Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software Learning Objectives Explain how viruses, worms, and Trojan horses spread Discuss typical forms of malicious software and understand how they work Use techniques to protect operating systems from malicious software and to recover from an attack Guide to Operating System Security 2 Viruses, Worms, and Trojan Horses Different forms of malicious software (malware) Intended to Cause distress to a user Damage files or systems Disrupt normal computer and network functions Guide to Operating System Security 3 Viruses Programs borne by a disk or a file that has the ability to replicate Typically affect Executable program Script or macro Boot or partition sector of a drive Guide to Operating System Security 4 How Viruses Spread Transported from one medium or system to another Replicated throughout a system (eg, W32.Pinfi) Guide to Operating System Security 5 Virus Classification (Continued) How they infect systems Boot or partition sector File infector Macro Multipartite Guide to Operating System Security 6 Virus Classification (Continued) How they protect themselves from detection or from a virus scanner Armored Polymorphic Stealth Companion Benign or destructive Guide to Operating System Security 7 Worms Programs that replicate on the same computer or send themselves to many other computers Can open a back door Guide to Operating System Security 8 How Worms Spread Buffer overflow (eg, Code Red and Code Red II) Port scanning or port flooding Compromised passwords Guide to Operating System Security 9 Trojan Horses and How They Spread Programs that at first appear useful, but can cause damage or provide a back door Examples Backdoor.Egghead AOL4FREE Simpsons AppleScript Virus Guide to Operating System Security 10 Locations for Viruses, Worms, and Trojan Horses (Continued) Guide to Operating System Security 11 Locations for Viruses, Worms, and Trojan Horses (Continued) Guide to Operating System Security 12 Locations for Viruses, Worms, and Trojan Horses (Continued) Guide to Operating System Security 13 Location for a UNIX/Linux System Guide to Operating System Security 14 Location for a Windows XP System Guide to Operating System Security 15 Typical Methods Used by Malicious Software Executable methods Boot and partitions sector methods Macro methods E-mail methods Software exploitation Spyware Guide to Operating System Security 16 Executable Methods Files that contain lines of computer code that can be run Examples: .exe, .com, .bat, .bin, .btm, .cgi, .pl, .cmd, .msi Can infect source or execution code of a program Guide to Operating System Security 17 Boot and Partition Sector Methods Particularly affect Windows and UNIX systems Typically infect/replace instructions in MBR or Partition Boot Sector Can corrupt address of primary partition May move boot sector to another location if size of virus exceeds space allocated for boot sector Eradication typically involves recreating MBR and Partition Boot Sector instructions Guide to Operating System Security 18 Macro Methods A virus can infect a macro and spread each time the macro is used Software is configured so that macros are disabled unless digitally signed by a trusted source Guide to Operating System Security 19 Macro Protection Guide to Operating System Security 20 E-Mail Methods Sent as attachments to e-mail Guide to Operating System Security 21 Software Exploitation Particularly aimed at new software and new software versions Examples of potential vulnerabilities DNS services Messaging services Remote access services Network services and applications Guide to Operating System Security 22 Spyware Software placed on a computer typically without user’s knowledge reports back information about user’s activities Some operate through monitoring cookies Guide to Operating System Security 23 Protecting an OS from Malicious Software Install updates View what is loaded when a system is booted Use malicious software scanners Use digital signatures for system and driver files Back up systems and create repair disks Create and implement organizational policies Guide to Operating System Security 24 Installing Updates for Windows Windows Update Provides access to patches that are regularly issued Service packs Address security issues and problems affecting stability, performance, or operation of features included with the OS Guide to Operating System Security 25 Using Windows Update Guide to Operating System Security 26 Using Windows Update Guide to Operating System Security 27 Installing Updates for Red Hat Linux (Continued) Issued frequently; can be downloaded from Web site Red Hat Network Alert Notification Tool must be configured Guide to Operating System Security 28 Installing Updates for Red Hat Linux (Continued) Guide to Operating System Security 29 Installing Updates for NetWare Download updates and/or consolidated support packs from Novell’s Web site Guide to Operating System Security 30 Installing Updates for Mac OS X Software Update tool enables you to: Configure the system to automatically check for updates at specified intervals Manually check for updates View currently installed updates Guide to Operating System Security 31 Installing Updates for Mac OS X Guide to Operating System Security 32 Viewing What Is Loaded When a System Is Booted Windows 2000, Windows XP Professional, and Windows Server 2003 Red Hat Linux and NetWare View information on-screen Have a log record information (Advanced Options menu) Automatically display boot load information Mac OS X Display boot process by booting into either single user mode or verbose mode Guide to Operating System Security 33 Advanced Options Menu Guide to Operating System Security 34 Using Malicious Software Scanners Effective way to protect operating system Scan systems for virus, worms, and Trojan horses Often Called Virus Scanners Guide to Operating System Security 35 Malicious Software Scanners: Features to Look For (Continued) Scans memory and removes viruses Continuous memory scanning Scans hard and floppy disks and removes viruses Scans all know file formats Scans HTML documents and e-mail attachments Guide to Operating System Security 36 Malicious Software Scanners: Features to Look For (Continued) Automatically runs at a scheduled time Manual run option Detects known and unknown malicious software Updates for new malicious software Scans files that are downloaded Uses protected or quarantined zones for downloaded files Guide to Operating System Security 37 Using a Virus Scanner Guide to Operating System Security 38 Virus Scanning Software (Continued) Guide to Operating System Security continued… 39 Virus Scanning Software (Continued) Guide to Operating System Security 40 Using Digital Signatures for System and Driver Files Digital signature Code placed in a file to verify its authenticity by showing that it originated from a trusted source Driver signing Placing a digital signature in a device driver to • Show that the driver is from a trusted source • Indicate compatibility with an OS Guide to Operating System Security 41 Backing Up Systems and Creating Repair Disks Most OSs offers ways to back up your system Some OSs enable creation of a boot disk or repair disk Windows 2000 • Emergency Repair Disk (ERD) Windows XP or Windows Server 2003 • Automated System Recovery (ASR) set Red Hat Linux • Boot disk Guide to Operating System Security 42 Creating a Windows 2000 ERD Create a new ERD each time you: Install software Make a server configuration change Install a new adapter Add a NIC Restructure a partition Upgrade the OS Enables you to fix problems with the server Guide to Operating System Security 43 Creating a Windows 2000 ERD Guide to Operating System Security 44 Creating an ASR Set Two components Backup of all system files (1.5 MB or more) Backup of system settings (about 1.44 MB) Does not back up application data files Guide to Operating System Security 45 Creating an ASR Set Guide to Operating System Security 46 Creating a Red Hat Linux Boot Disk Enables booting a system from a floppy disk Guide to Operating System Security 47 Creating and Implementing Organizational Policies (Continued) Provide users with training in security techniques Train users about common malicious software Require users to scan floppies and CDs before use Establish policies about types of media that can be brought in from outside and how they can be used Establish policies that discourage/prevent users from installing their own software Guide to Operating System Security 48 Creating and Implementing Organizational Policies (Continued) Define policies that minimize/prevent downloading files; require users to use a virus scanner on any downloaded files Create quarantine areas for files of uncertain origin Use virus scanning on e-mail and attachments Discard e-mail attachments from unknown or untrusted sources Guide to Operating System Security 49 Chapter Summary Viruses, worms, and Trojan horses Typical forms of malicious software How they spread through operating systems and across networks What they target and why Boot sector viruses Viruses that attack through macros How to set up defenses, such as operating system patches and repair disks Guide to Operating System Security 50