Security MalWare Vainstein Maxim Emanuel Hahamov Seminar in

  • Slides: 21
Download presentation
Security: Mal-Ware Vainstein Maxim & Emanuel Hahamov Seminar in Software Design 2005/6, CS, Hebrew

Security: Mal-Ware Vainstein Maxim & Emanuel Hahamov Seminar in Software Design 2005/6, CS, Hebrew University

Malicious Software Definition “Technologies deployed without appropriate user consent and/or implemented in ways that

Malicious Software Definition “Technologies deployed without appropriate user consent and/or implemented in ways that impair user control over: Material changes that affect their user experience, privacy, or system security; l Use of their system resources, including what programs are installed on their computers; and/or l Collection, use, and distribution of their personal or other sensitive information. ” l Anti-Spyware Coalition, Working Report October 27, 2005

Computer Virus Timeline 1949 Theories for self-replicating programs are first developed. 1960 Experimental self-replicating

Computer Virus Timeline 1949 Theories for self-replicating programs are first developed. 1960 Experimental self-replicating programs were first produced. 1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild, ” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games. 1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself. ” 1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360 kb floppy accessed on any drive.

Computer Virus Timeline – Cont. 1987 The Lehigh virus, one of the first file

Computer Virus Timeline – Cont. 1987 The Lehigh virus, one of the first file viruses, infects command. com files. 1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13 th, the virus affects both. exe and. com files and deletes any programs run on that day. Mac. Mag and the Scores virus cause the first major Macintosh outbreaks. 1990 Symantec launches Norton Anti. Virus, one of the first antivirus programs developed by a large company. 1991 Tequila is the first widespread polymorphic virus found in the wild. Polymorphic viruses make detection difficult for virus scanners by changing their appearance with each new infection.

Motives of Malicious Coders l Fun / Hobbyists l Fame And Fortune l Experienced

Motives of Malicious Coders l Fun / Hobbyists l Fame And Fortune l Experienced Coders Pushing the Envelope (Security Forum) l The Disgruntled Loner (Criminals)

Underlying Technology l l l l Tracking Software Advertising Display Software Remote Control Software

Underlying Technology l l l l Tracking Software Advertising Display Software Remote Control Software Dialing Software System Modifying Software Security Analysis Software Automatic Download Software Passive Tracking Technologies

Tracking Software Used to monitor user behavior or gather information about the user, sometimes

Tracking Software Used to monitor user behavior or gather information about the user, sometimes including personally identifiable or other sensitive information. l Spyware / Snoopware l Keylogger (Unauthorized) l Screen Scraper (Unauthorized)

Advertising Display Software Any program that causes advertising content to be displayed.

Advertising Display Software Any program that causes advertising content to be displayed.

Remote Control Software Used to allow remote access or control of computer systems Backdoors

Remote Control Software Used to allow remote access or control of computer systems Backdoors l Botnets (a jargon term for a l collection of software robots, or bots, which run autonomously) l Droneware (Programs used to take remote control of a computer and typically use to send spam remotely or to host offensive web images)

Dialing Software Used to make calls or access services through a modem or Internet

Dialing Software Used to make calls or access services through a modem or Internet connection. l Unauthorized Dialers

System Modifying Software Used to modify system and change user experience: e. g. home

System Modifying Software Used to modify system and change user experience: e. g. home page, search page, default media player, or lower level system functions Hijackers l Rootkits l Exploit l

Security Analysis Software Used by a computer user to analyze or circumvent security protections

Security Analysis Software Used by a computer user to analyze or circumvent security protections l Hacker Tools (including port scanners)

Automatic Download Software Used to download and install software without user interaction l Trickles

Automatic Download Software Used to download and install software without user interaction l Trickles

Passive Tracking Technologies Used to gather limited information about user activities without installing any

Passive Tracking Technologies Used to gather limited information about user activities without installing any software on the user’s computers l Unauthorized Tracking Cookies

Detection & Protection l Antivirus l Firewall l Antispyware l Gateway (VPN, Proxy, Router

Detection & Protection l Antivirus l Firewall l Antispyware l Gateway (VPN, Proxy, Router etc) l Advanced Techniques

Antivirus l Symantec AV (NAV) AVG Kaspersky AV Avast AV Mc. Afee AV NOD

Antivirus l Symantec AV (NAV) AVG Kaspersky AV Avast AV Mc. Afee AV NOD 32 AV E-Trust AV Trend Micro AV Panda AV l Free Online Scan (All AVs) l l l l

Firewall l l l Zone Alarm Sygate Kerio Personal FW Windows FW (XP-SP 2)

Firewall l l l Zone Alarm Sygate Kerio Personal FW Windows FW (XP-SP 2) Norton Internet Security Tiny Personal FW Outpost

Antispyware MS Windows Antispyware l Ad. Aware SE Personal l Spyware Doctor l A-Square

Antispyware MS Windows Antispyware l Ad. Aware SE Personal l Spyware Doctor l A-Square (a 2) l

Antivirus vs. Antispyware “Antispyware systems deals with groups of not so harmful, but really

Antivirus vs. Antispyware “Antispyware systems deals with groups of not so harmful, but really annoying pests. Such file, like annoying and unwanted toolbars, is the main aim of such type security system. Antispyware simply ignores destructive viruses (just like antiviral systems ignore spyware) and concentrates on detecting spies, pop-ups, tracking cookies and other junk, which sometimes may harm the infected PC. ”

Gateway NAT / Router (Network Address Translation) l l VPN (Virtual Private Network) l

Gateway NAT / Router (Network Address Translation) l l VPN (Virtual Private Network) l l l ADSL Alcotel Windows 2000/2003 Server Checkpoint VPN-1 Cisco VPN Instant VPN Win-Gate VPN Proxy

Advanced Techniques Group Policy Management l Windows 2000/2003 Domain Server l Intrusion Detection Systems

Advanced Techniques Group Policy Management l Windows 2000/2003 Domain Server l Intrusion Detection Systems (IDS) l Cisco IPS Sensor Software l DMZ (Demilitarized Zone / Virtualization) l l VE 2 / VELITE Secure. OL Shadow User VMWare / MS Virtual PC Sand. Box l Terminal Servers l