CS105 Introduction to Computers and Their   Applications

Spring  2006


Chapter 11
Home Up Required Texts Grading Makeup Policy Incomplete Policy Withdrawal Policy Course Goals Study Tips Academic Honesty Classroom Civility Halbert Schedule Mason Schedule Zaccagni Schedule Online Homework Instructions Review Questions Contacts Westside Labs Internet




chapter Eleven:  Computers and Society, Security, Privacy, and Ethics


COMPUTER SECURITY RISKS                         


computer security risk.  = an event or action that could cause a loss of or damage to computer hardware, software, data, information, or processing capability


computer crime =


cybercrime =


Risks to computer security:

System failure



Trojan horses

Unauthorized access and use

Hardware theft

Information theft ( stolen identity)

Software theft (illegal copying) 





All =  malicious-logic programs that act without a user’s knowledge and  alter a computer’s operations;


Virus = alters the way the computer works, without the user’s knowledge


Worm = copies itself repeatedly, using up memory space or slowing down a network


Trojan horse = malicious program within a legitimate program


payload =


symptoms of a computer infected by a virus, worm, or Trojan horse:

1.      screen displays unusual message or image

2.      music or unusual sound plays randomly

3.      available memory is less than expected existing programs and files disappear

4.      files become corrupted

5.      programs or files do not work properly

6.      unknown programs or files mysteriously appear

7.      system properties change


Three ways in which viruses deliver their payloads





Other triggers =  logic bombs

= deliver their payloads when a computer user performs a specific action.


 time bombs = deliver their payloads on a certain date.



One of the most frequent ways a malicious program is delivered

                                                                                                 = e-mail message               


Safeguards against computer viruses, worms, and Trojan horses


No methods guarantee a computer or network is safe from malicious-logic programs.


Precautions that can be taken to reduce the risk of virus infection:


1.  do not boot the computer with a disk in the A: drive

2.  only open email from a trusted source

            trusted source = company or person you believe will not send you a virus-infected file knowingly.

3.  turn off the message preview function for email programs

4.  set the macro security level to medium            

5. install an anti virus program and update it frequently

6.  If the anti-virus program flags an email attachment as infected, delete the email immediately

7.  scan all portable disks for viruses (floppies, zip disks, etc)

8.  Create a recovery disk and write protect it

                        9. Install a firewall

                        10.  Make backup copies of your important files



antivirus program                                                 

=  scans for programs that attempt to modify the boot program, the O/S; automatically scan files downloaded from the Web, email attachments, opened files and other type of removable media inserted into the computer such as floppy disks and Zip disks.



How anti-virus programs find a virus:

virus signature, or virus definition                                            


New viruses appearing all the time, so update virus signature files regularly.


polymorphic virus = modifies its program code each time it attaches itself to another program, is difficult to detect by its virus signature.


How to inoculate a program file                                    

To inoculate a program file, the antivirus program records information such as the file size and file creation date in a separate inoculation file.  It then can use this information to detect if a virus tampers with the inoculated file


Some sophisticated viruses circumvent inoculation.

                                    stealth virus infects a program file but reports the size as the same


            Most antivirus programs have utilities that create a

recovery disk, or rescue disk                            


= removable disk that contains an uninfected copy of key operating system commands and startup information that enables the computer to restart correctly.


virus hoax

Virus hoaxes and false virus alerts can present a serious problem

Visit reputable web sites that list current and new viruses.



UNAUTHORIZED ACCESS AND USE                          


unauthorized access = use of a computer or network without permission


cracker = person who tries to access a computer or network illegally


hacker = originally a complimentary word for a computer enthusiast.  Now it has a derogatory connotation with the same definition as cracker.


unauthorized use = use of a computer or its data for unapproved or  illegal activities.


85% of companies say their networks have been hacked.


Use of computers by employees for personal reasons = unauthorized use



10 general safeguards for computing:


1.      Use antivirus software and update it frequently.

2.      Do not allow online merchants to store your credit-card information.

3.      Use a hard-to-guess password and change it frequently.

4.      Use different passwords for different Web sites and applications.

5.      Use up-to-date versions of Web browser and e-mail software.

6.      Send credit-card numbers only to secure sites.

7.      Confirm the site you are doing business with.

8.      Use a security program that gives you control over cookies.

9.      Install firewall software to screen traffic if you use DSL or a cable modem.

10.  Do not open e-mail attachments unless you know the attachment’s source.



Safeguards against unauthorized access and use


1.  Companies should have an acceptable use policy (AUP).


2.      Firewalls


3.  Intrusion Detection Software


4.  Access Controls


5.  Audit Trails

            User names and passwords

Possessed object (PIN)

Biometric devices

Callback system



1. Firewalls   =hardware and/or software that prevents unauthorized access to data, information, and storage media on a network


2.  Intrusion detection software              =used by large companies



honeypot = safely separated decoy data for hackers

When the network is invaded, the attack is recorded and analyzed, and the results are posted at the project’s Web site, thus providing vital security information for network administrators.

The Honeynet Project also develops detection systems that can help predict, and prevent, hacker attacks.

In addition to its technical work, the Honeynet Project attempts to learn more about the psychology of hackers.

The project’s findings were detailed in a book entitled, Know Your Enemy.


3.  Access controls

= defines who may and may not access certain data on the network

= what actions can be taken by each person who has access



4.  Audit trails  (log)                                   


records who accessed the data and when.


Identification and authentication


Identification = valid user


Authentication = user is who he or she claims to be


1.      User names and passwords

2.      Possessed object (PIN)

3.      Biometric devices

4.      Callback system


1.  User names and passwords                         


Make passwords more secure.  Do not use:


                        Your name in any form

                        name of a family member

                        All digits or all the same letter

A word contained in an English or foreign language dictionary



2.  Possessed objects                  


=item you carry with you to gain access

            e.g. badge, card, smart card, keys, ATM card


personal identification number (PIN) = personal number



3.  Biometric devices                     


e.g. fingerprint, iris pattern, hand geometry, face recognition, voice verification, signature verification


4.  Callback system                       


You must be at an authorized phone location


HARDWARE THEFT AND VANDALISM                      


hardware theft = stealing computer equipment


hardware vandalism = defacing or destroying computer equipment



Safeguards Against Hardware Theft And Vandalism 

Restricted access (locked doors and windows)

Alarm systems


Locking devices for hard disk, other drives



SOFTWARE THEFT                      


=software is stolen, or intentionally erased, or illegally copied


software piracy = illegal duplication of copyrighted software


= expensive problem for the software industry.

            Estimates = costs the industry more than 35 percent of its business annually.


Safeguards Against Software Theft


1.  license agreement                               


single-user license agreement end-user license agreement (EULA).

Install on one computer

Make one copy as backup

Give or sell only after removing from first source


Business Software Alliance (BSA).           

Formed to prevent piracy

The BSA has enforcement agencies in 65 countries.



2.  product activation  = links particular computer to particular software



INFORMATION THEFT                 


=stealing personal or confidential information


In top 10 security threats facing business


identification theft.


“ Phishing” = thieves asking for personal or financial information


1.  Never respond to an email asking for personal identification

2.  If you doubt a massage’s authenticity, verify it by contacting the institution itself

3. Avoid spoofed sites by entering web address into the browser, don’t just click on link in message

4. Give an incorrect password first.  A phishing site will accept it.  A legitimate one won’t.

5.  Check the secure site logo (closed lock or key). Click on that and make sure the certificate matches the site name

6.  Forward fraudulent spam to Federal Trade Commission




Safeguards against information theft




Decrypt = receiving computer deciphers code with key. .

plaintext = orginal readable text

ciphertext = encrypted text

encryption key = formula for encryption and decryption.



virtual private network (VPN) = mobile users have a secure connection to company



SYSTEM FAILURE                        


= prolonged malfunction of a computer

= can cause loss of hardware, software, data, or information


Aging hardware,

natural disasters (fire, flood, hurricane)

Electrical power problems

The power supply  = important when purchasing a PC

Can cause loss of data or equipment

If networked, power disturbance can damage multiple systems

Types of electrical problems:


Noise = unwanted signal mixed with normal voltage

                        Fluorescent lights, radios, TVs, or internal components

Undervoltage = when electrical supply drops

Brownout = prolonged undervoltage

Blackout = complete power failure


overvoltage (or power surge) = increase of power

spike = high voltage for a thousandth of a second ( lightning)



Safeguards Against System Failure


surge protector (or surge suppressor)                                 


=smooths out minor noise

provides stable current flow

keeps overvoltage from reaching computer


If computer is hooked to network or Internet, also need protection for:

Modem and phone lines

DSL lines

Internet cable lines

Network lines


uninterruptible power supply (UPS)           additional electrical protection       


Goes between computer and power source



fault-tolerant computer = duplicate components so no data can be lost


Businesses that use fault-tolerant computers:  airlines reservations, ATM, etc





Backup =


Restore =


Media used to store backups:       1






INTERNET (and other large networks) SECURITY RISKS  

Information transmitted over networks has a higher degree of security risk.


10 steps to better network security:


  1. Keep passwords confidential (do not post them in a public place).

  2. Shred sensitive material before disposing of it.

  3. Employ physical security measures that grant access only to authorized people.

  4. Perform background checks on personnel.

  5. Configure firewalls and other security software correctly.

  6. Change the default passwords set by operating systems manufacturers.

  7. Do not allow dial-up modems at employees’ desks.

  8. Keep servers and other valuable computers behind locked doors.

  9. Review security logs and host-monitoring programs daily.

  10. Train employees in procedures that might keep intruders out.


1.  Denial Of Service Attacks

2.  Securing Internet Transactions

          a. Digital certificates: certificate of authority

          b. Secure Sockets Layer

          c. Secure HTTP

          d. Secure Electronics Transactions

3.  Securing Email Messages

          a. Digital Signature


1.  Denial of service attacks                    


denial of service attack (or DoS attack) =


DD0S = distributed Denial of Service attack


Zombie =


2.  Securing Internet transactions                     


secure site  = digital certificates along with security protocols, such as Secure Sockets Layer and Secure HTTP


a.  encryption =


b.  digital certificate =


c.    Secure Sockets Layer


d.  Secure HTTP  (S-HTTP).


e.  Secure Electronics Transactions

3.  Securing e-mail messages                 


Pretty Good Privacy (PGP) = free software for encryption


digital signature =





ETHICS AND SOCIETY                                        


computer ethics =


6 frequently discussed areas of computer ethics.

1.  unauthorized use of computers and networks 

2.  software theft (piracy)







3.  Information accuracy  (first 2 already discussed)


Decisions and actions are based on the accuracy of information.

Just because something is on the web does not mean that it is accurate.

Concerns about the ethics of using computers to alter output.



4.  Intellectual property rights


inventions writings



company and product names



copyright = authors/artists exclusive rights to duplicate, publish and sell materials    software piracy (illegal copies of copyrighted programs) goes here

a.  should you be able to download contents of web site, change it, and re-post it as your own?

b. Does a teacher have the right to print material from the Web and distribute it to all members of the class?

c.  Is it OK to publish photos or pages from a book on the web site if you are not the author?

d.  Is it OK to put the lyrics of a song on the Internet if you did not write the lyrics?

e.  Is it ok to post term papers on the web?


spoofing = in order to prevent copyright infringement.


5.  Codes of Conduct                    


IT code of conduct = guidelines for acceptable information technology behavior




INFORMATION PRIVACY                                    


Right of individuals and companies to deny or restrict  collection and use of information


1.  Electronic Profiles

2. Cookies

3.  Spyware

4.  Spam

          Email filtering

5.  Privacy Laws

6.  Employee Monitoring

7.  Content Filtering

          Web filtering software




Ways to safeguard personal data                                 

1. Fill in only necessary info on warranty and rebate

2. Avoid shopping club and buyers cards

3.  inform merchants that you do not want personal info distributed

4.  limit the amount of info you give to web sites

5.  install a cookie manager

6.  clear your history file when you’re done

7.  set up a free email account

8.  turn off file and print sharing

9. install a personal firewall

10.  sign up for email filtering through ISP or use antispam software

11.  do not open or reply to spam for any reason

12.  surf the web anonymously with a program like Freedom Web Secure or through an anonymous site like Anonymizer.com





1.  Electronic profiles                     40


                 Read the privacy statements that come to you and keep a copy of what you choose


2.  Cookies              


= small text file that contains information about you or your preferences

Review purposes for which cookies are used.


Types of cookie managers                     


session cookie = shopping site webpages that keep track of purchases



Examples of information that a cookie can collect from a user includes the

            computer’s IP address;

login name and password;

e-mail address;

the computer’s operating system and platform;

the type of and version number of the user’s browser;

 the date,

time, and

length of time the host system was accessed; and

the pages visited while the user was online.



3.  Spyware                   


= program placed on user’s computer without the user’s knowledge that secretly collects information about the user.


To remove spyware you need to purchase a special program.


Web bug = can be a dot no bigger than one square pixel on a Web page, can be programmed to track Web use.


4.  Spam        = unsolicited email message or newsgroup posting


Controlling Spam              



5.  Privacy laws                  


Federal laws dealing specifically with computers:

Electronic Communications Privacy Act (ECPA)

Computer Matching and Privacy Protection Act

Computer Fraud and Abuse Acts

Fair Credit Reporting Act.



6.  Employee monitoring                          


7.  Content filtering =                                


There is no censorship on the Internet.






Computers and health risks


musculoskeletal disorder (MSD), also called repetitive strain injury (RSI).


tendonitis and carpal tunnel syndrome (CTS).                      


computer vision syndrome (CVS).


Ergonomics and workplace design                               


Computer addiction                      


Green computing   



Brief Outline          Chapter 11:  Computers and Society, Security Privacy and Ethics








Trojan Horses



Safeguards Against Unauthorized Access And Use


Intrusion Detection Software

Access Controls And Audit Trails



Safeguards Against Hardware Theft And Vandalism




Safeguards Against Software Theft



Safeguards Against Information Theft




Safeguards Against System Failure





Denial Of Service Attacks

Securing Internet Transactions

Securing Email Messages



Information Accuracy

Intellectual Property Rights

Codes of Conduct



Electronic Profiles




Privacy Laws

Employee Monitoring

Content Filtering



Computers And Health Risks

Ergonomics And Workplace Design

Computer Addiction

Green Computing