Page |1

1. INTRODUCTION:
A document is a work of non-fiction writing intended to store and communicate information, thus acting as a recording. The term document may be applied to any discrete representation of meaning, but it usually refers to something physical like one or more printed pages, or to a virtual document in electronic (digital) format. Traditionally, the medium of a document was paper and the information was applied to it as ink either by hand or by a mechanical process. Now a days there are electronic means of storing and displaying documents. These types of documents are referred as digital documents. Digital documents usually have to adhere to a specific file format in order to be useful. A file format is a particular way that information is encoded for storage in a computer file. Since a disk drive, or indeed any computer storage, can store only bits, the computer must have some way of converting information to 0s and 1s and vice-versa. There are different kinds of formats for different kinds of information. Within any format type, e.g., word processor documents, there will typically be several different formats. Sometimes these formats compete with each other. Creating and handling documents such as word processing files, spreadsheets and presentations is one of the most common tasks that people do with a computer. With a computer and a appropriate software we can create, modify, correct, submit and receive any kind of document. Since the advent of email, you can instantly send a perfect copy of these documents anywhere in the world. However there are risks that come with this ability, and it is important to be aware of them. The following two are most severe threats to digital documents: Data Theft Malware

Data theft is the unauthorized taking or interception of computer based information. Malware are the programs that are designed to harm your computer. Data theft and Malware issues will be discussed later on in detail.

Page |2

2. FIVE MOST COMMONLY USED FILE FORMATS:

Digital Documents

PDF

HTML

MP3

JPG

AVI

These file formats are discussed below: 2.1 PDF: Portable Document Format (PDF) is an open standard for document exchange. The file format created by Adobe Systems in 1993 is used for representing documents in a manner independent of the application software, hardware, and operating system. Each PDF file encapsulates a complete description of a fixed-layout 2D document that includes the text, fonts, images, and 2D vector graphics which compose the documents. Today, 3D drawings can be embedded in PDF documents with Acrobat 3D using U3D or PRC and various other data formats. In 1991 Adobe Systems co-founder John Warnock outlined a system called "Camelot" that evolved into the Portable Document Format (PDF). Originally a proprietary format, PDF was officially released as an open standard on July 1, 2008, and published by the International Organization for Standardization as ISO 32000-1:2008. The ISO 32000-1 allows use of some specifications, which are not standardized (e.g. Adobe XML Forms Architecture). ISO 32000-1 does not specify methods for validating the conformance of PDF files or readers. Several applications embracing the PDF standard are now available as an online service including Scribd for viewing and storing, Pdfvue for online editing, and Zamzar for PDF Conversion. In 1993 the Jaws RIP from Global Graphics became the first shipping prepress RIP that interpreted PDF natively without conversion to another format. The company released an upgrade to their Harlequin RIP with the same capability in 1997. Agfa-Gevaert introduced and shipped Apogee, the first prepress workflow system based on PDF, in 1997. Many commercial

Page |3

offset printers have accepted the submission of press-ready PDF files as a print source, specifically the PDF/X-1a subset and variations of the same. The submission of press-ready PDF files are a replacement for the problematic need for receiving collected native working files. PDF was selected as the "native" metafile format for Mac OS X, replacing the PICT format of the earlier Mac OS. The imaging model of the Quartz graphics layer is based on the model common to Display PostScript and PDF, leading to the nickname "Display PDF". The Preview application can display PDF files, as can version 2.0 and later of the Safari web browser. System-level support for PDF allows Mac OS X applications to create PDF documents automatically, provided they support the Print command. The files are then exported in PDF 1.3 format according to the file header. When taking a screenshot under Mac OS X versions 10.0 through 10.3, the image was also captured as a PDF; in 10.4 and 10.5 the default behavior is set to capture as a PNG file, though this behavior can be set back to PDF if required.

2.2 HTML: HTML, which stands for Hyper Text Markup Language, is the
predominant markup language for web pages. HTML is the basic building-blocks of web pages. HTML is written in the form of HTML elements consisting of tags, enclosed in angle brackets (like <html>), within the web page content. HTML tags normally come in pairs like <h1> and </h1>. The first tag in a pair is the start tag, the second tag is the end tag (they are also called opening tags and closing tags). In between these tags programmers can add text, tables, images, etc. The purpose of a web browser is to read HTML documents and compose them into visual or audible web pages. The browser does not display the HTML tags, but uses the tags to interpret the content of the page. HTML elements form the building blocks of all websites. HTML allows images and objects to be embedded and can be used to create interactive forms. It provides a means to create structured documents by denoting structural semantics for text such

Page |4

as headings, paragraphs, lists, links, quotes and other items. It can embed scripts in languages such as JavaScript which affect the behavior of HTML webpages. Web browsers can also refer to Cascading Style Sheets (CSS) to define the appearance and layout of text and other material. The W3C, maintainer of both the HTML and the CSS standards, encourages the use of CSS over explicitly presentational HTML markup. HTML markup consists of several key components, including elements (and their attributes), character-based data types, character references and entity references. Another important component is the document type declaration, which triggers standards mode rendering. The Hello world program, a common computer program employed for comparing programming languages, scripting languages and markup languages is made of 9 lines of code although in HTML newlines are optional: <!doctype html> <html> <head> <title>Hello HTML</title> </head> <body> <p>Hello World!</p> </body></html>

2.3 MP3: MPEG-1 or MPEG-2 Audio Layer III, more commonly referred to as MP3, is
a patented digital audio encoding format using a form of lossy data compression. It is a common audio format for consumer audio storage, as well as a de facto standard of digital audio compression for the transfer and playback of music on digital audio players. MP3 is an audiospecific format that was designed by the Moving Picture Experts Group as part of its MPEG1 standard and later extended in MPEG-2standard. The first MPEG subgroup - Audio group was

Page |5

formed by several teams of engineers at Fraunhofer IIS, University of Hannover, AT&T-Bell Labs, Thomson-Brandt, CCETT, and others. MPEG-1 Audio (MPEG-1 Part 3), which included MPEG-1 Audio Layer I, II and III was approved as a committee draft of ISO/IEC standard in 1991, finalized in 1992 and published in 1993 (ISO/IEC 11172-3:1993). Backwards compatible MPEG-2 Audio (MPEG-2 Part 3) with additional bit rates and sample rates was published in 1995 (ISO/IEC 13818-3:1995). The use in MP3 of a lossy compression algorithm is designed to greatly reduce the amount of data required to represent the audio recording and still sound like a faithful reproduction of the original uncompressed audio for most listeners. An MP3 file that is created using the setting of 128 kbit/s will result in a file that is about 11 times smaller than the CD file created from the original audio source. An MP3 file can also be constructed at higher or lower bit rates, with higher or lower resulting quality. The compression works by reducing accuracy of certain parts of sound that are considered to be beyond the auditory resolution ability of most people. This method is commonly referred to as perceptual coding. It uses psychoacoustic models to discard or reduce precision of components less audible to human hearing, and then records the remaining information in an efficient manner.

The MPEG-1 standard does not include a precise specification for an MP3 encoder, but does provide example psychoacoustic models, rate loop, and the like in the non-normative part of the original standard. At present, these suggested implementations are quite dated. Implementers of the standard were supposed to devise their own algorithms suitable for removing parts of the information from the audio input. As a result, there are many different MP3 encoders available, each producing files of differing quality. Comparisons are widely available, so it is easy for a prospective user of an encoder to research the best choice. It must be kept in mind that an encoder that is proficient at encoding at higher bit rates (such as LAME) is not necessarily as good at lower bit rates.

Page |6

During encoding, 576 time-domain samples are taken and are transformed to 576 frequencydomain samples. If there is a transient, 192 samples are taken instead of 576. This is done to limit the temporal spread of quantization noise accompanying the transient. Decoding, on the other hand, is carefully defined in the standard. Most decoders are "bitstream compliant", which means that the decompressed output that they produce from a given MP3 file will be the same, within a specified degree of rounding tolerance, as the output specified mathematically in the ISO/IEC high standard document (ISO/IEC 11172-3). Therefore, comparison of decoders is usually based on how computationally efficient they are (i.e., how much memory or CPU time they use in the decoding process).

2.4 JPG: In computing, JPEG is a commonly used method of lossy compression for digital photography (image). The degree of compression can be adjusted, allowing a selectable tradeoff between storage size and image quality. JPEG typically achieves 10:1 compression with little perceptible loss in image quality. JPEG compression is used in a number of image file formats. JPEG/Exif is the most common image format used by digital cameras and other photographic image capture devices; along with JPEG/JFIF, it is the most common format for storing and transmitting photographic images on the World Wide Web. These format variations are often not distinguished, and are simply called JPEG. The term "JPEG" is an acronym for the Joint Photographic Experts Group which created the standard. The MIME media type for JPEG is image/jpeg (defined in RFC 1341), except in Internet Explorer, which provides a MIME type of image/pjpeg when uploading JPEG images. It supports a maximum image size of 65535x65535. The name "JPEG" stands for Joint Photographic Experts Group, the name of the committee that created the JPEG standard and also other standards. It is one of two sub-groups of ISO/IEC Joint Technical Committee 1, Subcommittee 29, Working Group 1 (ISO/IEC JTC 1/SC 29/WG 1) titled as Coding of still pictures. The group was organized in 1986, issuing the first JPEG standard in 1992, which was approved in September 1992 as ITU-T Recommendation T.81 and in 1994 as ISO/IEC 10918-1. The JPEG standard specifies the codec, which defines how an image is compressed into a stream of bytes and decompressed back into an image, but not the file format used to contain that stream. The Exif and JFIF standards define the commonly used formats for interchange of JPEGcompressed images.

Page |7

The compression method is usually lossy, meaning that some original image information is lost and cannot be restored, possibly affecting image quality. There is an optional lossless mode defined in the JPEG standard; however, that mode is not widely supported in products.

There is also an interlaced "Progressive JPEG" format, in which data is compressed in multiple passes of progressively higher detail. This is ideal for large images that will be displayed while downloading over a slow connection, allowing a reasonable preview after receiving only a portion of the data. However, progressive JPEGs are not as widely supported, and even some software which does support them (such as some versions of Internet Explorer) only displays the image once it has been completely downloaded. There are also many medical imaging and traffic systems that create and process 12-bit JPEG images, normally grayscale images. The 12-bit JPEG format has been part of the JPEG specification for some time, but again, this format is not as widely supported.

2.5 AVI: Audio Video Interleave (also Audio Video Interleaved), known by its acronym AVI, is a multimedia container format introduced by Microsoft in November 1992 as part of its Video for Windows technology. AVI files can contain both audio and video data in a file container that allows synchronous audio-with-video playback. Like the DVD video format, AVI files support multiple streaming audio and video, although these features are seldom used. Most AVI files also use the file format extensions developed by the Matrox OpenDML group in February 1996. These files are supported by Microsoft, and are unofficially called "AVI 2.0". AVI is a derivative of the Resource Interchange File Format (RIFF), which divides a file's data into blocks, or "chunks." Each "chunk" is identified by a FourCC tag. An AVI file takes the form of a single chunk in a RIFF formatted file, which is then subdivided into two mandatory "chunks" and one optional "chunk". The first sub-chunk is identified by the "hdrl" tag. This sub-chunk is the file header and contains metadata about the video, such as its width, height and frame rate. The second sub-chunk is identified by the "movi" tag. This chunk contains the actual audio/visual data that make up the AVI movie. The third optional sub-chunk is identified by the "idx1" tag

Page |8

which indexes the offsets of the data chunks within the file. By way of the RIFF format, the audio-visual data contained in the "movi" chunk can be encoded or decoded by software called a codec, which is an abbreviation for (en)coder/decoder. Upon creation of the file, the codec translates between raw data and the (compressed) data format used inside the chunk. An AVI file may carry audio/visual data inside the chunks in virtually any compression scheme, including Full Frame (Uncompressed), Intel Real Time (Indeo), Cinepak, Motion JPEG, Editable MPEG, VDOWave, ClearVideo / RealVideo, QPEG, and MPEG-4 Video.

One of the main advantage being the choice of codecs means you can achieve a high rate compression if you experiment.

Page |9

3. ADVANTAGES OF DIGITAL DOCUMENTS:

3.1 Eco-friendly: Digital documents share a common feature with the traditional paper based documents and that is information. But thats it! Here ends this relationship and starts long lasting differences which includes low carbon content which makes digital documents worthy of usage. 3.2 Portability: Most organizations still store their important files and paperwork in old filing cabinets, which are probably bursting to the seams with years of document storing. One such advantage of digital documents is that there is a reduction in the amount of paper that an office has to contain. This is due to the original documents being scanned into the computer systems allowing the storage spaces to be clear of all paper. 3.3 Easy access and Searching: A major and one of the most effective advantages of using a digital document is that searching for files that are needed, becomes much more simplified and easier, reducing unwanted effort and stress. There are a variety of file searches that are available which can be added or taken away at any time as your work demands. 3.4 Simultaneous Data Viewing: Additionally, it is a great organizational tool. The digital documents can be organized and customized for every business need. If there needs to be one person or multiple person access to the system, it can be done, which allows for simultaneous document viewing. This can be used effectively in cutting out the need for photocopying and passing on information throughout office personnel.

Therefore, using digital documents saves a great deal of effort and they are indispensable sources of light into the darkness of future, which demands our society to be green and fully prosper without disturbing nature and its inhabitants. Although there are some loose nuts and bolts in these contraptions one of which being their platform dependency, still they cannot be snubbed for their marvelous and challenging offerings.

P a g e | 10

4. DIGITAL DOCUMENTS: COMMON PROBLEMS AND SOLUTIONS:

4.1 You Share a document with someone who does not have the software to open it: Dont send your original document. Instead, create a PDF version of it and distribute that instead. To create a PDF version, you need to use a software called Adobe Acrobat PDF Writer. A free version of this software is available (Most common document formats, such as Word documents and image formats, are supported). In order to read your PDF document, recipients need to have a software called Adobe Acrobat Reader, which is also a free download . An important advantage of this format is that readers do not need the software you used to create the document in order to read it. There are other advantages to using the PDF format. It ensures that no one modifies the document, and with the use of the digital signature tool in Adobe Acrobat, an author can sign the documents so remains authentic. 4.2 You want to limit who can view a PDF: Add a password to the document, and provide the password to the recipients. For this feature and for more advanced options, you need to use Adobe Acrobat (not Adobe Acrobat Reader), which is available for purchase from Adobe . Acrobat also offers the following services: restrict printing or changes to a document; create a digital ID and sign a document with it; and certify that you approve a document. Instructions are provided in Adobe Acrobat 6 Quick Reference Sheet to securing a PDF file (PDF). Adobe also offers a product called the Adobe Document Center that allows an author to share documents, while protecting and controlling how they are viewed.

4.3 You want to save your files in a safe place other than your computer: Use the back-up utility in Windows: 1. Go to Start. 2. Go to All Programs. 3. Point to Accessories. 4. Point to System Tools.

P a g e | 11

5. Click on Backup. 4.4 You want to share and control your documents with confidence: Don't distribute your important documents insecurely. A product such as Adobe Document Center offer a web-based solution that helps you protect and control important documents, even after distribution. It integrates with popular software like Adobe Acrobat 8, Microsoft Word and Microsoft Excel. Use of solutions like Adobe Document Center protects your documents from getting into the wrong hands. You can decide who has access to your documents and what they can do with it. You can even audit specifically who has done what to your documents in real time. Adobe Document Center uses verified email addresses to validate access to your documents. Also, it applies persistent protection that stays with the document, regardless of where it goes. This means you can also change any aspect of the protection you apply to the document at any time, even after distribution. 4.5 Connect safely from different places: 4.5.1 Office: Businesses in particular have taken advantage of digital documentation, relying heavily on technology and digital systems for storing information. Everything from highly critical financial sheets to invoices for customers are now stored electronically. Because nearly everything that you create at work is stored in a computer, the security risks for your business are tremendous. If a confidential document falls into the hands of the wrong person, your company can be seriously affected. Some of the threats that you face when using digital documents at work include data theft and malware. Company regulations generally forbid storing material on company computers that could be sexually explicit, violent or otherwise offensive to other users. Also, unless your company allows you to do so, you should not use your computer for creating and storing personal documents.

4.5.2 Mobile: Handheld computers have come a long way since the Palm Pilot of the mid-1990s. Businessmen now use them to store contacts and check finances, while college students use them to store due dates, surf the Internet, or chat with friends. Today,

P a g e | 12

there are several different brands and models of mobile devices available. These fall into four basic categories: Palm-based PDAs, Pocket PC-based PDAs, Blackberries, and cell phones. Some people consider MP3 players a fifth category. The popular Apple iPod is an electronic device that can store and play back large amounts of music, and because of its large storage capacity, you can also use it to carry documents. Almost all cell phones have the ability to store contact information, and some can store and transmit music files, pictures, and videos. Mobile digital files are everywhere, and it is becoming increasingly more important to keep them secure. 4.5.3 On the road: In public environments, such as airports, hotels and cyber cafes, you must be especially careful with your digital documents. Since anybody can have access to public computers, they could be tampered with or prepared to steal your personal information. When you use your own laptop in public spaces you become part of a public network, leaving you susceptible to attacks from anyone using the same network. Avoid using public computers to create or modify digital documents with private or sensitive information. These computers can be accessed by anybody, and you might accidentally leave an important document open for the next person to read. Public Internet connections are usually monitored by third parties or system administrators who are looking for attacks or strange network behavior. Any documents you send on the network could be intercepted by somebody listening to the network traffic. If you must use the Internet in a public place, make sure that the connection is encrypted. 4.5.4 Ethical Issues: Even if a digital document is not protected by copyright and therefore legally available to anybody, it may not be suitable for all users. Certain sexually explicit or violent materials could be offensive or even harmful to other users. There are a number of programs that can be installed on a computer to restrict the material that can be accessed on the World Wide Web. The programs work with lists of Web and ways of describing the content of Web pages to filter material. One source of information about these programs and related topics is PEDINFO Parental Control of Internet Access. The culture of the Internet has fostered personal rights and liberties, so some argue it's content ought not be restricted or censored. There are laws banning or restricting pornography, some

P a g e | 13

countries have more stringent laws than others and some laws restrict the distribution of the material. 4.6 Legal Issues: The most critical legal issue with digital documents is copyright violation. A copyright is a legal protection that keeps published and unpublished literary, scientific and artistic works from being copied without the creators permission. For example, an MP3 music file or an e-book on your computer is copyrighted by the artist who created it or the publisher. Anyone who wants to copy this file must first get permission from the owner of the copyright. Therefore, if you intend to make copies of a document or distribute a digital document that you did not create, make sure you are authorized to do so by the copyright owner. The Internet allows consumers, businesses, and industry to do many new things in unique and efficient ways. The technology around which it is built is also changing and advancing rapidly. A source of concern is that the legal and ethical developments regarding the Internet are not able to keep up with the fast pace of technological change. This tutorial touches on the main areas of legal and ethical concern that have emerged so far, the ways in which they are being dealt with, and the implications for providers of technology related services and products. These major areas are: 4.6.1 Protection of Intellectual Property: The major legal and ethical problems that arise in terms of the Internet and electronic media deal with intellectual property issues. There are well developed laws that govern physical property. Physical property, also known as tangible property, is property that we can touch and feel. Intellectual property, on the other hand, deals with the ownership of ideas or the expression of ideas. Since ideas cannot be touched or felt, but they do belong to the person who developed (or authored) them, they are known as intangible property. There are several forms of legal protection available for intellectual property. These are:

Trade secret protection Copyright protection Trademark protection Patents.

These can be explained as:

P a g e | 14

Trade Secret Protection: This method of protecting ownership of an idea is to ensure that the idea is kept a secret. An example is the formula used in preparing Coca Cola syrup. Very few employees know the formula, and those who do are required to sign nondisclosure agreements in order to have access to it. The formula is safe as long as no employee divulges the secret. The company could take them to court if they did so. Another example of a trade secret may be a companys business plan or strategy. Trade secrets can only exist if the basis for the idea can be kept a secret. This may not be possible in the world of computer technology and programming. Copyright Protection: Copyright protection is available for an original expression of an idea that is fixed in any physical medium, such as paper, electronic tapes, floppy discs, CD ROMs, etc. It is important to note that the "right" or protection is given to how the idea is expressed, not to the idea itself. To illustrate this, consider two songs, one by Britney Spears, and another by the Backstreet Boys, both of which deal with the idea of love, but express the idea in different ways. Each can copyright the way they express their idea of love in their songs. They cannot copyright the idea of love itself. Works such as books, music, computer programs, source and object codes, etc. can be protected by copyright. In addition to the actual code of a program, copyright can extend to the screen layout and graphics of the program. Copyright extends to both published and unpublished material.

Trademark Protection: A trademark is a logo or phrase that identifies the source of goods or services. Trademark rights do not stop others from copying a product, but they do prevent them from calling or labeling their product by a name or phrase that is confusingly similar to the trademark. Trademark protection is obtained automatically when the mark is applied to a product that is then sold. Trademark protection is available for a mark or phrase that is not already in use by

P a g e | 15

someone else. In addition, it must (1) not be just geographically descriptive (e.g. Chicago Retail Store), (2) not be just descriptive of the type of goods (e.g. The Soft Drink Store), (3) not be just a surname (e.g. Smith Enterprises), and (4) not be likely to deceive others. Trademarks can be registered with the U.S. Patent Office and this provides some legal benefits. Names that create a false impression about a product or which might mislead others in terms of the product or the company cannot be protected by trademark. This "likelihood of confusion" is an important factor in determining trademark infringement. Patents: A patent is a right of ownership given to a new idea for a machine, manufacture, composition of matter, or method, or for an improvement on an existing one of any of these. The right of ownership is given for 17 years. In order to get this right, the applicant must state the details of the idea clearly in writing and submit it to the U.S. Patent and Trademark Office for their assessment of its uniqueness. Patents can be licensed or sold to others. Patents can sometimes be combined with copyrights or trademarks. For example, if someone writes a computer program that does something new, it can be copyrighted. If the program also meets the criteria for a patent because it deals with a new method, then it may be patentable too. 4.6.2 Internet Service Provider Contracts and Fraud: When ISPs provide services to their customers, they do so based on the contract that has been agreed upon between them. If the ISP does not supply the services it specified in the contract, it may become liable for breach of contract or fraud. An example is when America Online moved to a flat rate policy, the number of its customers increased enormously. As a result, its services were slowed and many customers had to wait for long periods of time to get online because of busy signals. Customers took AOL to court saying that the company knew that its flat rate plan would give rise to these problems but went ahead with it. In addition, the complainants said that by misleading current and prospective customers about the quality of services, AOL had committed fraud. 4.6.3 Internet and Issues regarding defamation: Defamation is a broad term covering slander and libel. Slander is a false statement made to injure the reputation of a person. Libel is a similar statement that is published i.e. is stated in some fixed medium, such as in writing. The Internet, because of the freedoms it provides, is a potential

P a g e | 16

source of defamatory issues that could involve ISP liability. Two examples of such issues, taken from Bitlaw (2000) are given below. Prodigy was sued for defamation because of a defamatory comment made by one of its customers in one of its discussion rooms (or bulletin boards). The judge had to determine whether Prodigy was only a distributor of the information (in which case it would not be liable for defamation by a customer), or whether it was a publisher of the information (in which case it would be guilty of defamation since, as publisher, it has control over content). The judge found Prodigy guilty of defamation on the grounds that Prodigy had well publicized policies for monitoring and censoring content in its discussion rooms, and so behaved like a publisher. On the other hand, in a similar case involving CompuServe, the judge ruled that the company was not guilty of defamation because it did not exercise any control over discussion room content and so acted merely as a distributor rather than a publisher. In another case involving America Online, the judge ruled that ISPs are distributors rather than publishers. Therefore, ISPs cannot be held liable for libelous statements made by their customers even if the ISP is made aware of the posting. Since the Internet is an international medium, however, this can give rise to unusual twists. In the UK, ISPs, even though they are distributors of information, must prove innocent distribution, i.e. that they had no knowledge of the defamatory statement on their site. 4.7 Privacy Issues: Many mobile phones have digital cameras that make it easy to take pictures without being noticed. Beware of camera phones when paying with a credit card or giving your social security card to somebody. The person waiting behind you could be taking a digital picture of your private information. In December 2004, the U.S. Senate passed the Video Voyeurism Prevention Act of 2004, which makes it a crime to surreptitiously capture images of people in situations where they have an expectation of privacy. Breaking this law can result in fines of up to $100,000 or imprisonment for one year. To respect people's privacy, never take a picture of someone without letting him or her know that you are doing so. Another privacy issue comes into light is the viewing of a digital document by the person whom the digital document is intended to. This is achieved by a technique called digital signature, or we can digital signature is a solution to privacy issues.

P a g e | 17

4.7.1 Digital Signatures: A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit. Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering. Digital signatures are often used to implement electronic signatures, a broader term that refers to any electronic data that carries the intent of a signature,[1] but not all electronic signatures use digital signatures. In some countries, including the United States, India, and members of the European Union, electronic signatures have legal significance. However, laws concerning electronic signatures do not always make clear whether they are digital cryptographic signatures in the sense used here, leaving the legal definition, and so their importance, somewhat confused. Digital signatures employ a type of asymmetric cryptography. For messages sent through a nonsecure channel, a properly implemented digital signature gives the receiver reason to believe the message was sent by the claimed sender. Digital signatures are equivalent to traditional handwritten signatures in many respects; properly implemented digital signatures are more difficult to forge than the handwritten type. Digital signature schemes in the sense used here are cryptographically based, and must be implemented properly to be effective. Digital signatures can also provide non-repudiation, meaning that the signer cannot successfully claim they did not sign a message, while also claiming their private key remains secret; further, some nonrepudiation schemes offer a time stamp for the digital signature, so that even if the private key is exposed, the signature is valid nonetheless. Digitally signed messages may be anything represented as a bitstring: examples include electronic mail, contracts, or a message sent via some other cryptographic protocol. Look at the following figure:

P a g e | 18

A digital signature scheme typically consists of three algorithms:

A key generation algorithm that selects a private key uniformly at random from a set of possible private keys. The algorithm outputs the private key and a corresponding public key. A signing algorithm that, given a message and a private key, produces a signature. A signature verifying algorithm that, given a message, public key and a signature, either accepts or rejects the message's claim to authenticity.

Two main properties are required. First, a signature generated from a fixed message and fixed private key should verify the authenticity of that message by using the corresponding public key. Secondly, it should be computationally infeasible to generate a valid signature for a party who does not possess the private key.

P a g e | 19

5. TWO MOST SEVERE SECURITY THREATS:

The two most severe security threats are, Data Theft and Malware. They are discussed below in detail. 5.1 Malware: Malware consists of programs such as viruses, worms, Trojan horses, and rootkits that are designed to harm your computer. These are discussed in detail below: 5.1.1 Computer Viruses: A computer virus is a program that attaches itself to an application or "host file" and then spreads by making copies of itself. Some type of human action (e.g. opening an attachment) is always required for a virus to take effect. Once a virus gets onto your computer it might modify, delete, or steal your files, make your system crash, or take over your machine. A computer virus is a computer program that can copy itself and infect a computer. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability. A true virus can spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

As stated above, the term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, even those that do not have the reproductive ability. Malware includes computer viruses, computer worms, Trojan horses, most rootkits, spyware, dishonest adware and other malicious and unwanted software, including true viruses. Viruses are sometimes confused

P a g e | 20

with worms and Trojan horses, which are technically different. A worm can exploit security vulnerabilities to spread itself automatically to other computers through networks, while a Trojan horse is a program that appears harmless but hides malicious functions. Worms and Trojan horses, like viruses, may harm a computer system's data or performance. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious or simply do nothing to call attention to themselves. Some viruses do nothing beyond reproducing themselves. The first academic work on the theory of computer viruses (although the term "computer virus" was not invented at that time) was done by John von Neumann in 1949 who held lectures at the University of Illinois about the "Theory and Organization of Complicated Automata". The work of von Neumann was later published as the "Theory of self-reproducing automata". In his essay von Neumann postulated that a computer program could reproduce. In 1972 Veith Risak published his article "Selbstreproduzierende Automaten mit minimaler Informationsbertragung" (Self-reproducing automata with minimal information exchange). The article describes a fully functional virus written in assembler language for a SIEMENS 4004/35 computer system. In 1980 Jrgen Kraus wrote his diploma thesis "Selbstreproduktion bei Programmen" (Self-reproduction of programs) at the University of Dortmund. In his work Kraus postulated that computer programs can behave in a way similar to biological viruses. In 1984 Fred Cohen from the University of Southern California wrote his paper "Computer Viruses - Theory and Experiments". It was the first paper to explicitly call a self-reproducing program a "virus"; a term introduced by his mentor Leonard Adleman. An article that describes "useful virus functionalities" was published by J. B. Gunn under the title "Use of virus functions to provide a virtual APL interpreter under user control" in 1984. In order to replicate itself, a virus must be permitted to execute code and write to memory. For this reason, many viruses attach themselves to executable files that may be part of legitimate programs. If a user attempts to launch an infected program, the virus' code may be executed simultaneously. Viruses can be divided into two types based on their behavior when they are executed. Nonresident viruses immediately search for other hosts that can be infected, infect those targets, and finally transfer control to the application program they infected. Resident viruses do not search for hosts when they are started. Instead, a resident virus loads itself into memory on execution and transfers control to the host program. The virus stays active in the background and infects new hosts when those files are accessed by other programs or the operating system itself.

P a g e | 21

Nonresident viruses: Nonresident viruses can be thought of as consisting of a finder module and a replication module. The finder module is responsible for finding new files to infect. For each new executable file the finder module encounters, it calls the replication module to infect that file. Resident viruses: Resident viruses contain a replication module that is similar to the one that is employed by nonresident viruses. This module, however, is not called by a finder module. The virus loads the replication module into memory when it is executed instead and ensures that this module is executed each time the operating system is called to perform a certain operation. The replication module can be called, for example, each time the operating system executes a file. In this case the virus infects every suitable program that is executed on the computer. Resident viruses are sometimes subdivided into a category of fast infectors and a category of slow infectors. Fast infectors are designed to infect as many files as possible. A fast infector, for instance, can infect every potential host file that is accessed. This poses a special problem when using anti-virus software, since a virus scanner will access every potential host file on a computer when it performs a system-wide scan. If the virus scanner fails to notice that such a virus is present in memory the virus can "piggy-back" on the virus scanner and in this way infect all files that are scanned. Fast infectors rely on their fast infection rate to spread. The disadvantage of this method is that infecting many files may make detection more likely, because the virus may slow down a computer or perform many suspicious actions that can be noticed by anti-virus software. Slow infectors, on the other hand, are designed to infect hosts infrequently. Some slow infectors, for instance, only infect files when they are copied. Slow infectors are designed to avoid detection by limiting their actions: they are less likely to slow down a computer noticeably and will, at most, infrequently trigger anti-virus software that detects suspicious behavior by programs. The slow infector approach, however, does not seem very successful.

5.1.2 Computer Worm: A computer worm is like a virus, but it infects other computers all by itself, without human action and without a host file. It usually infects other computers by sending emails to all the names in your email address book. A computer worm is a selfreplicating malware computer program, which uses a computer network to send copies of itself to other nodes (computers on the network) and it may do so without any user intervention. This is due to security shortcomings on the target computer. Unlike a computer virus, it does not need

P a g e | 22

to attach itself to an existing program. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer. Many worms that have been created are only designed to spread, and don't attempt to alter the systems they pass through. However, as the Morris wormand Mydoom showed, even these "payload free" worms can cause major disruption by increasing network traffic and other unintended effects. A "payload" is code in the worm designed to do more than spread the wormit might delete files on a host system (e.g., the Explore Zip worm), encrypt files in a cryptoviral extortion attack, or send documents via email. A very common payload for worms is to install a backdoor in the infected computer to allow the creation of a "zombie" computer under control of the worm author. Networks of such machines are often referred to as botnets and are very commonly used by spamsenders for sending junk email or to cloak their website's address. Spammers are therefore thought to be a source of funding for the creation of such worms, and the worm writers have been caught selling lists of IP addresses of infected machines. Others try to blackmail companies with threatened DoS attacks. Backdoors can be exploited by other malware, including worms. Examples include Doomjuice, which spreads better using the backdoor opened by Mydoom, and at least one instance of malware taking advantage of the rootkit and backdoor installed by the Sony/BMG DRM software utilized by millions of music CDs prior to late 2005.

P a g e | 23

5.1.3 Trojan Horse: A Trojan horse is a program that tricks you into running it by appearing useful or harmless. However, once it is run it damages your computer, usually by providing "back door" access to the computer. This allows hackers to control or use your computer, destroy or steal files, install viruses or spyware, or run arbitrary programs. A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid a computer of viruses but instead introduces viruses onto the computer.

The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy. More detail on Trojan horse is given in later part of this project. 5.1.4 Rootkit: A rootkit is a program that allows an intruder to gain access to your system without your knowledge by hiding what it is doing on the system. The intruder can then install difficult-to-detect back doors into your system to seize control. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications. The term rootkit is a concatenation of "root" (the traditional name of the privileged account on Unix operating systems) and the word "kit" (which refers to the software components that implement the tool). The term "rootkit" has negative connotations through its association with malware. Typically, an attacker installs a rootkit on a computer after first obtaining root-level access, either by exploiting a known vulnerability or by obtaining a password (either by cracking the encryption, or through social engineering). Once a rootkit is installed, it allows an attacker to

P a g e | 24

mask the ongoing intrusion and maintain privileged access to the computer by circumventing normal authentication and authorization mechanisms. Although rootkits can serve a variety of ends, they have gained notoriety primarily as malware, hiding applications that appropriate computing resources or steal passwords without the knowledge of administrators and users of affected systems. Rootkits can target firmware, a hypervisor, the kernel, ormost commonly user-mode applications. Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it. Detection methods include using an alternate, trusted operating system; behavioral-based methods; signature scanning; difference scanning; and memory dump analysis. Removal can be complicated or practically impossible, especially in cases where the rootkit resides in the kernel; reinstallation of the operating system may be the only alternative. The first documented computer virus to target the PC platform, discovered in 1986, used cloaking techniques to hide itself: the Brain virus intercepted attempts to read the boot sector, and redirected these to elsewhere on the disk, where a copy of the original boot sector was kept. Over time, DOS-virus cloaking methods became more sophisticated, with advanced techniques including the hooking of interrupt 13 application-programming interface (API) calls to hide unauthorized modifications to files. Macro viruses are a special kind of virus that can infect Microsoft Office (e.g. Word, Excel, PowerPoint) documents. In Microsoft Office, macros allow you to run certain processes automatically (e.g., a certain sequence of keystrokes or formatting functions), but they can also be used to create viruses. These viruses are activated when you open a Word, Excel, or PowerPoint document that is infected. There are many ways that malware can get into your system. One of the biggest dangers is opening email attachments that contain malware. You can also get malware from downloading infected files when file sharing, from clicking on links in instant messenger or chat rooms, or from active content applications on Web pages. A few protective measures against these malware are given below: 5.1.5 Practices: Delete suspicious emails with attachments: Attachments are the main way malware gets onto your computer. Attachments include office document files (e.g., with .doc or .xls suffixes), program files (e.g., with .exe or .bat suffixes), and compressed files (e.g., with .zip suffixes), all of which can contain malware. The CERT Coordination Center

P a g e | 25

advises users to apply the so-called "KRESV" test to detect suspicious emails. KRESV stands for:

Know: Do you know the sender? Received: Have you received email from the sender before? Expect: Are you expecting the e-mail? Sense: Do the subject header and attachment name make sense? Virus: Does it contain a virus? You will need antivirus software to check this.

If an email with attachments fails any of these tests, delete it. If you know the sender, contact him or her to make sure that the message is legitimate. Download Anti-virus updates: Installing anti-virus software is the first step towards protecting yourself against viruses (see Tools below). But for this software to do its job, you must keep it up to date with information on the latest viruses. New viruses are constantly being created. Anti-virus software vendors try to keep up with these new viruses by issuing virus signature updates and making them available online. Falling behind on updates can allow a new virus to slip through without being detected by the anti-virus software. Most anti-virus software has an option for automatic updates or notification of update availability. A screenshot of update is shown below:

P a g e | 26

Conduct Regular Anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem.

Conduct regular spyware removal scans: You can scan your computer manually, or you can set commercial anti-spyware software to scan your computer periodically for you. If your software has this ability, set it to scan at least once every two weeks. To scan for spyware manually (using Spybot as an example): 1. Open the Spybot application and look for the navigation bar on the left side of the program. 2. Click on Spybot-S&D to go to the main page. You will see an empty list and a toolbar at the bottom. 3. Click the first button in this toolbar labeled Check for problems. After the scan is finished, the list will be populated with threats. 4. Select all the threats and click the button labeled Fix selected problems.

Only perform file transfers from trusted sources: This reduces your risk of downloading files infected with malware and introduces accountability, so that you have a better chance of getting a response if you do have a problem.

P a g e | 27

Scan all files that you receive through file transfer: It is a good idea to scan the files that you receive from P2P networks with your anti-virus software to detect malware. This may slow down the transfer, but it will help keep your computer safe. Avoid clicking on links: Links are commonly used in community applications, especially with instant messaging. Be aware that these links may actually download malware onto your computer. Perform frequent backups: Save your important data on a regular basis so that you can recover from a malware attack or intrusion. Thumb drives, CDs, and DVDs are good storage and transport media for large amounts of data. If possible, store your backup media in different location from the computer itself to keep them from both being destroyed in a fire or other disaster. Dont open digital files on your computer if you are not sure about the source: If you don't recognize a file, dont double-click on the file to see what it is. By doing so, you may activate a virus in your computer. Do not run macros from digital documents that you dont know the source of: Some MS Office documents have applications called macros embedded in them. Most complex Excel files, for example, use macros to dynamically implement charts and graphs. You must be careful when opening files with macros, because they can sometimes contain viruses. You can set Microsoft Word to ask you before you open a file if you want to run the macro application or not (see Settings below). MS Office documents containing macros will ask you for permission to run the macros, as shown in the figure below. Only enable macros if you know the source of a document and you know that the document contains macros.

P a g e | 28

5.1.6 Settings: Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. Although this might not be necessary for mobile devices, it does lower your chances of contracting a computer virus, so check if your brand supports this configuration. If it does, activate it. Set your anti-virus package for the types of files you want it to check: To set the types of files the anti-virus software will check, click on Start, then Programs, and start your anti-virus package. Usually, the program gives you the option of choosing between a few scanning methods. Symantec, for example, offers:

Scanning all files: All files on the computer will be checked regardless of the extension or file type. Scanning by file type: The package will check all files of the chosen type, regardless of the potentially deceptive file extension. This is especially important in catching files with a double ending such as ".gif.doc". Scanning by file extension: This scan is the fastest, since only files with the chosen extension will be checked.

If you have a different brand of antivirus software, consult the manual for instructions on how to configure the settings for real-time scanning and scanning method. Set your anti-virus software to make scheduled automatic scans: All major antivirus packages offer the possibility to set scheduled full scans for viruses and malware. So, for example, every Friday night at 9:00 the anti-virus software will search for viruses and malware installed in the computer. Consult your anti-virus software's manual for more information on how to set this feature. Set your web browser security level to Medium or High: Your browser's security level setting determines how much active content it allows. Internet Explorer has predefined "Default Level" security levels to choose from. You may also customize these Default Level security settings, which is more involved than simply selecting a Default Level. To set a pre-defined Default Level:

P a g e | 29

1. In Internet Explorer, click on Tools > Internet Options. 2. Select the Security tab and click the Default Level button. 3. Make sure the Internet zone (globe icon) is selected in the window, and move the slider to Medium-High or High. Click Apply. Note the differences between the settings:

The Medium security setting generally allows active content. The browser will run programs, sometimes only after prompting you, that perform animations, allow the browser to read documents in various formats, and otherwise improve your browsing experience. However, this also allows these programs to possibly introduce malicious or unwanted code or files to your computer. The High security setting prevents active content entirely. While this gives your computer better protection from malware, it may prevent you from viewing content on many Web sites.

Configure MS Word security settings: The latest versions of Microsoft Office (Word, Excel and PowerPoint versions 2000 and later) allow you to configure security settings for running macros. The recommended security setting, High, only allows "signed" macros to be run. Signed macros are digitally signed, which means they have a mechanism that confirms that the macro originated from the signer, and that it has not been altered. To set this in MS Word:

1. 2.

Go to Tools > Macro > Security. Select "High" for strong security. Alternatively, you can select "Very High,"

which allows no macros to run. This is a good idea if you dont use macros at all.

P a g e | 30

Set your firewall to filter the appropriate ports: Make sure your firewall is filtering the ports that correspond to the applications you use. For example, if you download files using FTP, you need to open and filter port TCP-21. If you use your computer as a public server, set filtering inbound as well. Make sure to always deny unused ports and allow regular traffic, not the other way around. Disconnect from the network if you have any security concerns: There are two ways to disconnect from a network. The first way is to shut your computer down entirely. The second way is to disable the network interface card on your computer. 1. To do this in Windows, go to the Control Panel (Start > Settings > Control Panel) and double click on Network and Dial-Up Connections.

P a g e | 31

2. Select the name of the network interface that connects your computer to the Internet. It is usually labeled Wireless or Local Area Network. 3. Right click on it, and select "Disable." When you disable the interface, the icon will turn a light gray color.

4. When you want to reconnect to the Internet, return to the interface icon, right click on it, and select "Enable."

P a g e | 32

5.1.7 Tools: Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

Two popular anti-virus packages are Symantecs Norton Anti-Virus and McAfee Anti-Virus . AVG Anti-Virus and ClamWin are free alternatives. The major antivirus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses. PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless and Symantec Anti-Virus for Windows Mobile .

Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal

P a g e | 33

Firewall . The Windows operating systems such as Windows XP and Windows Vista include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site

Malware removal applications: Malware removal applications can remove viruses and other harmful programs that might have been installed in your computer without your knowledge. There are many commercial and free malware removal applications, including Spybot , Ad-Aware , and Pest Patrol. They are designed to remove spyware, pop-up ads, and malware that traditional anti-virus packages don't remove completely

Spyware removal applications: Anti-virus applications generally do not rid your machine of spyware, but there are many commercial and free spyware removal tools available. Spyware spy on your computer and notes all your activities, which can be helpful for commercial purposes. Some examples are Spybot - Search & Destroy , AdAware , Pest Patrol , and Microsoft Windows Defender . Make sure that you find a legitimate spyware-removal application, since some products touted as anti-spyware applications are ineffective or actually install spyware and adware on your machine. Spyware Warrior can point you to some good applications and tell you which applications to avoid.

P a g e | 34

5.2 Data Theft: One of the reasons we are so computer-dependent these days is our reliance on digital documents. These days we store everything in our computers from important letters and personal financial information to digital pictures and music files. Almost every company operation is stored in digital form: memos, financial information, projections, customer records, etc. That's why it is so important to make sure the documents on your computer are safe from attackers. There are many ways an attacker can get to your personal documents, including getting into your computer's hard drive or intercepting email attachments. With this in mind, you must be very careful with your digital documents. The three most common ways data can be stolen from your computer are:

Spyware applications installed from an email attachment Spyware applications installed along with other applications Intrusions by an attacker

Spyware applications grab information from your machine and send it to a central server without your knowledge. For more information on how to protect yourself from spyware, see the encyclopedia entry on Spyware. A direct intrusion by an attacker can give him access to your digital documents and passwords. There are encrypted and secure methods for storing documents on your computer that you should use when storing sensitive information, such as passwords or financial data. Data theft is a growing problem primarily perpetrated by office workers with access to technology such as desktop computers and hand-held devices capable of storing digital information such as USB flash drives, iPods and even digital cameras. Since employees often spend a considerable amount of time developing contacts and confidential and copyrighted information for the company they work for, they often feel they have some right to the information and are inclined to copy and/or delete part of it when they leave the company, or misuse it while they are still in employment. While most organizations have implemented firewalls and intrusion-detection systems very few take into account the threat from the average employee that copies proprietary data for personal gain or use by another company. A common scenario is where a sales person makes a copy of the contact database for use in their next job. Typically this is a clear violation of their terms of employment.

P a g e | 35

The damage caused by data theft can be considerable with today's ability to transmit very large files via e-mail, web pages, USB devices, DVD storage and other hand-held devices. Removable media devices are getting smaller with increased hard drive capacity, and activities such as podslurping are becoming more and more common. It is now possible to store more than 160 GB of data on a device that will fit in an employee's pocket, data that could contribute to the downfall of a business. 5.2.1 Protective measures: Practices:

Conduct regular anti-virus scans: Be sure to scan all files that you have received from other people. All major anti-virus software can be set to automatically scan files when they are transferred, but it's a good idea to also scan your computer manually on a regular basis. You should do this at least once every two weeks, or when you suspect a problem. Conduct regular spyware removal scans: You can scan your computer manually, or you can set commercial anti-spyware software to scan your computer periodically for you. If your software has this ability, set it to scan at least once every two weeks. To scan for spyware manually (using Spybot as an example): o Open the Spybot application and look for the navigation bar on the left side of the program. o Click on Spybot-S&D to go to the main page. You will see an empty list and a toolbar at the bottom. o Click the first button in this toolbar labeled Check for problems. After the scan is finished, the list will be populated with threats. o Select all the threats and click the button labeled Fix selected problems Dont open digital files on your computer if you are not sure about the source: If you don't recognize a file, dont double-click on the file to see what it is. By doing so, you may activate a virus in your computer.

Do not send any passwords or sensitive files through email unless you have an encrypted or secure email server: Emails are very easy to intercept, and anybody who intercepts them can then read their content and attachments. Therefore, you should not send critical information via email or instant messaging.

P a g e | 36

Do not store sensitive data on your mobile device in clear text: Do not store account/password/credit card information on your mobile device unless you encrypt it. Encrypting applications (also called "digital wallets" or "wallets") store your private data in code, so that it is impossible for an attacker to read it. Data Viz's Passwords Plus is a good wallet for Palm devices, while e-Wallet works for Pocket PCs Do not store sensitive data on your laptop: Do not store account/password/credit card information on your computer unless you encrypt it. Encryption stores your private data in code, so that it is impossible for an attacker to read it even if he gets access to your computer. Use public Internet connections sparingly: If you need to edit or create a document, and you do not need to be on the Internet, disconnect from the public network. For instructions on how to disconnect from the network, see Settings.

Settings: Set your anti-virus package for "Real-time Protection": Anti-virus software should provide the option of real-time protection, which means that it actively checks files that come into your system while you work. This lowers your chances of contracting a computer virus. To set real-time protection (using Symantec Norton Antivirus as an example), right-click on the Symantec Norton Antivirus icon in the icon tray in the right-hand bottom corner of the screen, then select "Enable File System Real-time Protection." Set your anti-virus package for the types of files you want it to check: To set the types of files the anti-virus software will check, click on Start, then Programs, and start your anti-virus package. Usually, the program gives you the option of choosing between a few scanning methods. Symantec, for example, offers:

Scanning all files: All files on the computer will be checked regardless of the extension or file type. Scanning by file type: The package will check all files of the chosen type, regardless of the potentially deceptive file extension. This is especially important in catching files with a double ending such as ".gif.doc". Scanning by file extension: This scan is the fastest, since only files with the chosen extension will be checked.

P a g e | 37

If you have a different brand of antivirus software, consult the manual for instructions on how to configure the settings for real-time scanning and scanning method. Set your anti-virus software to make scheduled automatic scans: All major antivirus packages offer the possibility to set scheduled full scans for viruses and malware. So, for example, every Friday night at 9:00 the anti-virus software will search for viruses and malware installed in the computer. Consult your anti-virus software's manual for more information on how to set this feature. Encrypt files that contain sensitive information: Windows XP and Windows Vista allow you to encrypt certain files so that only you will be able to read them. To encrypt a file: 1. Right-click on the file that you want to encrypt in Windows Explorer (Start > All Programs > Accessories > Windows Explorer), and select Properties. 2. Select the General tab and click Advanced. 3. Check the "Encrypt contents to secure data" check box. Click OK, and then click Apply. 4. You will be asked if you want to encrypt only the file or the file and its parent folder. Make your selection and click OK. 5. To decrypt the file, repeat the above process, but clear the "Encrypt contents to secure data" check box. Windows Vista provides an additional feature called Bit Locker Drive Encryption to prevent data theft. It provides drive encryption and an integrity check of early boot components. The drive encryption prevents unauthorized users from breaking the Windows file system and provides protection on lost, stolen or inappropriately decommissioned computers. The integrity check of the early boot components helps to ensure that data decryption is performed only if those components appear to not be tampered with. Mac OS X only allows you to encrypt the entire contents of your home folder, not individual files. Use this tool with caution, because if you forget your password you will lose access to all of your files. To encrypt your home folder in Mac OS X:

P a g e | 38

1. Go to System Preferences from the Apple menu. Click Security. 2. If you have not yet set a Master Password, click Set Master Password. 3. Click Turn on FileVault, and read the message that appears. If you wish to continue, click Turn on FileVault. Set your firewall to filter the appropriate ports: Make sure your firewall is filtering the ports that correspond to the applications you use. For example, if you download files using FTP, you need to open and filter port TCP-21. If you use your computer as a public server, set filtering inbound as well. Make sure to always deny unused ports and allow regular traffic, not the other way around.

Tools: Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected. Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site. Spyware removal applications: Anti-virus applications generally do not rid your machine of spyware, but there are many commercial and free spyware removal tools available. Some examples are Spybot - Search & Destroy , Ad-Aware, Pest Patrol, and Microsoft Windows Defender. Make sure that you find a legitimate spywareremoval application, since some products touted as anti-spyware applications are ineffective or actually install spyware and adware on your machine.

P a g e | 39

6. CASE STUDY: TROJAN HORSE

6.1 Introduction: A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but (perhaps in addition to the expected function) steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer. The term comes from the Greek story of the Trojan War, in which the Greeks give a giant wooden horse to their foes, the Trojans, ostensibly as a peace offering. But after the Trojans drag the horse inside their city walls, Greek soldiers sneak out of the horse's hollow belly and open the city gates, allowing their compatriots to pour in and capture Troy. Trojan horses are broken down in classification based on how they breach systems and the damage they cause. Trojan may allow a hacker remote access to a target computer system. Once a Trojan has been installed on a target computer system, a hacker may have access to the computer remotely and perform various operations, limited by user privileges on the target computer system and the design of the Trojan. Operations that could be performed by a hacker on a target computer system include:

P a g e | 40

Use of the machine as part of a botnet (e.g. to perform automated spamming or to distribute Denial-of-service attacks) Data theft (e.g. retrieving passwords or credit card information) Installation of software, including third-party malware Downloading or uploading of files on the user's computer Modification or deletion of files Keystroke logging Watching the user's screen Crashing the computer Anonymizing internet viewing

Trojan horses in this way require interaction with a hacker to fulfill their purpose, though the hacker need not be the individual responsible for distributing the Trojan horse. It is possible for individual hackers to scan computers on a network using a port scanner in the hope of finding one with a malicious Trojan horse installed, which the hacker can then use to control the target computer.

P a g e | 41

A recent innovation in Trojan horse code takes advantage of a security flaw in older versions of IE explorer and Google Chrome to use the host computer as an anonymizer proxy to effectively hide internet usage. The hacker is able to view internet sites while the tracking cookies, internet history, and any IP logging are maintained on the host computer. The host computer may or may not show the internet history of the sites viewed using the computer as a proxy. The first generation of anonymizer Trojan horses tended to leave their tracks in the page view histories of the host computer. Newer generations of the Trojan horse tend to "cover" their tracks more efficiently. Several versions of Slavebot have been widely circulated in the US and Europe and are the most widely distributed examples of this type of Trojan horse. 6.2 Overview: Discovered: February 19, 2004 Updated: April 20, 2010 4:20:07 PM Also Known As: Trojan-Spy.HTML.Smitfraud.c [Kaspersky], [McAfee], Trj/Citifraud.A [Panda Software], generic5 [AVG] Type: Trojan Infection Length: Varies Systems Affected: Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 Trojan Horse is a detection name used by Symantec to identify malicious software programs that masquerade as benign applications or files. Trojan horse programs pose as legitimate programs or files that users may recognize and want to use. They rely on this trick to lure a user into inadvertently running the Trojan. Often a Trojan will mimic a well known legitimate file name or pose as a particular type of file, like a .jpg or .doc file to trick a user. Distribution of Trojans on to compromised computers occurs in a variety of ways. From email attachments and links to instant messages, drive-by downloads and being dropped by other malicious software. Once installed on the compromised computer, the Trojan begins to perform the predetermined actions that it was designed for. Phish-BankFraud.eml.a

P a g e | 42

Trojan horse is a generic name given to all Trojan programs and they can be further categorized by their primary payload functions and may generally includes the following types: Backdoor Trojan - a Trojan with a primary purpose of opening a back door to allow remote access at a later time. Downloader - a Trojan with a primary goal of downloading another piece of software, usually additional malware. Info stealer - a Trojan that attempts to steal information from the compromised computer.

Antivirus Protection Dates: Initial Rapid Release version February 19, 2004 Latest Rapid Release version April 19, 2011 revision 008 Initial Daily Certified version February 19, 2004 Latest Daily Certified version April 19, 2011 revision 003 Initial Weekly Certified release date February 19, 2004

Threat Assessment: Wild Wild Level: Low Number of Infections: 0 49 Number of Sites: 0 2 Geographical Distribution: Low Threat Containment: Easy

Removal: Easy Damage:

Damage Level: Medium Payload: Actions carried out by Trojan horse programs may vary from one instance to another. Large Scale E-mailing: A Trojan may carry out spam relay operations. Releases Confidential Info: Trojans may attempt to steal information from the compromised computer.

P a g e | 43

Degrades Performance: Activities performed by a Trojan may lead to performance degradation. Compromises Security Settings: Trojans may end processes associated with security applications and also lower security settings.

6.3 Types of Trojan Horses: 6.3.1 Remote Access Trojan: Abbreviated as RATs, a Remote Access Trojan is one of seven major types of Trojan horse designed to provide the attacker with complete control of the victim's system. Attackers usually hide these Trojan horses in games and other small programs that unsuspecting users then execute on their PCs. Remote-access Trojans, also known as RATs or backdoor Trojans, are the most common and dangerous of all Trojan horses. They run invisibly on host PCs, permitting an intruder to gain remote access and control of the machine. This type of Trojan functions similarly to legitimate remote administration programs, such as Symantec's pc Anywhere, but are designed specifically for stealth installation and operation. These programs are typically hidden in games and other small executable files that are distributed through email attachments. 6.3.2 Data Sending Trojan: A type of a Trojan horse that is designed to provide the attacker with sensitive data such as passwords, credit card information, log files, e-mail address or IM contact lists. These Trojans can look for specific pre-defined data (e.g., just credit card information or passwords), or they could install a keylogger and send all recorded keystrokes back to the attacker. Data-sending Trojans remit critical data back to the hacker, including passwords or confidential information such as address lists, credit card or banking information, or other private data. The Trojan might search for particular information in specific places on the hard drive of the infected PC, or it might install a keylogger and transmit keystrokes back to the hacker via email or forms on a website.

6.3.3 Proxy Trojans: A type of Trojan horse designed to use the victim's computer as a proxy server. This gives the attacker the opportunity to do everything from your computer, including the possibility of conducting credit card fraud and other illegal activities, or even to use your system to launch malicious attacks against other networks. Proxy Trojans transform a computer into a proxy server, either making it available to all Internet users or just to the hacker. This type of Trojan is developed to create "economizers" that are then used to provide complete anonymity for illegal actions, including buying merchandise with stolen credit cards and initiating Denial of

P a g e | 44

Service attacks. If the hacker's actions are tracked, they are then traced to the victim's host PC rather than the actual hacker. Legally, the computer where the attack is launched is responsible for any damage the attack causes.

6.3.4 Destructive Trojans: Destructive Trojans delete files. They can be instructed to automatically delete all of the core system files in an operating system, including DLL, EXE or INI files, on the host PC. They can either be activated by a hacker or can be set to activate on a specific date. They are similar to viruses, but since they are typically hidden within files with a system name, antivirus software is unlikely to detected them.

6.3.5 DoS Attack Trojans: Short for denial-of-service attack, a type of attack on a network that is designed to bring the network to its knees by flooding it with useless traffic. Many DoS attacks, such as the Ping of Death and Teardrop attacks, exploit limitations in the TCP/IP protocols. For all known DoS attacks, there are software fixes that system administrators can install to limit the damage caused by the attacks. But, like viruses, new DoS attacks are constantly being dreamed up by hackers. Denial of service (DoS) attack Trojans involve a multi-step process. Multiple PCs are infected with a zombie that is scheduled to attack specific websites simultaneously so that the heavy traffic volume will overload the site's bandwidth. The heavy traffic volume then causes the site's Internet access to fail. A variation of this type of Trojan involves mail bombs that simultaneously attack specific email addresses with random subjects and contents that are unable to be filtered. Since these are typically targeted to a specific email address, general purpose anti-virus software is unlikely to detected them. 6.4 How Trojan Horses Work: One of the most enduring stories of the Trojan War, the most important conflict in Greek mythology, is the tale of the Trojan horse. Trying to find a way into the city of Troy, the great warrior Odysseus ordered his men to build a massive wooden horse, one big enough for several Greek soldiers to fit in. Once the structure was finished, he and several other warriors climbed inside, while the rest of the Greeks sailed away from Troy. One man named Sinon, however, stayed behind in order to deceive the Trojans, convincing them that his fellow Greeks had betrayed him and fled from the city. The wooden horse, he told the Trojans, was safe and would bring them luck.

P a g e | 45

After some discussion over the matter, the Trojans agreed to wheel the horse through their gates, unknowingly giving the Greek enemy access to the city. After proclaiming victory and partying all night, the citizens of Troy went to sleep -- it was then that Odysseus and his men crept out of the Trojan horse and wreaked havoc on the city. Although you've probably heard of the Trojan horse from Greek mythology, chances are you've also heard of Trojan horses in reference to computers. Trojan horses are common but dangerous programs that hide within other seemingly harmless programs. They work the same way the ancient Trojan horse did: Once they're installed, the program will infect other files throughout your system and potentially wreak havoc on your computer. They can even send important information from your computer over the Internet to the developer of the virus. The developer can then essentially control your computer, slowing your system's activity or causing your machine to crash. Though they're not actually viruses, they're referred to as "Trojan horse viruses," "Trojan viruses," "Trojan horses" or just plain "Trojans." Regardless of what people call them, they all mean same thing. But what happened? How did you let this Trojan horse into your computer in the first place? And what can you do stop one from getting in?

P a g e | 46

6.5 Protecting yourself from Trojan Horses: So how do Trojan horses infect computers? Believe it or not, you have to do some of the work yourself. In order for a Trojan to infect your machine, you have to install the server side of the application. This is normally done by social engineering -- the author of the Trojan horse has to convince you to download the application. Alternately, he or she might send the program to you in an e-mail message hoping you execute it. Again, this is why it is called a Trojan horse -- you have to consciously or unconsciously run the .exe file to install the program -- it doesn't propagate on its own like a virus. Once you execute the program, the Trojan server is installed and will start running automatically every time you power up your computer. The most common way Trojan horses spread is through e-mail attachments. The developers of these applications typically use spamming techniques to send out hundreds or even thousands of e-mails to unsuspecting people; those who open the messages and download the attachment end up having their systems infected.

Sometimes, it's not even a person manually spreading malware -- it's possible for your own computer to do so, if it's been infected already. Crackers -- hackers who use their computer skills to create mischief or cause damage intentionally -- can send out Trojans that turn innocent Web surfer's computers into zombie computers, so-called because the person with the infected computer rarely knows his system is under control. Crackers then use these zombie computers to send out more viruses, eventually creating networks of zombie computers known as botnets.

P a g e | 47

There are several things you can do to protect yourself from Trojan horses. The easiest thing to do is to never open any e-mails or download any attachments from unknown senders. Simply deleting these messages will take care of the situation. Installing antivirus software will also scan every file you download (even if it's from someone you know) and protect you from anything malicious. If you ever find your computer has been infected with a Trojan, you should disconnect your Internet connection and remove the files in question with an antivirus program or by reinstalling your operating system. You can call your computer's manufacturer, your local computer store or a knowledgeable friend if you need help. 6.6 Removal: The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec Anti-Virus and Norton Anti-Virus product lines. 6.6.1 To disable System Restore (Windows Me/XP): If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer. Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations. Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat. Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, reenable System Restore by following the instructions in the aforementioned documents. 6.6.2 To update the virus definitions: Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
o

Running LiveUpdate, which is the easiest way to obtain virus definitions. If you use Norton Anti-Virus 2006, Symantec Anti-Virus Corporate Edition 10.0, or newer products, LiveUpdate definitions are updated daily. These products

P a g e | 48

include newer technology. If you use Norton Anti-Virus 2005, Symantec Anti-Virus Corporate Edition 9.0, or earlier products, LiveUpdate definitions are updated weekly. The exception is major outbreaks, when definitions are updated more often.
o

Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted daily. You should download the definitions from the Symantec Security Response Web site and manually install them.

6.6.3 To run a full system scan: Start your Symantec antivirus program and make sure that it is configured to scan all the files. For Norton Anti-Virus consumer products: Read the document: How to configure Norton AntiVirus to scan all files. For Symantec Anti-Virus Enterprise products: Read the document: How to verify that a Symantec Corporate antivirus product is set to scan all files.
o o

Run a full system scan. If any files are detected, follow the instructions displayed by your antivirus program.

P a g e | 49

7. REFERENCES:
1. http://en.wikipedia.org 2. fileformat.info

3. http://cyberlawsindia.net 4. http://www.wepobedia.com 5. Digital Documents, Systems & Principles by Peter R. King] 6. http://mysecurecyberspace.com