Why Worry About Malicious Code?
None of us like the
unexpected, especially in our programs. Malicious code behaves in unexpected
ways, thanks to a malicious programmer's intention. We think of the malicious
code as lurking inside our system: all or some of a program that we are running
or even a nasty part of a separate program that somehow attaches itself to
another (good) program.
How can such a situation
arise? When you last installed a major software package, such as a word processor,
a statistical package, or a plug-in from the Internet, you ran one command,
typically called INSTALL or SETUP. From there, the installation program took
control, creating some files, writing in other files, deleting data and files,
and perhaps renaming a few that it would change. A few minutes and a quite a
few disk accesses later, you had plenty of new code and data, all set up for
you with a minimum of human intervention. Other than the general descriptions
on the box, in documentation files, or on web pages, you had absolutely no idea
exactly what "gifts" you had received. You hoped all you received was
good, and it probably was. The same uncertainty exists when you unknowingly
download an application, such as a Java applet or an ActiveX control, while
viewing a web site. Thousands or even millions of bytes of programs and data
are transferred, and hundreds of modifications may be made to your existing
files, all occurring without your explicit consent or knowledge.
Malicious Code Can Do Much (Harm)
Malicious code can do
anything any other program can, such as writing a message on a computer screen,
stopping a running program, generating a sound, or erasing a stored file. Or
malicious code can do nothing at all right now; it can be planted to lie dormant,
undetected, until some event triggers the code to act. The trigger can be a
time or date, an interval (for example, after 30 minutes), an event (for
example, when a particular program is executed), a condition (for example, when
communication occurs on a network interface), a count (for example, the fifth
time something happens), some combination of these, or a random situation. In
fact, malicious code can do different things each time, or nothing most of the
time with something dramatic on occasion. In general, malicious code can act
with all the predictability of a two-year-old child: We know in general what
two-year-olds do, we may even know what a specific two-year-old often does in
certain situations, but two-year-olds have an amazing capacity to do the
unexpected.
Malicious code runs under the
user's authority. Thus, malicious code can touch everything the user can touch,
and in the same ways. Users typically have complete control over their own
program code and data files; they can read, write, modify, append, and even
delete them. And well they should. But malicious code can do the same, without
the user's permission or even knowledge.
Malicious Code Has Been Around a Long Time
The popular literature and
press continue to highlight the effects of malicious code as if it were a
relatively recent phenomenon. It is not. Cohen [COH84]
is sometimes credited with the discovery of viruses, but in fact Cohen gave a
name to a phenomenon known long before. For example, Thompson, in his 1984
Turing Award lecture, "Reflections on Trusting Trust" [THO84], described code that can be passed by a
compiler. In that lecture, he refers to an earlier Air Force document, the
Multics security evaluation by Karger and Schell [KAR74
, KAR02]. In
fact, references to virus behavior go back at least to 1970. Ware's 1970 study
(publicly released in 1979 [WAR79]) and Anderson's planning study for the U.S. Air Force [AND72] still
accurately describe threats, vulnerabilities, and program security flaws,
especially intentional ones. What is new about malicious code is the number of
distinct instances and copies that have appeared and the speed with which
exploit code appears. (See Sidebar 3-4 on attack timing.)
So malicious code is still
around, and its effects are more pervasive. It is important for us to learn
what it looks like and how it works so that we can take steps to prevent it
from doing damage or at least mediate its effects. How can malicious code take
control of a system? How can it lodge in a system? How does malicious code
spread? How can it be recognized? How can it be detected? How can it be
stopped? How can it be prevented? We address these questions in the following
sections.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.