Chapter 3 Computer Security

Chapter three was very interesting and informative. One can never read or learn enough when it comes to computer security, preventing viruses and a host of other types of attacks against personal computers. Of course I knew about viruses, worms, malware, spyware, etc. I learned there are two types of Malware: viruses and worms. I also learned that there are several ways a virus can infect one's computer: appender infection, swiss cheese infection, program virus, macro virus. I am more familiar with the program virus which is a virus that infects a program's executable file. Likewise, I've heard much about the macro virus. About 18 months ago I started having problems with my computer after I opened an email from a trusted friend sharing files that were of interest to me that were originally downloaded using a torrent website . When I tried to run the executable for the first file, I got a warning that proceeding could seriously harm my computer. I didn't 'listen' and proceeded with the install. I immediately starting having hard disk errors and random reboots which quickly became worse to the point where I ended backing up my data and replacing the drive. This was after I tried all the various ways to repair the disk by running disk defrag, check disk, disk clean up etc. Check disk found errors that it could not repair. I also ran a Seagate utility that could not read my disk, so that wasn't a good sign (the hard drive was a Seagate model).  My class instructor at the time this happened suspected malware caused this and there wasn't much I could do to save the drive as I did everything I could. Meanwhile, I learned a valuable lesson and will never again ignore any pop up warnings in the future.

One of the types of malware that concerns me more than others is the rootkit. The textbook describes this as a set of software tools that an attacker uses to hide the actions or the presence of other types of malware. The textbook says that the user and the operating system do not know that it is being compromised and is carrying out what it thinks are valid commands. In other words, it gains administrative access to the computer. What the heck? How do you detect such a thing? One of the projects assigned this week was to scan for rootkits. I downloaded, installed, and ran a program called Kasperksy's TDSSKiller. The program did not detect any rootkit threats which is good, but what if it did? I shudder to think about that. I guess if it ever does happen, I'll cross that bridge if I need to. The internet is full of advice on how to remove a rootkit from a Windows system.

Another project assigned to our class was to create a disk image backup. This is one of the best defenses against attacks. I have been meaning to purchase an external hard drive for the longest time but kept putting it off. I backed up data files to DVDs, CDs, and flash drives, but never have I created a disk image to restore Windows should some moron manage to infect and wreak havoc on my system. Soooo, I went out and bought an external drive and am so glad I did! After I created the disk image backup, I felt as if a brick has been lifted from my shoulders. I can now run regular backups and have plenty of space on the device to do this for years (providing the device does not stop working or become damaged of course). I have a point of restoration that I can trust should something bad happen...but hope I never have to use it. In addition to this type of defense I also stay current with Windows security patches, run a program called Malwarebytes on my computer in addition to Norton's Security Suite which includes a firewall, antivirus, etc. Windows, Malwarebytes, and Nortons are each set up to automatically download, and install all updates. Next week's chapter is Internet Security. Looking forward to learning about this.