free ebooks ==> www.ebook777.com

Finally! A Human-Readable Guide to Cybersecurity

Congratulations on purchasing this book! Protecting yourself online is critically important, and by reading this book, you are taking an important step to keep your

personal information secure. The world of digital security is a fascinating one, and today is more important than ever. As you read through this book, you will gain an

understanding of some of the most fundamental principles of security, how many hacking schemes work, and how you can outsmart them.

This knowledge is valuable for anyone who uses a computer. Whether you use your computer primarily for personal reasons, or you are a businessman wanting to make sure that important company information on your computer remains secure, this book contains invaluable information that can help you maintain privacy. It is a concise explanation of security topics written in plain English, so that anyone can understand what it takes to keep computers secure. I’ll also guide you on what to do if you find that your computer has already been compromised. I’ve tried to keep this book as short and concise as possible so that it will be as easy as possible for you to soak up this information.

These tips that I will give you come from a number of places - many I have learned from talented programmers, and some from my my own sweat and blood. I’ve tried to include a lot of real world examples of hacking schemes to keep this interesting. Then I’ll tell you pro-tips that repair shops and security personnel normally sell you for hundreds of dollars. I’ll tell you how to get the same things done for free or at comparatively little cost,

potentially saving you hundreds. I’ll point you to free programs that work nearly as well as commercial ones. And for those of you who are willing to invest a little more in computer security, I ’ ll give you my professional opinion on the best commercial

In addition to learning about how to protect your computer, in this book you’ll actually learn about real principles of security, not just a list of dos and don’ts. That will equip you to make smart choices even in areas this book doesn’t cover. Sometimes when we first start learning about something new, we don’t really have our bearings and can get lost, or we waste our time on things that do not really matter. It’s also easy to miss an important area. In the world of digital security, just one omission can leave a computer vulnerable.

In this book, I’ll give you a holistic view of how security works, so that you can be best prepared to meet the number of attacks that are coming today, and the new ones devised tomorrow. Unfortunately, the more the digital world grows, the more incentive hackers have to break into it. For those of us us who do honest work, it is frustrating that we have to deal with this problem. That said, the consequences of not doing so can be

catastrophic. By reading and implementing the security measures in this book, you will be providing yourself with a first line of defense that could be the difference between

productive computing, and an incredibly destructive security breach.

As a final note, while this book is designed to be a help to you in implementing digital security, please be aware that it is impossible to cover every attack. New ones are

invented every day. Even if you follow every tip written in this book, there invariably will be other attacks and viruses out there that can cause problems. It is impossible to cover all aspects of security in one book. That said, this book contains valuable information that will get you on the right track. So without further ado, lets get started.

Sector 1 - Universal Principles of Security

A. Encryption.

In 2014, Home Depot announced that there had been a major breach of their security systems in which many, many credit cards were stolen from their systems. The Wall Street Journal, 56 million credit card numbers were stolen. Criminals had snuck in

free ebooks ==> www.ebook777.com

people who swiped their cards in the store. As data was sent from the credit card readers to where it was stored and processed, the hackers listened in on the wires and intercepted it. If Home Depot had been using the technology that I am about to show you, they would have been safe from harm. As it is, however, they did not, and massive damage ensued. At the end of this section, I’ll show you a bit of a report on their website which discusses how they implemented this critical security technology called encryption.

Encryption is in many ways the backbone of any secure system. Basically, it is a system of scrambling the contents of a message so that nobody can tell what it says unless they have the right password. The whole point of it is to enable people to transmit confidential information through an insecure route. Here’s an example of how simple encryption might work:

If I want to disguise the word “cat” with extremely basic encryption, I could change every letter in the word to the next one in the alphabet - so “c” becomes “d”, “a” becomes “b”, and “t” becomes “u”. The resulting “encrypted” form of the word “cat” would be “dbu”. I could do the same to a whole sentence and get a result that looks completely different than the original. If someone were to look at our sentence without first undoing the encryption, it would have absolutely no meaning. Of course, this encryption algorithm wouldn’t be very difficult for anyone to unravel, so far more complex ones have been devised.

In encryption formulas created today, there are two parts - the formula, called the cipher, and a secret password called the key. In the example above, we could change it up so that instead of replacing each letter with the one after it in the alphabet, we would replace each letter with the third letter after it. We could replace it with the tenth letter after it (and wrap around back to “a” for letters near the end of the alphabet). In this example, the encryption formula would be quite simple:

Replace each letter with the __ letter following it in the alphabet.

whatever we wish, and thus slightly modify how our message is encrypted.

In real-life encryption, the key is equivalent to the blank in our encryption formula above. By inserting a different number into the formula, we can alter how the message is

scrambled. In the same way, modern encryption algorithms keep messages secret by using a special key to alter how the message is scrambled, to the point that only the person with the key will be able to unscramble the message.

Usually these formulas to scramble and unscramble the message are freely available so that anyone can use them protect their information. The key, however, is always kept secret. As long as that secret code is protected, the message is safe, and it is virtually impossible to unscramble the message. In fact, many of the algorithms used today are so secure that today the most powerful supercomputers on earth couldn’t decode the

scrambled message, even if given thousands of years.

The use for such a system is pretty clear - you can send a sensitive message through an insecure route, confident that if anyone were to intercept it they still would not be able to find out the contents of your message. This is particularly useful in online transactions, where sensitive data is commonly sent across the internet. Let’s say for example, you are buying this book from Amazon with your credit card (and of course that you don’t have it saved). When you enter your credit card number and click the “Buy” button, your

computer sends your credit card number through your internet connection to your internet service provider (like AT&T, Verizon, your cable company, etc.) Then your internet service provider sends your credit card number many miles, possibly hundreds of miles to Amazon’s internet service provider, and then to Amazon’s own computers. Once they have the card, they have to send the number to your credit card provider (like Visa or MasterCard) and make the charge. In one online transaction, your credit card may be sent hundreds, or even thousands of miles.

free ebooks ==> www.ebook777.com

were clever, they would listen in right outside of Amazon’s location, and intercept all the connections Amazon had with their customers and steal every single credit card number! Obviously that would be a huge, huge problem, that would make online shopping utterly infeasible. By encrypting the credit card number, however, companies ensure that no one but the intended recipient can read them.

The way this is implemented in real life is brilliant, but also nearly invisible to the end user. Your web browser almost always takes care of it behind the scenes. Occasionally something goes wrong in the encryption process, however, and when it does, you need to know what to do. I’ll go over that in a minute. Right now I’m going to explain in greater detail what your browser is doing under the hood. Knowing this will better equip you to understand what can go wrong. I will warn you, however, that this will get a bit technical; since its not absolutely essential to keeping secure, its an ok section to skip. If you can read it, though, you may find it quite interesting.

To transfer information securely over the internet, both the sending computer and the receiving computer need to know the same secret key. One computer could come up with a randomly generated key, and send it to the other, then for the rest of the time, they could communicate securely using the secret key they both share. But how can that key be securely exchanged?

One could meet in person with the party in question, or one could even speak over the phone and communicate the secret key. Clearly if one were to simply send the key and then the message right after it, the security of the message would be compromised. If I send Amazon the key to decrypt my credit card information, and then immediately send the encrypted information right after that, anyone listening in could just intercept the encryption key and then promptly decrypt my sensitive information.

So how can we securely exchange the secret code? The answer lies in a genius encryption formula that allows secure one-way transmission of data without first sharing a key.

to scramble the message, called the public key, is useless for unscrambling the message. Only the private key, as it is called, can decrypt the message and reveal its contents. Here’s how this plays out in an example scenario.

Amazon generates a private and public key pair, and sends their public key to anyone who visits their site, but they keep the private key highly secure. When you visit their site, your computer generates another key (unrelated to Amazon’s keys), encrypts this key with Amazon’s public key, and sends it to Amazon. Amazon decrypts the key that your

computer generated, and for the rest of the time you are connected, your computers use the key your computer generated to keep your messages secure.

1. Amazon sends you their public key

2. Your computer generates another completely unrelated key

3. Your computer encrypts the new key with Amazon’s public key and sends it back to Amazon

4. Amazon decrypts it using their private key. Now both sides have the same key 5. Your computer and Amazon encrypt all information with the key that your

computer generated. Amazon’s public and private keys are no longer used.

Hopefully that makes sense. If not, no worries, try reading it again later and it will likely make more sense after your brain has some time to process it. The main thing to

remember is that encryption is just a way of scrambling a message so that nobody but the person with the password can read it. Home Depot posted the following as their solution to the credit card scam:

free ebooks ==> www.ebook777.com

https://corporate.homedepot.com/MediaCenter/Documents/Press%20Release.pdf

From what I can tell, they were using encryption any time a credit card left their internal network. Amazingly, the hackers found a way to break into their internal network where credits cards were not encrypted. Home Depot had to step up their security measures, encrypting the cards immediately after people swiped them in the store.

Now that you know how online encryption works, here’s how you can recognize if your connection is encrypted. In most browsers today, there is a little lock in the url bar that shows that your site is encrypted. Here’s what it looks like in Internet Explorer 11, Chrome, and Firefox:

Chrome:

Internet Explorer

Firefox

The text to the right of the first green lock icon states that the identity of the site has been verified. I’ll go over how that works later on. For now, I want to focus on how encryption works.

If you look at the text next to the second green lock, you’ll notice that in this instance the connection is secured with a 256 bit encryption. Usually encryption today is either 128 bit or 256 bit. All that refers to is the length of the secret key used to encrypt your

connection. A longer 256 bit key is more secure than a shorter 128 bit key. The longer the key, the more complex the encryption is, and the more difficult it is to undo. As of today both are sufficiently long to be considered secure.

free ebooks ==> www.ebook777.com

easier to break into. If you are using a site with very important information, like a banking or investing site, you should think twice before you enter your information if the

connection is not using TLS 1.2, or at least 1.1. It may just be that they have not updated their software, but for financial institutions, this is unlikely. If you see a bank website with a TLS 1.0 connection, your browser may be out of date. If you have an up-to-date browser, it is possible that there is a third party hacker interfering with the connection, causing the connection to be governed by a less secure protocol.

The next item in the list states the actual encryption algorithm used to secure messages transmitted. The TLS protocol simply governs how the connection is formed, not what specific algorithm is used to encrypt messages. Computers today support a number of different encryption algorithms (called ciphers), and any of a number of them can be used. The TLS protocol determines how your browser and the site you are accessing will decide on a cipher. Not all computers have the same ciphers, and they must find one that both have in common. In this case, the cipher used is CHACHA20_POLY1305, which is considered a secure encryption algorithm. Here are the other ciphers that are commonly considered secure when used with either TLS 1.1 or 1.2.

-AES ciphers -Camelia ciphers -Seed ciphers

That covers the basics of secure connections to a website. Generally speaking,

connections with TLS 1.2 will be considered the most secure. If the site does not use TLS 1.2, your browser will still connect as usual and tell you that you have a secure

connection. Now that you know more about encryption, however, you have the tools to determine if a site is using the latest, most secure protocol, or an older less secure one.

The next item the security popup is the key exchange mechanism. As discussed earlier, all communication between the two computers needs to be encrypted with a secure algorithm and key. Both sides need to have the same key. One computer generates the key, and sends it to the other. The key exchange mechanism describes how the key is securely transmitted once it has been generated. I covered how this works conceptually earlier, but there are a number of different ways this can be implemented. My browser here is telling me exactly what

implementation is being used. If you are using TLS 1.2, your browser should take care of choosing a secure key exchange mechanism.

In addition to making sure that you have good encryption when visiting a website, your browser also needs to verify that you are actually connecting to the site you want to connect to. Digital cryptography is used to verify identity online. Using public and private key cryptography, the identity of a remote server can be verified with a trusted third party. We’ll go over how this works in a later section on phishing.

free ebooks ==> www.ebook777.com

a problem

Before wrapping up this section, I want to address an important topic, and that is the need to keep your browser up to date. Think about this: if TLS 1.2 was developed to fix

security holes TLS 1.1, which was developed to fix security holes in TLS 1.0, which was developed to replace an older, less secure technology, you might begin to wonder about the security of TLS 1.2 itself. When will TLS 1.2 be found insecure? That is an excellent question, and the right one. As time passes, people find holes in standard security

protocols that need to be addressed. Software developers respond to these threats by

updating their programs with the latest security features. To keep your computer as secure as possible, you should always keep your software up to date.

In the realm of online security, this is especially important. For example, Internet Explorer 8 does not support TLS 1.1 or 1.2. Internet Explorer 9 and 10 both support it, but do not have it enabled by default. Only Internet Explorer 11 does enable it by default. In this case, by using an older version of Internet Explorer, you are putting your system at needless risk. For other browsers like Firefox and Chrome, updates are installed

automatically, which means that unless you alter the settings, your browser should be up to date. If you have an older version of Firefox, you may need to update it manually, however, as older versions of Firefox do not automatically update.

B. Protecting Files on Your Personal Computer With Encryption

Keeping files safe on your computer involves the same technology that is used to keep your information safe while being sent across the internet. You probably have a password on your computer, and you may think that such a precaution is enough to secure your files.

information.

The reason is because by default, your files are stored unencrypted on your hard drive. A hacker could easily plug in a flash drive with Linux on it, and start your computer up using a completely different operating system. They can completely bypass the Windows user account system altogether, and access all the information on the hard drive. If your computer is stolen, your information is likely unprotected and could be accessed by anyone with moderate technical knowledge. If you have a laptop with important information on it, or have any reason to believe that it might be stolen, you should seriously consider encrypting the information on your hard drive to protect it.

We’ll go over real steps as to how you can encrypt your information on your computer so that even if it is stolen, nobody can get your personal information. I’ll show you what I think is the best free program for encryption. If you prefer a premium product, I’ll recommend one to you as well. If you don’t want to encrypt your computer at all, or are not interested right now, feel free to just skip the rest of this section, and we’ll see you at the beginning of the next. what is the next section?

Before encrypting your computer, you need to remember one thing - if you forget your password, and don’t have it saved anywhere else, your files are lost permanently. The whole point of encryption is to lock out anyone without the password. If you lose it, your files won’t remember you and will be lost forever. For that reason, you MUST backup your encryption key and store multiple copies of it in safe places.

free ebooks ==> www.ebook777.com

out permanently. If you forget your password on your computer, you can reset it through their online service.

If you upgraded to Windows 8.1, the encryption may not work, because it requires certain hardware that many computers don’t currently have. If your computer has been around for a few years, it likely does not have the right hardware. If you upgraded to Windows 8.1 and want to enable encryption, I’ll point you to Microsoft’s guide at the link below:

http://windows.microsoft.com/en-us/windows-8/using-device-encryption

For those not using a new Windows 8.1 computer (most of us), there are a number of programs out there that do the same thing, and well. Just remember to keep your encryption key in a secure place.

For Windows Users who have a Professional or Enterprise edition, you have a built in utility called BitLocker. If you don’t have BitLocker, you’ll need to upgrade to a pro version of the operating system you are using, or use another freeware program I’ll cover later. To use BitLocker, search for BitLocker from the start menu, and you should see something like “Manage BitLocker”. When you click on that, you’ll be taken to the BitLocker page in the Control Panel. From there you can easily enable encryption by clicking on the text to turn on BitLocker, and following the steps in the wizard that appears. BitLocker will allow you to encrypt your whole drive, even if your processor does not support the encryption that comes with new Windows 8.1 PCs.

For Windows users looking for a free program, the most promising one I have found is called DiskCryptor. DiskCryptor offers encryption for the entire hard drive, is free, and is open source.

Open source means that the developer of the program has made all the code used to create a program freely available to the public. Most commercial software contains license agreements that strictly prohibit anyone from even trying to see how the program was made. Open source software is just the opposite - anyone and everyone can look at just how the program was made, and even tweak a personal copy of it if they know what they are doing.

Open source cryptography programs like DiskCryptor are said to be more secure than proprietary ones because any programmer can look at how the program was written to verify that it is secure. Some people have concerns that the governments could compel companies to implement secret weaknesses in encryption so that they can access the

encrypted files. Whether this occurs or not is not in the realm of this book to discuss. The main point is just that some people consider open source programs more secure than

closed source ones, and thus opt for open source programs like DiskCryptor. Here are links to the homepage and downloads:

https://diskcryptor.net/wiki/Main_Page https://diskcryptor.net/wiki/Downloads

Setting up DiskCryptor is significantly harder than setting up BitLocker, so unless you are pretty familiar with computers, I would recommend you go with standard BitLocker encryption. It is faster and easier, and if there are any security holes in it, none have been discovered yet, as far as I can tell.

free ebooks ==> www.ebook777.com

and may be able to find yours in a “brute force” hacking attempt. Remember to keep your browser up to date too. And lastly, I want to remind you once again to always back up your encryption key or password. If you lose it, your files are irrevocably lost.

C. Physical Security

Sometimes its easy to forget that everything in the digital world, or “the cloud”, as they say, is actually man-made hardware, and is just as susceptible to physical theft as anything else. People often think that the internet is something that just mysteriously exists “in cyberspace”. The reality is, however that “cyberspace” is nothing more than a bunch of computers and wires that connect them together. Really, that’s all that cyberspace is. There are no ghosts, no ethereal clouds. There are just computers and wires. There are big computers and small computers, short wires and long. Copper wires and fiber optic cables. But that’s really all the internet is.

When you store information in an online storage service like DropBox, or iCloud, you’re actually sending it to a massive warehouse filled with computers, called a server farm. When someone sends an email to your email account, it is also stored in a server farm somewhere. Whether email or a backup from your computer, your data is saved to one or more computers in the server farm. Whenever you want it back, that computer will

retrieve your data, and send it across the internet to your computer. The computers in server farms stay on 24/7 so you can access your data whenever you want, and they have internet connections that go unbelievably fast so they can send and receive data from millions of people at once.

Google has put together a pretty cool website showing how their server farms work. It has a lot of cool pictures and explains some of the technology required to build it. If you have the time, I would encourage you to take a look:

http://www.google.com/about/datacenters/gallery/#/

contain lists of personal information belonging to millions. If a hacker gets ahold of such information unencrypted, he can quickly sift through the files using automated software, search for passwords and other sensitive information, and depending on what he finds, wreak havoc on the lives of the people whose information is stored therein.

As you can see, “the cloud” which is in many ways the future of computing, comes with serious risk. To ensure safety, tech companies like Apple and Google usually have 24/7 security guards and strong walls to protect their facilities. They also encrypt their data as well, so that if any computers are stolen, sensitive information is not compromised.

Usually they have backups of information stored in different data centers, so users can still access their data. If just one copy is stolen, however, the consumer data is compromised.

In your situation, you are not likely to be hiring a guard to watch your computer 24/7. That said, people really do physically steal computers to get the data stored in them, and you need to take precautions to prevent data from getting into the wrong hands. I was a part of a nonprofit organization, years ago, whose computer was stolen. My guess is that the criminals were trying to access personal data from the members of the organization. They were likely hoping to find important information that can be used to break into bank accounts and such, like social security numbers, dates of birth, and other personally

identifiable information. Fortunately, only contact information was stored on the computer, and no worse harm occurred.

When considering your overall security strategy, don’t forget that someone breaking in and stealing a computer, especially at work, is a real security concern. System admins, and anyone else who stores sensitive data must be careful to keep critical systems locked behind doors, or sensitive data could be compromised. If you run or work at a small company or organization, developing a strategy to keep your computers safe is a very good use of time.

D. Managing User Permissions

free ebooks ==> www.ebook777.com

you give out access to people in your company. Don’t give anyone you do not trust access to things they don’t need. Even if you do trust them, its still probably better not to give them access. Why? First, because no matter who they are, they may deal with your data maliciously. Second, even though they may have absolutely good intentions, they may not have the skill or knowledge to deal with it in a secure way. They could accidentally

damage your information, or even compromise your system. I’ve seen it happen before where an inexperienced person was given administrator access to a system and

accidentally downloaded a piece of malware on an organization’s computer. The person may not be trying to share company secrets, but they may accidentally lose a sticky note with their username and password. If their account gets hacked and they have

administrator permissions, you could be in serious danger.

In general, by restricting access to anything that could be used destructively to a need-to-have-access basis is wise. Computer programmers take this to heart, restricting not only how people, but how programs can access sensitive information. For example, security measures are used to try to prevent any unauthorized programs from running on your computer. If you have Windows 7 or 8, you are probably familiar with the somewhat annoying alerts that Windows sets off when you try to install software. The reason for those alerts is because Windows limits the abilities that the installer has on your computer so that it can’t install anything you do not permit. It actually considers that installer a different “user” of the computer, and requires you, the administrator to authorize the program to install. By requiring you to explicitly OK the installation of programs, Microsoft is trying to protect you from malware and other programs that you don’t want installed on your computer.

Implementing a secure user access policy is pretty easy on today’s computers. There are almost always two main groups - standard users and administrators. Sometimes there are other account types like guest accounts, and sometimes you can define your own account types. Standard and administrator accounts are really the only two you need for day-to-day purposes.

with standard accounts can run programs on the computer as normal, but they generally can’t install programs or change important system files. If you have someone using your computer, say another person in the family who just uses the computer to browse the web, they don’t need administrative rights. If they have administrative rights, but don’t know about security, they can unknowingly install programs on your computer that might contain malware.

It can also be a good idea for you to have two different accounts for yourself on your computer - an administrative account and a standard account. If you are using the standard account and download a piece of malware on your computer, it is less likely to actually infect your computer. Because standard accounts can’t install most software or change system files, malware that may be trying to install itself will likely be blocked as well.

One excellent example of critical system files that need protection are startup files. Malicious programmers usually want their viruses to run automatically at startup. They want their programs and spyware to be running every time you turn your computer on. If you accidentally run some malicious software while logged in to an administrative

account, a piece of malware can easily inject itself into your startup files. If you run it on a standard account, however, the program will have more difficulty getting into those important startup files.

One other important aspect of user permissions is that standard accounts do not have access to most files created by another user. This is important because it keeps standard users from accidentally or maliciously deleting files on a computer. If your kids use the same computer you do, its probably a good idea to give them a different, standard user account so they can’t accidentally delete your files.

free ebooks ==> www.ebook777.com

From there you can manage the accounts on your computer. As you can see, it offers you the option of changing your account type, or if you click “Manage another account”, you can see all the accounts on the computer. When you click on any of them, you’ll see the option to change the user account type. There you can switch users from administrator to standard permissions and visa versa. If you have a different version of Windows, it may look a bit different, but the same basic functionality is there.

On a Mac, click the Apple icon in the top left of the screen, then select system

preferences, then choose Users & Groups. From there you can easily change and manage user permissions.

By limiting administrator access to your computer, you are protecting your system from being damaged by an unthinking user. By using a standard account on a day-to-day basis, you are further protecting your computer from unintended harm. And by restricting

people who may not have the best interests of your company at heart, you can prevent them from destroying important files or installing dangerous malware.

E. Login Security: How to Keep Hackers Out of Your Accounts

and break in much more easily. In this section, I’ll first go over how and why you should choose a good password, then talk about other important ways to maintain secure logins. So how do you choose a good password? Well first, it’s probably better if you know what threat you are up against. The greater the ability of the hacker, the more complex your password needs to be to avoid a hack. To crack passwords, hackers use powerful computers that can test sometimes billions of passwords per second. Because they go through a huge number of records per second, common passwords will be easily guessed.

To make a strong password, don’t use any combination of words in the dictionary.

Hackers have their own dictionaries of passwords that contain all sorts of combinations of dictionary words to crack passwords. The programs they use are powerful and quite clever. If you use anything that has any sort of meaning, they can usually crack it pretty easily. Sometimes people think that if they use a clever placement of numbers or special characters they can be secure. However passwords like “passw0rd” or “s3cr3t” are easily understood by password cracking programs and are highly insecure.

Using easy-to-find personal information in a password is another common mistake people make. For example, including a zip code, or a name of someone close in the password. Skilled hackers sometimes do background checks on their targets, and can feed such personal information into the password cracking program, thus making that kind of password insecure. It’s not too hard for a criminal to do a background check on you, especially with the advent of social networking sites like Facebook; so, it is not unlikely even if you are not a high profile target. Furthermore, someone who knows you and doesn’t like you will find it easier to guess your password. And while we are talking about unsecured personal information, it is also worth mentioning that you should choose very obscure security questions so that someone close who does not like you cannot reset your password on you. In that same line, if you find someone asking you what your mother’s maiden name is for no apparent reason, take note, and don’t give it to them. Another good practice in password security is to keep your password at least 8 letters long, and use an assortment of lowercase and capital letters, and perhaps some

free ebooks ==> www.ebook777.com

Those are the major guidelines for choosing a password. Unfortunately, in addition to making a password hard to guess, following these criteria can also make it difficult to remember your password. So how can you choose a memorable password that is still secure? One popular technique today is to come up with a memorable sentence and take the first letter and punctuation of each word in it. For example, “My best friend, John, read a book on cyber security”. Taking the first word and punctuation yields a password “Mbf,J,rabocs”. It’s a lot easier to remember the sentence “My best friend, John, read a book on cyber security” than it is to remember “Mbf,J,rabocs”. And a password like that is random enough that a computer will have a very difficult time finding it. To recap, here are the rules for secure password generation:

1. At least 8-10 characters long

2. NO words that are contained in the dictionary

3. Substituting special characters for letters, and similar tricks doesn’t really help 4. No personal information

5. If the password’s meaning is anything but extremely obscure, it is not as secure as it could be

Ok, so now you know about choosing a good password. But one good password isn’t enough. You need to have a different password for the most important logins you have, like email and bank accounts. Why? Because if any of your accounts that use the same password are compromised, all are at risk. There are a number of ways this can happen, and each is quite problematic.

account with the password he discovered, and if the passwords for both accounts are the same, the hacker can successfully take over the email.

Another reason to make sure you don’t reuse the same password across multiple sites is because you don’t know what the website will do with your information. They may immediately encrypt it as they should, never looking at your password, or they may store it in their own personal database and promptly try and log in to your email with it. It may seem like a reputable site, but it is quite possible that it is simply a scam to get your log-in information.

Having a hacked email account is a really bad problem because so many other accounts are usually linked to it. If they hack your email, they can 1) Browse through your email to see what services you use, and 2) reset the passwords on other sites and quickly break into multiple accounts you have. They can read important documents you have, impersonate you, and more. If they have any personally identifiable information, they may be able to correctly answer security questions and get into even more accounts. To prevent this from happening, NEVER use the same password for at least your email and financial accounts. Doing so could have disastrous results. Using two-factor authentication is another way to protect your email account which we will cover later.

Another critical way to keep your online logins secure is to password protect your computer not only on login, but also whenever your computer comes out of sleep or screensaver. This may seem seem like an inconvenience, but can be very worthwhile.

This is clearly important to protect the encryption of any documents and files stored on your computer. If you haven’t specifically enabled encryption, it is nevertheless important to protect the login information for your online accounts. Even if you don’t have

free ebooks ==> www.ebook777.com

Encrypting your login information is good, but the best way to prevent people from

stealing your online passwords is to never store them in your browser. For less important logins, storing them may be fine, but for your most important logins, such as email and bank accounts, I would strongly caution you against storing any important logins in your browser. Yes, it may be encrypted with your login password, but still, for something as important as a bank account, its really not a good idea.

There are a number of more advanced password management tools out there. LastPass is one of the most popular. When you create an account on a new website, it will generate a very secure password for you, and then remember it. You only need to remember your LastPass Password, and LastPass will remember the rest. Furthermore it encrypts your passwords and stores them on their servers so that you can access them from any computer anywhere.

The convenience of such a system is obvious, and there are real security benefits to using it. Because it generates and remembers secure passwords, you will have very strong, unique passwords for all your sites. The problem is, however, all someone has to do to get all your passwords is guess the one you use for LastPass. The fact that all your passwords are stored on a server somewhere is further cause for concern. If one of those servers were compromised, then your data would be at risk. Now I can’t imagine that the

passwords aren’t encrypted like crazy on their servers, so you’d probably be fine using the service. That said, if you do, I’d recommend that you do not have it remember your most important passwords just to be safe.

By generating long, random passwords, and hiding them behind one master password, LastPass attempts to make up for common security issues associated with passwords. Unfortunately, it is still subject to the same weakness that any other password-protected system is — you can lose the password, and all your information is compromised. To combat this weakness, engineers have devised another way to authenticate users. That way even if the password is lost, there is still some protection for the account. This is called two-factor authentication, and is most often accomplished via texting.

password, the site immediately dispatches a text message containing a secret code to your phone. To finish logging in, you must type the secret code into the website. Once logged in, the website may remember the computer or phone you are using so that you don’t have to get any more secret codes via text when logging in from that device.

This method of securing logins is an excellent way to help maintain online security. In order to hack your account, hackers must have access to both your phone and your password. Getting both of those is significantly more difficult than getting just one, and adds in an extra layer of security. If your email provider offers this, I would highly

recommend you take advantage of it. It is a small hassle now, but really could save you in the long run.

F. Wifi Security - How it works (and why you should use a wired connection if you really want security)

Most people use wifi to connect to the internet at home. Unfortunately, wifi is often insecure, and breaking into a wifi network is often relatively easy. Virtually all wifi routers use encryption to protect your information as it is sent through the airwaves.

Anyone within the vicinity of your wifi network can see any and all traffic that goes to and from the wifi hotspot. That is why encryption is used to keep your internet traffic through your wifi secure. Unfortunately, most of the encryption methods used with wifi are

relatively weak.

To have the best chance of securing your wifi network, choose a good, strong password like we have discussed. Seriously, if you don’t your wifi password could be cracked in minutes. For critical locations, choose an even longer, more complex password.

free ebooks ==> www.ebook777.com

WPA2. WPA2 is the most secure algorithm yet, and is the standard for wifi today. You should always use it. That said, if you choose a weak password, it doesn’t matter what security algorithm is being used, your wifi network will still be easy to break into. Choose a good strong password, use WPA2 encryption, and you will have the best chances of staying secure.

If you are using public Wifi, you are probably already familiar with the fact that your internet usage could be tracked by others on the network. You may not know, though, that if the site you are visiting is encrypted (like most email and banking sites), you technically still can browse securely. How? Because the encryption takes place right on your

computer, so any traffic to or from your computer will be protected with strong

encryption. If you are about to complete a multibillion dollar transaction, you still might want to use private Wifi. In fact, you always want to use private Wifi if you can because you never know what security threats may arise. But if you are in a pinch, if your

connection is secured with encryption (as signified by a lock in your browser), you should be fine.

G. Local Backups - Keeping Your Files Safe at Home

You may not have thought about backing up your computer as a security measure, but I assure you it is one of the most important security measures you can take. Losing your data to a computer crash can be catastrophic. Do you backup your data? If you do, how secure are your backups? Think about the CryptoLocker Virus, which encrypted the information on everyone’s computer. Would you be able to get your files back without paying? If you don’t backup your computer, you might try to turn it on tomorrow and realize that you have something just about as bad as CryptoLocker - a dead computer. The fact of the matter is, if you don’t backup your data on a regular basis, you may be in for a very unwelcome surprise.

with backing up their data to their own hard drive. For the most basic backup, you can just plug in a hard drive and copy and paste important files.

If you don’t have many critical files, this way works all right. If you are trying to store more information, or even a backup of your whole computer, it has a few issues. For one, it can be inconvenient to have to manually back up all your files. Second, if you try to backup your whole computer like this at various intervals, you can quickly run out of space on your external hard drive.

Considering that you can buy an external hard drive for less than a hundred dollars today that can backup your entire computer, the simple method of dragging and dropping files from your computer to your backup hard drive works, if you don’t have many files. You can just store a new copy of each file or folder you want to save. If you are trying to backup your whole hard drive, however, you would quickly run out of space if you copied its entire contents to your backup drive every time you made a backup. Furthermore, copying all that information would take a long time. To alleviate this problem, there are a number of backup solutions available that create incremental backups. Incremental

backups store an initial copy of what is on the hard drive, and then only store changes thereafter. Incremental backups are great not only because they save space, but also because they track the history of changes, oftentimes allowing you to recover a file at any given point in time.

If you have a Mac, you have an excellent backup utility built in. Time Machine, as it is called, is a program that works at set intervals to backup all your data to a connected hard drive. It creates an incremental backup of your hard drive, which allows to recreate a virtual snapshot of your computer at each time it has run a backup. This comes in handy even if your hard drive didn’t crash. If you make changes to a file at some point and then want to revert back to an earlier version you had, by using time machine, you can go back and find a copy of the file at a former date.

free ebooks ==> www.ebook777.com

backup your data to it, instead of to a usb-connected hard drive. For $299, you can have a backup solution that serves as a wifi hotspot, and automatically takes care of Time

Machine functionality as well. If you have the money, it is a nifty device, and saves you from the hassle of plugging in an external hard drive. Using Time Machine with a

standard hard drive works just as well, however, and is a good solution if you don’t want to pay.

On Windows, there is no one built-in tool that does all of what Time Machine does. With Windows 8, however, Microsoft has added a new feature that does a good job of backing up files. The program, called File History, can be accessed just by searching for it from the home screen. Once you plug in an external drive and configure it, File History will automatically check every hour to see if your important files have been changed. If they have, it saves a copy to the external device.

File history keeps old backups for some time after a new backup has been stored. This allows you to recover not only the latest copy, but also previous versions you have saved before that. To save space, this backup only saves files from commonly used locations, that is, Libraries, Contacts, Favorites, and your Desktop. The Libraries folder contains your My Documents folder, and most of the other places you will be storing your data.

If you don’t have Windows 8, or you just want to have a more fully featured backup system for your PC, you’ll want to download a separate backup and restore application. One of the best free programs available for this today is Cobian backup. It is not as

polished as some of the paid software, but as far as a free backup program goes, it does the job well. The reason Cobian backup is what we want is because it does everything we need, and for free. Here are the features great backup software needs to have:

1. Incremental Backup - as I said earlier, instead of copying your entire computer’s contents on every backup, an incremental backup system only saves the changes - this drastically reduces the amount of space that a backup takes up.

2. Full System Backup - as we discussed earlier, you don’t want to miss a single file on your backup. If you have limited hard drive space on your backup drive, then of course you won’t be using this, but if you have the free space, then this is an important thing to have.

3. Backup Encryption - you may password protect your computer and encrypt everything on it, but if your backup isn’t encrypted, you are just one forgetful moment away from data theft.

4. Automatic Backup - the program should backup your files automatically on a schedule, or even in real time as you save changes.

Cobian backup takes care of all of these, and so for most people it will work well. You can find it at:

http://www.cobiansoft.com/cobianbackup.htm

free ebooks ==> www.ebook777.com

people, the free version of CrashPlan is a good security option. CrashPlan also has a cloud backup capability, which I will cover in a moment.

One thing to remember though, is this: backup utilities can only make backups when your external hard drive is plugged in. Don’t forget to plug it in!

H. Cloud Backup

Having to remember to plug in your computer can be a pain sometimes. What if you could just back up your computer over the internet, and not have to worry about plugging in a hard drive ever again? That’s where cloud backup companies come into play. They offer cloud based services that usually back up your files in real time. That means that every time you hit save on your computer, your changes are immediately sent to the backup server. The main cons to this type of service are the monthly fees for continuing service, and privacy concerns if your data is not properly encrypted. Prices for online backup have dropped significantly over the past few years, so you can get a good online backup for less than $5 per month, which is absolutely affordable for the value it delivers. As far as privacy concerns go, you need to be careful who you choose.

There are a huge number of companies that sell online backup services. For them, setting up an online backup system is easy! Just hook up a few hard drives to the internet, and boom, they have an online backup! Just kidding. It certainly is not that easy because they have to implement systems that can scale for millions of users, encrypt users’ data, replicate it several times in case one of their servers goes down, make sure that it stays separate from everyone else’s data, and more. Still, it’s a competitive field, and prices are rapidly decreasing.

In the online backup world, there are two different competing models. One isn’t really “backup”. I’m talking about the DropBox model. DropBox is just like a folder that syncs online. You put things in the DropBox folder on your computer or on the DropBox

fooled - it’s not a full backup for your system. Google Drive, and Microsoft OneDrive have currently switched to the same model.

The other model is what we have been talking about - a true system backup. Currently there are a number of providers who do this, all for varying costs. When it comes to deciding whether you should backup to the cloud, and if so, where, there are two of critical things to consider when it comes to security.

1. Encryption method used - most large cloud backup providers encrypt your data in the cloud (remember, encryption means scrambling your data using a special formula and a password). Without at least some encryption, they would have trouble getting business, and may even have legal trouble. Just because your data is encrypted, however, doesn’t mean it is secure. If the company has the password to decrypt your backup, someone could steal that key and access your files. If a rotten employee gets a hold of that information, he could sneakily use it to view your files. If the US Government decides that they want to look at your files, they can force the storage company to reveal your information, all without telling you. If hackers break into the system and steal the keys, your data could be compromised. The bottom line is, if the backup storage provider has your encryption password, your backup is not completely secure. Some backup solutions keep the encryption key stored on your computer so that no one can access your data. For greatest security, you should use a service like this. On the other hand, this also prevents the use of a password reset mechanism, so if you use a backup like this, be sure to store your encrypted password in a different place NOT on your computer. After all, if your computer crashes, you won’t be able to get the key if the only place you have it stored is your computer.

free ebooks ==> www.ebook777.com

They offer 5gb of free online backup. While not much, that may be enough to store your most important documents in the cloud. Unlike Google Drive, and Dropbox, iDrive actually backs up folders on your computer, instead of just enabling you to access one folder connected to the cloud.

If you are willing to pay a little more for online backup security, CrashPlan’s online

backup service may be for you. At a cost of just about $5 per month, it’s about the lowest price you can get today. As far as privacy is concerned, you can set it so that your private encryption key is always secured by your password. Currently, that doesn’t seem to be the default configuration, so it looks like you may need to go into the settings to make sure it is that way. The system is set up so that it actually has two passwords for your data. One is the password you make, and the second is a “key”. The key is a 56 character long string of letters that is a super-secure password they generate for you. If you want maximum security, you can generate this on your computer, and never upload it. This is the most secure option for keeping anyone and everyone out of your account. At the time of this writing, they offer an individual plan for just $3.96 per month, making it one of the most cost-effective options. When combined with its ability to store local backups, I can

confidently recommend it as one of the best back backup utilities available. You can find it here:

===========CrashPlan LINK===========

Please be aware that services like Google Drive and Microsoft OneDrive simply are not as secure as because the government can require them to release your files without telling you. These companies often publish transparency reports that indicate that the US Government is pretty active in demanding to see people’s information. If that is

Section 2. Types of Malware - The Ingenious Ways Hackers Can Ruin Your Computer

Here I’ll present to you several different types of malware, and more importantly, how to avoid getting them in your system. As the name suggests, malware is a general name for malicious software - programs that try to steal your data, track your activity, damage your files, or perform other unwanted activities. Malware is created by programmers, called hackers, who unfortunately do not use their skill for good. This is a critical section to read, so don’t skip it unless you really have an understanding of how to defend against these types of attacks. Even if you do know about these viruses, its still worth reading, as I’ll relate some stories about security attacks that may give you deeper understanding of what we are facing.

A. Trojan Horses

A Trojan Horse attack is the name given for any malicious program that is initially

disguised as a legitimate program. The name is a reference to the story of the Greek siege of Troy. Just like the Greeks were able to convince the Trojans to bring them into their city, a Trojan Horse piece of malware tries to gain access to your computer by pretending it is something you want. Instead of trying to break through all the security features on your computer that prevent unauthorized access, Trojan Horse attacks attempt to trick you into authorizing them to run on your computer. They pose as beneficial programs that you want on your computer so that you will run them. Once you give them full access to your computer, they can work nearly limitless harm. They can take over your system, inject many malicious files, and even paralyze it. Here’s an example of a Trojan horse that cost the world a whole lot of money. It’s called CryptoLocker.

free ebooks ==> www.ebook777.com

user’s computer, making it impossible to retrieve without the right key. The program would then send the key back to the hackers who would hold it for ransom, usually for something between $200 and $700.

As you can imagine, this would be a terrible virus to get, especially if you didn’t backup your computer. I use my computer pretty much all day, every day, so if I got this virus, it could devastate my work. Fortunately I keep my work backed up on a regular basis, but if I didn’t the results would be disastrous. And how could I get this virus? Just by carelessly opening an attachment from an email that looks like it was sent from UPS or Fedex.

Should it be that way? No - you shouldn’t be able to get malware through opening a PDF, or a Microsoft Word document. Unfortunately the creators of pdf reading software

oftentimes leave security holes in their software that hackers can exploit. PDF readers are notorious for weaknesses that allow malware in, and you need to be able to protect

yourself.

Adobe Reader is the most common PDF reader, and as a result bears the brunt of most attacks. Hackers usually concentrate their attacks on the most popular programs because they have the most potential victims. Hacks often come through exploiting a weakness in a particular piece of software, and thus for hackers, time is most efficiently spent developing viruses for the most common software. Furthermore, Adobe Reader is the standard program for reading PDFs, and that means that the non-tech savvy people are most likely to use it, further increasing the chances that their malware will successfully infiltrate their victims’ computers.

One way to help minimize the probability of succumbing to such an attack is to keep Adobe Reader updated. Usually Adobe publishes a security fix for their software as soon as they find one. Another, better way, is to avoid using Adobe Reader altogether. Because of its popularity, it will always be the focus of hacking attempts, and thus is always a risk. You could download another reader, but in my opinion, the best way is to use the PDF reader built into Google Chrome.

specifically built with security in mind. It makes use of a security design pattern called “Sandboxing”, which basically means that it isolates the PDF and everything related to it from the rest of your system. Sandboxing, in addition to the fact that it is less commonly used than Adobe Reader makes it a wise choice to use. You can set it to be the default reader for all your PDFs as an additional security measure. To do this in Windows, right click on any PDF, move your mouse to “Open With” in the context menu that pops up, then choose Google Chrome. For more detailed information, here is a link to a paper describing the security features in Chromium, the development name of Google Chrome:

http://seclab.stanford.edu/websec/chromium/chromium-security-architecture.pdf

The other main way to avoid becoming a victim of a PDF-borne attack is by following this simple rule: Don’t open any attachment unless you are sure you know where it is from. If you get an email you are not expecting , from someone you don’t know that has an

attachment, you should assume its a virus and immediately delete it. Do NOT even think about downloading the attachment. In fact, you should not even open up the email,

because they may still find a way to exploit your browser when you look at it. In the case of an email that seems like it is from someone or an organization that you trust, how could you know that this was a faked email?

First, is there a good reason for the email? Did you recently send a package? Second, why does it have an attachment. Think about emails you have gotten from UPS or Fedex. How often do they ask you to download an attachment? Why would they want you to download one? They generally only have a few things they say - “Your package was delivered”, “Your package was not delivered because…”, or some other basic message. What reason would they have for you to need to download a pdf? The answer is they usually don’t. If they do need to send you so much information that it needs to be

contained in an attachment, you probably will have specifically requested it from them. If you didn’t request extra information, that’s a pretty good clue that you are looking at a faked email.

free ebooks ==> www.ebook777.com

computer. Just like Adobe Reader is a common piece of software, Microsoft Word is installed on a huge number of PCs across the globe. Because Word is such an extensively used program, it is difficult to ensure that there are no security vulnerabilities. Recent versions of Word have stepped-up security measures with documents downloaded from the internet, but they are still a vulnerability. You should be careful when opening .doc files, just like with PDFs. Additionally, since most informative documents are transmitted via PDF, you should be very suspicious of a Word Document file from any location you don’t expect. Don’t open the email, and don’t even think about downloading the

attachment.

There are many other file types that can be sent across the internet, but few are so

common as the PDF. Occasionally you may get a picture, a video or even an executable file that contains a virus. Executable files on Windows have a .exe extension, and are the most deadly type of attachment you can run. Unlike PDFs, executable files are actual programs like the ones you install on your computer, so they can do far more than just exploit the weakness in another program on your system. Once you run an executable file, the attacker immediately has access to your system. Never run such a file. Even a

seemingly harmless picture can be malware in disguise. Really, to avoid a hack you must be suspicious of any and all attachments that come from unexpected sources, now matter how innocent they look.

In sum, attachments are one of the most effective ways for hackers to gain access to your computer, because they look like things you want. But the reality is, they can be

dangerous Trojan Horses, one of the most effective forms of malware, and they can wreak havoc on your computer. If you are not expecting an attachment, don’t open it, no matter who it is from. Even if it is from one of your friends, if you are not expecting it, be

careful. A hacker may have hijacked your friend’s email account, and now is using it to send malware-filled emails to everyone in your friend’s contact list. These threats are real, and people’s computers frequently are compromised through these means. One of my own relatives’ email got hacked. Fortunately, the only thing the hacker used it for was sending out advertisements and spam. They could have used it to send out malware filled attachments. The account had a weak password that was easy to crack, so after I

We’ve been over how email attachments can be malware in disguise. Another common Trojan type is malware that poses as valuable software. We all need new software on our computers at times, and the internet is often the first place we look. Many times the programs we find on the internet are made by honest people and help us. Sometimes, however, they are just made by crooks.

Let’s say for example that you want to take a recording of your screen while you do something to post on Youtube. So you search Google and find a program that says it will record your screen for free. Cool, free software! So you download and install it, but when you try to run it, it says “There was an error starting the program.” Whoops, the software didn’t work as you hoped it would, but not to be deterred, you go back on the internet, find another program to do the same thing, install the new one, find it works, and record your video.

Next time you open your browser, however, you are greeted by an unexpected surprise. You first see an unfamiliar page called tuvaro.com. There’s an annoying video ad on the page. Weird, you think, but you continue browsing the internet as normal. The next time you open up your browser, you find that your browser opens up to the same Tuvaro page. This happens a few more times, so you figure your home page has been changed. You change it back to what it was before, confident that you have now fixed the problem.

To your surpise, however, after restarting your computer, tuvaro.com once again shows up as your homepage. You open up a different browser, and, unbelievably, your homepage in that browser is tuvaro.com too. You sit back and wonder what’s happened. You think about how it got there. If you don’t know about security, you either live with it or pay someone $100 or more to fix it. Or, if you have read this book, you think back and remember that you downloaded a screen capture program recently. Hmmm. Maybe that program that said it didn’t work actually did work. Only, instead of working as you expected, it worked against you, installing the tuvaro.com malware. You realize that the program you thought was going to help you record your screen actually contained

free ebooks ==> www.ebook777.com

been much worse.

This tuvaro.com attack I have described is another standard Trojan. As far as I know, it doesn’t do more than just continually set your homepage to tuvaro.com. The method it uses to attack, however, is common to much more dangerous programs. Users think they are downloading one program, but in reality, they are just downloading a virus.

To avoid this kind of attack, you must be very careful what programs you download from the internet, and where you download them from. This kind of attack can be even worse than one that comes through an attachment. Usually attachments work by exploiting security holes in Adobe Reader, Microsoft Word, or other similar programs. Companies like Microsoft and Adobe patch these holes as soon as they find them, so if you keep your software up to date, you may be able to avoid infection. If you download a program that is actually malware and run it, however, you are almost sure to damage your computer with the malware. Once it’s on the computer, you’ll be stuck with it until you can somehow manage to detect and remove it.

So what can you do to make sure you are not downloading a Trojan? Well, if you have a Mac, using the Mac App Store is a good idea. Apple monitors the software in the Mac App store pretty well, so its much less likely that you will install malware if its from the Mac App store.

If you are on a Windows 8 computer, there is an app store that you can use to download apps. The Windows 8 store is less useful than the Mac App store because it still hasn’t really caught on with the majority of Windows developers. As a result, many programs simply aren’t available in the Windows Store.

One valuable way to help ensure you get legitimate software is to always download it from the software’s official website. If you are downloading it from the official website, you’ll be getting it just how its creators want to give it to you. If they are honest

not someone has tampered with the file. They could have downloaded the original piece of software, added in some malicious code, and then uploaded it to a new website. If you go to that third party website and download the software, you’ll get the original software plus some malware. If it’s a reputable program that you downloaded, you’ll be left wondering how in the world you got some malware just by downloading a legitimate program. If you make sure to download software only from the official site, you can help avoid getting malware on your system.

Part of this includes a simple rule: never download pirated software. In addition to being illegal, pirated software is notorious for being laden with malware. The people who crack through security features intended to prevent unauthorized use of programs obviously don’t care about laws or treating people how they should. They are happy to steal from the creators of the software, and likely are just as happy to steal your information. If they don’t respect the creators of software they obviously like, why would they respect you? The reality is, they put those programs online as bait to get you to download their

malware. Pirated software is another extremely common Trojan, and one you should steer clear of. You’re better off obeying the law here not only because it is the right thing to do, but also because you are putting your system at serious risk when downloading pirated software.

Once you get a Trojan, you need an anti-malware program to get it off. You’ll have to get one of them, and run it to remove the threat. Later on in this book I’ll go over the best antivirus programs and why. Many of them offer real-time protection so they can prevent the malware from being installed in the first place. For now I’ll continue with covering the major categories of Malware.

free ebooks ==> www.ebook777.com

from the official site if possible. Do these things, and you’ll be well protected from some of the worst online threats.

B. Virus

A virus is a type of malware that makes its way into your system by exploiting weaknesses in other programs, and often proceeds to self-replicating. Once it infects a computer, it then uses that computer as a base of operations for infecting other computers. Computer viruses are so common that people sometimes mistakenly use the word virus instead of the more accurate term malware. Real viruses, once they infect human cells, hijack the DNA replication process within a cell and actually use the cell’s reproductive functions to

generate more copies of the virus. In the same way, computer viruses, once they get ahold of your computer, turn and use it to distribute more malware to others. Computer viruses are so common that most people call any form of malware a virus, even though that is not technically the right name for it.

As for how they spread, many viruses are initially transmitted as Trojans. But they can do far worse than just infect your computer. They can gather any contacts you have on your computer and email them with infected attachments. If they can manage to hijack your email because you have it stored in a desktop email program, they can even send infected email attachments out to impersonate you. These kind of emails are especially

problematic because people trust them more since they are coming from your email account.

Viruses can also embed themselves in removable media. If you get a virus on your computer and attach a flash drive to load up a file for work, the virus can sometimes automatically embed itself into the flash drive. When you plug it in at work, the virus will try to transfer itself to your work computer.