Chapter two

1
 Name Description
Virus Attaches itself to a program and propagates copies of
itself to other programs
Worm Program that propagates copies of itself to other
computers
Logic bomb Triggers action when condition occurs
Trojan horse Program that contains unexpected additional
functionality
Auto-rooter Malicious hacker tools used to break into new
machines remotely
Kit (virus generator) Set of tools for generating new viruses automatically
Spammer programs Used to send large volumes of unwanted e-mail
Flooders Used to attack networked computer systems with a
large volume of traffic to carry out a denial of service
(DoS) attack
Zombie Program activated on an infected machine that is
activated to launch attacks on other machines
Rootkit Set of hacker tools used after attacker has broken into a
computer system and gained root-level access

2
Malware Attack…

3
Malware Attack…

4
 Malware Attack…
 Viruses

- A malicious code that replicates and hides

itself inside other programs usually without
your knowledge.
- A virus is a piece of software that can
"infect" other programs by modifying them.
- Similar to biological virus: replicates and
spreads
- Can do serious damage such as erasing file…
5
 More on Virus
During its lifetime, a typical virus goes through the following four
phases:
• Dormant phase: The virus is idle.
– The virus will eventually be activated by some event, such as a date, the
presence of another program or file, or the capacity of the disk exceeding
some limit.
• Propagation phase: The virus places an identical copy of itself into
other programs or into certain system areas on the disk.
– Each infected program will now contain a clone of the virus, which will itself
enter a propagation phase.
• Triggering phase: The virus is activated to perform the function for
which it was intended.
– As with the dormant phase, the triggering phase can be caused by a variety
of system events

• Execution phase: The function is performed.

– The function may be harmless, such as a message on the screen, or
6
– damaging, such as the destruction of programs and data files.
 More on Virus…
Types of viruses
• Parasitic virus: The traditional and still most common
form of virus.
– A parasitic virus attaches itself to executable files and replicates
• Memory-resident virus: resides in main memory as part
of a resident system program.
– From that point on, the virus infects every program that executes.
• Boot sector virus: Infects a master boot record or boot
record and spreads when a system is booted from the disk
containing the virus.
• Stealth virus: A form of virus explicitly designed to hide
itself from detection by antivirus software.
– a virus that uses compression so that the infected program is
exactly the same length as an uninfected version.
7
 More on Virus…
Types of viruses…
 Polymorphic virus: A virus that mutates with every
infection, making detection by the "signature" of the virus
impossible.
– It creates copies during replication that are functionally
equivalent but have distinctly different bit patterns.
 Metamorphic virus: a metamorphic virus mutates
with every infection like polymorphic virus but.
– a metamorphic virus rewrites itself completely at
each iteration, increasing the difficulty of
detection.
– Metamorphic viruses my change their behavior as
well as their appearance. 8
 Malware Attack…

 Worms

• A worm is a program that can replicate

itself and send copies from computer to

computer across network connections.

9
 Malware Attack…
• Logic bomb
 The logic bomb is code embedded in some
legitimate program that is set to "explode" when
certain conditions are met.
 Examples of conditions that can be used as triggers
for a logic bomb are:
• the presence or absence of certain files,
• a particular day of the week or date, or
• a particular user running the application.

 Once triggered, a bomb may:

• alter or delete data or entire files,
• cause a machine halt, or
• do some other damage.
10
 Malware attack..
Trojan Horse
•Any malicious program which
misinterprets itself as useful, or
interesting in order to convince a
victim to install it.
•The program claims to do one
thing
– (it may claim to be a game) but
instead does damage when you
run it (it may erase your Hard
Disk).
•Trojan horse programs do not
replicate themselves like a virus

11
 Spyware
• Software placed on a computer
– typically without user’s knowledge
– reports back information about user’s activities
• Some operate through monitoring cookies
• A software that literally spies on what you
do on your computer.
– Example: Simple Cookies, mobile codes , web
crawlers, Xerox
– Types of information that is gathered includes the
Websites visited, browser and system information, and
your computer IP address.

12
 Ransomeware
• This malware is designed to hold computer
system or data it contains captive until payment
is made

• Usually works by encrypting data in the

computer by unknown keys

• Some other version of ransomware can take

specific versions of system vulnerabilities to lock
down the system.
13
 scareware
• It is designed to persuade user to take specific
action based on fear.

• Scareware forges pop-up windows that

resembles operating system dialogue windows.

• These windows convey forged messages stating

the system is at risk or need executions of
specific program to return to normal operations.

14
 Rootkit
• This malware is designed to modify
operating system for creating backdoor.

• Attackers then use this backdoor to

access computer remotely.

• Most rootkits use advantage of software

vulnerabilities to perform privilege
escalation and modify system files.
15
 Spam (junk mail)
• Filling e-mail inboxes with unwanted junk
mail.
• Anyone using e-mail is essentially
guaranteed to receive spam

• How spammers get your mail.

– Web search
– Sending test emails
– Exchange or buy from other spammers

16
 Symptoms of Malware
• There is increase in CPU usage
• computer speed decreased
• Computer fail often
• Decrease in web browsing speed
• Unexplainable problems with network
connection
• Files are modified or deleted
• There is a presence of unknown files, programs
or desktop icons
• Programs are turning off or reconfiguring
[Link]
17
 What does Operating System do?
• Manages all the resources in a
computer (including
processor, memory, i/o
devices)
• Provides an interface between
the hardware and application
software.
• Three layers:
• Inner layer, computer hardware
• Middle layer, operating system
• Outer layer, different softwares

18
Why need security at the OS level?

• No more standalone computer system

environments.

• Any system can be globally accessible through a set

of vast inter and intra-network connections.

• A single security hole in the OS design and

implementation known to a malicious attacker could
do serious damage.
19
Protecting an OS from Malicious
Software
• Install updates
• Use malicious software scanners
• Back up systems and create repair disks
• Create and implement organizational
policies

20
 Installing Updates for Windows
• Windows Update
– Provides access to patches that are regularly
issued/released

• Patch This fixes something small and is usually quick to

download and install.
• Rollup This might include a group of patches for a program.
• Update Updates might add or fix features in your program
or fix an earlier patch.
• Service Pack This is the biggie; the one you read about in
the news when Microsoft releases some big service pack.

21
Using Malicious Software Scanners

• One way to protect operating system

• Scan systems for virus, worms, and Trojan
horses
• Often Called Virus Scanners
• Functions of anti-viruses
- Identification of known viruses
- Detection of suspected viruses
- Blocking of possible viruses
- Disinfection of infected objects
- Deletion and overwriting of infected objects 22
 The Components of an OS Security
Environment

• Three
components:
– Memory
– Services
– Files

23
 OS Security: Files
• Common threats to file system:
– File permission
– File sharing

• Files must be protected from unauthorized

reading and writing actions

• Data resides in files;

– protecting files means protects data

24
 OS Security: File Permissions
• Read, write, and execute privileges
• In Windows:
– Change permission on the Security tab on a file’s
Properties dialog box
– Allow indicates grant;
– Deny indicates revoke
• In UNIX/Linux
– Three permission settings:
• owner; group to which owner belongs; all other users
– Each setting consist of rwx
• r for reading, w for writing, and x for executing
– CHMOD command used to change file permissions
25
 File Permissions

• One can easily view the permissions for a file by invoking

a long format listing using the command ls -l.

• For instance, if the user Abe creates an executable file

named test, the output of the command ls -l test would
look like this:

rwxrwxr-x Abe student Sep 26 12:25 test.l

26
 Access Permissions
• This listing indicates that the file is readable,
writable, and executable by the user who owns
the file (user Abe)
• as well as the group owning the file (which is a
group named student).
• The file is also readable and executable, but not
writable by other users.

rwxrwxr-x Abe student Sep 26 12:25 test.l

27
Access Permission of File/Directory

The #'s can be:

0 = Nothing
1 = Execute
2 = Write
3 = Execute & Write (2 + 1)
4 = Read
5 = Execute & Read (4 + 1)
6 = Read & Write (4 + 2)
7 = Execute & Read & Write (4 + 2 + 1)

28
 OS Security: Memory

• Hardware memory available on the system

can be corrupted by badly written software
• Can harm data integrity
• Two options:
– Stop using the program
– Apply a patch (service pack) to fix it

29
 OS Security: Services

• Main component of operating system

security environment
• Used to gain access to the OS and its
features
• Include
– User authentication
– Remote access
– Administration tasks
– Password policies
30
 OS Authentication Methods
• Authentication:
– Verifies user identity; something a person is, has, or
does.
– Permits access to the operating system
– Use of biometrics, passwords, passphrase, token, or
other private information.
– Strong Authentication is important
• Physical authentication:
– Allows physical entrance to company property
– Magnetic cards and biometric measures
• Digital authentication:
– verifies user identity by digital means 31
 OS Authentication Methods…
• Biometrics
• Verifies an identity by analyzing a unique person attribute or
behavior (e.g., what a person “is”).
• Most expensive way to prove identity, also has difficulties
with user acceptance.
• Most common biometric systems:
– Fingerprint and
– Facial Scan

32
 OS Authentication Methods…
• Passwords
– User name + password most
common identification,
authentication scheme.
– Weak security mechanism,
must implement strong
password protections

• Passphrase
– Is a sequence of characters
that is longer than a
password.
– Takes the place of a password.
– Can be more secure than a
password because it is more
33
complex.
 OS Authentication Methods…
• Digital card:
– Also known as a security card or smart card
– Similar to a credit card; uses an electronic
circuit
– Stores user identification information

34
 OS Authentication Methods…
• Secure Socket Layer (SSL):
– authentication information is transmitted over the
network in an encrypted form

• Public Key Infrastructures (PKI):

– User keeps a private key
– Authentication firm holds a public key
– Encrypt and decrypt data using both keys

35
 Maintenance

• Maintenance involves:
– Monitoring and analyzing logging information
– Performing regular backups
– Recovering from security compromises
– Restoring systems to its previous point
– Regular testing of security
– Patch, update, and revise critical software

36
 Data Backup
• Backup is the act of creating copies of
information such that it may be recovered

• Archive is to keep these backups for a long

period of time

• Data may be lost accidentally (hardware

failures, human mistake) or intentionally

37
 Restore
• Restoring the computer system to an earlier
point in time
• System restore can resolve many system
problems
• It is the best recovery methods to try first
• It undo recent system changes, but leave files
such as documents, pictures… unchanged
• System restore remove recently installed
programs and drives

38
 Creating and Implementing
Organizational Policies
• Provide users with training in security
techniques
• Train users about common malicious software
• Require users to scan flush disks and CDs
before use
• Establish policies about types of media that
can be brought in from outside and how they
can be used
• Establish policies that discourage/prevent
users from installing their own software
39
 Creating and Implementing
Organizational Policies
• Define policies that minimize/prevent
downloading files;
• require users to use a virus scanner on
any downloaded files
• Create quarantine areas for files of
uncertain origin
• Use virus scanning on e-mail and
attachments
• Discard e-mail attachments from unknown
or untrusted sources 40