Protecting

Application or
System Software
TTLM Code: ICT ITS1
Key Words:-

Protect
Software
Application
Software
System Software
 5 minutes
Discussions

What to be Protected ?

Application Software
System Software
From What/Whom to be Protected ?

1. Un authorized person
2. Distractive Software
 How?
The following three
subsequent learning outcomes
will provide you a clear picture
on How to
LO1: Ensure User Accounts are
Controlled
This learning guide is developed to provide you
the necessary information regarding the
following content coverage and topics –
 User Account Control
 User Account Configuration
Notifications Displayed at Logon
 Utilities Used to Check Strength of Passwords
 Accessing Information Services
 User account type/privileges
 Managing user accounts
 Modifying default security policy
 displaying appropriate logon legal
notices
 Monitoring emails
 Accessing information service
 Identifying security gaps
 Taking appropriate actions
Information Sheet - 1 User Account
Control
1.1. User Access
The control of user access can take many forms
and apply at several levels. Once a computer is
physically accessed, the user usually logs on to
gain access to applications.
These applications will access data in files and
folders.
We can simplify the User Access process down
to 3 things.
Physical access
Authentication
 1.1.1. Physical Access (right to use)
 The first layer of management and security is the
physical access to the computer.
 To prevent unauthorized access, a company may
make use of:
  locks on the front doors
  locks on each floor
  locks on offices, etc
  security guards
  cameras
  keys on computer systems.
 Only those who have permission and keys will be
able to access a computer in the company’s
premises.
 The Internet, however, presents issues concerning
access to corporate information or systems
because physical restrictions cannot be imposed.
 1.1.2. Authentication
 Authentication is the process of verifying the identity
of people who are attempting to access the network
or system.
 Typically, a user identifies himself to the system,
then is required to provide a second piece of
information to prove their identity.
 This information is only known by the user or can
only be produced by the user.
 The most common method used to authenticate
users is the Username and Password method.
 Using this method a user identifies itself with a
username.
 They are then prompted for a password.
 The combination of name and password are then
compared by the system to its data on configured
users and if the combination matches the system’s
data the user is granted access.
 1.1.3. Authorizations
 Once a user has been authenticated (that is their
identity validated) they are granted access to the
network or system. For the user to then access
data or an application or execute some task or
command they need be authorised to do so.
 The authorisation process determines what the
user can do on the network.
 In other words it enforces the organisation policy
as applicable to the user.
 The Network and System administrators are
responsible for the technical configuration of
network operating systems, directory services
and applications.
 Part of the configuration includes security settings
that authorise user access.
 The administrators use an organisational policy to
determine these settings.
What is user Account
A user account allows you to sign
in to your computer. By default,
your computer already has one
user account, which you were
required to create when you set
up your computer.
If you plan to share your
computer with others, you can
create a separate user account
for each person.
Following are different Types of user accounts with their privileges
 Administrator, Standard, and Guest
Administrator:
Administrator accounts are special
accounts that are used for making
changes to system settings or
managing other people's
accounts.
They have full Control and access
to every setting on the computer.
 Standard:
Ithave limited or restricted access
privilege
Standard accounts are the basic accounts
you use for normal everyday tasks. As a
Standard user, you can do just about
anything you would need to do, such as
running software or personalizing your
desktop.
Guest Account:
Windows' guest account lets other people
use your computer without being able to
change PC settings, install apps or access
your private files.
1.2. User accounts
Management
An administrator can give other
people access to the computer in one
of three ways:
Create a user account that is linked
to an existing Microsoft account.
Create a user account that is linked
to an email address, and register
that account as a Microsoft account.
Create a local account that isn’t
linked to a Microsoft account.
 Con’t
After to get permission from admin Any
user can change the following details
for his or her account:
Account name You can change the
display name that appears on the
Welcome screen and Start menu.
Account picture You can change the
picture that identifies you on the
Welcome screen and Start menu.
Password You can create or change the
password.
 Con’t
Security settings can control:
User authentication to a network or
device.
The resources that users are
permitted to access.
Whether to record a user's or
group's actions in the event log.
Membership in a group.
 Con’t
To manage security configurations for
multiple devices, you can use one of the
following options:
1)Edit specific security settings in a
GPO(Group police object).
2)Use the Security Templates snap-in to
create a security template that contains the
security policies you want to apply, and
then import the security template into a
Group Policy Object. A security template is a
file that represents a security configuration,
and it can be imported to a GPO, applied to
a local device, or used to analyze security.
The Security Settings extension of the Local
Group Policy Editor includes the following types
of security policies:
Account Policies. These
policies are defined on devices;
they affect how user accounts
can interact with the computer or
domain.
Password Policy.
Account Lockout Policy.
Software Restriction Policies.
Application Control Policies.
Manage email and account
settings on Windows 10
E- Mail
 E- Mail (electronic mail) is the exchange
of computer-stored messages by tele
communication.
Email messages are usually encoded in
American Standard Code for Information
Interchange (ASCII) text.
 However, you can also send non text
files, such as graphic images and sound
files as attachments sent in binary
streams.
How we can create e-mail?
Detect and remove destructive
software. under this we will see!
common types of destructive software
virus protection
Selecting anti-virus software
Installing and updating anti-virus
software
Describing advance system protection
Configuring software security setting
Scheduling anti-virus software
Reporting and removing detected
destructive software
Common types of destructive
software
 What is a destructive software program?
 Destructive malware is malicious software with
the capability to render affected systems
inoperable and challenge reconstitution.
 Common types of destructive software
 File viruses.- Hide/empty
 Worms.-Is a type of virus that can be Replicate
it self and spread from one device to another
 Trojans' horses-malicious code than control
the system and damage data
 Spyware. –types of virus which gather
information about personal/organization data
then send fake link to related your data
Virus protection
Virus protection software is
designed to prevent viruses,
worms and Trojan horses from
getting onto a computer as well
as remove any malicious software
code that has already infected a
computer.
The 6 Best Antivirus Software of 2022

Best Overall: Bitdefender Antivirus Plus

Best for Windows: Norton 360 With LifeLock
Best for Mac: Webroot Secure Anywhere for
Mac
Best for Multiple Devices: McAfee Antivirus
Plus
Best Premium Option: Trend Micro
Antivirus+ Security
Best Malware Scanning: Malwarebytes and
also you can use other antivirus soft wares
for your PC Example Avast Antivirus
Software.
• Windows Firewall
A firewall is a software program
or hardware that checks incoming
information (such as from
websites) and blocks malicious
software or attempts by hackers
to gain access to your computer
through a network or the
internet.
1.3. Default security policy
Modification
Security policy settings are rules
that administrators configure on
a computer or multiple devices
for protecting resources on a
device or network.
Table 1-1: The different types of dialog boxes used to notify you
and guidance on how to respond to them.
Always notify - at this level you are
notified before applications and users
make changes that require administrative
permissions. When a such like notification
shows up, the desktop is dimmed. You
must choose Yes or No before you can do
anything else on the computer.
Security impact: this is the most secure
setting and the most annoying.
Never notify - at this level, UAC is
turned off, and it doesn't offer any
protection against unauthorized system
changes. Security impact: if you don't
have a good security suite you are very
likely to encounter security issues with
your Windows device. With UAC turned
off it is much easier for malicious
programs to infect Windows and take
control.
How to Change User Account Control
Settings in Windows 7
Open the Windows Control Panel, and then click
System and Security. ...
Click Action Center. ...
In the left pane, click Change User Account
Control Settings. ...
Slide the vertical bar (on the left side) to your
desired setting and click OK.
 Information Sheet – 2 User Account
Configuration

2.1. User Account Configuration

Network and System Administrators are
responsible for configuring user accounts.
Network operating systems and
applications have many security options
and setting relating to user access. How
does an administrator determine the
configuration and setting for user
accounts?
2.1.1. User Account Settings

The organisation’s policies should make

statements as to the degree of user control
that is required. Network procedures should
contain details as to how these policies
may be implemented.
For example, the policy may state that user
passwords should not be less than six
characters. The procedures will then
describe how the administrator should
The administrator should review the policies to
ensure that the procedures produce the desired
outcomes.
The procedures should describe in detail how to
make use of the operating system facilities to
configure user accounts in accordance with the
security requirements.
The actual way you set these parameters
will vary with each operating environment,
however, here are some basic parameters
covered by most operating systems to consider
 Password requirements - whether a password is
required, minimum length, complexity, needs to be changed
at intervals, etc
 Account lock out settings - disabling accounts that
have made a number of bad logon attempts
 Access hours - the standard days and time that users
will be permitted to access the network
 Account expiry dates - date when account will be
disabled
 Logon restrictions - accounts can only be used at
specified locations or workstations.
 Home directory information - a home directory is a
folder that usually has the name of the user and the user
has full permissions over.
2.1.2. Configuring User Access
Once user account settings have been determined
how do we know who should have accounts and
what access should be set?
2.1.2.1. User Authorisations
Once again, organisational policy and procedures
provide the necessary information for the
administrators.
There should be procedures in place that inform
the appropriate people that a person requires a
new user account or changes to an existing
The access permissions for users should be carefully
planned and determined in writing by appropriate people
who have the authority to allocate the access.
Procedures should address:
 Which managers can authorise a new user
 Standards for user id and passwords
 Groups that users can belong to and authority required
for each group
 Basic accesses that all users are allowed
 Authorisation requirements to access sensitive data
 Application accesses
 Ability to install additional software
 Email and internet accesses
 Special accesses that may be required.
2.1.2.2. Use of Groups
The most common way of administering
access permissions is to create groups
and put user accounts into
appropriate groups.
The group is then permitted or
denied access as required.
Using groups is an efficient way of
managing authorisation because you
only need to set access permission
For example, a company may have thousands
of users, but analysis of what those users want
to do may show that there are twenty or more
different combinations of access permissions
required. By assigning users to groups and
then allocating permissions to the group, the
security administration is greatly simplified.
Once we have users allocated to groups we
can explore other levels of controlling access.
Allocating permissions to folders and files is a
major security provision of network operating
Can we go lower and look at the content of a
specific file and restrict access there?
The restriction of file access is most applicable in
controlling access to database files.
For example, imagine a Payroll system using a
database in which the data is stored in tables.
These tables have columns and rows of data. Let
us think about two groups of user, the payroll
department staff and the manager of a
department. The payroll group are likely to be
allowed full access to all the data although in a
2.1.2.3. Permissions and Rights
Permissions generally refer to file and directory
access.
The user account or group can be set with the
following type of permissions:
 No access at all to files and directories
 Read only.
 Modify where the contents of files and
directories may be accesses but changed or
added to but not deleted
 Full Control or Supervisory where files and
Rights (or privileges) generally refer to
the restriction on user accounts or group
in performing some task or activity.
For example a user account or group may
be assigned administrator or supervisor
rights meaning that the user can perform
administration tasks like create, modify or
delete user accounts. Care must be taken
with rights to ensure security is not
2.2. Managing User Accounts

Once user accounts are configured we still need

to manage the accounts as required by
organisational policy.
For example user accounts for contractors are
active only for as long as the contractor are
physically on site.
This means that accounts need to be enabled
and disabled. This activity should be addressed
by procedures.
Note also that many networks on different OS’s
allow’ ’guest’ and’ ’temporary’ accounts.
These are usually set up for either read-
only or short-term access to people who
would not normally have access to the
system.
Great care must be taken in configuring
or using these accounts firstly because
they can allow anonymous and
uncontrolled use of a system and
secondly guest passwords can sometimes
be guessed easily and provide a doorway
Administrators need to review procedures to
ensure that they remain current and address any
changes to the organisation and the network.
Administrators need to be aware of user
activities and practices when accessing the
network.
Organisational policy and procedures should
address how users should access the network. In
time users may develop shortcuts and practices
that knowingly or unknowingly are in breech of
policy and may compromise network security. For
Then to allow access for a colleague who
has forgotten their password the users
logs in on another workstation for the
colleague.
The result is two concurrently network
connections for one user account but for
two different people who have different
user access requirements.
To manage user accounts appropriately
administrators should
 Regularly review organisational policies and procedures to
be aware of requirements and address any organisational or
network changes
 Conduct regular checks to ensure the change
management procedures are working for new, changed and
deleted users
 Review and investigate current work practices regarding
user network access
 Conduct information and training sessions for network
users to reinforce appropriate practices and organisational
policy
 Conduct regular audits of network access—verifying
Information Sheet - 4 Protect Your Computer with
a Password
4.1. Definitions of a Password

A password is a string of characters that people

can use to log on to a computer and access files,
programs, and other resources. Passwords help
ensure that people do not access the computer
unless they have been authorized to do so. In
Windows, a password can include letters,
numbers, symbols, and spaces. Windows
passwords are also case-sensitive. To help keep
your computer secure, you should always create
a strong password.
4.1.1. STRONG PASSWORDS AND PASSPHRASES

A password is a string of characters used to

access information or a computer. Passphrases
are typically longer than passwords, for added
security, and contain multiple words that create a
phrase. Passwords and passphrases help prevent
unauthorized people from accessing files,
programs, and other resources. When you create
a password or passphrase, you should make it
strong, which means it's difficult to guess or
crack. It's a good idea to use strong passwords on
all user accounts on your computer. If you're
Tables 4-1 make a password or passphrase strong

Tables 4-1 four categories characters Strong passwords

and passphrases contain:
A password or passphrase might meet all the
criteria above and still be weak. For example,
Hello2U! meets all the criteria for a strong
password listed above, but is
still weak because it contains a complete word.
H3ll0 2 U! is a stronger alternative because it
replaces some of the letters in the complete
word with numbers and also includes spaces.
Help yourself remember your strong password or
passphrase by following these tips:
 Create an acronym from an easy-to-remember
piece of information. For example, pick a phrase
that is meaningful to you, such as My son's
birthday is 12 December, 2004. Using that
phrase as your guide, you might use
Msbi12/Dec,4 for your password.
 Substitute numbers, symbols, and misspellings
for letters or words in an easy-to-remember
phrase. For example, My son's birthday is 12
December, 2004 could become Mi$un's Brthd8iz
12124, which would make a good passphrase.
 Relate your password or passphrase to a
4.2. Modify User Security Policy
4.2.1. Password policy
A password policy is a set of rules designed to enhance
computer security by encouraging users to employ strong
passwords and use them properly.
A password policy is often part of an organization's official
regulations and may be taught as part of security
awareness training. The password policy may either be
advisory or mandated by technical means. Some
governments have national authentication frameworks
that define requirements for user authentication to
government services, including requirements for
passwords.
Some policies suggest or impose requirements on what
 the use of both upper- and lower-case letters
(case sensitivity)
 inclusion of one or more numerical digits
 Inclusion of special characters, e.g. @, #, $ etc.
 prohibition of words found in a dictionary or the
user's personal information
 prohibition of passwords that match the format
of calendar dates, license plate numbers,
telephone numbers, or other common numbers
 prohibition of use of company name or an
abbreviation
4.2.2. Common Password Practice
Password policies often include advice on proper password
management such as:
 never share a computer account
 never use the same password for more than one account
 never tell a password to anyone, including people who
claim to be from customer service or security
 never write down a password
 never communicate a password by telephone, e-mail or
instant messaging
 being careful to log off before leaving a computer
unattended
 changing passwords whenever there is suspicion they may
have been compromised
 operating system password and application passwords are
4.2.3. Types of Password
Before you will be able to change, clear or remove a computer
password, you must first determine the password type that is
being used.
 System Password: - Does the password appear as the
computer is booting? If yes, this is a BIOS or CMOS password. BIOS
or CMOS passwords will not allow the computer to be boot at all
unless the password is known.
 Operating System /Network/ Third-Party Password: - Does
the password appear after the computer is done booting and
before the operating system runs? If yes, this is a network,
Operating System, or third-party password.
 Window Password: - Windows users, does the password
appear in Windows before the desktop? If yes, this is a Windows or
Windows network password. If you are able to press the Escape
5.1.2. Troubleshoot Authentication Issues

Sometimes, users might experience problems

authenticating to resources that have more
complex causes than mistyping a password or
leaving the Caps Lock key on.
The sections that follow describe troubleshooting
techniques that can help you better isolate
authentication problems.
Operation Sheet - 1 Techniques of setting User Account
Control

1.1. Create a User Account

1. Click on Start, and then click on Control
Panel
2. Click on User Accounts.
3. Click Manage Another Account. If you are
prompted for an administrator password or
confirmation, type the password or provide
confirmation.
4. Click on Create a New Account.
5. Type the name you want to give the user
1.2. Change Picture for a User Account
1. Click on Start, and then Click on Control
Panel
2. Click on User Accounts.
3. Click Change your picture.
4. Click the picture you want to use, and then
Click Change Picture.
– Or If you want to use a picture of your own,
Click Browse for more pictures, navigate to
the picture you want to use, Click the
picture, and then Click Open. You can use a
1.3. Rename a User Account
1. Click on Start, and then click on Control Panel.
2. Click on User Accounts.
3. Click Change your account name. If you are
prompted for an administrator password or
confirmation, type the password or provide
confirmation.
4. Type the new name, and then click Change Name.
Notes
 You can't change the name of the guest account.
 A username can't be longer than 20 characters,
consist entirely of periods or spaces, or contain any
of these characters: \ / " [ ] : | < > + = ; , ? * @
1.4. Change a User's Account Type
1. Click on Start, and then click on Control Panel
2. Click on User Accounts.
3. Click Manage another account. If you are prompted
for an administrator password or confirmation, type
the password or provide confirmation.
4. Click the account you want to change, and then
click Change the account type.
5. Select the account type you want, and then click
Change Account Type.
Note: Windows requires at least one administrator
account on a computer. If you have only one account
on your computer, you can't change it to a standard
account.
1.5. Configuring UAC(user account control) in Control
Panel
To configure UAC in Control Panel, perform the following
steps:
1. In Control Panel, click System and Security.
2. Under Action Center, click Change User Account
Control Settings, as shown in Figure 1.5-1.

FIGURE 1.5-1 You can access UAC settings through the

Action Center
This step opens the User Account Settings window, one
version of which is shown in Figure 5. Note that the set of
options that appears is different for administrators and
standard users, and that each user type has a different
default setting.

FIGURE 1.5-2 UAC allows you to choose among four

 Operation Sheet - 2 Configuring User Account

2.1. Add a User Account to a Group

By adding a user account to a group, you can avoid having
to grant the same access and permission to many
different users one by one. Members of a group can make
the same types of changes to settings and have the same
access to folders, printers, and other network services.
1. Click on Start, and then click on Control Panel
2. Click on Administrative Tools and then Double-click on
Computer Management. If you are prompted for an
administrator password or confirmation, type the
password or provide confirmation.
3. In the left pane of Computer Management, click Local
Users and Groups.
4. Click on Groups folder.
6. Click Add, and then type the name of the
user account.
7. Click Check Names, click OK.
8. Click Apply, and then click OK.
Note
 To help make your computer more secure, add
a user to the Administrators group only if it is
absolutely necessary. Users in the Administrators
group have complete control of the computer.
They can see everyone's files, change anyone's
password, and install any software they want.
2.2. Remove a User Account from a Group
1. Click on Start, and then click on Control Panel
2. Click on Administrative Tools and then Double-click
on Computer Management. If you are prompted for
an administrator password or confirmation, type the
password or provide confirmation.
3. In the left pane of Computer Management, click
Local Users and Groups.
4. Click on Groups folder.
5. Right-click the group you want to remove the user
account from, and then click Properties.
6. Select the name of the user account and then Click
Remove.
7. Click Apply, and then click OK.
 2.3. Disable a User Account
If you have a user account that you want to make unavailable,
you can disable it. A disabled account can be enabled again later.
Disabling an account is different from deleting an account. If you
delete an account, it can't be restored.
1. Click on Start, and then click on Control Panel
2. Click on Administrative Tools and then Double-click on
Computer Management. If you are prompted for an
administrator password or confirmation, type the
password or provide confirmation.
3. In the left pane of Computer Management, click Local
Users and Groups.
5. Click on Users folder.
6. Right-click the user account you want to disable, and
then click Properties.
7. On the General tab, select the Account is disabled check
2.4. Delete a User Account
If you have a user account on your computer that is not being
used, you can permanently remove it by deleting it. When you
delete a user account, you can choose whether you want to keep
the files created under that account; however, e-mail messages
and computer settings for the account will be deleted.
1. Click on Start, and then click on Control Panel
2. Click on User Accounts.
3. Click Manage another account. If you are prompted for
an administrator password or confirmation, type the
password or provide confirmation.
4. Click the account you want to delete, and then click
Delete the account.
5. Decide if you want to keep or delete the files created
under the account by clicking Keep Files or Delete Files.
6. Click Delete Account.
LAP Test Practical Demonstration
Instruction Sheet L02: Detect and Remove Destructive
Software
 1.4. Types of Viruses

Viruses are split into different categories, depending on

what they do. Here are a few categories of viruses:
 Boot Sector Virus
The Boot Sector of a PC is a part of your computer that
gets accessed first when you turn it on. It tells Windows
what to do and what to load. It's like a "Things To Do" list.
The Boot Sector is also known as the Master Boot Record.
A boot sector virus is designed to attack this, causing your
PC to refuse to start at all!
 File Virus
A file virus, as its name suggests, attacks files on your
computer. Also attacks entire programs, though.
 Macro Virus
These types of virus are written specifically to infect
Microsoft Office documents (Word, Excel PowerPoint, etc.)
A Word document can contain a Macro Virus. You usually
need to open a document in a Microsoft Office application
before the virus can do any harm.
 Multipartite Virus
A multipartite virus is designed to infect both the boot
sector and files on your computer
 Polymorphic Virus
This type of virus alters their own code when they infect
another computer. They do this to try and avoid detection
by anti-virus programs.
 Electronic Mail (Email) Virus
Refers to the delivery mechanism rather than
the infection target or behavior.
Email can be used to transmit any of the above
types of virus by copying and emailing itself to
every address in the victim’s email address
book, usually within an email attachment.
Each time a recipient opens the infected
attachment, the virus harvests that victim’s
email address book and repeats its propagation
process.
 1.5. Virus Infection, Removal and Prevention

1.5.1. Virus Infection

The most common way that a virus gets on your
computer is by an email attachment. If you
open the attachment, and your anti-virus program
doesn't detect it, then that is enough to infect
your computer. Some people go so far as NOT
opening attachments at all, but simply deleting
the entire message as soon as it comes in. While
this approach will greatly reduce your chances of
becoming infected, it may offend those relatives
of yours who have just sent you the latest
You can also get viruses by downloading
programs from the internet. That great piece
of freeware you spotted from an obscure /unclear
site may not be so great after all. It could well be
infecting your PC as the main program is
installing.
If your PC is running any version of Windows, and
it hasn't got all the latest patches and
updates, then your computer will be
attacked a few minutes after going on the
internet! (Non Windows users can go into
Nowadays, they utilized the use of removable storage
devices to spread viruses. The most common is the
use of flash drive. Since removable drives like flash
drive, CD/DVDs have the autorun functionality, a
simple command that enables the executable file to
run automatically, they exploited and altered it so it
will automatically run the virus (normally
with .exe, .bat, .vbs format) when you insert your
flash drive or CD/DVDs.
Virus Infection Symptoms
Common symptoms of a virus-infected computer include
 Unusually slow running speeds
 Failure to respond to user input
 System crashes and constant system restarts that are
 Individual applications also might stop working correctly,
 Disk drives might become inaccessible,
 Unusual error messages may pop up on the screen,
 Menus and dialog boxes can become distorted and
peripherals like printers might stop responding.
 You can't access your disk drives
 Other symptoms to look out for are strange error
messages, documents not printing correctly, and distorted
menus and dialogue boxes.
Try not to panic if your computer is exhibiting one or two
items on the list. Keep in mind that these types of
hardware and software problems are not always caused by
viruses, but infection is certainly a strong possibility that is
worth investigating.
1.5.2. Removal of Viruses
The first step in removing computer is installing
any updates that are available for your
operating system; modern operating
systems will automatically look for updates
if they are connected to the Internet. If you
do not already have anti-virus software on
your computer, install and use the anti-virus
software to do a complete scan of your
computer. Since new computer viruses are
constantly being created, set your anti-virus
1.5.3. Prevention from Virus Infections
In order to prevent future computer infections:
 use an Internet firewall,
 check for operating system and anti-virus program updates,
 scan your computer regularly and exercise caution when
handling email and Internet files.
A firewall is a program or piece of hardware that helps
screen out viruses, worms and hackers which are
attempting to interact with your computer via the
Internet. On modern computers, firewalls come pre-
installed and are turned on by default, so you probably
already have one running in the background. When
opening email attachments, don't assume they are safe
just because they come from a friend or reliable source;
the sender may have unknowingly forwarded an
attachment that contains a virus.
Self-Check - 1 Written Test
Information Sheet - 2 Selecting and Installing Virus
Protection Software
2.1. Protection Software
We used to call everything a virus, however there are more
precise /exact names to further categorize malware –
among them virus, worm, Trojan, spyware, malware and
adware, to name a few.
Infection can have a devastating effect on the functioning
of stand-alone machines and networks and can cause
irretrievable damage to data and other resources. It is
imperative to develop mechanisms to avoid infection.
Detecting malware is a very sophisticated and well-
defined process. Consequently, network
administrators rely often rely on third party
products to manage this process.
2.1.1. Single User
There are many kinds of protection software available for a
single use device. Among them are

 Avast  AVG
 Avira  Bitdefender
 BullGuard  Emsisoft
 ESET NOD32  Fortinet
 F-Secure  GData
 Kaspersky  Kingsoft
 McAfee  Microsoft Security
Essentials
 Panda Cloud  Qihoo 360
 Sophos  ThreatTrack Vipre
 Trend Micro Titanium
Specialised software for removal such as Spybot Search &
Destroy, Malwarebytes anti-malware and WinZip Malware
Protector.
Other specialised programs that can block certain known IP
addresses of hackers, unwanted advertising companies.
One program that does this is PeerBlock. PeerBlock blocks
"known bad" computers from accessing yours, and vice
versa. Depending on the lists you have it set up to use, you
can block governments, corporations, machines flagged for
anti-peer-to-peer activities, even entire countries. The down
side of this is that you will have to keep an eye on the
program as it can block legitimate sites just because they
have possibly been used for hacking attempts.
 Figure 3-1: PeerBlock – What happens when blocking
TAFE website
With Peerblock you can edit your lists and add or remove
addresses from the lists so that you can still control which
2.1.2. Multi User/Enterprise
Even though small business antivirus software is usually priced on
a per-user basis with a cost that is on par with individual-user
products, it often gives business owners important additional
features such as the ability to install and manage all installations
from a central location. Some of the available products are:
 Bitdefender Small Business Pack
 Kaspersky Endpoint Security for Business
 F-Secure Small Business Suite
 Symantec Endpoint Protection
 G Data AntiVirus Business
 Webroot Secure Anywhere Business
 Vipre Business Premium
 avast! Endpoint Protection Suite
 Panda Security for Business
 Total Defense Threat Manage
2.2. Anti-Virus Software
Antivirus or anti-virus software is used to prevent,
detect, and remove malware, including but not
limited to computer viruses, computer worm, trojan
horses, spyware and adware. This page talks about
the software used for the prevention and removal of
such threats, rather than computer security
implemented by software methods.
No matter how useful antivirus software can be, it can
sometimes have drawbacks. Antivirus software can impair
a computer's performance. Inexperienced users may
also have trouble understanding the prompts and
decisions that antivirus software presents them
with.
An incorrect decision may lead to a security breach.
If the antivirus software employs heuristic detection,
success depends on achieving the right balance
between false positives and false negatives. False
positives can be as destructive as false negatives.
False positives are wrong detection by an anti-virus
where legitimate files were mistakenly identified as
viruses while False negatives are wrong detection by
an anti-virus where legitimate viruses were not
detected as viruses.
Finally, antivirus software generally runs at the highly
trusted kernel level of the operating system, creating a
potential avenue of attack.
Over the years it has become necessary for
antivirus software to check an increasing
variety of files, rather than just
executables, for several reasons:
 Powerful macros used in word processor
applications, such as Microsoft Word, presented
a risk. Virus writers could use the macros to
write viruses embedded within documents.
This meant that computers could now also
be at risk from infection by opening
documents with hidden attached macros.
 Later email programs, in particular
Microsoft Outlook Express and Outlook,
were vulnerable to viruses embedded in
the email body itself. A user's computer
could be infected by just opening or
previewing a message.
As always-on broadband connections became
the norm, and more and more viruses were
released, it became essential to update virus
checkers more and more frequently. Even then,
a new zero-day virus could become widespread
 2.3. Types of Protection Software

Depending on the way they fix destructive software these

can be in the following forms: Anti-Virus, Anti-spyware,
and Anti-spam Applications.
2.3.1. Anti-Viruses
 Anti-virus software consists of computer programs that attempt
to identify, thwart and eliminate computer viruses and other
malicious software.
 Anti-virus software typically uses two different techniques to
accomplish this:
 Examining (scanning) files to look for known viruses matching
definitions in a virus dictionary.
 Identifying suspicious behavior from any computer program
which might indicate infection. Such analysis may include data
captures, port monitoring and other methods.
2.3.2. Anti-Spyware
 These are software's that are designed to discover,
detect and block spyware.
 Anti-spyware programs can combat spyware in two
ways:
 They can provide real time protection against the
installation of spyware software on your computer. This
type of spyware protection works the same way as that of
anti-virus protection in that the anti-spyware software
scans all incoming network data for spyware software and
blocks any threats it comes across.
 Anti-spyware software programs can be used solely for
detection and removal of spyware software that has
already been installed onto your computer. This type of
2.3.3. Anti-Spam
 To prevent e-mail spam, both end users and
administrators of e-mail systems use various anti-spam
techniques.
 None of the techniques is a complete solution to the
spam problem, and each has trade-offs between
incorrectly rejecting legitimate e-mail vs. not rejecting all
spam, and associated costs in time and effort.
 Anti-spam techniques can be broken into two broad
categories:
 those that require actions by individuals, and
 those that can be automated.
2.4. Methods Anti-virus Use to Identify Malware
There are several methods which antivirus software can use to
identify malware.
 Signature based detection is the most common method.
To identify viruses and other malware, antivirus software
compares the contents of a file to a dictionary of virus
signatures. Because viruses can embed themselves in
existing files, the entire file is searched, not just as a
whole, but also in pieces.
 Heuristic-based detection, like malicious activity
detection, can be used to identify unknown viruses.
 File emulation is another heuristic approach. File
emulation involves executing a program in a virtual
environment and logging what actions the program
performs. Depending on the actions logged, the antivirus
software can determine if the program is malicious or not
2.4.1. Signature-based detection
Traditionally, antivirus software heavily relied upon
signatures to identify malware. This can be very effective,
but cannot defend against malware unless samples have
already been obtained and signatures created. Because of
this, signature-based approaches are not effective
against new, unknown viruses.
As new viruses are being created each day, the signature-
based detection approach requires frequent updates of
the virus signature dictionary. To assist the antivirus
software companies, the software may allow the
user to upload new viruses or variants to the
company, allowing the virus to be analyzed and the
Although the signature-based approach can
effectively contain virus outbreaks, virus
authors have tried to stay a step ahead of such
software by writing "oligomorphic",
"polymorphic" and, more recently,
"metamorphic" viruses, which encrypt
parts of themselves or otherwise modify
themselves as a method of disguise, so as
to not match virus signatures in the
dictionary.
2.4.2. Heuristics
Some more sophisticated antivirus software uses heuristic
analysis to identify new malware or variants of known
malware.
Many viruses start as a single infection and through
either mutation or refinements by other attackers,
can grow into dozens of slightly different strains,
called variants. Generic detection refers to the
detection and removal of multiple threats using a
single virus definition.
For example, the Vundo trojan has several family
members, depending on the antivirus vendor's
classification. Symantec classifies members of the
Vundo family into two distinct categories,
While it may be advantageous to identify a
specific virus, it can be quicker to detect a virus
family through a generic signature or
through an inexact match to an existing
signature. Virus researchers find common
areas that all viruses in a family share
uniquely and can thus create a single
generic signature. These signatures often
contain non-contiguous code, using
wildcard characters where differences lie.
These wildcards allow the scanner to
detect viruses even if they are padded with
2.4.3. Rootkit detection
Anti-virus software can also scan for rootkits; a
rootkit virus is a type of malware that is
designed to gain administrative-level
control over a computer system without
being detected. Rootkits can change how
the operating system functions and in
some cases can tamper with the anti-virus
program and render it ineffective. Rootkits
are also difficult to remove, in some cases
requiring a complete re-installation of the
2.5. Selecting Anti-Virus Software
A good security program needs to be integrated
& working actively deep in the system in order to
protect it from malicious software. This means
that it needs to be active from initial boot up to
shutdown, scanning each process or program
and how it interacts with the system.
It is therefore important when choosing a virus
scanner that protects the system from all kinds
of malicious software but also that it doesn’t
degrade the devices ability to function.
In the previous module, we have already discussed the planning
and analysis that should be undertaken before any systems
software is installed onto a computer. The installation of anti-virus
software is no different. Each analysis step that we have covered
must be undertaken to ensure that the software we choose is
going to meet our needs as well as maintain compatibility with the
operating system, application software and hardware. When it
comes to anti-virus software however, there are other aspects to
take into consideration such as:
 The types of virus protected against
 Yearly subscription fees
 Other services available such as firewalls, SPAM management
and system diagnostic software
In most cases, this information will be covered on the website of
the software manufacturer.
2.6. Avast Anti-Virus Software
The screenshot below display the three Avast antivirus products
with their features, from essential to complete protection
2.7. Installing Anti-Virus Software
The Following system requirements are recommended in order to
install and run Avast! Free Antivirus on your computer:
• Microsoft Windows XP Service Pack 2 or higher (any Edition, 32-
bit or 64-bit), Microsoft Windows Vista (any Edition excl. Starter
Edition, 32-bit or 64-bit) or Microsoft Windows 7 (any Edition, 32-
bit or 64-bit).
• Windows fully compatible PC with Intel Pentium III processor or
above (depends on the requirements of used operating system
version and other 3rd party software installed).
• 256 MB RAM or above (depends on the requirements of used
operating system version and other 3rd party software installed).
• 210 MB free space on the hard disk, 300MB if also included
Google Chrome will be installed (to download and install).
• Internet connection (to download and register the product, for
automatic updates of program engine and antivirus database).
Before you begin the installation of Avast! Free Antivirus
please ensures that:
• You are logged in to Windows as Administrator or as a
user with administrator permissions
• All other programs in Windows are closed and not running
• Your previous antivirus software is fully uninstalled (for
instructions refer to your vendor's documentation),
Once you have installed an anti-virus package, you should
scan your entire computer periodically. Always leave your
Anti-virus software running so it can provide constant
protection.
 Automatic Scans- Depending what software you
choose, you may be able to configure it to
automatically scan specific files or directories and
prompt you at set intervals to perform complete
scans.
 Manual Scans- It is also a good idea to manually
scan files you receive from an outside source
before opening them. This includes:
 Saving and scanning email attachments or web
downloads rather than selecting the option to open them
directly from the source
 Scanning flash disks, CDs, or DVDs for viruses before
opening any of the files
TIPS TO BOOST YOUR MALWARE DEFENSE AND PROTECT YOUR PC

1. Install Antivirus and Antispyware Programs from a

Trusted Source

 Never download anything in response to a

warning from a program you didn't install or don't
recognize that claims to protect your PC or offers
to remove viruses. It is highly likely to do the
opposite!
 Get reputable anti-malware programs from a
vendor you trust. (Microsoft Security Essentials
offers free real-time protection against malicious
software for your PC. Or, choose from a list of
2. Update Software Regularly
Cybercriminals are endlessly inventive in their efforts to
exploit vulnerabilities in software, and many software
companies work tirelessly to combat these threats. That is
why you should:
 Regularly install updates for all your software, namely
your antivirus and antispyware programs, browsers (like
Windows Internet Explorer), operating systems (like
Windows), and word processing and other programs.
Software updates repair vulnerabilities as they are
discovered.
 Subscribe to automatic software updates whenever they
are offered—for example, you can automatically update all
Microsoft software.
3. Use Strong Passwords and Keep Them Safe
 Strong passwords are at least 14 characters long and
include a combination of letters, numbers, and symbols.
 Don't share passwords with anyone.
 Don’t use the same password on all sites. If it is stolen, all
the information it protects is also at risk.
 Create different strong passwords for the router and the
wireless key of your wireless connection at home. Find out
how from the company that provides your router.
4. Never Turn Off your Firewall
A firewall protects networked computers from hostile
intrusion. It may be a hardware device or a software
program. In either case, it has at least 2 network interfaces
– one for the network or computer that it is protecting and
one for the network that it is exposed to. Often the case is
of a private network/computer and the Internet. A firewall
prevents computers outside the protected area from
gaining access. Windows Vista, Windows 7, Server 2008
and Linux all make use of software firewalls.
A firewall puts a protective barrier between your computer
and the Internet. Turning it off for even a minute increases
the risk that your PC will be infected with malware.
5. Use Flash Drive with Caution
Minimize the chance that you'll infect your
computer with malware:
 Don't put an unknown flash (or thumb) drive
into your PC.
 Hold down the SHIFT key when you insert the
drive into your computer. Holding down "Shift"
will keep the computer from auto-playing the
device. If you forget to do this, click in the upper-
right corner to close any flash drive-related pop-
up windows.
 Don't open any files on your drive that you're
Don't be tricked into downloading malware
Follow this advice:
 Be very cautious about opening attachments or clicking
links in email or IM (Instant Messaging), or in posts on
social networks (like Facebook)—even if you know the
sender. Call to ask if a friend sent it; if not, delete it or
close the IM window.
 Avoid clicking “Agree”, “OK”, or “I Accept” in banner ads,
in unexpected pop-up windows or warnings, on websites
that may not seem legitimate, or in offers to remove
spyware or viruses.
 Instead, press CTRL + F4 on your keyboard. (CTRL + F4
closes the Window)
If that doesn’t close the window, press ALT + F4
on your keyboard to close the browser. If asked,
close all tabs and don’t save any tabs for the
next time you start the browser.
 Only download software from websites you
trust. Be cautious of "free" offers of music,
games, videos, and the like. They are notorious
for including malware in the download.
Self-Check - 2 Written Test
Information Sheet - 3 Advanced Systems of
Protection
3.1. Firewalls
A Firewall is a software program that sits between the
internet and a private network and works as a barrier to
keep destructive viruses away from a computer. The
purpose is to prevent unauthorised access into the
company by outsiders. Data can only travel from the
Internet to the network through the firewall. The software
can be configured to accept links only from trusted sites.
The firewall prevents direct communication between
computers outside the network (in other words, out on the
Internet) and computers on the private network. It also
monitors and logs everything passing between the two so
as to prevent a hacker or any other unauthorised person
3.2. Risks of Allowing Applications Through a
Firewall
There are two ways to allow an application through a
firewall. Both of them are risky:
 Add an application to the list of allowed applications (less
risky).
 Open a port (more risky).
When you add an application to the list of allowed
applications in a firewall (sometimes called unblocking) or
when you open a firewall port, you allow a specific
application to send information to or from your PC through
the firewall, as though you've drilled a hole in the firewall.
This makes your PC less secure and might create
opportunities for hackers or malware to use one of those
Generally, it's safer to add an application to the list of
allowed applications than to open a port. A port stays
open until you close it, but an allowed application only
opens the "hole" when needed.

To help decrease your security risk:

 Only allow an application or open a port when you
really need to,
 Never allow an application that you don't recognise to
communicate through the firewall.
3.3. Configuring Windows Firewall
Windows Firewall is a host firewall that is built into
Windows 7. Unlike firewall devices that control traffic
between networks, host firewall define which traffic types
are allowed to pass between the local computer and the
rest of the network.
You can configure Windows Firewall by using two separate
tools.
 If you want to control inbound traffic based on its
associated application, use the Windows Firewall page in
Control Panel. To open this tool, open Control Panel, click
System and Security, and then click Windows Firewall, as
shown in Figure 3-1.
FIGURE 3-1 Accessing Windows Firewall settings in
Control Panel
FIGURE 3-2 Windows Firewall page in Control
Panel
 If you want to control outbound traffic, or if you want to
control inbound traffic based on additional criteria such as
source address or destination port, you need to use the
Windows Firewall with Advanced Security (WFAS) console.
To open this console, click Advanced Settings on the
Windows Firewall page in Control Panel
Self-Check - 3 Written Test
Information Sheet - 4 Installing Software Updates

4.1. Updating Windows

Although Windows is designed to minimize security risks
out of the box, attackers are constantly developing new
security vulnerabilities. To adapt to changing security risks,
improve the reliability of Windows, and add support for new
hardware, you must deploy updates to your client
computers.
In homes and small offices, Windows automatically
downloads the newest critical updates from Microsoft,
allowing computers to stay up to date without any
administrative effort. This approach does not scale to
enterprises, which must manage thousands of computers.
In enterprises, IT departments need to test
updates to ensure that they do not cause
widespread compatibility problems. In addition,
having each computer download the same
update across the Internet would waste your
bandwidth, potentially affecting your network
performance when Microsoft releases large
updates.
Because security threats are evolving
constantly, Microsoft must release updates to
Windows and other Microsoft software regularly.
4.1.1. Methods for Deploying Updates
Microsoft provides several techniques for applying updates:
 Directly from Microsoft
For home users and small businesses, Windows 7 is
configured to retrieve updates directly from Microsoft
automatically. This method is suitable only for smaller
networks with fewer than 50 computers.
 Windows Server Update Services (WSUS)
WSUS enables administrators to approve updates before
distributing them to computers on an intranet. If you want,
updates can be stored and retrieved from a central location
on the local network, reducing Internet usage when
downloading updates. This approach requires at least one
 Configuration Manager 2007
The preferred method for distributing software
and updates in large, enterprise networks,
Configuration Manager 2007 provides highly
customizable, centralized control over update
deployment, with the ability to audit and
inventory client systems. Configuration
Manager 2007 typically requires several
infrastructure servers.
4.1.2. Windows Update Client
Whether you download updates from Microsoft or use
WSUS, the Windows Update client is responsible for
downloading and installing updates on computers running
Windows 7 and Windows Vista. The Windows Update client
replaces the Automatic Updates client available in earlier
versions of Windows. Both Windows Update in Windows 7
and Automatic Updates in earlier versions of Windows
operate the same way: they download and install updates
from Microsoft or an internal WSUS server. Both clients
install updates at a scheduled time and automatically
restart the computer if necessary. If the computer is turned
off at that time, the updates can be installed as soon as
the computer is turned on. Alternatively, Windows Update
The Windows Update client provides for a great
deal of control over its behavior. You can
configure individual computers by using the
Control Panel\System and Security\Windows
Update\Change Settings page.
After the Windows Update client downloads
updates, the client checks the digital signature
and the Secure Hash Algorithm (SHA1) hash on
the updates to verify that they have not been
modified after they were signed by Microsoft.
This helps mitigate the risk of an attacker either
4.1.3. How to Check Update Compatibility
Microsoft performs some level of compatibility
testing for all updates. Critical updates (small
updates that fix a single problem) receive the
least amount of testing because they occur in
large numbers and they must be deployed
quickly. Service packs (large updates that fix
many problems previously fixed by different
critical updates) receive much more testing
because they are released infrequently.
Whether you are planning to deploy critical
updates or a service pack, you can reduce the
chance of application incompatibility by testing
the updates in a lab environment. Most
enterprises have a Quality Assurance (QA)
department that maintains test computers in a
lab environment with standard configurations
and applications. Before approving an update for
deployment in the organization, QA installs the
update on the test computers and verifies that
critical applications function with the update
Whether you have the resources to test updates
before deploying them, you should install
updates on pilot groups of computers before
installing the updates throughout your
organization. A pilot group is a small subset of
the computers in your organization that receive
an update before wider deployment. Ideally,
pilot groups are located in an office with strong
IT support and have technology-savvy users. If
an update causes an application compatibility
problem, the pilot group is likely to discover the
4.1.4. How to Install Updates
Ideally, you would deploy new computers
with all current updates already installed.
After deployment, you can install updates
manually, but you’ll be much more
efficient if you choose an automatic
deployment technique. For situations that
require complete control over update
installation but still must be automated,
you can script update installations.
4.1.5. How to Verify Updates
Microsoft typically releases updates once
per month. If a computer does not receive
updates, or the updates fail to install
correctly, the computer might be
vulnerable to security exploits that it
would be protected from if the updates
were installed. Therefore, it’s critical to
the security of your client computers that
you verify updates are regularly installed.
4.1.6. How to Remove Updates
Occasionally, an update might cause compatibility
problems. If you experience problems with an application
or Windows feature after installing updates and one of the
updates was directly related to the problem you are
experiencing, you can uninstall the update manually to
determine whether it is related to the problem.
If removing the update does not resolve the problem, you
should reapply the update. If removing the update does
solve the problem, inform the application developer (in
the case of a program incompatibility) or your Microsoft
support representative of the incompatibility. The update
probably fixes a different problem, so you should make
every effort to fi x the compatibility problem and install
4.2. Updating Anti-Virus Software
Self-Check - 4 Written Test
Information Sheet - 5 Configuring Software
Security Settings
5.1. Internet Security
We have already discussed some of the functionality of
anti-virus and firewall software when it comes to protecting
your computer network. Since many of these threats come
from the Internet, many web browsing software programs
contain inbuilt security settings which allow you to restrict
or block access to sites before they can become a
problem.
In Microsoft Internet Explorer, security is handled by
division of sites into restricted zones. This means that
different web sites can have different security levels.
There are four Internet Security Zones, and within each
zone a different security level can be set.
5.1.1. Security Zones
You can tell which zone the current Web page is
in by looking at the right side of the Internet
Explorer status bar. Whenever you open or
download content from the Web, Internet
Explorer checks the security settings for that
Web site's zone.
 Search for and view any website.
 Look at the bottom right of the screen:
We will access a screen in Internet Explorer
which explains these zones, and where you can
make changes to the zone settings.
5.1.2. Viewing Security Zones
If you are on a PC where changes can be made, you
change the Internet Zones through Tools, Internet
Options, Security
 Choose Tools, Internet Options.
 Click on the Security tab.
The top of the dialog box displays the four available
security zones. The remainder of the dialog box allows you
to choose a security level for that zone.

Figure 5-1 The Internet zone with medium security

5.2. Different Security Zones
There are four different zones:
• Internet zone: By default, this zone contains anything
that is not on your computer or an intranet, or assigned to
any other zone. The default security level for the Internet
zone is Medium.
• Local intranet zone: This zone typically contains
addresses that you have access to such as shared network
drives, and local intranet sites.
• Trusted sites zone: This zone contains sites that are
considered trustworthy - sites where you can usually
download or run files from without worrying about damage
to your computer.
• Restricted sites zone: This zone contains sites that are
Settings can be customized within a zone
from Low, Medium Low, Medium, and
High. If you are in a workplace or college,
these security decisions have probably
been made for you and it is unlikely that
you can change these. However for the
purposes of this exercise, we will view the
different zones and their security settings.
Self-Check - 5 Written Test
Operation Sheet - 1 Installing Avast! Free Antivirus

To prevent Avast! Free Antivirus from being incorrectly

installed or aborted unexpectedly. When you are ready,
proceed as follows:
1. Firstly download the Avast! Free Antivirus from the
Avast! Website and save it to your computer, in a location
where you will easily be able to locate it. For example save
the downloaded setup file avast_free_antivirus_setup.exe
on your Windows Desktop.
2. Locate the downloaded setup file
avast_free_antivirus_setup.exe (depending on your system
preferences, the file extension may be hidden), on your
Windows Desktop for example. Now, in case you are
• Windows 7 or Windows Vista as a user with
administrator permissions, right-click on the
setup file and choose 'Run as administrator' from
the context menu,
• Windows XP as Administrator or as a user with
administrator permissions, or
your are logged in to Windows 7 or Windows Vista
as Administrator (i.e. not a user with
administrator permissions), double-click the
setup file to begin the installation process,
If prompted by User Account Control dialog for
permissions, click 'Yes' (or 'Continue' in Windows
Vista) to begin the installation process.
For a few seconds you will briefly see the setup
process copy the installation files to your
computer.
When Avast! Setup Wizard starts you will see a
welcome screen.
Preferred language for the installation can be changed by
clicking on the current language shown on the top right
corner. Before continuing with the installation of Avast! Free
Antivirus please read the User License Agreement.
At the bottom of the welcome screen you can choose
whether you wish to install Google Chrome. By ticking the
checkbox 'Make Google Chrome my default browser', you
can also select, if it should be opened as your default web
browser when accessing the Internet. For details, please
Then choose what type of
read enclosed
installation youTerms
prefer:of Use and Privacy Policy.
 Regular Install or
Custom Install
Regular Installation of Avast! Free Antivirus
1. Click the ‘Regular Installation' button in the middle of the
welcome screen to proceed with default installation of
Avast! Free Antivirus in preferred language and with
minimal user interaction during the setup process.
2. You will now be prompted to Accept the End User License
Agreement by
Clicking on the ‘Continue’ button.
3. The Avast! Setup Wizard will create a system restore
point, then will display an installation progress bar,
4. When installation has successfully completed
click ‘Done’. Now Avast Free Antivirus will
perform a quick scan of your system. Depending
upon the speed of your machine, it may take a
few minutes to complete.
Avast! Free Antivirus is now installed on your
computer and ready to use. But it works for 30
days in trial mode after installation. During this
period you need to register to get your free
license key to continue to use it and stay
protected.
Avast! User interface is accessible via orange ball
icon in your system tray or orange shortcut icon
on your Windows Desktop.
Operation Sheet – 2 Running and Scheduling Avast! Free
Antivirus
 L03: Identify and
Take Action to Stop
Spam
This learning guide is developed to
provide you the necessary information
regarding the following content coverage
and topics –
• Define and Identify common types of
spam
• Spam Control and combat
• Configure and use spam filters
This guide will also assist you to attain the
learning outcome stated in the cover page.
Specifically, upon completion of this Learning
Guide, you will be able to –
• Define and Identify common types of spam
• Take appropriate action in order to protect
unauthorized access of spammers
• Configure and use spam filters
• Report and document spam to identify the
security threats and be able to perform
recommended action
2.1 Identify common types of spam
2.2 Take appropriate action in regard to spam
2.3 Configure and use a spam filter
2.4 Report spam to appropriate organization
Information Sheet - 1 Define and Identify Common
Types of Spam
1.1. Definition of Spam
Spam is the use of electronic messaging systems
to send unsolicited bulk messages
indiscriminately. It is the electronic equivalent of
receiving “junk” mail in your letter box. While the
most widely recognized form of spam is e-mail
spam, the term is applied to similar abuses
in other media: instant messaging spam,
Usenet newsgroup spam, Web search engine
spam, spam in blogs, wiki spam, mobile
phone messaging spam, Internet forum
Spamming is economically viable to
advertisers because their operating costs
are so low, and it is difficult to hold
senders accountable for their mass
mailings. Spam can be used to spread
computer viruses, Trojan horses or other
malicious software. The objective may be
identity theft, or worse. Some spam
attempts to capitalize on human greed
whilst other attempts to use the victims'
Spam is flooding the Internet with many
copies of the same message, in an
attempt to force the message on people
who would not otherwise choose to
receive it.
Most spam is commercial advertising,
often for dubious products, get-rich-
quick schemes, or quasi-legal
services. Spam costs the sender very
little to send -- most of the costs are
1.2. Types of Spam
There are four common types of spam, and they have
different effects on users.
1.2.1. Cancellable Usenet spam
Cancellable Usenet spam is a single message sent to 20 or
more Usenet newsgroups. (Through long experience,
Usenet users have found that any message posted to so
many newsgroups is often not relevant to most or all of
them.) Usenet spam is aimed at "lurkers", people who
read newsgroups but rarely or never post and give
their address away. Usenet spam robs users of the
utility of the newsgroups by overwhelming them
with a barrage of advertising or other irrelevant
posts. Furthermore, Usenet spam subverts the
1.2.2. Email Spam
Email spam targets individual users with direct
mail messages. Email spam lists are often
created by scanning Usenet postings, stealing
Internet mailing lists, or searching the Web for
addresses. Email spams typically cost users
money out-of-pocket to receive. Many people -
anyone with measured phone service - read or
receive their mail while the meter is running, so
to speak. Spam costs them additional money. On
top of that, it costs money for ISPs and online
One particularly nasty variant of email
spam is sending spam to mailing lists
(public or private email discussion
forums.) Because many mailing lists
limit activity to their subscribers,
spammers will use automated tools
to subscribe to as many mailing lists
as possible, so that they can grab the
lists of addresses, or use the mailing
1.2.3. Instant Messaging Spam
Some examples of instant messengers are Yahoo!
Messenger, AIM, Windows Live Messenger, Tencent QQ,
ICQ, XMPP and Myspace chat rooms. All are targets for
spammers. Many IM systems offer a directory of users,
including demographic information such as age and sex.
Advertisers can gather this information, sign on to the
system, and send unsolicited messages, which could
include commercial scam-ware, viruses, and links to paid
links for the purpose of click fraud. Microsoft
announced that the Windows Live Messenger
version 9.0 would support specialized features to
combat messaging spam. In most systems users can
1.2.4. SMS & MMS Spam
SMS (Short Messaging Service) is a mechanism
which allows brief text messages to be sent to a
mobile phone. MMS (Multimedia Messaging
Service) can include including videos, pictures,
text pages and sound.
Mobile phone spam is a form of spamming
directed at these messaging services of mobile
telephony. It is described as mobile spamming,
SMS spam, text spam, or SpaSMS but is most
frequently referred to as m-spam. These types of
spam can be particularly annoying for the
1.3. Reasons Make Spam Bad
Why do we get so upset when we receive E-mail which was not
requested?
There are several reasons:
 The Free Ride. E-mail spam is unique in that the receiver
pays so much more for it than the sender does. For
example, AOL has said that they were receiving 1.8 million
spams from Cyber Promotions per day until they got a
court injunction to stop it. Assuming that it takes the
typical AOL user only 10 seconds to identify and discard a
message, that's still 5,000 hours per day of connect time
per day spent discarding their spam, just on AOL. By
contrast, the spammer probably has a T1 line that costs
him about $100/day. No other kind of advertising costs the
advertiser so little and the recipient so much. The closest
analogy I can think of would be auto-dialing junk phone
 The “Oceans of Spam'' Problem. Many spam
messages say “please send a REMOVE message to get off
our list.'' Even disregarding the question of why you
should have to do anything to get off a list you never
asked to join, this becomes completely impossible if the
volume grows. At the moment, most of us only get a few
spams per day. But imagine if only 1/10 of 1 % of the
users on the Internet decided to send out spam at a
moderate rate of 100,000 per day, a rate easily
achievable with a dial-up account and a PC. Then
everyone would be receiving 100 spams every day. If 1%
of users were spamming at that rate, we'd all be getting
1,000 spams per day. Is it reasonable to ask people to
send out 100 “remove'' messages per day? Hardly. If spam
 The Theft of Resources. An increasing number of
spammers, such as Quantum Communications, send most
or all of their mail via innocent intermediate systems, to
avoid blocks that many systems have placed against mail
coming directly from the spammers' systems. (Due to a
historical quirk, most mail systems on the Internet will
deliver mail to anyone, not just their own users.) This fills
the intermediate systems' networks and disks with
unwanted spam messages, takes up their managers' time
dealing with all the undeliverable spam messages, and
subjects them to complaints from recipients who conclude
that since the intermediate system delivered the mail,
they must be in league with the spammers.
Many other spammers use “hit and run''
spamming in which they get a trial dial-up
account at an Internet provider for a few
days, send tens of thousands of messages,
then abandon the account (unless the
provider notices what they're doing and
cancels it first), leaving the unsuspecting
provider to clean up the mess. Many
spammers have done these tens or dozens
of times, forcing the providers to waste
staff time both on the cleanup and on
 It's All Garbage. The spam messages I've seen have
almost without exception advertised stuff that's
worthless, deceptive, and partly or entirely fraudulent. (I
include the many MLMs in here, even though the MLM-ers
rarely understand why there's no such thing as a good
MLM). It is spam software, funky miracle cures, off-brand
computer parts, vaguely described get rich quick
schemes, dial-a-porn, and so on downhill from there. It's
all stuff that's too cruddy to be worth advertising in any
medium where they'd actually have to pay the cost of the
ads. Also, since the cost of spamming is so low, there's no
point in targeting your ads, when for the same low price
you can send the ads to everyone, increasing the noise
 They're Crooks. Spam software invariably
comes with a list of names falsely claimed to be
of people who've said they want to receive ads,
but actually consisting of unwilling victims culled
at random from usenet or mailing lists. Spam
software often promises to run on a provider's
system in a way designed to be hard for the
provider to detect so they can't tell what the
spammer is doing. Spams invariably say they'll
remove names on request, but they almost never
do. Indeed, people report that when they send a
test “remove'' request from a newly created
Spammers know that people don't want to
hear from them, and generally put fake
return addresses on their messages so
that they don't have to bear the cost of
receiving responses from people to whom
they've send messages. Whenever
possible, they use the “disposable'' trial
ISP accounts mentioned above so the ISP
bears the cost of cleaning up after them.
It's hard to think of another line of
business where the general ethical level is
 It Might Be Illegal. Some kinds of
spam are illegal in some countries on the
Internet. Especially with pornography,
mere possession of such material can be
enough to put the recipient in jail. In the
United States, child pornography is highly
illegal and we've already seen spammed
child porn offers.
Self-Check - 1 Written Test
Information Sheet - 2 Spam Control and Combating

2.1. Spam Control

Spam is flooding the Internet with many
copies of the same message, in a Spam now
constitutes an overwhelming majority of
email traffic.
2.1.1. The Effects of Spam
The never-ending onslaught of junk messages:
 Strains networks
 Erodes user productivity
 Propagates dangerous malware and costs
2.1.2. Types of Spam
Though all junk email might look the same, spam continues
to arrive in a seemingly endless number of configurations,
ranging from the innocuous to the lethal. The major spam
types include:
 Advertising Spam: is used to promote an entire
spectrum of products and services, from software to
real estate to questionable medical and nutritional
offerings.
 Malware Delivery: Spam is one of the main
distribution channels for delivering viruses and
other types of malware. Targeted individuals,
believing they have received an important document
or media file, are often tricked into opening a
 Scams: Posing as Nigerian princes, Swiss
bankers, tragically ill children and other stock
types, scammers prey on recipients' sympathy and
greed.
 Phishing: Hiding behind the names of respected
retailers, financial institutions, businesses,
charities and government bodies. Phishers attempt
to lure unsuspecting recipients to bogus Web sites
where they steal personal financial or identity
information.
 Nonsense: A significant chunk of junk-mail text is
pure gibberish. Some of this material is generated
in an effort to trick spam-filtering technologies into
passing an attached message onto recipients.
2.1.3. Spam Media
Spam is overwhelmingly an email problem. Yet
as Internet technology advances, junk content is
rapidly spilling over to many other types of IP
media, including:
 IM (instant messaging) : Spam is a
growing problem on IM networks, where
the threats closely parallel those of email
spam.
 VoIP Voice over IP: SPIT (Spam over
Internet Telephony) is a rare but
 Search Engines: Using techniques such as hidden
text, doorway pages and mirror sites, a search-
engine spammer attempts to boost a Web site's
ranking by redirecting traffic to the site. This
practice is also known as "spamdexing."
 Web Message Boards: Spammers like to use Web
message boards and Usenet.com groups to promote
products and services that are usually unrelated to
the site's content focus.
 Blogs: Junk advertising is inserted into a blog's
reader-comment area.
 Online Video: YouTube LLC and other video-sharing
sites are plagued by video spam, which consists of
thinly disguised commercials for products and
2.2. Combating Spam
It sometimes seems as if anti-spam technologies and
methodologies are proliferating as rapidly as spam itself.
These are the main tools that can keep spam under control:
 Spam Filters: A growing number of technology
vendors are targeting spam with products that are
designed to block and quarantine suspected spam.
These offerings use sophisticated algorithms to scan
each incoming message for signs that it may contain
spam.
 Firewalls: Spam firewalls offload message filtering
from the email server, freeing up network resources
and bandwidth. Spam-firewall appliances usually
come preconfigured and can be set up in minutes.
 Anti-Malware Technologies: Hardware- and
software-based anti-malware products can block
dangerous attachments from reaching employees'
inboxes.
 Client Control: Leading email clients, such as
Microsoft Outlook and Outlook Express, as well as
Mozilla Foundation's Thunderbird , offer built-in
controls that are designed to minimize inbox spam.
 White Lists/Black Lists: This feature is found in
many spam filters and client controls. White lists of
trusted email addresses allow messages to proceed
to the user's inbox unimpeded by any filter or client
settings. Black lists work in the opposite way,
routinely blocking incoming email from known
 Disposable Email Addresses: Many
businesses and individuals routinely distribute
different email addresses to every external
contact, then funnel all incoming messages into
a single account. This way, if one address
begins spamming, it can be safely eradicated
without affecting the flow of messages
originating from other contacts.
 Legal Action : While it's rare for an
individual business to sue a junk-mail sender, a
growing number of law-enforcement bodies are
targeting spammers, particularly organized
 Policies: All businesses need a comprehensive
anti-spam policy. Besides mandating the use of
filtering and other good spam-fighting
technologies, the policy should cover routine
workplace practices. Business Web sites, for
example, should never publish visible email
addresses that can be "harvested" by spammer
software. Employees should also be encouraged
not to post business email addresses on
message boards, social-network sites and
personal Web pages.
2.3. 12 Tips for Fighting Spam
Fighting spam involves diligence in using anti-malware
applications and keeping them, your operating system and
applications updated, as you will see:-
 Use filtering software - Most e-mail programs have an
automatic spam filtering function. Internet service
providers can also install mail filters in their mail transfer
agents as a service to all of their customers. Due to the
growing threat of fraudulent websites, Internet service
providers filter URLs in email messages to remove the
threat before users click. Corporations often use filters to
protect their employees and their information technology
assets. There are 3rd party spam filters available as well –
among them SpamAssassin and Norton Internet Security.
 Install anti-virus software and keep it updated
 Use a personal firewall – available in Windows and Mac
Operating Systems
 Download security patches – these address known issues
as they come to hand
 Choose long and random passwords that involve letters,
numbers and symbols
 Protect your email address
Be careful about to whom you give your email address.
When it is necessary to forward messages to bulk
recipients who don't know one another, it is good
practice to list the recipient names in the "BCC:" field
instead of after "TO:". Unscrupulous recipients will not
be able to see or copy that list of email addresses.
Avoid responding to spam; even be careful
about “unsubscribing” in a suspect email.
Beware of contact forms on websites, they
may be harvesting your details, nor can you
see the address you are sending to in some
cases.
Using HTML in email allows web browser
functionality such as the display of html,
URLs and images. Mail clients which do not
automatically download and display HTML,
images or attachments, have fewer risks, as
 A helpful SMS spam-reduction technique is guarding
one's mobile phone number. One of the biggest
sources of SMS spam is number harvesting carried out
by Internet sites offering "free" ring tone downloads.
In order to facilitate the download, users must provide
their phones' numbers; which in turn are used to send
frequent advertising messages to the phone.
Another countermeasure is to use a service that
provides a public phone number and publishes the
SMS messages received at that number to a publicly
accessible website. Google Voice can be used in this
way, but with numbers and messages kept private.
(At the time of writing Google Voice is not fully
operational in Australia.
 Read terms and conditions carefully - Often
the terms and conditions will contain a clause
that reveals the intent to put a user’s contact
details into a mailing list.
 Beware of email scams and fraud –
 Don’t open suspicious attachments
 Don’t “unsubscribe” if the source seems
dubious. Just delete it. The unsubscribe link or
button may simply confirm the validity of your
contact details.
 Report any email, instant messaging, SMS and
Self-Check - 2 Written Test
Information Sheet - 3 Configuring and Using
Spam Filters
3.1. Anti-Spam Techniques
Various anti-spam techniques are used to prevent email spam
(unsolicited bulk email).
No technique is a complete solution to the spam problem, and
each has trade-offs between incorrectly rejecting legitimate
email (false positives) as opposed to not rejecting all spam (false
negatives) – and the associated costs in time, effort, and cost of
wrongfully obstructing good mail.
Anti-spam techniques can be broken into four broad categories:
 End-User Techniques: those that require actions by
individuals,
 Automated techniques for email administrators: those
that can be automated by email administrators,
 Automated techniques for email senders: those that can
be automated by email senders and
 Those employed by researchers and law enforcement officials.
3.1.1. End-User Techniques
There are a number of techniques that individuals use to
restrict the availability of their email addresses, with the
goal of reducing their chance of receiving spam.
 Discretion
 Address Munging
 Avoid Responding to Spam
 Contact Forms
 Disable HTML in Email
 Disposable Email Addresses
 Ham Passwords
 Reporting Spam
3.1.2. Automated Techniques for Email
Administrators
There are now a large number of applications, appliances,
services, and software systems that email administrators
can use to reduce the load of spam on their systems and
mailboxes. In general these attempt to reject (or "block"),
the majority of spam email outright at the SMTP connection
stage. If they do accept a message, they will typically then
analyze the content further – and may decide to
"quarantine" any categorized as spam.
 Authentication
 Challenge/Response Systems
 Checksum-Based Filtering
 Country-Based Filtering
3.1.3. Automated Techniques for Email Senders
There are a variety of techniques that email senders use to try to
make sure that they do not send spam. Failure to control the
amount of spam sent, as judged by email receivers, can often
cause even legitimate email to be blocked and for the sender to
be put on DNSBLs.
 Background Checks on New Users and Customers
 Confirmed Opt-In for Mailing Lists
 Egress Spam Filtering
 Limit Email Backscatter
 Port 25 Blocking
 Port 25 Interception
 Rate Limiting
 Spam Report Feedback Loops
 FROM Field Control
 Strong AUP and TOS Agreements
3.2. Managing SPAM
There are a number of ways that SPAM and other
email threats can be managed. Most anti-virus
software programs contain some sort of SPAM
management functionality as well as most Email
programs. In the following pages, we will
demonstrate the email management processes of
Microsoft Outlook 2010.
3.2.1. Managing Junk Email
As SPAM or other unsolicited Emails are received,
Outlook 2010 allows us to block or quarantine the
3.2.2. Automatic blocking
Unfortunately, the lovely folk who like to send us
message after message about cheap
pharmaceuticals do not always use the same
address. So we block one, another appears in our
inbox. To counter this, we can set up some
automatic blocking processes to block emails by
type rather than sender.
Self-Check - 3 Written Test
 Information Sheet - 4 Reporting SPAM
4.1. Junk Email

Like everything, there are a number of risks that go with having

your own email address. As you give your email address to
others, use it online to purchase items or use it as a contact point
for entry into competitions, you open yourself up to a
bombardment of "Junk" email.
Junk email can include:
• Subscriptions to company information sites and online
brochures (the online version of junk mail).
• Spam - A process for sending unsolicited messages (usually for
cheap online pharmaceuticals, scams or x rated sites) to many
recipients at once. SPAM covers emails, instant messaging, SMS
and other mobile phone messaging.
• Distribution of malicious software such as viruses.
• Hoax emails (such as emails requesting online banking details
4.2. Legal Countermeasures
If an individual or organization can identify harm done to
them by spam, and identify who sent it; then they may be
able to sue for a legal remedy, e.g on the basis of trespass
to chattels. A number of large civil settlements have been
won in this way, although others have been mostly
unsuccessful in collecting damages.
Criminal prosecution of spammers under fraud or
computer crime statutes is also common, particularly if
they illegally accessed other computers to create botnets,
or the emails were phishing or other forms of criminal
fraud.
Finally, in most countries specific legislation is in place to
make certain forms of spamming a criminal offence, as
 European Union
Article 13 of the European Union Directive on Privacy and
Electronic Communications (2002/58/EC) provides that the
EU member states shall take appropriate measures to
ensure that unsolicited communications for the purposes
of direct marketing are not allowed either without the
consent of the subscribers concerned or in respect of
subscribers who do not wish to receive these
communications, the choice between these options to be
determined by national legislation.
In the United Kingdom, for example, unsolicited emails
cannot be sent to an individual subscriber unless prior
permission has been obtained or unless there is a pre-
existing commercial relationship between the parties.
  United States

In the United States, many states enacted anti-spam laws

during the late 1990s and early 2000s. All of these were
subsequently superseded by the CAN-SPAM Act of 2003,
which was in many cases less restrictive; and any further
potential state laws preempted. However, CAN-SPAM
leaves intact laws not specific to e-mail. Courts have ruled
that spam is, e.g., Trespass to Chattel.
Bulk commercial email does not violate CAN-SPAM,
provided that it meets certain criteria, e.g., a truthful
subject line, no forged information in the headers. If it fails
to comply with any of these requirements it is illegal.
Those opposing spam greeted the new law with dismay
and disappointment, almost immediately dubbing it the
In practice it had little positive impact. In
2004, less than one percent of spam
complied with CAN-SPAM, although a
2005 review by the Federal Trade
Commission claimed that the amount of
sexually explicit spam had significantly
decreased since 2003 and the total
volume had begun to level off. Many other
observers viewed it as having failed,
although there have been several high-
  Australia SPAM Act 2003

As a result of increasing instances of unsolicited

bulk email flooding company and personal
networks, the Australian Federal Government
introduced the SPAM Act. The Spam Act
became law on 12 December 2003 and, after a
grace period; all provisions of the Spam Act
came into effect from 10 April 2004 and covers
the following message types:
 Email
 Short message service (SMS)
In simple terms, the SPAM Act covers the following:
1. Unsolicited commercial electronic messages must not
be sent. Messages should only be sent to an address
when it is known that the person responsible for that
address has consented to receive it.
2. Businesses must not use electronic address harvesting
software. or lists which have been generated using such
software, for the purpose of sending unsolicited
commercial electronic messages.
3. Commercial electronic messages must contain
• Accurate information about the sender of the message;
• A functional way for the message's recipients to
indicate that they do not wish to receive such messages
in the future - that they wish to unsubscribe.
The maximum penalties under the Spam
Act include a range of warning and
breach options up to a Court imposed
penalty of up to $220,000 for a single
day's contraventions up to $1.1 million
for a second offence.
4.3. Reporting SPAM
Tracking down a spammer's ISP and reporting the offense
can lead to the spammer's service being terminated and
criminal prosecution. Unfortunately, it can be difficult to
track down the spammer, and while there are some online
tools such as Spam Cop and Network Abuse
Clearinghouse to assist, they are not always accurate.
Historically, reporting spam in this way has not played a
large part in abating spam, since the spammers simply
move their operation to another URL, ISP or network of IP
addresses.
In many countries consumers may also forward unwanted
and deceptive commercial email to the authorities, e.g. in
the US to the email address (spam at uce.gov) maintained
Emails inundated with SPAM or other unsolicited messages such
hoax emails, they can report it to the Australian Communications
and Media Authority by undertaking any of the following
Users forward spam to the ACMA's Spam Intelligence Database
using [email protected] email address.
Note: When forwarding an email message, please do not change
the subject line of the message or add additional text. The ACMA
will only contact you in relation to a report if it requires further
information to assist it in its anti-spam activities.
 Organizations, such as Internet Service Providers or
universities, which collect large amounts of spam associated
with the management of their email systems can be report to
the ACMA via command-line or batch reporting.
 Spam SMS messages can be forwarded to a dedicated
telephone number 0429 999 888 to report it directly to the
ACMA. Your report will be recorded in the ACMA's database
Operation Sheet - 1 Filter Incoming Messages in
Windows Live
To organize your Inbox by creating filters to direct incoming
messages to specific folders, follow these steps:
1. Sign in to the Windows Live Hotmail website with your
Windows Live Hotmail account.
2. In the upper-right corner of the page, click Options, and
then click More options.
3. Under Customize your mail, Click Automatically sort e-mail
into folders.
4. Perform one of the actions as per your requirement:
5. Click New filter to Create a new filter
6. Click Edit next to the filter that you want to edit.
7. Click Delete next to the filter that you want to delete.
8. Follow the on-screen instructions to specify which
messages you want to filter and where you want to filter
Reference
 MCITP Exam 70-685: Windows 7 Enterprise Desktop
Support Technician, Tony Northrup and J.C. Mackin

 https://www.sitepoint.com/5-steps-to-uncovering-your-
it-security-gaps/

https://en.wikibooks.org/wiki/
Fundamentals_of_Information_Systems_Security/
Access_Control_Systems#Access_Control_Assurance

 https://en.wikipedia.org/wiki/Computer_access_control

https://en.wikibooks.org/wiki/
Category:Book:Fundamentals_of_Information_Systems_Se
curity

 https://www.computerweekly.com/opinion/Identify-
security-gaps