Chapter 12

Security Aspects
Question 1

Why is a computer considered to be safe if it is not connected to a network or Internet?

Answer
A computer is considered safe when not connected to a network or the Internet due to
reduced exposure to external threats like malware and hacking attempts.

Question 2

What is a computer virus ? Name some computer viruses that were popular in recent
years.
Answer
A computer virus is a piece of software code created to perform malicious activities
and hamper resources of a computer system like CPU time, memory, personal files, or
sensitive information. It infects other computer systems that it comes into contact with
by copying or inserting its code into the computer programs or software (executable
files).
Some computer viruses that were popular in recent years are CryptoLocker,
ILOVEYOU, MyDoom, Sasser and Netsky, Slammer, Stuxnet, etc.

Question 3

How is a computer worm different from a virus ?

Answer
The major difference between a worm and a virus is that unlike a virus, a worm does
not need a host program or software to insert its code into. Worms are standalone
programs that are capable of working on its own. Also, a virus needs human triggering
for replication (i.e. when a user opens/executes the infected file), while a worm
replicates on its own and can spread to other computers through the network.

Question 4

How is Ransomware used to extract money from users ?

Answer
Ransomware is a type of malware that targets user data. It either blocks the user from
accessing their own data or threatens to publish the personal data online and demands
ransom payment in the form of Bitcoin cryptocurrency.
Question 5

How did a Trojan get its name ?

Answer
The name "Trojan" originates from the ancient Greek story of the Trojan Horse. Since
the ancient Greeks could not infiltrate the city of Troy using traditional warfare
methods, they gifted the king of Troy with a big wooden horse with hidden soldiers
inside and eventually defeated him. Borrowing the concept, a Trojan is malware that
looks like legitimate software, and once it tricks a user into installing it, it acts much like
a virus or worm.

Question 6

How does an adware generate revenue for its creator ?

Answer
An adware is malware created to generate revenue for its developer. It displays online
advertisements using pop-ups, web pages, or installation screens. Once adware
infects a substantial number of computer systems, it generates revenue either by
displaying advertisements or by using a "pay-per-click" mechanism to charge clients
based on the number of clicks on their displayed ads.

Question 7

Briefly explain two threats that may arise due to a keylogger installed on a computer.
Answer
Two threats that may arise due to a keylogger installed on a computer are :

1. Privacy Breach — Keyloggers can capture sensitive and personal information

such as passwords, emails and private conversations. This information can then
be accessed and misused by unauthorized individuals, leading to privacy
breaches and potential identity theft.
2. Data Leakage — Keyloggers have the capability to send the recorded keystrokes
to external entities without the user's knowledge. This data leakage can result in
confidential information falling into the wrong hands, compromising security and
confidentiality.

Question 8

How is a Virtual Keyboard safer than On Screen Keyboard ?

Answer
Virtual Keyboard and On Screen Keyboard, both types of keyboards may look the
same, but the difference is in terms of the layout or ordering of the keys. The on-
screen keyboard of an operating system uses a fixed QWERTY key layout, which can
be exploited by sophisticated keylogger software. However, an online virtual keyboard
randomises the key layout every time it is used, thereby making it very difficult for a
keylogger software to know or record the key(s) pressed by the user.

Question 9

List and briefly explain different modes of malware distribution.

Answer
The different modes of malware distribution are as follows :

1. Downloaded from the Internet

2. Spam Email
3. Removable Storage Devices
4. Network Propagation

1. Downloaded from the Internet — Most of the time, malware is unintentionally

downloaded into the hard drive of a computer by the user. Of course, the
malware designers are smart enough to disguise their malware, but we should be
very careful while downloading files from the Internet (especially those
highlighted as free stuff).
2. Spam Email — We often receive an unsolicited email with embedded hyperlinks
or attachment files. These links or attached files can be malware.
3. Removable Storage Devices — The replicating malware targets the removable
storage media like pen drives, SSD cards, music players, mobile phones, etc.
and infect them with malware that gets transferred to other systems that they are
plugged into.
4. Network Propagation — Some malware like Worms have the ability to
propagate from one computer to another through a network connection.

Question 10

List some common signs of malware infection.

Answer
Common signs of some malware infection include the following:

1. Frequent pop-up windows prompting us to visit some website and/or download

some software.
2. Changes to the default homepage of web browser.
3. Mass emails being sent from our email account.
4. Unusually slow computer with frequent crashes.
5. Unknown programs startup as we turn on our computer.
6. Programs opening and closing automatically.
7. Sudden lack of storage space, random messages, sounds, or music start to
appear.
8. Programs or files appear or disappear without our knowledge.
Question 11

List some preventive measures against malware infection.

Answer
Some preventive measures against malware infection are as following :

1. Using antivirus, anti-malware, and other related software and updating them on a
regular basis.
2. Configure browser security settings.
3. Always check for a lock button in the address bar while making payments.
4. Never use pirated or unlicensed software. Instead go for Free and Open Source
Software (FOSS).
5. Applying software updates and patches released by its manufacturers.
6. Taking a regular backup of important data.
7. Enforcing firewall protection in the network.
8. Avoid entering sensitive (passwords, pins) or personal information on unknown or
public computers.
9. Avoid entering sensitive data on an unknown network (like Wi-Fi in a public
place) using personal computer also.
10. Avoid clicking on links or downloading attachments from unsolicited emails.
11. Scan any removable storage device with an antivirus software before
transferring data to and from it.
12. Never share our online account or banking password/pins with anyone.
13. Remove all the programs that we don’t recognise from our system.
14. Do not install an anti-spyware or antivirus program presented to us in a
pop-up or ad.
15. Use the pop-up window's 'X' icon located on the top-right of the popup to
close the ad instead of clicking on the 'close' button in the pop-up. If we notice an
installation has been started, cancel immediately to avoid further damage.

Question 12

Write a short note on different methods of malware identification used by antivirus

software.
Answer
The different methods of malware identification used by antivirus software are as
follows :

1. Signature-based detection — In this method, an antivirus works with the help of

a signature database known as "Virus Definition File (VDF)". This file consists of
virus signatures and is updated continuously on a real-time basis. This makes the
regular update of the antivirus software a must.
2. Sandbox detection — In this method, a new application or file is executed in a
virtual environment (sandbox) and its behavioural fingerprint is observed for a
 possible malware. Depending on its behaviour, the antivirus engine determines if
it is a potential threat or not and proceeds accordingly.
3. Data mining techniques — This method employs various data mining and
machine learning techniques to classify the behaviour of a file as either benign or
malicious.
4. Heuristics — Often, a malware infection follows a certain pattern. Here, the
source code of a suspected program is compared to viruses that are already
known and are in the heuristic database. If the majority of the source code
matches with any code in the heuristic database, the code is flagged as a
possible threat.
5. Real-time protection — Some malware remains dormant or gets activated after
some time. Such malware needs to be checked on a real-time basis. In this
technique, the anti-malware software keeps running in the background and
observes the behavior of an application or file for any suspicious activity while it
is being executed i.e. when it resides in the active (main) memory of the
computer system.

Q13 What are the risks associated with HTTP ? How can we resolve these risks by
using HTTPS ?
Answer
HTTP sends information over the network in plain text, leaving it vulnerable to attacks
from hackers who can intercept and manipulate the data. On the other hand, HTTPS
encrypts the data before transmission and requires SSL (Secure Sockets Layer) or
TLS (Transport Layer Security) protocols, along with an SSL digital certificate, to
ensure secure communication between the client and server.
Q14 List one advantage and disadvantage of using Cookies.
Answer
The advantage of using cookies is :
Cookies are used by websites to store browsing information of the user, which helps in
enhancing the user experience and making browsing time more productive.
The disadvantage of using cookies is :
Some third-party cookies might share user data without the user's consent for
advertising or tracking purposes.
Q 15 Write a short note on White, Black, and Grey Hat Hackers.
Answer

1. White Hat Hackers — If a hacker uses their knowledge to find and help fix
security flaws in the system, they are termed as White Hat hackers or Ethical
Hackers. These hackers have good intentions and are actually security experts.
Organizations hire these hackers to check and fix their systems for potential
security threats and loopholes. Technically, white hats work against black hats.
2. Black Hat Hackers — If hackers use their knowledge unethically to break the
law and disrupt security by exploiting the flaws and loopholes in a system, then
they are called black hat hackers or Crackers.
 3. Grey Hat Hackers — These are a class of hackers who are neutral. They hack
systems by exploiting their vulnerabilities, but they don’t do so for monetary or
political gains. Grey hats take system security as a challenge and hack systems
just for the fun of it.

Q16Differentiate between DoS and DDoS attack.

Answer
DoS DDoS

The full form of DDoS is Distributed

The full of DoS is Denial of Service.
Denial of Service.

Denial of Service (DoS) is a scenario, Distributed Denial of Service (DDoS)

wherein an attacker (Hacker) limits or
stops an authorised user to access a
service, device, or any such resource by
overloading that resource with
illegitimate requests.
is an attack, where the flooded
requests come from compromised
computer (Zombies) systems
distributed across the globe or over
a very large area.

If attackers carry out a DoS attack on a The attacker installs a malicious

website, they will flood it with a very software known as Bot on the
large number of network packets by Zombie machines, which gives it
using different IP addresses. control over these machines.

A DoS attack may be countered by

DDoS is very difficult to resolve, as
blocking requests or network packets
the attack is carried from multiple
from a single source, so it is easier to
distributed locations.
resolve comparatively.

Question 17

How is Snooping different from Eavesdropping ?

Answer
Snooping involves secretly capturing and analyzing network traffic using specialized
software, replicating the packets to avoid detection. On the other hand, eavesdropping
is an unauthorized, real-time interception of private communication over a network.
Unlike snooping, which can store data for later analysis, eavesdropping occurs during
active communication between entities. However, snooping is not always an attack, at
times, it is also used by network administrators for troubleshooting various network
issues. In contrast, eavesdropping is always malicious.