Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software
Dec 22, 2015
2 Guide to Operating System Security
Learning Objectives
Explain how viruses, worms, and Trojan horses spread
Discuss typical forms of malicious software and understand how they work
Use techniques to protect operating systems from malicious software and to recover from an attack
3 Guide to Operating System Security
Viruses, Worms, and Trojan Horses
Different forms of malicious software (malware)
Intended to Cause distress to a user Damage files or systems Disrupt normal computer and network functions
4 Guide to Operating System Security
Viruses
Programs borne by a disk or a file that has the ability to replicate
Typically affect Executable program Script or macro Boot or partition sector of a drive
5 Guide to Operating System Security
How Viruses Spread
Transported from one medium or system to another
Replicated throughout a system (eg, W32.Pinfi)
6 Guide to Operating System Security
Virus Classification (Continued)
How they infect systems Boot or partition sector File infector Macro Multipartite
7 Guide to Operating System Security
Virus Classification (Continued)
How they protect themselves from detection or from a virus scanner Armored Polymorphic Stealth Companion
Benign or destructive
8 Guide to Operating System Security
Worms
Programs that replicate on the same computer or send themselves to many other computers
Can open a back door
9 Guide to Operating System Security
How Worms Spread
Buffer overflow (eg, Code Red and CodeRed II)
Port scanning or port flooding Compromised passwords
10 Guide to Operating System Security
Trojan Horses and How They Spread
Programs that at first appear useful, but can cause damage or provide a back door
Examples Backdoor.Egghead AOL4FREE Simpsons AppleScript Virus
16 Guide to Operating System Security
Typical Methods Used by Malicious Software
Executable methods Boot and partitions sector methods Macro methods E-mail methods Software exploitation Spyware
17 Guide to Operating System Security
Executable Methods
Files that contain lines of computer code that can be run Examples: .exe, .com, .bat, .bin, .btm, .cgi, .pl, .cm
d, .msi Can infect source or execution code of a
program
18 Guide to Operating System Security
Boot and Partition Sector Methods
Particularly affect Windows and UNIX systems Typically infect/replace instructions in MBR or
Partition Boot Sector Can corrupt address of primary partition May move boot sector to another location if size of
virus exceeds space allocated for boot sector Eradication typically involves recreating MBR and
Partition Boot Sector instructions
19 Guide to Operating System Security
Macro Methods
A virus can infect a macro and spread each time the macro is used
Software is configured so that macros are disabled unless digitally signed by a trusted source
22 Guide to Operating System Security
Software Exploitation
Particularly aimed at new software and new software versions
Examples of potential vulnerabilities DNS services Messaging services Remote access services Network services and applications
23 Guide to Operating System Security
Spyware
Software placed on a computer typically without user’s knowledge reports back information about user’s activities
Some operate through monitoring cookies
24 Guide to Operating System Security
Protecting an OS from Malicious Software
Install updates View what is loaded when a system is booted Use malicious software scanners Use digital signatures for system and driver
files Back up systems and create repair disks Create and implement organizational policies
25 Guide to Operating System Security
Installing Updates for Windows
Windows Update Provides access to patches that are regularly issued
Service packs Address security issues and problems affecting
stability, performance, or operation of features included with the OS
28 Guide to Operating System Security
Installing Updates for Red Hat Linux (Continued)
Issued frequently; can be downloaded from Web site
Red Hat Network Alert Notification Tool must be configured
30 Guide to Operating System Security
Installing Updates for NetWare
Download updates and/or consolidated support packs from Novell’s Web site
31 Guide to Operating System Security
Installing Updates for Mac OS X
Software Update tool enables you to: Configure the system to automatically check for
updates at specified intervals Manually check for updates View currently installed updates
33 Guide to Operating System Security
Viewing What Is Loaded When a System Is Booted
Windows 2000, Windows XP Professional, and Windows Server 2003 View information on-screen Have a log record information (Advanced Options
menu) Red Hat Linux and NetWare
Automatically display boot load information Mac OS X
Display boot process by booting into either single user mode or verbose mode
35 Guide to Operating System Security
Using Malicious Software Scanners
Effective way to protect operating system Scan systems for virus, worms, and Trojan
horses Often Called Virus Scanners
36 Guide to Operating System Security
Malicious Software Scanners: Features to Look For (Continued)
Scans memory and removes viruses Continuous memory scanning Scans hard and floppy disks and removes
viruses Scans all know file formats Scans HTML documents and e-mail
attachments
37 Guide to Operating System Security
Malicious Software Scanners: Features to Look For (Continued)
Automatically runs at a scheduled time Manual run option Detects known and unknown malicious
software Updates for new malicious software Scans files that are downloaded Uses protected or quarantined zones for
downloaded files
41 Guide to Operating System Security
Using Digital Signatures for System and Driver Files
Digital signature Code placed in a file to verify its authenticity by
showing that it originated from a trusted source Driver signing
Placing a digital signature in a device driver to• Show that the driver is from a trusted source
• Indicate compatibility with an OS
42 Guide to Operating System Security
Backing Up Systems and Creating Repair Disks
Most OSs offers ways to back up your system Some OSs enable creation of a boot disk or
repair disk Windows 2000
• Emergency Repair Disk (ERD) Windows XP or Windows Server 2003
• Automated System Recovery (ASR) set Red Hat Linux
• Boot disk
43 Guide to Operating System Security
Creating a Windows 2000 ERD
Create a new ERD each time you: Install software Make a server configuration change Install a new adapter Add a NIC Restructure a partition Upgrade the OS
Enables you to fix problems with the server
45 Guide to Operating System Security
Creating an ASR Set
Two components Backup of all system files (1.5 MB or more) Backup of system settings (about 1.44 MB)
Does not back up application data files
47 Guide to Operating System Security
Creating a Red Hat LinuxBoot Disk
Enables booting a system from a floppy disk
48 Guide to Operating System Security
Creating and Implementing Organizational Policies (Continued) Provide users with training in security techniques Train users about common malicious software Require users to scan floppies and CDs before use Establish policies about types of media that can be
brought in from outside and how they can be used Establish policies that discourage/prevent users from
installing their own software
49 Guide to Operating System Security
Creating and Implementing Organizational Policies (Continued) Define policies that minimize/prevent
downloading files; require users to use a virus scanner on any downloaded files
Create quarantine areas for files of uncertain origin
Use virus scanning on e-mail and attachments Discard e-mail attachments from unknown or
untrusted sources
50 Guide to Operating System Security
Chapter Summary
Viruses, worms, and Trojan horses How they spread through operating systems and
across networks What they target and why
Typical forms of malicious software Boot sector viruses Viruses that attack through macros
How to set up defenses, such as operating system patches and repair disks