Security: Mal-Ware
description
Transcript of Security: Mal-Ware
Security: Mal-Ware
Vainstein Maxim & Emanuel Hahamov
Seminar in Software Design 2005/6, CS, Hebrew University
Malicious Software Definition
“Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:
Material changes that affect their user experience, privacy, or system security;
Use of their system resources, including what programs are installed on their computers; and/or
Collection, use, and distribution of their personal or other sensitive information.”
Anti-Spyware Coalition, Working Report October 27, 2005
Computer Virus Timeline
1949 Theories for self-replicating programs are first developed.
1960 Experimental self-replicating programs were first produced.
1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.
1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.”
1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive.
Computer Virus Timeline – Cont.
1987 The Lehigh virus, one of the first file viruses, infects command.com files.
1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks.
1990 Symantec launches Norton AntiVirus, one of the first antivirus programs developed by a large company.
1991 Tequila is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.
Motives of Malicious Coders
Fun / Hobbyists
Fame And Fortune
Experienced Coders Pushing the Envelope (Security Forum)
The Disgruntled Loner (Criminals)
Underlying Technology
Tracking Software Advertising Display Software Remote Control Software Dialing Software System Modifying Software Security Analysis Software Automatic Download Software Passive Tracking Technologies
Tracking Software
Used to monitor user behavior or gather information about the user, sometimes including personally
identifiable or other sensitive information.
Spyware / Snoopware
Keylogger (Unauthorized)
Screen Scraper (Unauthorized)
Advertising Display Software
Any program that causes advertising content to be displayed.
Remote Control Software
Used to allow remote access or control of computer systems
Backdoors Botnets (a jargon term for a
collection of software robots, or
bots, which run autonomously)
Droneware (Programs
used to take remote control of
a computer and typically use to
send spam remotely or to host
offensive web images)
Dialing Software
Used to make calls or access services through a modem or Internet connection.
Unauthorized Dialers
System Modifying Software
Used to modify system and change user experience: e.g. home page, search page, default media player, or
lower level system functions Hijackers Rootkits Exploit
Security Analysis Software
Used by a computer user to analyze or circumvent security protections
Hacker Tools (including port scanners)
Automatic Download Software
Used to download and install software without user interaction
Trickles
Passive Tracking Technologies
Used to gather limited information about user activities
without installing any software on the user’s computers
Unauthorized Tracking Cookies
Detection & Protection
AntivirusFirewallAntispyware Gateway (VPN, Proxy, Router etc)Advanced Techniques
Antivirus
Symantec AV (NAV) AVG Kaspersky AV Avast AV McAfee AV NOD32 AV E-Trust AV Trend Micro AV Panda AV
Free Online Scan (All AVs)
Firewall
Zone Alarm Sygate Kerio Personal FW Windows FW (XP-SP2) Norton Internet Security Tiny Personal FW Outpost
Antispyware
MS Windows Antispyware
AdAware SE Personal Spyware Doctor A-Square (a2)
Antivirus vs. Antispyware
“Antispyware systems deals with groups of not so harmful, but really annoying pests. Such file, like annoying and unwanted toolbars, is the main aim of such type security system. Antispyware simply ignores destructive viruses (just like antiviral systems ignore spyware) and concentrates on detecting spies, pop-ups, tracking cookies and other junk, which sometimes may harm the infected PC.”
Gateway
NAT / Router
(Network Address Translation) ADSL Alcotel Windows 2000/2003 Server
VPN (Virtual Private Network) Checkpoint VPN-1 Cisco VPN Instant VPN Win-Gate VPN
Proxy
Advanced Techniques
Group Policy Management Windows 2000/2003 Domain Server
Intrusion Detection Systems (IDS) Cisco IPS Sensor Software
DMZ (Demilitarized Zone / Virtualization) VE2 / VELITE SecureOL Shadow User VMWare / MS Virtual PC
SandBox Terminal Servers