Académique Documents
Professionnel Documents
Culture Documents
Lee Ratzan, MCP, Ph.D. School of Communication, Information & Library Studies at Rutgers University Lratzan@scils.rutgers.edu
Zombies, IP Spoofing
Password Grabbers
Scams
Spam
DEFINITIONS
A computer program Tells a computer what to do and how to do it.
Computer viruses, network worms, Trojan Horse These are computer programs.
SALIENT DIFFERENCES
1) Computer Virus: Needs a host file Copies itself Executable 2) Network Worm: No host (self-contained) Copies itself Executable
3) Trojan Horse:
TYPICAL SYMPTOMS
File deletion File corruption Visual effects Pop-Ups Erratic (and unwanted) behavior Computer crashes
BIOLOGICAL METAPHORS
1. Bacterial Infection Model:
Single bacterium
Replication Dispersal 2. Virus Infected Model: Viral DNA Fragment Replication
Recycling old code reduces development time, but perpetuates old flaws.
Interface New
Ease
HACKER MOTIVATIONS
Attack the Evil Empire (Microsoft) Display of dominance Showing off, revenge Misdirected creativity Embezzlement, greed
Open Communication
Full Access
POPULAR FALLACIES
If
If
Companies
Microsoft
You
My
friend who knows a lot about computers showed me this really cool site
It takes a carpenter to build a house but one jackass can knock it down
(Variously attributed to Mark Twain, Harry Truman, Senator Sam Rayburn)
BACK IT UP
Offline copies: Grandfather/father/son (monthly/weekly/daily)
Online
Changes Do
Assume
MACHINE INFECTED?
ACTION PLAN: 1) Write down the error or alert message verbatim inform your tech support team quarantine the machine 2) Look up the message in an authoritative anti-virus site (demo) diagnose the problem take recommended remedial action
AND: lacks specific verifiable contact information IF IN DOUBT, CHECK IT OUT Confirm the hoax by checking it against authoritative hoax sites Inform other staff so the hoax does not propagate
NIGERIA
$800
FROM MICROSOFT
Installing a program
Opening an attachment
NOTE #1
Search engines are NOT reliable sources of virus information Information may be inaccurate, incomplete or out of date
NOTE #2
Usually refer you to an anti-virus vendor are not in the anti-virus business themselves are victims!
ONLINE RESOURCES
Authoritative Hoax Information
securityresponse.symantec.com/avcenter/hoax.html vil.mcafeesecurity.com/vil/hoaxes.asp
REFERENCES
Authoritative Security Alert Information
securityresponse.symantec.com/avcenter/tools. list.html vil.nai.com/vil/averttools.asp mssg.rutgers.edu/documentation/viruses (Rutgers) some professional library sites have pointers to reliable anti-virus information
PRINT RESOURCES
Allen, Julia, (2001) The CERT Guide to System and Network Security Practices, Addison-Wesley, New York
Ratzan, Lee, (January 2005) A new role for libraries, SC Magazine (Secure Computing Magazine), page 26
Ratzan, Lee, (2004) Understanding Information Systems, American Library Association, Chicago
The cooperation of InfoLink (www.infolink.org) for promoting library professional development programs The Monroe Public Library for the use of its facilities SC Magazine for publishing an essay on libraries being at the forefront of information security Lisa DeBilio for her production of the PowerPoint slides.