Why is a computer considered to be safe if it is not connected to a network or Internet?
Answer
A computer is considered safe when not connected to a network or the Internet due to reduced exposure to external threats like malware and hacking attempts.
What is a computer virus ? Name some computer viruses that were popular in recent years.
Answer
A computer virus is a piece of software code created to perform malicious activities and hamper resources of a computer system like CPU time, memory, personal files, or sensitive information. It infects other computer systems that it comes into contact with by copying or inserting its code into the computer programs or software (executable files).
Some computer viruses that were popular in recent years are CryptoLocker, ILOVEYOU, MyDoom, Sasser and Netsky, Slammer, Stuxnet, etc.
How is a computer worm different from a virus ?
Answer
The major difference between a worm and a virus is that unlike a virus, a worm does not need a host program or software to insert its code into. Worms are standalone programs that are capable of working on its own. Also, a virus needs human triggering for replication (i.e. when a user opens/executes the infected file), while a worm replicates on its own and can spread to other computers through the network.
How is Ransomware used to extract money from users ?
Answer
Ransomware is a type of malware that targets user data. It either blocks the user from accessing their own data or threatens to publish the personal data online and demands ransom payment in the form of Bitcoin cryptocurrency.
How did a Trojan get its name ?
Answer
The name "Trojan" originates from the ancient Greek story of the Trojan Horse. Since the ancient Greeks could not infiltrate the city of Troy using traditional warfare methods, they gifted the king of Troy with a big wooden horse with hidden soldiers inside and eventually defeated him. Borrowing the concept, a Trojan is malware that looks like legitimate software, and once it tricks a user into installing it, it acts much like a virus or worm.
How does an adware generate revenue for its creator ?
Answer
An adware is malware created to generate revenue for its developer. It displays online advertisements using pop-ups, web pages, or installation screens. Once adware infects a substantial number of computer systems, it generates revenue either by displaying advertisements or by using a "pay-per-click" mechanism to charge clients based on the number of clicks on their displayed ads.
Briefly explain two threats that may arise due to a keylogger installed on a computer.
Answer
Two threats that may arise due to a keylogger installed on a computer are :
- Privacy Breach — Keyloggers can capture sensitive and personal information such as passwords, emails and private conversations. This information can then be accessed and misused by unauthorized individuals, leading to privacy breaches and potential identity theft.
- Data Leakage — Keyloggers have the capability to send the recorded keystrokes to external entities without the user's knowledge. This data leakage can result in confidential information falling into the wrong hands, compromising security and confidentiality.
How is a Virtual Keyboard safer than On Screen Keyboard ?
Answer
Virtual Keyboard and On Screen Keyboard, both types of keyboards may look the same, but the difference is in terms of the layout or ordering of the keys. The on-screen keyboard of an operating system uses a fixed QWERTY key layout, which can be exploited by sophisticated keylogger software. However, an online virtual keyboard randomises the key layout every time it is used, thereby making it very difficult for a keylogger software to know or record the key(s) pressed by the user.
List and briefly explain different modes of malware distribution.
Answer
The different modes of malware distribution are as follows :
- Downloaded from the Internet
- Spam Email
- Removable Storage Devices
- Network Propagation
- Downloaded from the Internet — Most of the time, malware is unintentionally downloaded into the hard drive of a computer by the user. Of course, the malware designers are smart enough to disguise their malware, but we should be very careful while downloading files from the Internet (especially those highlighted as free stuff).
- Spam Email — We often receive an unsolicited email with embedded hyperlinks or attachment files. These links or attached files can be malware.
- Removable Storage Devices — The replicating malware targets the removable storage media like pen drives, SSD cards, music players, mobile phones, etc. and infect them with malware that gets transferred to other systems that they are plugged into.
- Network Propagation — Some malware like Worms have the ability to propagate from one computer to another through a network connection.
List some common signs of malware infection.
Answer
Common signs of some malware infection include the following:
- Frequent pop-up windows prompting us to visit some website and/or download some software.
- Changes to the default homepage of web browser.
- Mass emails being sent from our email account.
- Unusually slow computer with frequent crashes.
- Unknown programs startup as we turn on our computer.
- Programs opening and closing automatically.
- Sudden lack of storage space, random messages, sounds, or music start to appear.
- Programs or files appear or disappear without our knowledge.
List some preventive measures against malware infection.
Answer
Some preventive measures against malware infection are as following :
- Using antivirus, anti-malware, and other related software and updating them on a regular basis.
- Configure browser security settings.
- Always check for a lock button in the address bar while making payments.
- Never use pirated or unlicensed software. Instead go for Free and Open Source Software (FOSS).
- Applying software updates and patches released by its manufacturers.
- Taking a regular backup of important data.
- Enforcing firewall protection in the network.
- Avoid entering sensitive (passwords, pins) or personal information on unknown or public computers.
- Avoid entering sensitive data on an unknown network (like Wi-Fi in a public place) using personal computer also.
- Avoid clicking on links or downloading attachments from unsolicited emails.
- Scan any removable storage device with an antivirus software before transferring data to and from it.
- Never share our online account or banking password/pins with anyone.
- Remove all the programs that we don’t recognise from our system.
- Do not install an anti-spyware or antivirus program presented to us in a pop-up or ad.
- Use the pop-up window's 'X' icon located on the top-right of the popup to close the ad instead of clicking on the 'close' button in the pop-up. If we notice an installation has been started, cancel immediately to avoid further damage.
Write a short note on different methods of malware identification used by antivirus software.
Answer
The different methods of malware identification used by antivirus software are as follows :
- Signature-based detection — In this method, an antivirus works with the help of a signature database known as "Virus Definition File (VDF)". This file consists of virus signatures and is updated continuously on a real-time basis. This makes the regular update of the antivirus software a must.
- Sandbox detection — In this method, a new application or file is executed in a virtual environment (sandbox) and its behavioural fingerprint is observed for a possible malware. Depending on its behaviour, the antivirus engine determines if it is a potential threat or not and proceeds accordingly.
- Data mining techniques — This method employs various data mining and machine learning techniques to classify the behaviour of a file as either benign or malicious.
- Heuristics — Often, a malware infection follows a certain pattern. Here, the source code of a suspected program is compared to viruses that are already known and are in the heuristic database. If the majority of the source code matches with any code in the heuristic database, the code is flagged as a possible threat.
- Real-time protection — Some malware remains dormant or gets activated after some time. Such malware needs to be checked on a real-time basis. In this technique, the anti-malware software keeps running in the background and observes the behavior of an application or file for any suspicious activity while it is being executed i.e. when it resides in the active (main) memory of the computer system.
What are the risks associated with HTTP ? How can we resolve these risks by using HTTPS ?
Answer
HTTP sends information over the network in plain text, leaving it vulnerable to attacks from hackers who can intercept and manipulate the data. On the other hand, HTTPS encrypts the data before transmission and requires SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols, along with an SSL digital certificate, to ensure secure communication between the client and server.
List one advantage and disadvantage of using Cookies.
Answer
The advantage of using cookies is :
Cookies are used by websites to store browsing information of the user, which helps in enhancing the user experience and making browsing time more productive.
The disadvantage of using cookies is :
Some third-party cookies might share user data without the user's consent for advertising or tracking purposes.
Write a short note on White, Black, and Grey Hat Hackers.
Answer
- White Hat Hackers — If a hacker uses their knowledge to find and help fix security flaws in the system, they are termed as White Hat hackers or Ethical Hackers. These hackers have good intentions and are actually security experts. Organizations hire these hackers to check and fix their systems for potential security threats and loopholes. Technically, white hats work against black hats.
- Black Hat Hackers — If hackers use their knowledge unethically to break the law and disrupt security by exploiting the flaws and loopholes in a system, then they are called black hat hackers or Crackers.
- Grey Hat Hackers — These are a class of hackers who are neutral. They hack systems by exploiting their vulnerabilities, but they don’t do so for monetary or political gains. Grey hats take system security as a challenge and hack systems just for the fun of it.
Differentiate between DoS and DDoS attack.
Answer
| DoS | DDoS |
|---|---|
| The full of DoS is Denial of Service. | The full form of DDoS is Distributed Denial of Service. |
| Denial of Service (DoS) is a scenario, wherein an attacker (Hacker) limits or stops an authorised user to access a service, device, or any such resource by overloading that resource with illegitimate requests. | Distributed Denial of Service (DDoS) is an attack, where the flooded requests come from compromised computer (Zombies) systems distributed across the globe or over a very large area. |
| If attackers carry out a DoS attack on a website, they will flood it with a very large number of network packets by using different IP addresses. | The attacker installs a malicious software known as Bot on the Zombie machines, which gives it control over these machines. |
| A DoS attack may be countered by blocking requests or network packets from a single source, so it is easier to resolve comparatively. | DDoS is very difficult to resolve, as the attack is carried from multiple distributed locations. |
How is Snooping different from Eavesdropping ?
Answer
Snooping involves secretly capturing and analyzing network traffic using specialized software, replicating the packets to avoid detection. On the other hand, eavesdropping is an unauthorized, real-time interception of private communication over a network. Unlike snooping, which can store data for later analysis, eavesdropping occurs during active communication between entities. However, snooping is not always an attack, at times, it is also used by network administrators for troubleshooting various network issues. In contrast, eavesdropping is always malicious.