Chapter 2Learning ObjectivesViruses, Worms, and Trojan HorsesVirusesHow Viruses SpreadVirus Classification (Continued)Slide 7WormsHow Worms SpreadTrojan Horses and How They SpreadLocations for Viruses, Worms, and Trojan Horses (Continued)Slide 12Slide 13Location for a UNIX/Linux SystemLocation for a Windows XP SystemTypical Methods Used by Malicious SoftwareExecutable MethodsBoot and Partition Sector MethodsMacro MethodsMacro ProtectionE-Mail MethodsSoftware ExploitationSpywareProtecting an OS from Malicious SoftwareInstalling Updates for WindowsUsing Windows UpdateSlide 27Installing Updates for Red Hat Linux (Continued)Slide 29Installing Updates for NetWareInstalling Updates for Mac OS XSlide 32Viewing What Is Loaded When a System Is BootedAdvanced Options MenuUsing Malicious Software ScannersMalicious Software Scanners: Features to Look For (Continued)Slide 37Using a Virus ScannerVirus Scanning Software (Continued)Slide 40Using Digital Signatures for System and Driver FilesBacking Up Systems and Creating Repair DisksCreating a Windows 2000 ERDSlide 44Creating an ASR SetSlide 46Creating a Red Hat Linux Boot DiskCreating and Implementing Organizational Policies (Continued)Slide 49Chapter SummaryGuide to Operating System SecurityChapter 2Viruses, Worms, and Malicious Software2 Guide to Operating System SecurityLearning ObjectivesExplain how viruses, worms, and Trojan horses spreadDiscuss typical forms of malicious software and understand how they workUse techniques to protect operating systems from malicious software and to recover from an attack3 Guide to Operating System SecurityViruses, Worms, and Trojan Horses Different forms of malicious software (malware)Intended toCause distress to a userDamage files or systemsDisrupt normal computer and network functions4 Guide to Operating System SecurityVirusesPrograms borne by a disk or a file that has the ability to replicateTypically affectExecutable programScript or macroBoot or partition sector of a drive5 Guide to Operating System SecurityHow Viruses SpreadTransported from one medium or system to anotherReplicated throughout a system (eg, W32.Pinfi)6 Guide to Operating System SecurityVirus Classification (Continued)How they infect systemsBoot or partition sectorFile infectorMacroMultipartite7 Guide to Operating System SecurityVirus Classification (Continued)How they protect themselves from detection or from a virus scannerArmoredPolymorphicStealthCompanionBenign or destructive8 Guide to Operating System SecurityWormsPrograms that replicate on the same computer or send themselves to many other computersCan open a back door9 Guide to Operating System SecurityHow Worms SpreadBuffer overflow (eg, Code Red and CodeRed II)Port scanning or port floodingCompromised passwords10 Guide to Operating System SecurityTrojan Horses and How They SpreadPrograms that at first appear useful, but can cause damage or provide a back doorExamplesBackdoor.EggheadAOL4FREESimpsons AppleScript Virus11 Guide to Operating System SecurityLocations for Viruses, Worms, and Trojan Horses (Continued)12 Guide to Operating System SecurityLocations for Viruses, Worms, and Trojan Horses (Continued)13 Guide to Operating System SecurityLocations for Viruses, Worms, and Trojan Horses (Continued)14 Guide to Operating System SecurityLocation for a UNIX/Linux System15 Guide to Operating System SecurityLocation for a Windows XP System16 Guide to Operating System SecurityTypical Methods Used by Malicious SoftwareExecutable methodsBoot and partitions sector methodsMacro methodsE-mail methodsSoftware exploitationSpyware17 Guide to Operating System SecurityExecutable MethodsFiles that contain lines of computer code that can be runExamples: .exe, .com, .bat, .bin, .btm, .cgi, .pl, .cmd, .msiCan infect source or execution code of a program18 Guide to Operating System SecurityBoot and Partition Sector MethodsParticularly affect Windows and UNIX systemsTypically infect/replace instructions in MBR or Partition Boot SectorCan corrupt address of primary partitionMay move boot sector to another location if size of virus exceeds space allocated for boot sectorEradication typically involves recreating MBR and Partition Boot Sector instructions19 Guide to Operating System SecurityMacro MethodsA virus can infect a macro and spread each time the macro is usedSoftware is configured so that macros are disabled unless digitally signed by a trusted source20 Guide to Operating System SecurityMacro Protection21 Guide to Operating System SecurityE-Mail MethodsSent as attachments to e-mail22 Guide to Operating System SecuritySoftware ExploitationParticularly aimed at new software and new software versionsExamples of potential vulnerabilitiesDNS servicesMessaging servicesRemote access servicesNetwork services and applications23 Guide to Operating System SecuritySpywareSoftware placed on a computertypically without user’s knowledge reports back information about user’s activitiesSome operate through monitoring cookies24 Guide to Operating System SecurityProtecting an OS from Malicious SoftwareInstall updatesView what is loaded when a system is bootedUse malicious software scannersUse digital signatures for system and driver filesBack up systems and create repair disksCreate and implement organizational policies25 Guide to Operating System SecurityInstalling Updates for WindowsWindows UpdateProvides access to patches that are regularly issuedService packsAddress security issues and problems affecting stability, performance, or operation of features included with the OS26 Guide to Operating System SecurityUsing Windows Update27 Guide to Operating System SecurityUsing Windows Update28 Guide to Operating System SecurityInstalling Updates for Red Hat Linux (Continued)Issued frequently; can be downloaded from Web siteRed Hat Network Alert Notification Tool must be configured29 Guide to Operating System SecurityInstalling Updates for Red Hat Linux (Continued)30 Guide to Operating System SecurityInstalling Updates for NetWareDownload updates and/or consolidated support packs from Novell’s Web site31 Guide to Operating System SecurityInstalling Updates for Mac OS XSoftware Update tool enables you to:Configure the system to automatically check for updates at specified