Module I

COMPUTER ETHICS

Ethics is the field of study that is concerned with questions of value, i.e., judgments about what
human behavior is "good" or "bad" in any given situation. Ethics are the standards, values, morals,
principles, etc., which are used to base one's decisions or actions on; often there is no clear "right" or
"wrong" answer.
For example, how would you decide which person should live or die?

Computer Ethics

Ethical judgments are no different in the area of computing from those in any other as computers
raise problems of privacy, ownership, theft and power, to name but a few examples.

Computer Ethics is a branch of practical philosophy which deals with how computing
professionals should make decisions regarding professional and social conduct. Basically computer
ethics is knowing the difference between ethical and unethical. For example, while it is easy to duplicate
copyrighted electronic (or digital) content, computer ethics would suggest that it is wrong to do so without
the author's approval. And while it may be possible to access someone's personal information on a
computer system, computer ethics would advise that such an action is unethical.

There are three major areas which come under the umbrella of computer ethics:

 Intellectual property
 Internet Etiquette or “netiquette”
 Day-to-day Ethics

1. Intellectual Property

Intellectual property refers to creations of the intellect: inventions, literary and artistic works,
symbols, names, images, and designs used in commerce are part of it. It is usually divided into
two branches, namely industrial property which broadly speaking protects inventions and
copyright, which protects literary and artistic works.

1.1 Categories of Intellectual property

• Industrial property, which includes inventions (patents), trademarks, industrial designs,

commercial names, designations and geographic indications (location specific brands) etc.
• Copyright, which includes literary and artistic works such as novels, poems and plays, films,
musical works, artistic works such as drawings, paintings, photographs, sculptures, and
architectural designs.
 Page 1

Copyright

In most European languages other than English, copyright is known as author’s right. The World
Intellectual Property Organization (WIPO) has established similar guidelines in its Copyright Law.
It is also generally agreed that the owner of the copyright (and only the owner!) is authorized to do
the following with the work:

 reproduce it
 prepare derivative works based upon it
 distribute copies of it to the public
 perform the work publicly (if applicable)
 display the work publicly

Copyright laws protect intellectual property which includes literary and artistic works such as novels,
poems and plays, films, musical works, artistic works such as drawings, paintings, photographs and
sculptures, and architectural designs. But unlike protection of inventions, copyright law protects
only the form of expressions of ideas, not the ideas themselves. Remember that a created work is
considered protected as soon as it exists, and a public register of copyright protected work is not
necessary.

For works made available over a communications network (such as the Internet), the copyright protects
original authorship. However, according to the Copyright Law, it does not protect ideas, procedures,
systems, or methods of operation. This means that once such an online work has been made public,
nothing in the copyright laws prevents others from developing another work based on similar
principles, or ideas.

1.1.1 Internet etiquette or “netiquette”

Internet etiquette or “netiquette” is the code of acceptable behaviors users should follow while on the
Internet. It is the conduct expected of individuals while online. It includes rules for all aspects of
the Internet including the World Wide Web, e-mail, instant messaging, chat rooms, FTP, and
newsgroups and message boards.

Here are some of the rules of netiquette:

1. Real people exist behind the computers

• You are dealing with people, not machines. So think twice before you click on
Send button in the mail/chat window
• You are not the only one using the network
• Keep these other people in mind when you say something on a network.

2. Protect your privacy

• Just as you would in the real world, be aware of risks, fraud and false information
which exist on the Internet. Use common sense when deciding whether
 Page 2

information is valid. Don’t trusts or spread further any information about which
you are in doubt. Always try to obtain reliable information.
• Protect your personal information to keep someone from using it in an unethical
way. (For example, when you enter a prize contest, your name, address, and phone
number may be given to a dealer of personal information.)

3. Avoid Spamming
• Spamming is sending unsolicited bulk and/or commercial messages over the
Internet.
• Spamming is morally bad if it is intended to destroy and done by infringing on the
right of privacy of others.
• It could be good if the message sent benefits the recipients, like giving out
warnings or useful information to others.

4. Help make the network better

The existence of the information society is based on give and take. Making a
contribution is an essential part of being a good network user. For example, if you
make a request and find the information you receive helpful, write a summary and
report what you learned, publish it on the Net or give links to others.

For detailed information, you can refer to a book entitled “Netiquette” by Virginia
Shea. An excerpt from this book called The Core Rules of Netiquette is available
online. [http://www.albion.com/netiquette/]

1.1.2 Day-to-day ethics

All of us might have known these ethics already, because these are just modified forms of ethics told
to us by our grandparents/parents, like don’t open letters of others, don’t copy the home-work from
others, don’t listen to any conversation secretly etc.

1.1.2.1 Software Piracy

Software piracy is morally bad when someone reproduces a copy of the software and sells it for
profit, produces exactly the same or similar version without giving proper credit to the original author,
or simply produces it and distributes it to others.

It is not immoral to copy the software if someone who has a licensed copy of the software and simply
makes a backup copy of the original. One back-up copy of the commercial software can be made, but
the back-up copy cannot be used except when the original package fails or is destroyed.

1.1.2.2 Creation of computer viruses

Creation of computer viruses is morally bad when it is intended for malicious purposes like to steal
information or destroying of data. However, it could also be used like a vaccine – poison to kill another
poison – to cure or prevent a potentially destructive system from wreaking havoc in the network. The
 Page 3

way some worms and viruses work could be used to gather information that could help protect the
majority of computer users.

1.1.2.3 Plagiarism

Plagiarism is copying someone else's work and then passing it off as one's own. It is morally bad
because it is an act of stealing. Copying programs written by other programmers and claiming it as your
own could be an act of plagiarism. It involves lying, cheating, theft, and dishonesty.

Module II
COMPUTER SECURITY RISKS

Today, people depend on computers to create, store, and manage critical information. Thus, it is
crucial that users take measures to protect their computers and data from loss, damage, and misuse. A
computer security risk is any event or action that could cause a loss or damage to computer hardware,
software, data, information or processing capability. While some breaches to computer security are
accidental, any are intentional. Some intruders do not damage; they merely access data, information or
programs on the computer. Other intruders indicate some evidence of their presence either by leaving a
message or by deliberately doing actions against the law.

2.1. Computer and Cyber Crimes

Any illegal act involving a computer generally is referred to as computer crime. On the other
hand, the term cybercrime refers to online or Internet-based illegal acts. Today, cybercrime is one of the
priorities of both the national and international government to prevent widespread. Some of the
perpetrators of such crime fall into the seven basic categories namely:

A. Hacker. “Hacking” means illegally accessing other people's computer systems for
destroying, disrupting or carrying out illegal activities on the network or computer systems. It is
morally bad if it is intended to steal private information or destroy a computer system. Otherwise,
it may strengthen it. A Hacker may refer to a person who:

o who accesses a computer system by circumventing its security system

o who makes innovative customizations or combinations of retail electronic and
computer equipment
o who combines excellence, playfulness, cleverness and exploration in performed
activities

B. Cracker. A cracker is someone who accesses a computer or network illegally but has
the intent of destroying data, stealing information, or other malicious action

C. Script kiddie. A script kiddie has the same intention as the cracker and hacker but
does not have technical skills and knowledge. They often use prewritten hacking and
cracking programs to break into computers.
 Page 4

D. Corporate spy. Corporate spies are hired to break into specific computer and steal its propriety data
and information. Unscrupulous companies hire corporate spies, a practice known as corporate
espionage, to gain a competitive advantage.

E. Unethical employee. Unethical employees break into their employer’s computers for a variety of
reasons:

1. Exploit a security weakness

2. Seek financial gains from selling confidential information
3. revenge

F. Cyber extortionist. A cyber extortionist is someone who uses e-mail as a vehicle for
extortion

G. Cyber terrorist. A cyber terrorist is someone who uses the Internet or network to destroy
or damage computers for political reasons. It might target the nation’s air traffic control system or a
telecommunications infrastructure

2.2. Internet and Network attacks

Information transmitted over networks has a higher degree of security risk than information kept
on an organization’s premises. In an organization, network administrators usually take measures to
protect a network from security risks. On the Internet, where no central administrator is present, the
security risk is greater.
Internet and network attacks that jeopardize security include malicious software’s (malwares),
botnets, denial of service attacks, backdoors and spoofing. The following sections address these
computer security risks and suggest measures organizations and individuals can take to protect their
computers while on the Internet or connected to a network.
2.2.1 Malwares
Computer Malwares are programs that perform specific operations without a user’s
knowledge and deliberately alter the computer’s operations. This utilizes common communication
tools to spread from one computer to another. Malware will also seek to exploit existing
vulnerabilities on systems making their entry quiet and easy.

Malware Classification

• The general term computer virus usually covers programs that modify how a computer
works (including damaging the computer) and can self-replicate. A true computer
virus requires a host program to run properly.
• A worm, on the other hand, doesn't require a host program. It's an application that can
replicate itself and send itself through computer networks.
 Page 5

• Trojan horses are programs that claim to do one thing but really do another. Some
might damage a victim's hard drive. Others can create a backdoor, allowing a remote
user to access the victim's computer system.
• Rootkit is a program that hides in a computer and allows someone from a remote
location to take full control of the computer

2.2.1.1 Computer Virus

Computer viruses can be a nightmare. Some can wipe out the information on a hard
drive, tie up traffic on a computer network for hours, turn an innocent machine into a
zombie and replicate and send themselves to other computers. If you've never had a
machine fall victim to a computer virus, you may wonder what the fuss is about. But the
concern is understandable -- according to Consumer Reports, computer viruses helped
contribute to $8.5 billion in consumer losses in 2008 [source: MarketWatch]. Computer
viruses are just one kind of online threat, but they're arguably the best known of the bunch.
Computer viruses have been around for many years. In fact, in 1949, a scientist named
John von Neumann theorized that a self-replicated program was possible [source: Krebs].
The computer industry wasn't even a decade old, and already someone had figured out
how to throw a monkey wrench into the figurative gears. But it took a few decades before
programmers known as hackers began to build computer viruses.
While some pranksters created virus-like programs for large computer systems, it was
really the introduction of the personal computer that brought computer viruses to the
public's attention. A doctoral student named Fred Cohen was the first to describe self-
replicating programs designed to modify computers as viruses. The name has stuck ever
since.

In the good old days (i.e., the early 1980s), viruses depended on humans to do the hard work of
spreading the virus to other computers. A hacker would save the virus to disks and then distribute the
disks to other people. It wasn't until modems became common that virus transmission became a real
problem. Today when we think of a computer virus, we usually imagine something that transmits itself
via the Internet. It might infect computers through e-mail messages or corrupted Web links. Programs
like these can spread much faster than the earliest computer viruses.

2.2.1.2 Computer Worm

Aside from computer viruses, computer worm can be your PC’s demon. It uses up your computer’s
processing time and network bandwidth when they replicate and often times they carry loads that do
considerable damage to your system. Experts predicted that as worm (specifically the worm called Code
Red) could clog the Internet so effectively that things would completely grind to a halt.
Worms are often confused with computer viruses; the difference lies in how they spread. Computer
worms self-replicate and spread across networks, exploiting vulnerabilities, automatically; that is, they
don’t need a cybercriminal’s guidance, nor do they need to latch onto another computer program. As
such, computer worms pose a significant threat due to the sheer potential of damage they might cause.
A particularly notorious incident occurred in 1988. A computer worm since named the Morris worm
 Page 6

caused hundreds of thousands, if not millions, of dollars in damage, and its creator was convicted under
the Computer Fraud and Abuse Act.

Different types of Computer Worms.

1.Email Worms – the spreading goes via infected email messages. Any form of attachment or link
in an email may contain a link to an infected website. In the first case activation starts when the user
clicks on the attachment while in the second case the activation starts when clicking the link in the email.
2.Instant Messaging Worms - the spreading used is via instant messaging applications by sending
links to infected websites to everyone on the local contact list. The only difference between these and
email worms are the way chosen to send the links.
3.Internet Worms - these ones will scan all available network resources using local operating system
services and/or scan the Internet for vulnerable machines. Attempt will be made to connect to these
machines and gain full access to them.
4. IRC Worms - chat channels are the main target and the same infection/spreading method is used
as above - sending infected files or links to infected websites. Infected file sending is less effective
as the recipient needs to confirm receipt, save the file and open it before infection will take place.
5. File-sharing Networks Worms – this copies itself into a shared folder, most likely located on the
local machine. The worm will place a copy of itself in a shared folder under a harmless name. Now
the worm is ready for download via the P2P network and spreading of the infected file will
continue.

2.2.1.3 Trojan Horse

You've probably heard of the Trojan horse from Greek mythology, chances are you've
also heard of Trojan horses in reference to computers. Trojan horses are common but
dangerous programs that hide within other seemingly harmless programs. They work the
same way the ancient Trojan horse did: Once they're installed, the program will infect
other files throughout your system and potentially wreak havoc on your computer. They
can even send important information from your computer over the Internet to the
developer of the virus. The developer can then essentially control your computer, slowing
your system's activity or causing your machine to crash.
Though they're not actually viruses, they're referred to as "Trojan horse viruses,"
"Trojan viruses," "Trojan horses" or just plain "Trojans." Regardless of what people call
them, they all mean same thing. But what happened? How did you let this Trojan horse
into your computer in the first place? And what can you do stop one from getting in?

A computer infected by malware may have any of these following symptoms:

1. Operating system runs much slower than usual

2. Available memory is less than expected
3. Files become corrupted
4. Screen displays unusual message or image
5. Unknown programs or files mysteriously appear
6. Music or unusual sounds plays randomly
7. Existing programs and files disappear
8. Programs or files do not work properly
 Page 7

9. System properties change

10. Operating system does not start up
11. Operating system shuts down unexpectedly

Currently, more than 300,000 Websites can infect your computer with known malicious
software. These programs infect computers in a variety of ways: when a user (1) opens an infected
file, (2) runs an infected program, (3) boots the computer with infected removable media inserted
in a drive or plugged in a port, (4) connects an unprotected computer to a network, or (5) when a
certain condition or event occurs, such as the computer’s clock changing to a specific date, and
(5) opens an infected e-mail attachments.

The list below summarizes important tips for protecting your computer from malicious
software:

1. Never start a computer with removable media inserted in the drives or plugged in ports,
unless the media are uninfected
2. Never open an e-mail attachment unless you are expecting it and it is from a trusted
source
3. Set the macro security in programs so that you can enable or disable macros. Enable
macros only if the document is from a trusted source and you are expecting it.
4. Install an antivirus program on all of your computers. Update the software and virus
signature files regularly
5. Scan all downloaded programs for malware
6. If the antivirus program flags an e-mail attachment as infected, delete or quarantine the
attachment immediately.
7. Before using any removable media, scan the media for malware. Follow this procedure
even for shrink wrapped software from major developers.
8. Install a personal firewall program.
9. Stay inform about new virus alerts and virus hoaxes

2.2.2 Botnets
A botnet is a group of compromised computers connected to a network such as the Internet that
are used as part of a network that attacks other networks, usually for nefarious purposes. A compromised
computer known as a zombie, is one whose owner is unaware the computer is being controlled remotely
by an outsider. Cybercriminals use botnets to send spam via e-mail, spread viruses and other malware, or
commit a denial of service attack

2.2.3 Denial of service attacks

In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from
accessing information or services. By targeting your computer and its network connection, or the
computers and network of the sites you are trying to use, an attacker may be able to prevent you
 Page 8

from accessing email, websites, online accounts (banking, etc.), or other services that rely on the
affected computer.
The most common and obvious type of DoS attack occurs when an attacker "floods" a
network with information. When you type a URL for a particular website into your browser, you
are sending a request to that site's computer server to view the page. The server can only process
a certain number of requests at once, so if an attacker overloads the server with requests, it can't
process your request. This is a "denial of service" because you can't access that site.
An attacker can use spam email messages to launch a similar attack on your email account.
Whether you have an email account supplied by your employer or one available through a free
service such as Yahoo or Hotmail, you are assigned a specific quota, which limits the amount of
data you can have in your account at any given time. By sending many, or large, email messages
to the account, an attacker can consume your quota, preventing you from receiving legitimate
messages.
Not all disruptions to service are the result of a denial-of-service attack. There may be
technical problems with a particular network, or system administrators may be performing
maintenance. However, the following symptoms could indicate a DoS or DDoS attack:
• unusually slow network performance (opening files or accessing websites)
• unavailability of a particular website
• inability to access any website
• dramatic increase in the amount of spam you receive in your account

2.2.4 Backdoors
A backdoor is a program or a set of instructions in a program that allow users to bypass security
controls when accessing a program, computer, or network. Once perpetrators gain access to unsecure
computers, they often install a backdoor or modify an existing program to include a back door, which
allows them to continue to access the computer remotely without the user’s knowledge
2.2.5 Spoofing
Spoofing is a technique intruders use to make their networks or Internet transmission appear
legitimate to victim computer or a network.
2 types of Spoofing
1. E-mail spoofing – occurs when the sender’s address or other components of the e-
mail header are altered so that it appears the e-mail originated from a different
sender. It is commonly used for virus hoaxes, spam and phishing scams.
2. IP spoofing – occurs when an intruder computer fools a network into believing its
IP address is associated with a trusted source. Its perpetrators trick their victims
into interacting with a phony Web site
In order to safeguard against these attacks, the following are recommended:
1. Implement firewall solutions
2. Install intrusion detection software
 Page 9

2.3. Unauthorized access and use

Unauthorized access is the use of a computer or network without permission. Unauthorized use
is the use of a computer or its data for unapproved or possibly illegal activities. In order to minimize the
chance of unauthorized access and use, many organizations use access controls. An access control is a
security measure that defines who can access a computer, when they can access it, and what actions they
can take while accessing the computer.

Many systems implement access controls using a two-phase process called identification and
authentication. Identification verifies that an individual is a valid user. Authentication verifies that the
individual is the person he/she claims to be.
Three (3) methods of Identification and Authentication
1. Usernames and passwords
2. Possessed objects. A possessed object is any item that you must carry to gain access to a
computer or a computer facility.
3. Biometric devices. A biometric device authenticates a person’s identity by translating
personal characteristics such as a finger print, into a digital code that is compared with a digital
code stored in the computer verifying physical or behavioral characteristics.

2.4 Hardware theft and Vandalism

Hardware theft is the act of stealing computer equipment’s while Hardware vandalism is the
act of defacing or destroying computer equipment
2.5 Software theft
Software theft occurs when someone steals software media, intentionally erases programs,
illegally copies a program, and/or illegally registers or activates a program
Forms of software theft:
1. Physically stealing the media that contain the software or the hardware that contains the media
2. Software piracy
To protect from software piracy, software manufacturers issue users license agreement. A license
agreement is the right to use the software. It provides specific conditions for use of the software which
a user must accept before using the software. The most common type of license included with software
purchased by individual users is a single user license agreement also called an end-user license
agreement (EULA). According to the EULA:
Users are permitted to:
1. Install the software on only one computer
2. Make one copy of the software as a backup
3. Give or sell the software to another individual, but only if the software is removed from
the user’s computer first
 Page 10

Users are not permitted to:

1. Install the software on a network
2. Give copies to friends and colleagues while continuously using the software
3. Export the software
4. Rent or lease the software
2.6 Information theft
Information theft occurs when someone steals personal or confidential information. Some
companies attempt to prevent information theft by implementing the user identification and
authentication controls. Other companies use a variety of encryption techniques

2.7 System failure

System failure is the prolonged malfunction of a computer. It may result to loss of hardware,
software, data and information. Some of the common causes of System failure include:
1. Aging hardware
2. Natural disasters such as fire, floods, and lighting strikes
3. Random events such as electrical power problems
4. Errors in computer programs
To protect against electrical power variations, use a surge protector which uses a special electrical
components to provide a stable current flow to the computer and other electrical equipment

The following are Top 10 of the worst computer viruses to cripple a computer system:

1. Melissa
Created by David L. Smith in 1999, Melissa is a macro virus. It tempts recipients to open an infected
document through an e-mail message “Here is that document you asked for, don’t show it to anybody
else”. The virus replicates through the recipient’s address book.
2. I LOVE YOU
Believed to have originated in the Philippines by the author named Onel de Guzman, this malware
comes in the form of a worm, a stand-alone program which is capable of replicating itself. It travels
through the Internet via an attachment in an e-mail message with a subject Love Letter
3. The Klez Virus
The basic Klez worm infected a victim's computer through an e-mail message, replicated itself and
then sent itself to people in the victim's address book. Some variations of the Klez virus carried other
harmful programs that could render a victim's computer inoperable. Depending on the version, the Klez
virus could act like a normal computer virus, a worm or a Trojan horse. It could even disable virus-
scanning software and pose as a virus-removal tool.
4. Code red and Code red II
The Code Red and Code Red II worms popped up in the summer of 2001. Both worms exploited an
operating system vulnerability that was found in machines running Windows 2000 and Windows NT.
The vulnerability was a buffer overflow problem, which means when a machine running on these
operating systems receives more information than its buffers can handle; it starts to overwrite adjacent
memory.
 Page 11

The original Code Red worm initiated a distributed denial of service (DDoS) attack on the White
House. That means all the computers infected with Code Red tried to contact the Web servers at the
White House at the same time, overloading the machines.

5. Nimda
Another virus to hit the Internet in 2001 was the Nimda (which is admin spelled backwards) worm.
Nimda spread through the Internet rapidly, becoming the fastest propagating computer virus at that time.
The Nimda worm's primary targets were Internet servers. While it could infect a home PC, its real
purpose was to bring Internet traffic to a crawl. It could travel through the Internet using multiple
methods, including e-mail. This helped spread the virus across multiple servers in record time.
The Nimda worm created a backdoor into the victim's operating system. It allowed the person behind
the attack to access the same level of functions as whatever account was logged into the machine
currently. In other words, if a user with limited privileges activated the worm on a computer, the attacker
would also have limited access to the computer's functions. On the other hand, if the victim was the
administrator for the machine, the attacker would have full control.
The spread of the Nimda virus caused some network systems to crash as more of the system's resources
became fodder for the worm. In effect, the Nimda worm became a distributed denial of service (DDoS)
attack.

6. SQL Slammer/Sapphire
In late January 2003, a new Web server virus spread across the Internet. Many computer networks were
unprepared for the attack, and as a result the virus brought down several important systems. The Bank
of America's ATM service crashed, the city of Seattle suffered outages in 911 services and Continental
Airlines had to cancel several flights due to electronic ticketing and check-in errors.

7. MYDoom
The MyDoom (or Novarg) virus is another worm that can create a backdoor in the victim computer's
operating system. The original MyDoom virus -- there have been several variants -- had two triggers.
One trigger caused the virus to begin a denial of service (DoS) attack starting Feb. 1, 2004. The second
trigger commanded the virus to stop distributing itself on Feb. 12, 2004. Even after the virus stopped
spreading, the backdoors created during the initial infections remained active.
Later that year, a second outbreak of the MyDoom virus gave several search engine companies grief.
Like other viruses, MyDoom searched victim computers for e-mail addresses as part of its replication
process. But it would also send a search request to a search engine and use e-mail addresses found in
the search results. Eventually, search engines like Google began to receive millions of search requests
from corrupted computers. These attacks slowed down search engine services and even caused some
to crash.

8. Sasser and Netsky

Sometimes computer virus programmers escape detection. But once in a while, authorities find a
way to track a virus back to its origin. Such was the case with the Sasser and Netsky viruses. A 17-year-
old German named Sven Jaschan created the two programs and unleashed them onto the Internet. While
the two worms behaved in different ways, similarities in the code led security experts to believe they
both were the work of the same person.
The Sasser worm attacked computers through a Microsoft Windows vulnerability. Unlike other
worms, it didn't spread through e-mail. Instead, once the virus infected a computer, it looked for other
 Page 12

vulnerable systems. It contacted those systems and instructed them to download the virus. The virus
would scan random IP addresses to find potential victims. The virus also altered the victim's operating
system in a way that made it difficult to shut down the computer without cutting off power to the system.
The Netsky virus moves through e-mails and Windows networks. It spoofs e-mail addresses and
propagates through a 22,016-byte file attachment. As it spreads, it can cause a denial of service (DoS)
attack as systems collapse while trying to handle all the Internet traffic.

9. Leap A/Oompa-A
Maybe you've seen the ad in Apple's Mac computer marketing campaign where Justin "I'm a Mac" Long
consoles John "I'm a PC" Hodgman. Hodgman comes down with a virus and points out that there are
more than 100,000 viruses that can strike a computer. Long says that those viruses target PCs, not
Mac computers.
For the most part, that's true. Mac computers are partially protected from virus attacks because of a
concept called security through obscurity. Apple has a reputation for keeping its operating system
(OS) and hardware a closed system -- Apple produces both the hardware and the software. This keeps
the OS obscure. Traditionally, Macs have been a distant second to PCs in the home computer market.
A hacker who creates a virus for the Mac won't hit as many victims as he or she would with a virus
for PCs.
But that hasn't stopped at least one Mac hacker. In 2006, the Leap-A virus, also known as Oompa-A,
debuted. It uses the iChat instant messaging program to propagate across vulnerable Mac computers.
After the virus infects a Mac, it searches through the iChat contacts and sends a message to each
person on the list. The message contains a corrupted file that appears to be an innocent JPEG image.
The Leap-A virus doesn't cause much harm to computers, but it does show that even a Mac computer can
fall prey to malicious software. As Mac computers become more popular, we'll probably see more
hackers create customized viruses that could damage files on the computer or snarl network traffic.
Hodgman's character may yet have his revenge.

10. Storm Worm

The latest virus on our list is the dreaded Storm Worm. It was late 2006 when computer security experts
first identified the worm. The public began to call the virus the Storm Worm because one of the e-
mail messages carrying the virus had as its subject "230 dead as storm batters Europe." Antivirus
companies call the worm other names. For example, Symantec calls it Peacomm while McAfee refers
to it as Nuwar. This might sound confusing, but there's already a 2001 virus called the
W32.Storm.Worm. The 2001 virus and the 2006 worm are completely different programs.
The Storm Worm is a Trojan horse program. Its payload is another program, though not always the same
one. Some versions of the Storm Worm turn computers into zombies or bots. As computers become
infected, they become vulnerable to remote control by the person behind the attack. Some hackers
use the Storm Worm to create a botnet and use it to send spam mail across the Internet.
Many versions of the Storm Worm fool the victim into downloading the application through fake links
to news stories or videos. The people behind the attacks will often change the subject of the e-mail to
reflect current events. For example, just before the 2008 Olympics in Beijing, a new version of the
worm appeared in e-mails with subjects like "a new deadly catastrophe in China" or "China's most
deadly earthquake." The e-mail claimed to link to video and news stories related to the subject, but
in reality clicking on the link activated a download of the worm to the victim's computer
 Page 13

Module III
COMPUTER AND HEALTH RISKS

3.1 Computer-Related Health Problems

The speed and efficiency of the computers has made most businesses and institutions dependent
on the technology. As a result, many people spend a large part of their time working with computers.
The relatively recent advent of the widespread availability of the Internet has meant that even
those individuals who don’t use computers at work are likely to use them at home to surf the net. What
this has meant is that many people are spending many hours on the computer at work and then again at
home. As a result, there has been a significant increase in the reporting of health problems related to the
use of computers.

1. Carpal Tunnel Syndrome

Carpal Tunnel Syndrome is a condition that occurs when the median nerve is squeezed as it
crosses the wrist to enter the hand. The median nerve arises at the level of the sixth cervical
vertebra in the neck. It supplies the muscles of the forearm responsible for pronating the forearm
or turning it inwards. It also supplies the muscles that bend the middle finger as well as the
muscles of the thumb. It also provides sensation for the palmar surface of the thumb, index and
middle fingers and half of the ring finger.
The Carpal Tunnel is an area on the palm side of the wrist bordered on one side by the
carpal bones and on the other by the Carpal Ligament, a fibrous band. Because these structures
are quite rigid, if edema or other conditions cause shrinkage of the space in the tunnel, the
structures within the tunnel come under increasing pressure.
It has been recognized that repetitive movement at the wrist, as occurs with prolonged use
of a computer keyboard can lead to inflammation in the carpal tunnel and the resultant painful
syndrome. Patients usually feel pain in the forearm area as well as numbness in the affected hand
in the finger distribution described above.
If the symptoms are not very severe, CTS is treated conservatively with rest, warm
compresses, wrist splints (worn mainly at night), anti-inflammatory medications and sometimes
steroid injections. If the symptoms are severe or worsening, a surgical carpal ligament release
procedure may be necessary.

2. Eye Strain:
Long hours staring at a computer screen will inevitably lead to asthenopia or eyestrain. Persons tend
not to blink as frequently, which also leads to drying of the eyes. Over a prolonged period, this can lead
to some deterioration in vision especially in those prone to visual problems.
In order to prevent this, it is suggested that one take regular breaks from staring at the screen maybe
with brief eye closure.

3. Neck and Back Pain:

Poor positioning of the keyboard and monitor in relation to the user can lead to discomfort of the neck
and back. The monitor screen should be at a level such that the user can easily see the screen with the
head held at a comfortable and neutral position. If the head has to be constantly turned or tilted in order
to see the screen, this will lead to chronic aches and pains in the neck area. This along with any eye strain
that occurs can lead to tension headaches. The chair or keyboard stand should be adjusted so that when
 Page 14

sitting with the hands resting on the keyboard, the elbows should be slightly above the wrists. The chair
should have firm lumbar support and it is important that the individual maintain good posture to minimize
back strain.

4. Depression:
Another syndrome more recently recognized and associated primarily with the Internet is depression.
A recent study found a high degree of correlation between the time spent on line, including chat rooms,
and an increased incidence of depression. It is believed that at least some of the individuals who spend
long periods of time on line may have somewhat unfulfilled social lives. This is very likely the reason
they spend many hours on line in the first place. However, the time on line may also serve to magnify
the very loneliness the user may have been attempting to blunt. It is also likely that as one spends more
and more time on the computer, it naturally takes away from the time the individual has for normal social
or family relations and this in turn may lead to depression.

5. Electromagnetic Radiation:
There has been much debate about the possible effects of electromagnetic radiation. Most people
agree that long term exposure to strong EMR fields, as occur near high voltage lines, can lead to health
problems over the years. What is not clear is whether exposure to the much weaker fields that are
generated by computers and other types of electronic equipment present any threat to one's health. To
date there has been no clear evidence of a link. However, computers are still in their relative infancy and
so we do not have decades of data to go on. Also this is really the first generation of children with
widespread access to and use of computers. The odds are though, that no one will suffer significant ill
effects from the weak EMR fields generated by computers.

6. Cumulative Trauma Disorders

Some of the signs and symptoms include:
1. pain or stiffness in the fingers, hands, wrists, forearms, elbows or shoulders
2. pain or stiffness in the back or neck
3. tingling or numbness in the hands or fingers
4. loss of strength or coordination in the hands
5. pain in the hands or arms that wakes you up at night
6. feeling a need to massage the hands, wrists and forearms

Because CTDs develop slowly over a period of time the symptoms of these illnesses can be
initially very mild. But a CTD can rapidly become very painful and even crippling if left untreated
and if the worker does not change faulty work habits. If you have any of these symptoms, see
your doctor immediately! Delaying treatment of a CTD can only make the healing process more
difficult. Prevention of CTDs involves eliminating risk factors in the workplace. The harmful
effects of fixed and awkward work postures can be avoided or reduced through several means:

1. establishing an ergonomically correct workstation setup

2. using a neutral posture and avoiding positions that place strain
3. on the musculoskeletal system
4. shifting position frequently while sitting
5. taking frequent breaks
6. performing stretches and exercises during work breaks