1 / 21

Security: Mal-Ware

Security: Mal-Ware . Vainstein Maxim & Emanuel Hahamov Seminar in Software Design 2005/6, CS, Hebrew University. Mal icious Soft ware Definition. “ Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over:

michon
Download Presentation

Security: Mal-Ware

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security: Mal-Ware Vainstein Maxim & Emanuel Hahamov Seminar in Software Design 2005/6, CS, Hebrew University

  2. MaliciousSoftwareDefinition “Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over: • Material changes that affect their user experience, privacy, or system security; • Use of their system resources, including what programs are installed on their computers; and/or • Collection, use, and distribution of their personal or other sensitive information.” Anti-Spyware Coalition, Working Report October 27, 2005

  3. Computer Virus Timeline 1949 Theories for self-replicating programs are first developed. 1960 Experimental self-replicating programs were first produced. 1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games. 1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.” 1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive.

  4. Computer Virus Timeline – Cont. 1987 The Lehigh virus, one of the first file viruses, infects command.com files. 1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks. 1990 Symantec launches Norton AntiVirus, one of the first antivirus programs developed by a large company. 1991 Tequila is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

  5. Motives of Malicious Coders • Fun / Hobbyists • Fame And Fortune • Experienced Coders Pushing the Envelope (Security Forum) • The Disgruntled Loner (Criminals)

  6. Underlying Technology • Tracking Software • Advertising Display Software • Remote Control Software • Dialing Software • System Modifying Software • Security Analysis Software • Automatic Download Software • Passive Tracking Technologies

  7. Tracking Software Used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information. • Spyware / Snoopware • Keylogger (Unauthorized) • Screen Scraper (Unauthorized)

  8. Advertising Display Software Any program that causes advertising content to be displayed.

  9. Remote Control Software Used to allow remote access or control of computer systems • Backdoors • Botnets (a jargon term for a collection of software robots, or bots, which run autonomously) • Droneware (Programs used to take remote control of a computer and typically use to send spam remotely or to host offensive web images)

  10. Dialing Software Used to make calls or access services through a modem or Internet connection. • Unauthorized Dialers

  11. System Modifying Software Used to modify system and change user experience: e.g. home page, search page, default media player, or lower level system functions • Hijackers • Rootkits • Exploit

  12. Security Analysis Software Used by a computer user to analyze or circumvent security protections • Hacker Tools (including port scanners)

  13. Automatic Download Software Used to download and install software without user interaction • Trickles

  14. Passive Tracking Technologies Used to gather limited information about user activities without installing any software on the user’s computers • Unauthorized Tracking Cookies

  15. Detection & Protection • Antivirus • Firewall • Antispyware • Gateway (VPN, Proxy, Router etc) • Advanced Techniques

  16. Antivirus • Symantec AV (NAV) • AVG • Kaspersky AV • Avast AV • McAfee AV • NOD32 AV • E-Trust AV • Trend Micro AV • Panda AV • Free Online Scan (All AVs)

  17. Firewall • Zone Alarm • Sygate • Kerio Personal FW • Windows FW (XP-SP2) • Norton Internet Security • Tiny Personal FW • Outpost

  18. Antispyware • MS Windows Antispyware • AdAware SE Personal • Spyware Doctor • A-Square (a2)

  19. Antivirus vs. Antispyware “Antispyware systems deals with groups of not so harmful, but really annoying pests. Such file, like annoying and unwanted toolbars, is the main aim of such type security system. Antispyware simply ignores destructive viruses (just like antiviral systems ignore spyware) and concentrates on detecting spies, pop-ups, tracking cookies and other junk, which sometimes may harm the infected PC.”

  20. Gateway • NAT / Router (Network Address Translation) • ADSL Alcotel • Windows 2000/2003 Server • VPN (Virtual Private Network) • Checkpoint VPN-1 • Cisco VPN • Instant VPN • Win-Gate VPN • Proxy

  21. Advanced Techniques • Group Policy Management • Windows 2000/2003 Domain Server • Intrusion Detection Systems (IDS) • Cisco IPS Sensor Software • DMZ (Demilitarized Zone / Virtualization) • VE2 / VELITE SecureOL • Shadow User • VMWare / MS Virtual PC • SandBox • Terminal Servers

More Related