© Nancy E. Reed, 1997 -- ECS 15 -- Fall 1997

Lecture 27 Notes
Computer Security
Computer Ethics and Privacy

Visual Aids

• Diskettes
• Reel-to-reel tape (still used, but not as common today).
• Large cartridge tape (recent).
• Special cartridge tape (by DEC).
• Recordable CD (write once, read many or WORM media).
• Zip cartridge (100 MB) only slightly larger than a 3-1/2" floppy!

Computer Security

What is computer security? Computer security means that you have access to all your programs and data whenever you want, and that others don't, unless you give them permission.

Computer crime is usually not violent, however a large sum of money (or valuables) can be at stake. There are three categories of computer crime:

1. Theft of computer time or resources.
2. Theft, destruction, or manipulation of programs or data.
3. Alteration of data stored in a computer file.

A hacker is a person with significant computer knowledge (old style definition).

A computer cracker is someone who breaks into computers and does damage (like a safe cracker).

Security means implementing policies and a system of safeguards designed to protect a computer system and data from deliberate or accidental damage or access by unauthorized persons.

Possible losses can be to you or your company's:

1. Hardware - This is usually covered by insurance for a company.
2. Software - If you have backups, you can re-load the software, otherwise you must re-purchase, or re-write it!!!
3. Data - Your data is irreplaceable without backups!!! No one else has your data!!

Backing up files

Backing up your files means to make a copy (a backup) of them.

Your motto should be "Save early, save often!!!"

What problems can happen?

1. Accidental erasure of programs or data.
2. A disk failure. This is much more common on floppies than on hard disks. You have a lot more to lose on your hard disk, however.
3. A virus infection causes damage.
4. Physical damage caused by a flood, fire, lightning, etc.

Commonly used backup methods include:

1. Floppy diskettes. These have limited capacity and are reasonably slow, but are portable.
2. Tape backup units. These are moderately expensive, but are reasonably fast. The tapes created are portable. Some units are also portable, if they are external and connect via a port (parallel and SCSI are common).
3. An extra hard disk. These are quite inexpensive now for the capacity, but they are not very portable.
4. Removable media drives. Some large capacity drives exist (100 MB, 1 Gb +) that use removable media. These are somewhat expensive, but have the advantage of portability and the added convenience of running your software directly from the drive. These include JAZZ drives, ZIP drives, and other brands. The technology used in these drives may be high-capacity floppy disks, cartridge hard disks, or magneto-optic cartridges (a combination of laser technology for reading and magnetic media for storage). The drive units can also be internal (not portable) or external (relatively portable).
5. Writable CD drives (also called WORM - write-once read many drives). The units to write these are expensive and the disks cannot be erased and re-used. However, they do not suffer from the problems that magnetic media do. The disks created are portable.

Backing up diskettes

You can copy everything from one diskette onto a second diskette with the command
diskcopy A: A:
in DOS, or the equivalent in Windows. You will be prompted for the source (original) and destination (copy) disks. Warning: diskcopy makes a "mirror-like" copy of all the files on the first disk onto the second disk. This completely erases all files on the destination disk. If you want to keep the files on the disk and add to them, use the DOS copy command, or the equivalent Windows command.

In Windows 95, a floppy disk can be copied (entirely), by clicking once on the floppy drive icon in My Computer, then selecting [File] [Copy disk]. Copying A: to A: is the default. Select the diskette type (double-density or high-density) and click on [Start].

Question: If you drag the icon of a file from one location to another in the Windows Explorer, is the file copied or moved?

Worms & Viruses

A virus is a set of illicit instructions that passes itself onto other programs with which it comes in contact. It inserts a copy of its own code into other programs in much the same way that a virus replicates in the cells of people. Your best protection is an anti-virus program. These can prevent a virus from invading your computer, and can help you recover if one does. The most popular anti-virus programs are Norton Anti-virus by Symantec and McAffee Anti-virus.

Other utility programs can also be of assistance in recovering from a virus or physical damage to disks, for example the Norton Utilities by Symantec.

How are Viruses transmitted?

1. Through a bulletin board or on-line services. If you download a file, it may contain a virus without your knowledge.
2. Diskettes used on more than one computer. The virus copies itself from the diskette to the hard disk and then to every other diskette used on that machine. If one diskette has a virus, it can be spread quickly between home, work, and school.

Note: Viruses are specific for one type of computer or operating system. One recent exception -- a new kind of virus -- is specific to Microsoft Word documents. It is called the "Macro" virus, and can supposedly infect Word files on any platform. It inserts a copy of itself into every other Word document it can find on the computer.

What kind of damage is caused by viruses?

1. Irritating messages.
2. Temporary loss of data (but recoverable).
3. Permanent loss of data. OUCH. See backing up.

The final word: anti-virus programs are strongly recommended. Some data is irreplaceable. In other cases, it might take hours, weeks, or longer to replace data that was lost.

Computer Ethics

The 10 commandments of computer ethics

1. Thou shalt not use a computer to harm other people.
2. Thou shalt not interfere with other people's computer work.
3. Thou shalt not snoop around in other people's files.
4. Thou shalt not use a computer to steal.
5. Thou shalt not use a computer to bear false witness.
6. Thou shalt not use or copy software for which you have not paid.
7. Thou shalt not use other people's computer resources without authorization.
8. Thou shalt not appropriate other people's intellectual output.
9. Thou shalt think about the social consequences of the programs your write.
10. Thou shalt use a computer in ways that show consideration and respect.

What software can I copy? Software is commonly placed in one of the following three categories:

1. Public domain. This software is free to everyone and can be freely copied.
2. Freeware. This software is distributed on a trial basis by the authors. There is a small fee to register the software if you use it for over a month.
3. Copyrighted software. Programs available in computers stores, etc are almost always copyrighted and expensive. Do not copy these, except for backup purposes.

Changes in Societal Behavior

People are people. New environments will engender new behaviors that reflect the adaptation of long-established personality traits to a new vocabulary, work environment, or opportunities/temptations. Viewed from this perspective, the computer-related sociological acts that are reported daily in the papers are little more than new wrinkles on old behavior patterns. However, the capacity for more widespread and serious change (much of it potentially negative) is considerable, and we will undoubtedly discover new and horrendous ways in which behavior is modified by the availability of new tools for use and misuse.

Computer-related societal misbehavior is becoming a serious problem, owing in part to the pervasiveness of computers and computer-based information. The problems extend to computer- based theft or fraud, invasion of privacy, malicious or inadvertent destruction of large volumes of crucial information, over-dependence on computer-based information or computer availability, lack of ethical approaches to the use of computers, and a very large list of other problem areas that are only partially understood at present. The purpose of this brief discussion is to heighten your awareness of the ethical situations that computer uses open for study. From these examples, you may develop a perspective that will enable you to apply general principles to new situations that will undoubtedly arise in the years ahead.

Consider a few cases. Suppose you are given access to a powerful computer with no charges to you for its use, and you are admonished not to give your account information to others. What are the ethics of your failing to heed this admonition? What is the duty of the individual who detects misuse of this privilege? What are your responsibilities when you know that this type of misuse is being done by people whom you know?

Suppose you learn of a way to "break in" to a computer account. What are your responsibilities in that event? What if you have a difference of opinion about the way in which that account is being used (e.g., a data bank that you consider harmful to others in some way or other)? What if you learn that someone unknown to you is deliberately altering your experimental data for reasons ranging from malice to envy to competition for perceived rewards?

What is the role of society when it catches an individual who created a computer virus that shut down thousands of computers around the country, causing millions of dollars of damage in lost time and possible lost information? What are appropriate balances between "adequate safeguards" and excessive permissiveness or overly strict access rules that defeat the purpose of the entire system?

What is a reasonable and just penalty for someone who creates a virus that destroys other people's computer-stored information?

What are your responsibilities in sharing or not sharing programs obtained from other sources?

Who should have access to what types of computerized medical records information? Are there types of information that the patient should not be permitted to see (e.g., therapeutic measures prescribed for a schizophrenic whose knowledge of the approach taken might influence their effectiveness)?

What rights to lawyers seeking to file class action suits have to information held by institutions whom they intend to sue? Is it "fair" to have clients who can afford computer-based support to win cases over clients who cannot?

What rights do others have to purchase credit and other potentially sensitive information gathered from commercial sources?

The last question relates directly to a situation that was reported a few years ago in the newspapers. A large company (Lotus, makers of Lotus 1-2-3) advertised that it intended to make available for sale at reasonable cost a CD ROM disk (or disks) with information on more than 100 million U.S. citizens: their names, addresses, shopping preferences, credit ratings, and many other items, some of which might be incorrect, but all of which were obtained by purchasing the information from available commercial sources. Their intentions were made known to people in the computing community through network bulletin boards. Recipients were urged to write to Lotus, demanding that the files on the individuals writing be removed or legal action would be taken. Thousands of such letters were received by Lotus, and as a result they publicly agreed to abandon the idea of marketing this CD ROM disk. What does this action say about how some people in society are reacting to situations of this type? It merits careful study.

Go to the index of lectures for ECS15 - Fall 1997 .

Go to the homepage for ECS15 - Fall 1997 .