses from the lists so that you can still control which computers you can or cannot access.

Multi User/EnterpriseEven though small business antivirus software is usually priced on a per-user basis with a cost that is on par with individual-user products, it often gives business owners important additional features such as the ability to install and manage all installations from a central location. Some of the available products are:

Bitdefender Small Business Pack

Kaspersky Endpoint Security for Business

F-Secure Small Business Suite

Symantec Endpoint Protection

G Data AntiVirus Business

Webroot Secure Anywhere Business

Vipre Business Premium

Page 7 of 21


avast! Endpoint Protection Suite

Panda Security for Business

Total Defense Threat Manage

Anti-Virus SoftwareAn anti-virus program works in the background and performs the following tasks:

It can stop a virus before it infects your system

It can warn you about the presence of malicious software

It can remove a virus from the system and clean infected files

The on-access/real-time scanner component of Anti-Virus software runs as a background process to check all files that are accessed, in order to protect the system continuously against malware threats. For example, on-access scanners scan files as soon as they are accessed, while behaviour blockers, web browser scanners, add a different layer of protection and monitors what the executed program does while it is running. These require background services and processes to be running to cover these tasks and take up more of the devices memory and other system resources which may slow down the device as opposed to a standalone, run once a day virus scanner.

A good security program needs to be integrated & working actively deep in the system in order to protect it from malicious software. This means that it needs to be active from initial boot up to shutdown, scanning each process or program and how it interacts with the system.

It is therefore important when choosing a virus scanner that protects the system from all kinds of malicious software but also that it doesn’t degrade the devices ability to function.

Cleaning infected files is not always possible. This can result in the need to re-install the operating system and applications. This is drastic and time-consuming and can usually be avoided with good, regularly updated anti-virus software. The anti-virus software detects known viruses so it is important to get updates. The software usually comes with a subscription that entitles a user to online updates whenever they are available.

Tips to boost your malware defence and protect your PC1. Install antivirus and antispyware programs from a trusted source

Never download anything in response to a warning from a program you didn't install or don't recognize that claims to protect your PC or offers to remove viruses. It is highly likely to do the opposite!

Get reputable anti-malware programs from a vendor you trust. (Microsoft Security Essentials offers free real-time protection against malicious software for your PC. Or, choose from a list of Microsoft partners who provide anti-malware software). Other reputable defenders include McAfee, Kaspersky, Norton’s, and AVG.

Here is a link to Ad-Aware with anti-virus http://www.lavasoft.com/products/ad_aware_free.phpNote: The website has an overview and describes the features of this particular product. See screenshots below.

Page 8 of 21


http://www.lavasoft.com/products/ad_aware_free.php

Figure 1 - an example of Antivirus & Spyware detection tool

Figure 2 - an example of scanning a computer

Page 9 of 21


Figure 3 - a completed scan report

2. Update software regularlyCybercriminals are endlessly inventive in their efforts to exploit vulnerabilities in software, and many software companies work tirelessly to combat these threats. That is why you should:

Regularly install updates for all your software, namely your antivirus and antispyware programs, browsers (like Windows Internet Explorer), operating systems (like Windows), and word processing and other programs. Software updates repair vulnerabilities as they are discovered.

Subscribe to automatic software updates whenever they are offered—for example, you can automatically update all Microsoft software.

Uninstall software that you don't use. You can remove it using Windows Control Panel.

3. Use strong passwords and keep them safe Strong passwords are at least 14 characters long and include a

combination of letters, numbers, and symbols.

Don't share passwords with anyone.

Don’t use the same password on all sites. If it is stolen, all the information it protects is also at risk.

Create different strong passwords for the router and the wireless key of your wireless connection at home. Find out how from the company that provides your router.

Page 10 of 21


4. Never turn off your firewallA firewall protects networked computers from hostile intrusion. It may be a hardware device or a software programme. In either case, it has at least 2 network interfaces – one for the network or computer that it is protecting and one for the network that it is exposed to. Often the case is of a private network/computer and the Internet. A firewall prevents computers outside the protected area from gaining access. Windows Vista, Windows 7, Server 2008 and Linux all make use of software firewalls.

Below is a screenshot of Windows 7 firewall settings. These can be seen in Windows Vista by clicking on Start and then Administrative Tools and then Security.

Figure 4 - Windows Firewall settings on a machine also protected by a third party application - Norton Internet Security

Examine your settings. In Windows 7 type “firewall” into the “search programs and files” box at the Start button OR by activating the Control Panel and clicking on Windows Firewall. As you can see by the screen shot below, the Norton Internet Security is also installed and operating on this PC.

A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a minute increases the risk that your PC will be infected with malware.

5. Use flash drive with caution Minimize the chance that you'll infect your computer with malware:

Don't put an unknown flash (or thumb) drive into your PC.

Hold down the SHIFT key when you insert the drive into your computer. Holding down "Shift" will keep the computer from auto-playing the device. If

Page 11 of 21


you forget to do this, click in the upper-right corner to close any flash drive-related pop-up windows.

Don't open any files on your drive that you're not expecting.

Don't be tricked into downloading malwareFollow this advice:

Be very cautious about opening attachments or clicking links in email or IM (Instant Messaging), or in posts on social networks (like Facebook)—even if you know the sender. Call to ask if a friend sent it; if not, delete it or close the IM window.

Avoid clicking “Agree”, “OK”, or “I Accept” in banner ads, in unexpected pop-up windows or warnings, on websites that may not seem legitimate, or in offers to remove spyware or viruses.

Instead, press CTRL + F4 on your keyboard. (CTRL + F4 closes the Window)

If that doesn’t close the window, press ALT + F4 on your keyboard to close the browser. If asked, close all tabs and don’t save any tabs for the next time you start the browser.

Only download software from websites you trust. Be cautious of "free" offers of music, games, videos, and the like. They are notorious for including malware in the download.

1.1 Learning Activity – Check your protection software (Windows users)Check the status of the malware protection on your computer. Depending on your operating system, how you do this may vary. A good place to start on Windows machines is in the Control Panel. There is usually an icon in the system tray in the bottom right of the task bar for third party applications. Check the protection settings. This will include;

how often scans are done

any items to exclude from scans (some software and 3rd party applications are not compatible)

boot time protection

real time protection

web surfing (phishing protection, malicious site watch)

automatic updates

email antivirus scanning; antispam.

There may be more or fewer features than those listed depending on how feature-rich the 3rd party application you are using is.

Page 12 of 21


1.2 Learning Activity – Check for installed Service Packs (Windows users)Check to see what version operating system you are running and what service pack/s is/are installed. To do this:

1. Click Start, and then click Run.

2. In the Run Window, type in the following run command: winver and press Enter. You will see a small pop-up window as in Figure 5 below.

Figure 5 – Operating system build and service packOR Right Click on your computer icon on your desktop and select properties. Figure 6 below.

Figure 6 – Bringing up the system propertiesThis will then bring up the computers system properties, showing Service Pack installed, CPU, RAM and Type of Operating system. Figure 7 below.

Page 13 of 21


Figure 7- Windows 7 system propertiesOR (for Windows Vista)

1. Click on your "Start" button in the lower-left corner.

2. Click on "Control Panel" and wait for the new window to open. Then click on the "Add/Remove" button. Wait for the information to load.

3. Scroll down to "W" in the panel. When you find the "W," you will see "Windows Service Pack" and the number of the service pack you have installed.

4. Check to see if you have the latest service pack available. Visit the Microsoft website. If you do not have the latest service pack, download it.

OR (for Windows XP)

1. Click on Start, then right-click My Computer, go down and left-click on Properties.

2. You will see a pop-up window that says System Properties, under the General tab, there is a section on the top called System. The System section will display the operating system that is currently installed on your computer and the version and the service pack.

OR

1. Another method you can try (pre-Windows 7) is to click Start, then click on Run.

2. In the Run Window, type in the following run command: msinfo32 and then press Enter. You will see a pop up window that has System Information.

3. On the left hand pane of the System Information window, make sure you have System Summary selected. On the top you will see Operating System Name and Version, which will show you the type of operating system, version, build and service pack currently installed on your computer.

Page 14 of 21


TIP a quick way to run the Run command is to hold down the Windows key and tap the letter R.

1.3 Learning Activity – Run the Windows Malicious Software Removal Tool (Windows users)Though it is NOT a replacement for an anti-virus product, the Windows Malicious Software Removal Tool will remove specific malicious software. The tool checks computers running Windows 7, Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. It is available free from Microsoft Downloads.

Here is the link: http://www.microsoft.com/security/malwareremove/default.aspx

1.4 Learning Activity – Make sure you are using Updated Anti-Virus SoftwareRegardless of your operating system, you should always make sure you are using Updated Anti-Virus Software. This is one of the most important steps in keeping yourself safe. You need to make sure that your anti-virus software is enabled and properly working!

Here’s a quick list of what you should do upon opening your anti-virus software:

Make sure your virus definition updates are automatically updated.

Make sure that real-time scanning is enabled.

Run a full scan (optional but useful)

1.5 Learning Activity – Make sure you are using Updated Anti-Virus SoftwareMake sure that your copy of Windows is fully patched and Windows Updates are enabled. You cannot protect a PC against worms and hackers if you are running an out-of-date version of Windows that isn’t patched. Patching is a very important step that repairs known vulnerabilities and is key to keeping your computer safe against internet worms.

1. Open Windows Updates from the Control Panel. Note: make sure to click “Check for updates” and install every security patch recommended

2. Click the Change settings link

Page 15 of 21


http://www.microsoft.com/security/malwareremove/default.aspx

Figure 8 - Windows Vista "Check for Updates"

Figure 9 - Windows 7 "Check for Updates" in action. Go to Control Panel\All Control Panel Items\Windows Update.

3. Make sure you have it set to check for updates automatically. Installing updates automatically is a good option.

Figure 10 - setting in Windows Vista to install updates automatically - go to Control Panel\System and Security\Windows Update\Change settings

Page 16 of 21


1.6 Learning Activity – Get Notified for Microsoft Security AlertsSign up for alerts from Microsoft whenever there is an important patch that needs to be installed. You can also check the current security bulletins at any time by visiting their security bulletin home page.

1.7 Learning Activity – Make Sure the Patch is InstalledIf Windows Update says that you are up to date, check for a particular patch by clicking on “View update history” on the left-hand side.

Figure 11 - viewing the update history

Consider a network with 20 workstations and one server. All the workstations are used during the standard working day and on occasions Saturdays.

How might you protect the network resources from virus infection?

Answer: Many people believe that virus infections are due to Internet activity but this is not necessarily the case. Users may bring CDs or USB memory sticks to the work environment and contaminate the network that way. For this reason some network managers choose to disable external drives while others choose to have completely diskless workstations.

There are two basic methods to test for virus infections:

1. Virus scanning software can be installed on each machine. It should be licensed and updated from each machine to ensure up-to-date scanning.

2. Specialised virus scanning software designed for server management automatically deploys and updates all configured clients with the appropriate scanning applications.

Quick Quiz1. What are computer viruses?

a. Programmes which copy themselves

b. Diseases you can catch online

c. People who try to break into a computer

Page 17 of 21


2. How does a computer get a virus or malware?

a. From the Internet and/or email

b. From dodgy software CDs or downloads

c. All of the above

3. How do you spot malware in email?

a. It may be something from someone you don’t know

b. It may ask you to click on a link or to download an attachment

c. Both of the above

4. The contents of a Trojan can be a virus or a worm. True or False

Check Your Understanding1. I can now Identify common types of destructive software

Select, install and update protection software

Configure security settings

Page 18 of 21


Glossary of Terms

Term Definition

adware

Adware is software that loads itself onto a computer and tracks the user's browsing habits or pops up advertisements while the computer is in use. Adware and spyware disrupt your privacy and can slow down your computer as well as contaminate your operating system or data files

backdoor an undocumented way to get access to a computer system or the data it contains

botsalso known as Crawlers or Spiders, bots are search engine programs that perform automated tasks on the internet – they follow links, and read through the pages in order to index the site in a search engine

checksuma digit representing the sum of the digits in an instance of digital data; used to check whether errors have occurred in transmission or storage

click fraud

a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target

DRPDisaster Recovery Plan; sometimes referred to as a business continuity plan (BCP) or business process contingency plan (BPCP) - describes how an organization is to deal with potential disasters

firewalla security system consisting of a combination of hardware and software that limits the exposure of a computer or computer network to attack from crackers; commonly used on local area networks that are connected to the internet

Greyware (grayware)

a general term sometimes used as a classification for applications that behave in a manner that is annoying or undesirable but less serious or troublesome than malware; greyware encompasses spyware, adware, dialers, joke programs, remote access tools, and any other unwelcome files and programs apart from viruses that are designed to harm the performance of computers on your network.

Heuristic-based detection malicious activity detection, used to identify unknown viruses

hotfix Microsoft's version of patches. Microsoft bundles hotfixes into service packs for easier installation.

IM (Instant Messaging)a form of real-time direct text-based communication between two or more people using personal computers or other devices

keystroke loggerthe practice of tracking (or logging) the keys struck on a keyboard, typically in a covert manner so that the person using the keyboard is unaware that their actions are being monitored

logic bombs set of instructions inserted into a program that are designed to execute (or `explode') if a particular condition is satisfied; when exploded it may delete or corrupt data, or print a spurious message, or have other harmful effects;

Page 19 of 21


it could be triggered by a change in a file, by a particular input sequence to the program, or at a particular time or date.

Macro virus

With the rise of the Microsoft Windows platform in the 1990s, and the flexible macros of its applications, it became possible to write infectious code in the macro language of Microsoft Word and similar programs. These macro viruses infect documents and templates rather than applications (executables), but rely on the fact that macros in a Word document are a form of executable code.

malware

short for malicious software, is software designed to infiltrate a computer system without the owner's informed consent; hostile, intrusive, or annoying software; examples of malware include viruses, worms, Trojan horses, and spyware.

patchesa program that makes changes to software installed on a computer. Software companies issue patches to fix bugs in their programs, address security problems, or add functionality.

phishing

the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication such as sending email that falsely claims to be from a legitimate organization or through the use of an illegal web site (or a simple page) with the same 'look and feel' as a legitimate site

rootkita type of malware that is designed to gain administrative-level control over a computer system without being detected

Screen-scrape To extract data from (a source such as a webpage) by picking it out from among the human-readable content

service packsa collection of updates, fixes and/or enhancements to a software program delivered in the form of a single installable package

Signature-based detection searching for known patterns of data within executable code

SPAM the abuse of electronic messaging to send unsolicited bulk messages indiscriminately.

spyware software that obtains information from a user's computer without the user's knowledge or consent

Trojan horse A Trojan, as the name implies, secretly carries often-damaging software in the guise of an innocuous program, often in an email attachment.

Virus

a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.

Page 20 of 21


WORM

Write Once, Read Many (alternatively Write One, Read Multiple or WORM); a software program capable of reproducing itself that can spread from one computer to the next over a network; WORMs take advantage of automatic file sending and receiving features found on many computers; self-replicating Malware computer program;

zombie An infected computers used as a proxy to send out spam messages

Page 21 of 21


Date post:	25-Jun-2018
Category:	Documents
Upload:	dinhque
View:	218 times
Download:	0 times

Developing e-learning content - WordPress.com · Web viewGet reputable anti-malware programs from a...

Documents