Computer virus: 

A computer virus is a computer program that can copy itself and infect a computer without the permission or knowledge of the owner.

The term "virus" is also commonly but erroneously used to refer to other types of malware, adware, and spyware programs that do not have the reproductive ability.

A true virus can only spread from one computer to another (in some form of executable code) when its host is taken to the target computer; for instance because a user sent it over a network or the Internet, or carried it on a removable medium such as a floppy disk, CD, DVD, or USB drive. Viruses can increase their chances of spreading to other computers by infecting files on a network file system or a file system that is accessed by another computer.

The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware, and other malicious and unwanted software), including true viruses.

Viruses are sometimes confused with computer worms and Trojan horses, which are technically different.

A worm can exploit security vulnerabilities to spread itself to other computers without needing to be transferred as part of a host, and a Trojan horse is a program that appears harmless but has a hidden agenda. Worms and Trojans, like viruses, may cause harm to either a computer system's hosted data, functional performance, or networking throughput, when they are executed. Some viruses and other malware have symptoms noticeable to the computer user, but many are surreptitious.

Most personal computers are now connected to the Internet and to local area networks, facilitating the spread of malicious code. Today's viruses may also take advantage of network services such as the World Wide Web, e-mail, Instant Messaging, and file sharing systems to spread.

Spyware:

A type of malware that is installed on computers and that collects information about users without their knowledge.

The presence of spyware is typically hidden from the user. Typically, spyware is installed surreptitiously on a personal computer to intercept or take partial control over the user's interaction with the computer, without the user's informed consent.

Sometimes, however, spywares such as keyloggers are installed by the owner of a shared, corporate, or public computer on purpose in order to secretly monitor other users.

While the term spyware suggests software that secretly monitors the user's computing, the functions of spyware extend well beyond simple monitoring.

Spyware programs can collect various types of personal information, such as Internet surfing habits and sites that have been visited, but can also interfere with user control of the computer in other ways, such as installing additional software and redirecting Web browser activity.

Spyware is known to change computer settings, resulting in slow connection speeds, different home pages, and/or loss of Internet or functionality of other programs.

The registry also contains numerous locations that allow software to be executed automatically when the operating system boots.

Spyware often exploits this design to help it circumvent attempts at removal.

The spyware typically will link itself from each of location in the registry that allows execution. Once running, the spyware will periodically check if any of these links are removed. If so, they will be automatically restored. This ensures that the spyware will execute when the operating system is booted even if some (or most) of the registry links are removed.

In an attempt to increase the understanding of spyware, a more formal classification of its included software types is captured under the term 'privacy-invasive software'.

In response to the emergence of spyware, a small industry has sprung up dealing in anti-spyware software.

Running anti-spyware software has become a widely recognized element of computer security practices for computers, especially those running Microsoft Windows. A number of jurisdictions have passed anti-spyware laws, which usually target any software that is surreptitiously installed to control a user's computer. The US Federal Trade Commission has placed on the Internet a page of advice to consumers about how to lower the risk of spyware infection, including a list of "do's" and "don'ts."

Malware:

A short for malicious software, is software designed to infiltrate a computer without the owner's informed consent.

The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.

The term "computer virus" is sometimes used as a catch-all phrase to include all types of malware, including true viruses.

Software is considered malware based on the perceived intent of the creator rather than any particular features. Malware includes computer viruses, worms, trojan horses, most rootkits, spyware, dishonest adware, crimeware and other malicious and unwanted software. In law, malware is sometimes known as a computer contaminant, for instance in the legal codes of several U. S. states, including California and West Virginia.

Malware is not the same as defective software, that is, software which has a legitimate purpose but contains harmful bugs.

Preliminary results from Symantec published in 2008 suggested that "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications."

According to F-Secure, "As much malware [was] produced in 2007 as in the previous 20 years altogether."Malware's most common pathway from criminals to users is through the Internet: primarily by e-mail and the World Wide Web.

The prevalence of malware as a vehicle for organized Internet crime, along with the general inability of traditional anti-malware protection platforms to protect against the continuous stream of unique and newly produced professional malware, has seen the adoption of a new mindset for businesses operating on the Internet - the acknowledgment that some sizable percentage of Internet customers will always be infected for some reason or other, and that they need to continue doing business with infected customers. The result is a greater emphasis on back-office systems designed to spot fraudulent activities associated with advanced malware operating on customers computers.

Bloatware:

Software developers involved in the industry during the 1970s had severe limitations on disk space and memory. Every byte and clock cycle counted, and much work went into fitting the programs into available resources.

This situation has now reversed. Resources are perceived as cheap, and rapidity of coding and headline features for marketing are seen as priorities.

In part, this is because technological advances have since multiplied processing capacity and storage density by orders of magnitude, while reducing the relative costs by similar orders of magnitude (see Moore's Law). Additionally, the spread of computers through all levels of business and home life has produced a software industry many times larger than it was in the 1970s.

Finally, software development tools and approaches often result in changes throughout a program to accommodate each feature, leading to a large-scale inclusion of code which affects the main operation of the software, and is required in order to support functions that themselves may be only rarely used. In particular, the advances in resources available has led to tools which allow easier development of code, with less priority given to end efficiency.

Another cause of bloat is independently competing standards and products, which can create a demand for integration. There are now more operating systems, browsers, protocols, and storage formats than there were before, causing bloat in programs due to interoperability issues. For example, a program that once could only save in text format is now demanded to save in HTML, XML, XLS, CSV, PDF, DOC, and other formats.

Niklaus Wirth has summed up the situation in Wirth's Law, which states that software speed is decreasing more quickly than hardware speed is increasing.

In his 2001 essay Strategy Letter IV: Bloatware and the 80/20 Myth, Joel Spolsky argues that while 80% of the users only use 20% of the features (a variant on the Pareto principle), each one uses different features.

Thus, "lite" software editions turn out to be useless for most, as they miss the one or two special features that are present in the "bloated" version. Spolsky sums the article with a quote by Jamie Zawinski referring to Netscape:

"Convenient though it would be if it were true, Mozilla is not big because it's full of useless crap. Mozilla is big because your needs are big. Your needs are big because the Internet is big. There are lots of small, lean web browsers out there that, incidentally, do almost nothing useful. But being a shining jewel of perfection was not a goal when we wrote Mozilla."

Phishing:

The term is a variant of fishing, probably influenced by 'phreaking' or password harvesting fishing, and alludes to baits used to "catch" financial information and passwords.

A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996.

Recieving an e-mail from a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft.

The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has.

The Web site, however, is bogus and set up only to steal the user’s information.

Typically, the messages appear to come from well known and trustworthy Web sites.

.... but... you can ONLY visit the bogus page if you click on the LINK contained in the email directing you to the site.

Web sites that are frequently spoofed by phishers include Banks, PayPal, eBay, MSN, Yahoo, BestBuy, and America Online.

Banks and financial instituions will NEVER send you an email asking you to verify your username and password after your inital online account setup.

Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims.

In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts.

The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords.

This information was used for identity theft.

Phishing almost always attempts to get you to take some kind of action based on fear. Common phrases to check for in suspicious emails are:

Check also for bad grammer and misspelled words within the email message or the hyperlink(s). If you encounter one or more of these phrases (or similar ones), or if you see spelling mistakes, .... do NOT follow any of the instructions contained in the email.

Spoofing: 

A form of deception, both in the real world and online.

Most offline spoofing is supposed to be funny, but on the internet spoofs are usually serious and may have unpleasant consequences.

A spoofed e-mail might carry a virus or a spoofed website could be used to steal your credit card details.

E-mail spoofing:

The most common sort of spoofing online now is 'e-mail spoofing', making an e-mail message appear to have come from one place when really it came from another.

It is generally used by spammers, who do not want their real address to appear in the e-mails they send.

Since the messages they send out have web links in them, they do not care if people click 'reply’ and send an e-mail to the wrong place.

It also makes it a lot harder for ISP to track them down and close their accounts.

Trojan Horses:

Historically, have been defined as a class of infiltrations which attempt to present themselves as useful programs, thus tricking users into letting them run.

But it is important to note that this was true for trojan horses in the past–today, there is no longer a need for them to disguise themselves.

Their sole purpose is to infiltrate as easily as possible and accomplish their malicious goals.

“Trojan horse” has become a very general term describing any in iltration not falling under any specific class of infiltration.

Since this is a very broad category, it is often divided into many subcategories.

The most widely known are:

Downloader – a malicious program with the ability to download other infiltrations from the Internet.

Dropper - a type of trojan horse designed to drop other types of malware onto compromised computers.

Backdoor - an application which communicates with remote attackers, allowing them to gain access to a system and to take control of it.

Keylogger – (keystroke logger) – a program which records each keystroke that a user types and sends the information to remote attackers.

Dialer - dialers are programs designed to connect to premium-rate numbers.

It is almost impossible for a user to notice that a new connection was created.

Dialers can only cause damage to users with dial-up modems, which are no longer regularly used.

Cookies:

Cookies serve an important purpose; they provide a "memory" so that you can interact with a web site from page to page.

In some cases, it is possible for sites to use cookies to track your computer across multiple web sites.

It takes a specific combination of circumstances before any personally identifiable data could be associated with those cookies.

The "threat" from cookies is for the most part a moderate risk, however 'hackers', sites with malicious scripts and spyware all excel at exploiting those specific circumstances.

Random Access Memory (RAM) provides space for your computer to read and write data to be accessed by the CPU (central processing unit). When people refer to a computer's memory, they usually mean its RAM.

If you add more RAM to your computer, you reduce the number of times your CPU must read data from your hard disk. This usually allows your computer to work considerably faster, as RAM is many times faster than a hard disk.

RAM is volatile, so data stored in RAM stays there only as long as your computer is running. As soon as you turn the computer off, the data stored in RAM disappears.

When you turn your computer on again, your computer's boot firmware (called BIOS on a PC) uses instructions stored semi-permanently in ROM chips to read your operating system and related files from the disk and load them back into RAM.

Pronounced as separate letters it is the abbreviation for Central Processing Unit. The CPU is the brains of the computer. Sometimes referred to simply as the central processor, but more commonly called processor, the CPU is where most calculations take place. In terms of computing power, the CPU is the most important element of a computer system.

On large machines, CPUs require one or more printed circuit boards. On personal computers and small workstations, the CPU is housed in a single chip called a microprocessor. Since the 1970's the microprocessor class of CPUs has almost completely overtaken all other CPU implementations.

The CPU itself is an internal component of the computer. Modern CPUs are small and square and contain multiple metallic connectors or pins on the underside. The CPU is inserted directly into a CPU socket, pin side down, on the motherboard. Each motherboard will support only a specific type or range of CPU so you must check the motherboard manufacturer's specifications before attempting to replace or upgrade a CPU. Modern CPUs also have an attached heat sink and small fan that go directly on top of the CPU to help dissipate heat.

Two typical components of a CPU are the following:

    * The arithmetic logic unit (ALU), which performs arithmetic and logical operations.

    * The control unit (CU), which extracts instructions from memory and decodes and executes them, calling on the ALU when necessary.

A BIOS (Basic Input/Output System) is an electronic set of instructions that a computer uses to successfully start operating. The BIOS is located on a chip inside of the computer and is designed in a way that protects it from disk failure.

A main function of the BIOS is to give instructions for the power-on self test (POST). This self test ensures that the computer has all of the necessary parts and functionality needed to successfully start itself, such as use of memory, a keyboard and other parts. If errors are detected during the test, the BIOS instructs the computer to give a code that reveals the problem. Error codes are typically a series of beeps heard shortly after startup.

The BIOS also works to give the computer basic information about how to interact with some critical components, such as drives and memory, that it will need to load the operating system. Once the basic instructions have been loaded and the self-test has been passed, the computer can proceed with loading the operating system from one of the attached drives.

Computer users can often make certain adjustments to the BIOS through a configuration screen on the computer. The setup screen is typically accessed with a special key sequence during the first moments of startup. This setup screen often allows users to change the order in which drives are accessed during startup and control the functionality of a number of critical devices. Features vary among individual BIOS versions.

Many PC manufacturers today use flash-memory cards to hold BIOS information. This allows users to update the BIOS version on computers after a vendor releases an update. This system was designed to solve problems with the original BIOS or to add new functionality. Users can periodically check for updated BIOS versions, as some vendors release a dozen or more updates over the course of a product's lifetime. To check for an updated BIOS, users can check the website of the specific hardware vendor.

(click on image for larger view)

The motherboard is the most essential component in a personal computer . it is the piece of hardware which contains the computer's micro-processing chip and everything attached to it is vital to making the computer run.

Motherboard Components:

If you open your computer's case, the motherboard is the flat, rectangular piece of circuit board to which everything seems to connect to for one reason or another. It contains the following key components:

The motherboard also has slots or ports for the attachment of various peripherals or support system/hardware. There is an Accelerated Graphics Port, which is used exclusively for video cards; Integrated Drive Electronics, which provides the interfaces for the hard disk drives; Memory or RAM cards; and Peripheral Component Interconnect (PCI), which provides electronic connections for video capture cards and network cards, among others.

How a Motherboard Works:

The most important thing to remember about the motherboard is that it is a printed circuit board which provides all the connections, pathways and "lines" connecting the different components of the computer to each other - specifically, the Central Processing Unit or CPU, which is where (as its name implies) all the "processing" is going on to everything else.

The CPU or "chip" (the most popular of which is Intel's Pentium series) is an assembly of transistors and other devices (Pentium IV has over 4 million transistors) which perform or processes myriad programmed tasks.

The CPU rests in a "socket" on the motherboard which is connected to the other components through the board's printed circuits. The most important connections are to the chipsets - especially the northbridge chipset which is connected to the main computer memory (hard disk and RAM), while the southbridge set is connected to the peripherals - video and audio cards, IDE controllers, etc.

Aside from these, the most important element of the motherboard is the BIOS chip - which performs key functions like checking power supply, the hard disk drive, operating system, etc. before the computer actually starts "booting up". Turning on the computer automatically starts the BIOS chip up to perform its diagnostic functions, after which it powers up the CPU which - in its turn - starts powering up the other peripherals (hard disk, operating system, video and audio, etc.).

This is why the motherboard is the key component of the computer. It is, in effect, the "housing" for the CPU - the place where the latter resides and from which commands, instructions, and power course through before being sent out to other components.

Complementary metal oxide semiconductor (CMOS) is a type of semi-conductor chip that holds data without requiring an external power source. In a personal computer (PC), CMOS holds the basic instructions the computer needs to initialize its hardware components and boot up. These settings are known as the basic input output settings (BIOS), also referred to as CMOS settings.

CMOS controls a variety of functions, including the Power On Self Test (POST). When the computer’s power supply fires up, CMOS runs a series of checks to make sure the system is functioning properly. One of these checks includes counting up random access memory (RAM). This delays boot time, so some people disable this feature in the CMOS settings, opting for a quick boot. If installing new RAM it is better to enable the feature until the RAM has been checked.

Once POST has completed, CMOS runs through its other settings. Hard disks and formats are detected, along with Redundant Array of Independent Disk (RAID) configurations, boot preferences, the presence of peripherals, and overclocking tweaks. Many settings can be manually changed within the CMOS configuration screen to improve performance. However, changes should be made by experienced users. Changing settings improperly can make the system unstable, cause crashes, or even prevent the computer from booting.

The CMOS configuration screen is accessible during the POST phase of boot up, by pressing a key before the operating system initializes. Normally this is the Del key but it might be another. A line of text will indicate which key will take the user into the CMOS or BIOS setup screen. Changes cannot be made from within an operating system such as Microsoft Windows, but must be made within a true DOS session. There is also an option to protect CMOS settings by requiring a password to change settings. Changes are saved upon exit, then the computer reboots to utilize the new settings.

Most motherboard manuals provide a complete list of available CMOS options. These will vary according to motherboard design and BIOS manufacturer. Two of the most well known BIOS manufacturers for clone PCs are Phoenix and Award, while companies like Dell and Compaq produce their own BIOS chips.

When power is turned on to a PC, POST (Power-On Self-Test) is the diagnostic testing sequence that a computer's basic input/output system(BIOS) runs to determine if the computer keyboard, random access memory (RAM), disk drives, and other hardware are working correctly. This is the black screen with white text that you see when first starting your computer.

(click on image for larger view)

Some PC manufacturers hide the POST screen behind a picture of their LOGO with a reference how to enter the BIOS of Boot Menu.

(click on image for larger view)

If the necessary hardware is detected and found to be operating properly, the computer begins to boot. If the hardware is not detected or is found not to be operating properly, the BIOS issues an error message which may be text on the display screen and/or a series of coded beeps, depending on the nature of the problem. The pattern of beeps may be a variable numbers of short beeps or a mixture of long and short beeps, depending on what type of BIOS is installed.

The patterns of beeps contain messages about the nature of the problem detected. For example, if the keyboard is not detected, a particular pattern of beeps will inform you of that fact. An error found in the POST is usually fatal (that is, it causes current program to stop running) and will halt the boot process, since the hardware checked is absolutely essential for the computer's functions.

You should always assume that whenever you use your PC, you are leaving behind a record of what you are doing.

That's the benefit of a computer; it's supposed to keep track of things so you don't have to do it yourself.

But there are times that you don't want it to be so good at keeping track of things, such as the fact you're editing your resume at work because you hate your job. Or perhaps you share a computer with other people and don't want them to know what you are doing or where you've been on the Internet.

MOST IMPOTRANTLY... hackers or privacy invasion software that can collect that information and use it to steal your identity, set up lines of credit in your name and basically turning your life upside down.

Fortunately, there are steps that can be taken to protect your privacy.

Everyone knows about obvious things like files in the 'My Documents' directory.

But there are many other places where traces of your PC work and play are left behind, intentionally or accidentally.

Deleting files or hiding them in obscure directories won't always do the trick.

Some of the most privacy leaks you'll encounter are described below:

Browsing history: Every time you visit a web site, the browser keeps track of the pages you visit so that you can easily get back to them later. You can decide how far back that history goes, and whether you to clear out the browsing history entirely.

However, even after clearing the history, there are still records and references elsewhere on your computer that can be easily accessed.

Internet cache: To speed up web surfing, browsers keep a copy of the files you retrieve while browsing the Internet.

This includes web pages, images, Flash animations, and even large files like videos.

All of these files can easily be seen in Internet Explorer; just click View, Internet Options, Settings, View Files.

Recently-used file lists: Many programs keep a list of files that you have recently opened while using that program; it's a feature of Microsoft Office applications for example.

Windows itself keeps a list of recently used documents for all applications on the Start Menu under 'Documents'.

Some of these can be disabled if you prefer not to see or show them, however doing so does not prevent log files from being created.

Last-Used directories: Sometimes a program won't keep a specific list of files, but instead remembers the last directory where you opened or saved a file.

The next time someone opens up the application or tries to save a file, they view a directory containing your files. For example, WinZip offers this feature; it can be turned off through WinZip's Options, Configuration, Folders dialog.

There are a large number of ways that your computer stores trace data that an individual with malicious intent could very easily exploit. Therefore it is a very good safety practice to have all these 'Tracks' cleaned up on a regular and ongoing basis.

There are a number of lessons to be learned, beginning with the obvious...

DO NOT open unexpected attachments. Better yet, don't open any attachments, unless you are ABSOLUTELY certain of the source.

Remember, security technologies such as antivirus etc. are your last line of defense. The only way you can be sure of maintain a high level of security is by changing how you use the Internet.

As far as email is concerned, I STRONGLY advise all my clients that it is wisest to maintain TWO email addresses.

One address is for communication with family, friends and business contacts. The other address is for use on the web for signing up for websites that require registration with a valid email address.

I will refer to the personal, private as Addy1@safe.com and to the general address as SpamMe@unsafe.com.

When you have your personal, private email address... you certainly want to KEEP it that way. The only way to do that is set a strict set of rules for yourself and FOLLOW THEM ABSOLUTELY without exception to avoid receiving spam and emails containing malicious scripts.

1) NEVER enter Addy1@safe.com into ANY online form with very few exceptions (secure online banking site, Utilities sites such as Power, Gas, Cable provider etc. for the purpose of receiving  account notifications ONLY.)

This will be the address you use to communicate with family and friends. When providing this address to a friend or family member, be very clear with them that they are to NEVER EVER forward jokes of the day, funny mail that was sent to them etc.

Don't be afraid to go so far as to tell them that if they do forward you stuff, you will block their email address PERMANENTLY.

2) ALWAYS use SpamMe@unsafe.com to apply for website memberships etc.

The logic behind having a seperate email account for applying for website memberships etc, is that many of these sites are partnered with advertisers. Often, people do not realize that when they agree to 'the terms of use' on some sites, that part of the agreement is "Yes... please send me useless emails and collect personal information about me, and share it with other companies".

Consequently any spam that gets sent to you because of your surfing habits... will go to the one email and not be physically downloaded to your computer.

Two of the most popular free web-based emails are Hotmail and Windows Live Mail. There is also Yahoo Mail, Gmail... and several others as well.

Here are links to the signup pages for a couple of them:

MORE INFO TO COME... document under construction.