P r i v a c y   a n d   S e c u r i t y  

CPT 105 · Franklin College · Erich Prisner · 2002-2007

avoid data loss


If hardware gets destroyed by fire, theft (500000 notebooks are stolen each year!), (electro)magnetic fields, or simply if the hard disk crashes, then data is usually lost as well. Companies should have a disaster recovery plan for such cases. Use a surge protector (against electrical problems), and use cable locks and passwords for your notebook.


You may involuntarily erase some documents, but then you can retrieve them from the recycle bin. Overwriting files is worse.


is usually only necessary for your data and your settings, not for your programs. (This is one of the reasons why you should keep your data and your programs apart on the hard disk). You should backup your data regularly and systematically!

fulleverything together, easy to findexpensive (time and storage)
incremential: Save only the recently changed filesless time and storage neededmore time necessary to restore a file
differential: Save only files that have been changed since last full backup.betweenbetween

In Windows, use Start-Programs-Accessories-System Tools-Backup.



How to avoid other people seeing or accessing your personal data:


How to convince a computer who you are:

Passwords or identification numbers

If the login to some system depends on a password, it may not be too safe. There are only 26^6=308,915,776 possible 6-character passwords if you use only characters, no numbers or special symbols. That's possible to crack for a computer. Therefore passwords are safer if the system realizes when several unsuccessful attempts are made and responds accordingly. For credit card passnumbers, AT machines have this property.

Possessed objects

Biometric devices

like fingerprints.

Callback Systems

you dial in, then the system calls you back.


SSL (Secure Socket Layer)

The protocol is https
1) Browser (client) asks the certification house(?)
whether the server certificate is (still) valid
2) Both computers agree on a symmetric key (using asymmetric encryption)
3) Browser sends some test messages at the beginning

The aims are:

TLS (Transport Layer Security)

Maybe the successor of SSL. It is based on Triple DES (improved DES, with 112 bit key).


is more secure than SSL, and is used for online banking.


Are small files that your browser creates when you are online. When you visit some site again, the server may ask about cookies and use that information to get your preferences. They have usually a limited life time, are not programs, and are therefore not a security risk. Doesn't seem to be much of a problem to me, see the Internet page, but you can avoid them (browser setting).

Viruses and Worms

A worm is a small program (often an email attachment) that moves over networks from computer to computer by automatically sending emails containing the worm to other people. Worms don't infect other programs. An example was "Nimda" (September 2001).

A virus is not a separate program but rather a program part included (appended at the end) in some other program. At the beginning there is a pointer to the virus appendix. If the infected program is running, it is loaded into memory. The virus remains in memory until you shut down your computer and may infect any other program that you run after. And so on. Viruses spread over networks or by means of diskettes. 

A macro virus uses macro programming languages (for instance of Microsoft Word, Excel, ...). These viruses may even be transmitted by documents, since the macro definitions are written on the documents too.

You may get a virus by

A trojan horse is a seemingly useful program containing another (hidden) one that looks for and sends passwords and other data, or may start a DoS (denial of service) attack. They don't reproduce themselves. It's important to have extensions unhidden to realize what you are opening in advance.

A hoax is a email chain letter, warning of some nonexisting virus. Here is a list of hoaxes.

Antivirus software is supposed to detect and destroy viruses. But you have to update this software regularly.

Firewalls are also important.


Virus Chronolgy

Spam or Junk email

You may use filter software, or you may maintain two email accounts, one only for your friends and serious connection, and one that you give whenever required.

Recovery Plans

In companies, you need recovery plans, and you should store them at different locations outside of the IT area. According to a survey of the PR firm Stautner&Stautner, the most common reasons (in Austrian companies) for IT problems were