3 Basic Cybersecurity Defenses (in ascending

importance) --

• Anti-Virus Software (File Scanner & Firewall)

• Security Updates (Patching)

• Non-Admin Mode Use

Other Basic Defense Measures:

• Use of a non-IE Browser

• Use of a non-MS Operating System

40338706.doc page 1 of 8
 1. Anti-Virus (File Scanners) --

• the most popular anti-virus programs are now:

AVG and Avira, formerly Symantec (Norton Anti-
Virus) and McAfee

• the MS anti-virus program is MSSE (Microsoft

Security Essentials)

• anti-virus programs are best for scanning files

already on disk (or USB drives and other storage
media)

• some anti-virus may or may not catch malware

coming-in over your Internet connection

1. Firewalls –

• Windows XP has a default Firewall

• another popular firewall program is ZoneAlarm

1. Other similar software –

• spyware detectors such as Spybot or AdAware are

specialized file scanners

• filters such as NetNanny

40338706.doc page 2 of 8
 II. Security Updates (Patching)

• Windows Update will automatically download and install most

critical security patches

• other operating systems will have their own update and

patching mechanisms

• Windows Update will NOT patch or update other (3rd party)

software

• vulnerabilities include browsers, browser add-ons (i.e. Adobe

Flash and AcrobatReader) and other software (i.e. Java)

• many 3rd party apps and software have their own update
mechanisms, but some require manual installation

40338706.doc page 3 of 8
 III. Non-Admin Mode Use

• Windows default is “admin” mode

• if you get to your desktop directly after booting, you are likely
in admin mode

• admin mode allows you, and any other program or process to

install software or malware

• 80 – 90 percent of attack exploits could be defeated or

ameliorated by using the computer in non-admin mode

• best to create a distinct “standard” or ordinary user mode

account, that requires a username and password when you
log-in

40338706.doc page 4 of 8
Existing Laws –

1. E-Commerce Law (RA# 8792)

2. Anti-Child Porn Law (RA# 9775)

Pending Bills –

3. Cybercrime Bill (pending – HB# 6794)

4. Privacy (Data Protection) Bill (draft)

5. Freedom of Information Bill (pending – HB# 3732)

40338706.doc page 5 of 8
E-Commerce Law (RA# 8792)

• was quickly passed in June 2000 partly in response to the “I

Love You” virus

• provides legal recognition of electronic messages, documents

and signatures

• exempts service providers (as carriers) from liability

• touches on Lawful Access and Confidentiality

• penalizes a.) hacking, b.) piracy and c.) violations of the

Consumer Act

• primary purpose was enabling E-Commerce, thus further

penalization left to the (then draft) Cybercrime bill

40338706.doc page 6 of 8
 Anti-Child Porn Law (RA# 9775)

• quickly finalized and signed into law in November 2009, and

further supplements the Anti-Violence Against Women and
Children Act of 2004 (RA 9262)

• protects children against (sexual) exploitation and abuse, and

penalizes use or employment of a child in pornography

• penalizes production, publication, transmission or sale,

publication or broadcast of child pornography

• penalizes mere possession, access or provision of a venue for

child pornography

• legalizes (warrant-less) ISP monitoring of content and requires

that they retain data and report to authorities

• mandates that ISPs install anti-child porn filters

• prohibits Internet hosts from hosting child pornography and

requires that they report the existence of child pornography
and the particulars of the person hosting or “contributing”,
including any “users” who’ve attempted to gain access to
the site

40338706.doc page 7 of 8
 Cybercrime Bill (pending – HB# 6794)

• still pending, and under close scrutiny by civil rights groups

• penalizes offenses against the confidentiality, integrity and

availability of computer data and systems

• penalizes computer-related forgery and fraud

• penalizes cybersex, child pornography and unsolicited

commercial communications (e.g. “spam”)

• in most cases limits monitoring and data retention to “traffic”

data

• has restrictions on disclosure (by ISPs) of data

• has judicial protection (e.g. warrants required)

-oOo-

40338706.doc page 8 of 8