Computer Security in an Educational Environment

 

 

 

                                 Dr. Wayne C. Summers

                    Associate Professor - Computer Science

 

ITM-Pusat Pendidikan Persediaan / MUCIA - Indiana University

            Section 17, 40200, Shah Alam, Selangor, Malaysia

                                phone/fax: (03) 541-5846

 

                       INTERNET: wayne@mucia.itm.my

 

 

 

 

Abstract:        The use of computer systems is changing our lives and the way we teach and learn today.  They have increased our efficiency of doing work.  We are now more productive, but at a cost.  We have become dependent on these same computer systems in our daily lives and for doing our job.  Coupled with this is a lack of awareness of how vulnerable our data, software and hardware are.  This paper discusses the problems associated with maintaining a secure computer system as well as proposing some solutions to overcoming these problems.  This paper also summarizes the results of a series of surveys conducted in Malaysia by the author.  The surveys were used to determine the status of computer security in Malaysia.  They also provide a foundation for suggesting some solutions to problems that are existent in Malaysian computer security.


                                                    Introduction

           

"Police warn of 'computer hackers' infiltrating CDS" [5]

 

"Computer virus to hit next month - it will wipe out all hard disks every day of March" [4]

 

"Many users still ignore rampant virus threat" [6]

 

"Blackout creates havoc for IT users" [1]

 

"Subang Airport fire: A lesson for IT users" [3]

 

These are some headlines from recent Malaysian newspapers.  Has your school taken precautions to keep out hackers?  Are you ready for the next big virus attack?  Can your school survive a lengthy power outage?  Could your school recover from a major fire?  These are some questions that you may be facing in the future.

 

We have become increasingly dependent on our computer systems for processing information and soon these same computers will become a necessity in teaching our students.  Not only must we protect this information but we must also protect the computer systems that process this information.  There is a myriad of threats to the security of our information and computer systems.  Most computer users take the computer system and its information for granted.  They turn off their computers without giving any thought to the security of the information.

 

                             Is there a security problem in computing?

 

Computer Hackers

 

One serious problem facing computer users today is the rise in computer crime, i.e. crime committed with a computer.  How many of our computer systems have been attacked by computer hackers?  It may be nothing more than a student playing a computer game on the school computer without permission. Or it may be the angry student who deletes everyone's files. 

 

The total estimated losses due to computer crime worldwide range from $300 million to $500 billion per year.  The reason for such a wide range is that less than 1% of all computer crime fraud cases are detected and of those detected, over 90% are unreported.  Is it any wonder that computer-related crime has been escalating at a dramatic rate?  Computer crime is almost inevitable in any organization unless adequate protections are put in place.

                 Figure 1

 

In recent surveys conducted in Malaysia by the author [Appendix A], less than 10% of those surveyed had been victims of a computer crime [Figure 1].  Unfortunately these 10% may be among the 1% detected.  How many others "got away with it?"  Of those eleven instances of a computer crime, over 60% went unreported to the authorities and only one individual was reported to have lost their job.

 

Crimes using computers are easy to commit, hard to detect and even harder to prove.  If someone steals your computer, you know it and may even have evidence.  If someone steals your data, how do you know it and where's your proof.  As will be discussed throughout this paper, one major problem is a lack of awareness.  Few individuals and schools are aware of the extent of computer crime committed today.

 

Computer Viruses

 

Computer viruses are a leading threat to secure computing. [see Glossary for definitions of virus-related terms]  There are over 3000 computer viruses and strains with several new ones developed every day.  Over eight million PCs have been hit by viruses by 1992 with 90% of those infected being reinfected within a short period.  Almost 90% of those surveyed in Malaysia have experienced a computer virus infection [Figure 2].  Almost 74% of those had at least five infections [Figure 3].  It's also possible that some of those who claim to have not been infected by viruses, may have not known how to recognize an infection.

2                              Figure 2

 

Fortunately in Malaysia, the number of virulent viruses is probably less than 100.  Most of these are relatively harmless.  One reasons for so many occurrences of viruses both here and elsewhere is the widespread copying of software.  This is especially a problem with students and computer games.  How many of our students actually buy legal copies of games?  Stop the illegal copying and use of illegal software and the spread of viruses would diminish greatly.

3                              Figure 3

 

Natural Disasters

 

Malaysia has the fortune to not suffer from many natural disasters, but there are some.  For example, within seven months last year the Subang International Airport suffered two fires. The fire in April at Subang International Airport knocked out the computers controlling the flight display system.  A post office near the DCA computer room was also affected by the soot that decommissioned the post office counter terminals. The computers were not burnt but crashed because soot entered the hard disks.  The fire in October damaged newly installed computer equipment worth 400,000 ringgit as well as 7 million ringgit worth of equipment in the air traffic control tower[3].

4                          Figure 4

 

Power outages are a regular occurrence here culminating in the major blackout in September 1992. The blackout crippled port operations when the Port Klang Authority's computer network went blank[1].  Almost 25% of those surveyed reported downtime due to a "natural disaster." [Figure 4]  Most  of these were a result of power outages and hard disk crashes.

 

Negligence

 

Over 85% of the destruction of valuable computer data involve inadvertent acts.  This includes accidents, errors and omissions by employees.  This would typically include accidental erasure of files or entire disks.  Often students and teachers may inadvertently alter files beyond recovery.

 

                             HOW MUCH SECURITY IS ENOUGH?

 

Computer Security

 

What is computer security?  It can be thought of as the protection of the computer and its resources against accidental or intentional disclosure of confidential data, unlawful modification of data or programs, the destruction of data, software or hardware. It includes the denial of use of one's computer facilities for criminal activities including computer‑related fraud and blackmail.  Computer security involves the elimination of weaknesses or vulnerabilities that might be exploited to cause loss or harm.  How can we minimize the vulnerabilities in our computer system?

 

A computerized system for processing information is composed of five major components: hardware, software, data, people and procedures.  We need effective controls for all five components that will reduce the system's vulnerabilities.

 

Data

 

Data is the most important of the five components.  It is the life-blood of the company.  The easiest way to protect the data is to hide it from prying eyes.  One way of doing this is by encryption.  Encryption uses an algorithm that hides the meaning of the text[Fig. 5].


            plaintext            ______  ciphertext      ________   original

            ----------------> |_______| -------------->|________| ----------->

                                                                                        plaintext

                                    Figure 5

 

A good cryptographic algorithm should be simple to use by authorized users but difficult and time consuming for non-authorized users to decrypt. The security of the data should not depend on the secrecy of the algorithm.  The efficiency and security of the algorithm should not be data dependent.  More programs are appearing that include and support encryption.  Less than 35% of those surveyed [Appendix A - Question 17] use encryption to hide their data.

 

Software

 

Software can be easily corrupted by computer viruses.  Computer viruses typically infect executable programs, boot sectors and partition tables of hard disks.  Two major approaches can be used to minimize the danger of infection. 

 

One approach is to scan for viruses.  This won't stop the infection, but it will notify you if an infection has occurred so that you can remove it.  To be effective, scanning must be done any time new software is introduced into a computer system.  The scanner must also be able to identify all known viruses including viruses that were not released when the scanner was designed.  Most of those individuals surveyed are using some type of scanner [Appendix A - Question 8] but nearly half seldom use it.

 

Another approach is to use a TSR (Terminate and Stay Resident) program that will monitor for attempts  by viruses to infect your system.    The disadvantage of a TSR is that it might give a false alarm if a legitimate program tries to do something similar in characteristic to a virus's action.  Malaysia is fortunate that there are three excellent local products (V-buster, PC-Medic and Armour) which have both scanners and TSR programs.  The advantage of a local product is that the development team should have access to viruses that are creating the most havoc locally and design the anti-virus program for that.  There are also many imported scanners and TSR programs.  Many users are using more than one product to combat viruses. [Appendix B lists addresses of distributors for some of these products.]

 

Anti-virus software alone won't protect you from computer viruses.  You need to practice "safe computing".  Appendix B gives a list of guidelines for safe computing.  Even the best protection plan may eventually break down and you may find yourself with an infected computer disk.  Most anti-virus software will include a program for removing the infection.  However there may be a rare infection that cannot be removed with the standard anti-virus software.  Appendix C provides some guidelines for virus removal when that occurs.

 

Don't assume that everything that goes wrong with the computer is caused by viruses.  Computer viruses are often blamed for occasional hardware failures and software bugs.  If you suspect a problem is caused by a computer virus, use an antivirus software to try to detect the infection.  If the antivirus software doesn't identify a virus but you still suspect an infection, fill in a copy   of the checklist in Appendix D.

 

The next level of software protection are the Access Control Systems.  ACS's lets you selectively restrict access to files, directories, floppy disk drives, and even external ports.  Many systems can also track program use through logging and audit trails. ACS's should also include encryption facilities.  Some ACS's can also make the hard disk drive "inaccessible" on a boot from a floppy.   Some examples of Access Control Systems include Watchdog, PC-FORT( which is a well written program by a team of Malaysians), DiskLock, and PC/DACS.

 

ACS's won't prevent an experienced programmer from looking at the raw disk sectors.  Most ACS's also won't prevent a user from doing a low-level format from a floppy disk drive.

 

Access Control Systems usually include some type of password protection to control access to different parts of the computer system.  These provide a very important line of defense.  Passwords are easy to use but also easy to misuse.  Many computer users either select passwords that are not only easy to remember but also easy to guess by an intruder.  Other users select a password that is so hard to remember that they have to write it down where the intruder can find it.

 

Some rules of thumb for passwords include selecting a password that is over five characters long containing upper and lowercase letters, digits and punctuation characters if possible.  Pick a password that can be easily memorized but not easily guessed.  Don't share it with anyone.  Passwords can accidentally be divulged over time, so they should be changed periodically.  Many application packages like WordPerfect and Quattro Pro also have password protection options for the data files, but few individuals are using them.

 

Hardware

 

How valuable is your computer, your printer, your monitor, etc.?  You could bolt it to the desks like a quarter of those surveyed [Appendix A - Question 23].  You could put in a limited access room like 60% of those surveyed [Appendix A - Question 25].   Computers are very sensitive electrical devices and need to be protected from electrical surges.  Surprisingly, 37% of those surveyed [Appendix A - Question 26] do not use voltage regulators or surge protectors.  With the frequent fluctuations of current in Malaysia, which is a gamble you're sure to lose on.

 

If you cannot afford to have your computers or network going down unexpectedly, then you should invest in a UPS (Uninterruptible Power Supply).  Less than 50% of those surveyed [Appendix A - Question 27] use UPSs.

 

People and Procedures

 

Computers do not commit crimes and computers do not write computer viruses.  Most of the problems associated with computer security are people problems.  These problems can generally be solved with appropriate procedures.  Establish a computer security policy and educate the users about the procedures they are expected to follow.  A good computer security program involves everyone in the organization from senior management down.  Almost 60% of those surveyed [Appendix A - Question 14] state that their company or school has no computer security policy.   It is important that computer users understand the issues of computer security, computer ethics as well as the legal issues involved in using a computer.

5                             Figure 6

 

Procedures must be developed for using secure computing systems.  Users must not leave PCs unattended without securing both the PC and any storage media.  Printers should not be left unattended when printing confidential information.  Secure all software and hardware with passwords and if possible lock and key.  It is ironic that 78% of those surveyed [Figure 6] lock up their office supplies while over 50% [Figure 7 & 8] leave their software and data unsecured at night.  Are paper clips and pencils more important than our data?

6                             Figure 7

 

 

Do not allow eating, drinking and smoking near the computers.  Computer personnel in mainframe and minicomputer environments recognized early the importance and necessity of placing the computer and storage media in a clean environment.  Unfortunately, this concern is lost when we move to PCs and networks.

 

7                             Figure 8

Backup

 

One most important procedure to establish is the one of backup.  Data and software can be lost due to a virus attack, sabotage or by negligence.  It is necessary to have current backups to recover from the loss.  Where should those backups be kept?  Although most of those surveyed [Figure 9] made regular backups, over 40% keep the backups on‑site with the computer.  If a disaster were to suddenly strike the computing facility, not only is the computer and original data lost, but so is the backup.  Mainframe computer personnel have procedures for keeping two generations of backups.  The first is kept on‑site while the second generation of backups is kept in another building preferably far away.

 

Contingency Planning

 

8                              Figure 9

 How long can you survive without your computers?  Studies have shown that over 90% of the companies that suffered a "catastrophic loss" in their computer systems never recover.  You must plan for the unlikely.  Unfortunately, of those surveyed [Figure 10], less than 35% have a disaster recovery plan. 

 

 

                RECOMMENDATIONS

 

Here are some final recommendations.  Keep the hardware, software and data in a secure place.  Don't leave your PC unattended.  If you are in a network environment, log off before leaving your computer or terminal.  Protect your software with some type of anti-virus software.  Invest in an access control system.  This will provide you with password protection for your files and devices.  Access control systems can also keep track of who is doing what on your computer system.  Protect your data using encryption.  That way if some one does break into your system, your data is still secure.

 

Design a security plan and define policies to be followed by all computer users.  Educate students and fellow teachers about the legal and ethical issues involving the use of computers.  Do not allow anyone to use their own software on the school's computers, especially pirated software.  Do not allow any one to remove software or data from school.  Educate all computer users about the importance of computer security. 

 

Create a security planning team with 5-9 members.  These should include teachers, parents, students and administrators.  The headmaster must be involved in the security of the computer facilities.  If the headmaster does not see the importance of computer security, all may be lost.

9                   Figure 10

 

When designing a security plan, consider the following:

            - specify goals regarding security

            - specify where responsibility for security lies

            - specify the school's commitment to security

            - identify current security status

            - make recommendations

            - identify responsibilities for implementation

            - draw up a timetable

            - provide continuing attention to security

            - involve the school's administrators

 

These plans will hopefully make our computing more productive and safer.  Keep your computer system secure and practice safe computing.

 

 

References

 

1. CompuTimes, New Straits Times newspaper, "Blackout creates havoc for IT users," Malaysia, October 5, 1992, pg. 1.

 

2. Fites, Philip E., Kratz, Martin P.J. and Brebner, Alan F., Control and Security of Computer Information Systems, Computer Science Press, Rockville (MD), 1989.

 

3.  IT Asia, "Subang Airport fire: A lesson for IT users," November, 1992.

 

4. Malay Mail newspaper, "Computer virus to hit next month - it will wipe out all hard disks every day of March," Malaysia, February 24, 1993.

 

5. New Straits Times newspaper, "Police warn of 'computer hackers' infiltrating CDS," Malaysia, May 26, 1993, pg. 4.

 

6. PC Week Asia, "Many users still ignore rampant virus threat,"  May 8-21.

 

7. Pfeeger, Charles P., Security in Computing, Prentice- Hall, Englewood Cliffs (NJ), 1989.

 

8. Star newspaper, "17,712 bank fraud cases since 1986," Malaysia, September 8, 1992.

 

9. Stoll, Cliff, The Cuckoo's Egg: Tracing a Spy Through the Maze of Computer Espionage, Doubleday, New York (NY), 1989.

 

10. Summers, Wayne C. seminar notes for "Computer Security, Computer Crime and Combatting Computer Viruses," April 1993.

 

11. Summers, Wayne, Zaidah Ibrahim and Naimah Mohd. Hussin, COMPUTER VIRUSES: What They Are and How to Prevent Them, Federal Publications, Malaysia, 1993.


          APPENDIX A - COMPUTER SECURITY IN MALAYSIA                                                                                                                                     

Location:          INTAN     MCCE      MCCE  PC‑Fort           MCCE Totals  

                        K.L.         K.L.          Sabah   Launch   Penang            

Date:                Aug. 92  April 93       Aug. 93 May 93 Sept. 1993                  

                                                                                   

# of respondees:           55        6          23        26                    18                    128 

                                                                                   

1. Type of Company:                                                                           

Gov't/Semi‑Gov't          43        2          1          6                      1                      53    41.41%

Education                     9          3          22        5                      17                    56    43.75%

Banking                        1                                  8                                              9      7.03%

Computer Related        1          1          1                                                          3      2.34%

Trading & Services                                           4          3                                  7      5.47%

                                                                                   

2. Number of Employees:                                                                                

1‑10                             3                                  2                      3                      8      6.35%

11‑99                           12        2          12        10                    12                    48    38.10%

100‑999                       22        3          9          7                      2                      43    34.13%

>1000                          18                                8                      1                      27    21.43%

                                                                                   

3. Number of Computers:                                                                                

1‑10                             7          2          12        2                      11                    34    27.87%

11‑99                           27        3          9          14                    6                      59    48.36%

100‑999                       15                                6                                              21    17.21%

>1000                          4                                  4                                              8      6.56%

                                                                                   

4. Type of Computers:                                                                         

PCs                              55        6          23        25                    18                    127  99.22%

minicomputer                24                    1          13                                            38    29.69%

mainframe                     33                                10                                            43    33.59%

network                        19                                18                    2                      39    30.47%

                                                                                   

5.  Have you experienced a computer virus infection?

yes                               45        6          19        23                    17                    110  89.43%

no                                10        0          2          0                      1                      13    10.57%

5a. If yes how many times?                                                                              

once                             2                      4          3                                              9      8.11%

2‑5 times                      5          2          4          6                      3                      20    18.02%

>5 times                       38        4          13        14                    13                    82    73.87%

                                                           

6. Is there an individual to contact in case of a computer infection?

yes                               35        1          8          20                    8                      72    56.25%

no                                16        5          13        6                      8                      48    37.50%

 

 

7. Do you use a TSR to monitor for computer virus infections?

yes                               19        3          4          15                    7                      48    37.50%

no                                24        2          12        11                    10                    59    46.09%

                                                                                   

8. What type of antivirus program are you using?                                                                                  

Vbuster                        11                    6          2                      5                      24    18.75%

Scan                             36        4          14        16                    12                    82    64.06%

CPAV              23        2          2          14                    3                      44        34.38%

NAV                            8          1          2          3                      5                      19    14.84%

Dr. Solomon                 6                      1          1                      3                      11    8.59%

TNT                             11        1          3          1                                              16    12.50%

UTipac             1                                  4                                              5          3.91%

Pc‑cillin                        17                    2          10                                            29    22.66%

PC‑Medic                                                        5                                              5      3.91%

Armour                                    1          5                                  2                      8      6.25%

Serum                          1                                                                                  1      0.78%

None                            3                                                          1                      4      3.13%

                                                                                   

9. How often do you scan for viruses?                                                                      

daily                             24        2                      15                    4                      45    35.16%

weekly             13        3          5          3                      3                      27        21.09%

monthly                        2                      3          1                      2                      8      6.25%

seldom             14        1          10        6                      7                      38        29.69%

never                            1                      3                                  1                      5      3.91%

                                                                                   

10. Has your computer system suffered downtime due to a natural disaster?

yes                               11        2          4          6                      3                      26    24.76%

no                                31        4          16        17                    11                    79    75.24%

                                                                                   

11. How often do you make backups?                                                                     

daily                             16        2          1          12                    6                      37    28.91%

weekly             25        1          4          8                      3                      41        32.03%

monthly                        6          1          5          2                      3                      17    13.28%

quarterly                       2                      1          1                      1                      5      3.91%

yearly                           2          1          3                                                          6      4.69%

seldom             3                      4                                                          7          5.47%

never                            5                      5                                  3                      13    10.16%

                                                                                   

11a. Are these backups kept off site?                                                                       

yes                               28        4          10        18                    12                    72    66.06%

no                                20        2          6          8                      1                      37    33.94%

                                                                                   

12. Does your company have a disaster recovery plan?                                                          yes                                  19            0          2          17                    3                      41        33.88%

no                                31        6          21        8                      14                    80    66.12%

                                                                                   

13. Does your company have a security evaluation team?

yes                               18        1          2          16                    2                      39    31.71%

no                                34        5          21        9                      15                    84    68.29%

                                                                                   

14. Does your company have a computer security policy?                                

yes                               20        2          2          19                    5                      48    40.68%

no                                28        4          20        6                      12                    70    59.32%

                                                                       

15. Does your company educate your employees about the importance of

computer security?       

yes                               32        2          2          22                    6                      64    53.33%

no                                21        4          20        3                      8                      56    46.67%

computer ethics?                                                                                  

yes                               23        2          0          23                    5                      53    46.49%

no                                27        3          20        2                      9                      61    53.51%

computer viruses?                                                                                

yes                               31        3          8          24                    8                      74    61.67%

no                                22        2          13        1                      8                      46    38.33%

                                                                                   

16 Are your computers protected with passwords?                                                                              

yes                               27        2          6          18                    4                      57    44.88%

no                                28        5          16        7                      14                    70    55.12%

                                                                                   

16a. How often are they changed?                                                                           

weekly             2                                  3                                              5          12.50%

monthly                        6                      1          6                      1                      14    35.00%

quarterly                                               1                                                          1      2.50%

seldom             4                                  2                      1                      7          17.50%

never                            6          1          2          4                                              13    32.50%

                                                                                   

17. Are your sensitive data files encrypted?                                                                           

yes                               17        1          3          14                    3                      38    33.93%

no                                28        5          18        9                      14                    74    66.07%

                                                                                   

18. Do you keep a log of computer usage?                                                                            

yes                               14        4          7          9                      6                      40    33.33%

no                                36        2          15        15                    12                    80    66.67%

                                                                                   

19. Are employees allowed to take software/data home with them?

yes                               26        3          15        4                      9                      57    44.88%

no                                27        7          8          20                    8                      70    55.12%

                                                                                   

20. Are employees allowed to use their own software in the workplace?

yes                               32        3          18        7                      11                    71    56.80%

no                                22        3          4          19                    6                      54    43.20%

                                                                                   

21. Is your software locked up at night?                                                                                

yes                               27        3          7          12                    9                      58    47.93%

no                                26        3          16        12                    6                      63    52.07%

                                                                                   

22. Is your data locked up at night?                                                                          

yes                               28        2          7          13                    8                      58    48.33%

no                                25        4          15        11                    7                      62    51.67%

                                                                                   

23. Is your hardware bolted down?                                                                          

yes                               9          0          8          2                      6                      25    25.00%

no                                30        5          11        20                    9                      75    75.00%

                                                                                   

24. Are your office supplies locked up?                                                                    

yes                               40        5          14        17                    15                    91    77.78%

no                                12        0          6          8                      0                      26    22.22%

                                                                                   

25. Are your computing facilities in a limited access room?

yes                               29        3          15        12                    15                    74    63.25%

no                                21        3          7          12                    0                      43    36.75%

                                                                                   

26. Do you use voltage regulators/surge protectors?                             

yes                               32        4          14        16                    5                      71    63.39%

no                                14        2          6          9                      10                    41    36.61%

                                                                                   

27. Do you use uninterruptable power supplies(UPS)?

yes                               31        2          5          16                    4                      58    49.57%

no                                23        3          13        9                      11                    59    50.43%

                                                                                   

28. Have you been a victim of computer crime?                                                                     

yes                               2          2          2          2                      3                      11    9.82%

no                                46        2          18        23                    12                    101  90.18%

                                                                                   

28a.  If yes was it reported to the authorities?                                                                        

yes                               0          2          0          1                      1                      4      36.36%

no                                2          0          2          1                      2                      7      63.64%

                                                                                   

28b.  What happened to the suspect?                                                                       

fired                                                                                                                 0     

arrested                                                                                                            0     

convicted                                                                                                          0     

warning                        1                      1                                  1                      3     

                                                                                   

29. Do you have procedures for reporting and handling computer crime?

yes                               10        0          1          7                      1                      19    16.24%

no                                42        6          19        18                    13                    98    83.76%


                             APPENDIX B - SAFE COMPUTING

 

 

The spread of computer virus infections can be stopped through the practice of "safe computing."  The following are a list of do's and don't's for safe computing.

 

 

    1.Don't use illegal software!  If the software has been obtained illegally, how can you assume that it doesn't contain a virus.

 

 

    2.Never boot your computer system from a diskette other than the original DOS diskette.  Only one write‑protected boot disk should be assigned to a floppy‑based system.  The diskette should be clearly marked, write‑protected and used only for booting up the designated computer.  If you accidentally try to boot from a non‑system disk, turn the computer off and boot with the write‑protected system disk.                 

 

 

    3.If your system uses a fixed disk, never boot from a diskette.  In some situations, write protection software for the hard disk should be employed.              

 

 

    4.Always write‑protect your systems and program disks.  Write‑protect tabs are easy to use and very effective.  You should write only on data disks.                        

 

 

    5.Only copy files from the original distribution disks.    

 

 

    6.Always keep at least one set of back‑up copies of all original disks. (This won't prevent a virus infection, but it will help in the recovery process if an infection occurs.)

 

 

    7.Do not loan out program disks.  They may be infected when they are returned.  If you must loan a disk, always check it for viruses or format it before using the disk on your computer system.

 

 

    8.Never use a computer that has already been turned on by another user.  Always use a cold boot to restart the computer.  Do not assume that a warm boot will remove a virus.

 

 

    9.Make all the .COM and .EXE system and program files read only by using the command ATTRIB+R.  Some viruses can now circumvent this method. 


   10.  Always keep a lookout for strange occurrences:               

        a. When you do a directory listing, look at the volume label.

        b. Observe whether your computer system is slowing down.     

        c. Watch for files that disappear.                         

        d. Notice when there are attempts to access the disks when there should not be any read                           or write activity.    

        e. Watch whether the loading of programs takes longer.     

        f. Keep a lookout for decreases in the main memory or reduction of disk space.

        g. Watch for unusually large sizes on program files.

        h. Watch for recent creation dates on old program files.

        i. Watch for unusual displays on the computer screen.

 

 

   11.Use caution when using public domain and shareware software or any new software.  There have been instances where commercial software has been sold with a virus.

 

 

   12.If you are downloading software from a bulletin board or other computer network, always download to a diskette.  You should then scan the diskette for possible virus infections.  (You may want to write‑protect your hard disk during this operation.)

 

 

   13.In a lab environment, do not allow users to run their own programs or boot the computer system with their own disks.  Users should only have data disks that are not bootable.  All program disks and hard disks in a lab must be checked frequently for viruses.  If users are allowed to use their own program disks, they must be scanned before they are used in the computer lab.

 

 

   14.Most important of all is to teach computer users about computer viruses so that they can recognize them.  Computer users need to be able to identify viruses so that they will be able to prevent their spread.


          APPENDIX C - PROCEDURES FOR VIRUS REMOVAL

 

If an infection is detected, follow the procedures listed below:

 

            1.DON'T PANIC.  First, decide how extensive the infection is.  If the infection has only attacked the floppy disks, skip steps 2 through 11. 

 

If possible use an antivirus program to remove the virus.  Most viruses can be removed with most virus removal program.  In very serious infections, you may need to follow the procedures outlined below:

 

            2.         Shut off the infected computer system.                   

   

            3.         Power up the system with the original write‑protected  system diskette.                                         

            4.         Make sure that the system has booted properly.           

 

            5.Backup all the nonexecutable data files from all directories onto newly formatted diskettes or do a tape backup. (If backing up to another hard disk, make sure that the hard disk has not also been infected). DO NOT EXECUTE OR BACKUP ANY OF THE PROGRAMS FROM THE INFECTED HARD DISK!!!

   

            6.Check each batch files on the infected hard disk.  If any of the lines within the batch file look suspicious, do not back up that file.  Otherwise backup all the batch files.

 

            7.         Do a low‑level format of the infected hard disk.         

   

            8.         Install the operating system onto the hard disk.         

   

            9.         Rebuild all directories.                                 

   

            10.Install all the executable programs from the original write‑protected distribution disks.             

 

            11.       Restore all the files that had been backed up in steps 5 and 6.                                           

            12.Gather all the diskettes that have been used with the computer system during the past six months.  It is difficult to tell when the original infection occurred.  Either check each disk for viruses and remove the viruses or follow the following steps.

   

            13.Backup all the nonexecutable data files from the suspect disks onto newly formatted diskettes.            

       

            14.       Reformat the suspect diskettes.                          

 

If the virus is a boot sector infector, then the recovery process is simpler.  The boot infector viruses do not infect executable programs.  This means that the infection is isolated in the boot system on the infected disk.  To recover from this type of infection proceed with the following steps:

 

            1.         Shut off the infected computer system.                   

 

            2.         Power up the system with the original write‑protected  system diskette.                                         

            3.         Make sure that the system has booted properly.           

   

            4.Replace the operating system and the boot sector of the infected disk or run an antivirus program.

 

(NOTE: The virus may remain intact in the bad sectors created by the virus in the data files, but these virus segments are not active).


                                APPENDIX D - VIRUS CHECKLIST

 

This checklist is for those of you out there that may think that you have contracted a deadly and incurable computer virus...  Before you go and destroy your computer, please take the time to check this list out and see if your problem could be caused by any of the following situations.

 

#1   DISKS

     a) Floppy Disks:

          1) Have you set your floppy disks near any magnetic fields lately? ie. Telephone, T.V., C.R.T., Stereo, Speakers, Magnetic ID Holder?

          2) Are your disks in direct sunlight?  Are they stacked on top of each other?  Did you leave them in the car?

 

     b) Hard Drives:

          Has your Hard Drive suffered from any physical shocks lately? ie. Earthquake, moving your computer from one room to another, kicking your tower case?

 

#2   DATA

     a) Have you run any Disk Fixing/Optimizing programs lately?

     b) Could you have accidently deleted or damaged your data files in any way?

     c) Have you installed any programs which modified your autoexec.bat or config.sys files?

     d) Have you formatted double-density disks as high-density?

 

#3   MISCELLANEOUS

     a) Have you dusted your work area lately?

     b) Did anything get dropped into your keyboard?

     c) Is your computer wired into the same circuit as your washing machine, air-con, refrigerator?

     d) Are your computer cables coiled together?

     e) If you look down right now, are you on carpet?  If so, do you get static electricity shocks from it?

     f) Do you have a spike/surge filter between the outlet and your computer?

 

 

 

 

 

If you still think that you may have a virus, please continue by filling out the following section.


#1   Is it taking longer for a program to load or run?

 

     a) YES _____

 

     b) NO  _____

 

     If yes please fill out program name and what happened.

 

 

#2   Is disk access taking longer than normal?

 

     a) YES _____

 

     b) NO  _____

 

     If yes please write down which drive, and how much longer than normal it took.

 

 

 

#3   Has the computer malfunctioned?, If so, what happened?

 

     a) YES _____

 

     b) NO  _____

 

 

 

#4   Is there any change in your files on disk?

 

     a) YES _____

 

     b) NO  _____

 

     If yes, what happened?

 

          1) Files have suddenly disappeared. _____

 

          2) Files have suddenly appeared.    _____

 

          3) Files changed in size.

 

               a) File increased in size.     _____

 

               b) File decreased in size.     _____

 

    Please write down what files have changed and exactly what happened (if you can remember).

#5   Did anything appear on your screen (ie. profanity or warnings?), or did any strange sounds come from the speaker?.

 

     a) YES _____

 

     b) NO  _____

 

     If yes please explain.

 

 

#6   Did any drive lights activate for no reason?

 

     a) YES _____

 

     b) NO  _____

 

     If yes please explain (Was it a floppy or hard drive, and how long did it stay on for, did it lock up your system?)

 

 

#7   Was computer memory reduced or increased?

 

     a) YES _____

 

     b) NO  _____

 

     If yes, what happened, and how did you notice this change?

 

 

#8   List everybody else that has access to your computer, and who has recently used it.

 

 

 

#9    Please list any and all new disks that have been introduced to your system recently.

 

 

 

      a) Now, collect all disks that are listed above and place them in an envelope and hold on to them.

 

#10    (For Businesses Only). Contact your MIS Mgr., Computer Consultant, or whoever is in‑charge of your P.C.s and give them this completed check‑list and the disks from item #8.

 

 

#11   Follow up for item #10, if this problem is above your head, please feel free to contact us at ITM-PPP (03) 548-2340      Or contact me via Internet at wayne@mucia.itm.MY


                                                    GLOSSARY

 

Appliciation program infector - The most infectious type of computer viruses is the application program infector or file virus.  They may attach to any executable file usually .COM and .EXE files.  An application program infector takes control after the initial use of the infected program.  Once the virus is in place in the RAM of the computer system, it will potentially infect every program run on the computer until the computer is shut off.  The most widespread virus today is the Jerusalem virus.

 

 

Backup ‑ copies of the latest files.  Also the act of copying all or some of the files as a security measure.

 

Boot sector infector - hides in the boot sector of a disk or the partition table of a hard disk and takes over control of the computer system when it is booted. It then copies itself into the computer's memory.  When other disks are used, the virus transfers to their boot sectors.  The most common boot sector viruses are the Pakistani Brain virus and the Stoned/Marijuana virus.

 

Boot sector ‑ the sector of a disk that contains the programme for starting the computer and its operating system.

 

Checksum ‑ result of a procedure used to verify the accuracy and integrity of sectors on a disk by calculating the number of bits in each sector.

 

CRC (Cyclic Redundancy Checking) ‑ error checking technique used to ensure accuracy.  Can also be used to check for viral infections.

 

Dark Avenger Mutation Engine - polymorphic encryption program used by virus developers to encrypt the virus in order to avoid detection.  The engine uses a special algorithm to generate a completely variable decryption routine each time.  No three bytes remain constant from one sample to the next.

 

Data diddling ‑ unauthorized altering of data.

 

Encryption ‑ encoding of data by converting standard data code into a proprietary code.

 

FAT (File Allocation Table) ‑ area on a disk that contains the addresses that link clusters of a file together.

 

Hacker ‑ person who enjoys learning the details of computer systems and how to stretch the systems' capabilities.

 

Host ‑ program to which a virus attaches itself.

 

Logic bomb ‑ programme which initiates an activity, often destructive, when a certain condition is met.

 

Multiparite virus - virus which infects both the boot sector of a disk as well as application programs.

 

Snapshot program ‑ anti‑virus program which records specific facts about a file or the disk.  Usually includes the size of the file and its creation date.

 

Stealth viruses - viruses which attempt to hide their presence.  Some of the simple techniques include hiding the change in date and time and hiding the increase in file size.  Some even prevent anti-virus software from reading the part of the file where the virus is located.  Some also encrypt the virus code using variable encryption techniques.

 

System infector - attaches to one or more operating system modules or system device drivers, usually COMMAND.COM.  The virus takes control after the initial use of the infected program.  An example of a system infector virus is the Lehigh virus that infects the COMMAND.COM program.

 

Timebomb ‑ programme which initiates an activity, often destructive, at a certain time or date or when a certain amount of time has elapsed.

 

Trapdoor ‑ way of accessing a computer system that bypasses security procedures.  It is often created to enable a programmer to gain access to a system.

 

Trojan horse ‑ named after the Greek wooden horse used to smuggle Greek troops inside the walls of Troy.  In computers, it refers to an appealing programme that is in fact often destructive.

 

TSR (Terminate and Stay Resident) ‑ RAM resident programme that remains in memory at all times so that it may be instantly activated.

 

Virus ‑ a segment of self‑replicating code that is used to infect the operation of a computer system.  A virus must be attached to another programme.

 

Worm ‑ stand‑alone programme that changes another programme, data or the computer's memory, often destructive. 


COMPUTER SECURITY IN AN EDUCATIONAL ENVIRONMENT (MCCE-KL 5/11/93)

 

Optional:          Name:____________________________________________ 

                        Company:         ____________________________________

                                                ____________________________________

           

Please answer the following questions (circle your answers):

 

1. Type of Company:    Government      Education                     Computer-related

                                                Trading             Other:__________

 

2. Number of Employees:         1-10     11-100             100-999           >1000

 

3. Number of Computers:         1-10     11-100             100-999           >1000

 

4. Type of Computers:                          PCs                  mini                  mainframe     network

 

5.  Have you experienced a computer virus infection?                                        Yes               No

 

            5a. If yes, how many times?      once                 2-5 times          more than 5 times

 

            5b. What were the estimated losses?

 

            5c. Which viruses infected your computer?

 

6. Is there an individual to contact in case of a computer virus infection?             Yes               No

 

7. Do you use a TSR to monitor for computer  virus infections?                         Yes               No

 

8. What type of antivirus program are you using?                                   V-Buster                   Scan

            CPAV  NAV                Dr. Solomon                 TNT     UtiPac              PC-cillin

            PC-Medic        Armour            None                Other:____________________

           

9. How often do you scan for viruses?

                                    daily     weekly             monthly              seldom           never

 

10. Has your computer system suffered downtime due to a natural disaster?       Yes               No

 

            10a. What happened?   _______________________________________

 

            10b. What were the estimated losses?

 

11. How often do you make backups?              daily                 weekly monthly 

                                                                                    quarterly           yearly           never

 

            11a. Are these backups kept off site?                                                    Yes               No

 

12. Does your company have a disaster recovery plan?                                     Yes               No

 

13. Does your company have a security evaluation team?                                  Yes               No

 

14. Does your company have a computer security policy?                                 Yes                              No

 

15. Does your company educate your employees about the importance of

                                                computer security?                                                    Yes                      No

                                                 computer ethics?                                                      Yes                      No

                                                 computer viruses?                                                    Yes                      No

 

16. Are your computers protected with passwords?                                          Yes                              No

            16a. How often are they changed?                    weekly                         monthly          never

 

17. Are your sensitive data files encrypted?                                                       Yes                              No

 

18. Do you keep a log of computer usage?                                                                Yes                      No

 

19. Are employees allowed to take software/data home with them?                   Yes               No

 

20. Are employees allowed to use their own software in the workplace?                    Yes                      No

 

21. Is your software locked up at night?                                                                    Yes                      No

 

22. Is your data locked up at night?                                                                   Yes                              No

 

23. Is your hardware bolted down?                                                                           Yes                      No

 

24. Are your office supplies locked up?                                                             Yes               No

 

25. Are your computing facilities in a limited access room?                                 Yes                              No

 

26. Do you use voltage regulators/surge protectors?                                          Yes               No

 

27. Do you use uninterruptable power supplies(UPS)?                                      Yes               No

 

28. Have you been a victim of computer crime?                                                 Yes               No

 

            28a.  If yes was it reported to the authorities?                                        Yes               No

 

            28b.  What happened to the suspect?                            Fired                        Arrested

                                                                                                            Convicted                  Warning

            28c. What were the estimated losses?

 

29. Do you have procedures for reporting and handling computer crime?           Yes               No