Chapter 2Learning ObjectivesViruses, Worms, and Trojan HorsesVirusesHow Viruses SpreadVirus Classification (Continued)Slide 7WormsHow Worms SpreadTrojan Horses and How They SpreadLocations for Viruses, Worms, and Trojan Horses (Continued)Slide 12Slide 13Location for a UNIX/Linux SystemLocation for a Windows XP SystemTypical Methods Used by Malicious SoftwareExecutable MethodsBoot and Partition Sector MethodsMacro MethodsMacro ProtectionE-Mail MethodsSoftware ExploitationSpywareProtecting an OS from Malicious SoftwareInstalling Updates for WindowsUsing Windows UpdateSlide 27Installing Updates for Red Hat Linux (Continued)Slide 29Installing Updates for NetWareInstalling Updates for Mac OS XSlide 32Viewing What Is Loaded When a System Is BootedAdvanced Options MenuUsing Malicious Software ScannersMalicious Software Scanners: Features to Look For (Continued)Slide 37Using a Virus ScannerVirus Scanning Software (Continued)Slide 40Using Digital Signatures for System and Driver FilesBacking Up Systems and Creating Repair DisksCreating a Windows 2000 ERDSlide 44Creating an ASR SetSlide 46Creating a Red Hat Linux Boot DiskCreating and Implementing Organizational Policies (Continued)Slide 49Chapter SummaryGuide to Operating System SecurityChapter 2Viruses, Worms, and Malicious Software2 Guide to Operating System SecurityLearning ObjectivesExplain how viruses, worms, and Trojan horses spreadDiscuss typical forms of malicious software and understand how they workUse techniques to protect operating systems from malicious software and to recover from an attack3 Guide to Operating System SecurityViruses, Worms, and Trojan Horses Different forms of malicious software (malware)Intended toCause distress to a userDamage files or systemsDisrupt normal computer and network functions4 Guide to Operating System SecurityVirusesPrograms borne by a disk or a file that has the ability to replicateTypically affectExecutable programScript or macroBoot or partition sector of a drive5 Guide to Operating System SecurityHow Viruses SpreadTransported from one medium or system to anotherReplicated throughout a system (eg, W32.Pinfi)6 Guide to Operating System SecurityVirus Classification (Continued)How they infect systemsBoot or partition sectorFile infectorMacroMultipartite7 Guide to Operating System SecurityVirus Classification (Continued)How they protect themselves from detection or from a virus scannerArmoredPolymorphicStealthCompanionBenign or destructive8 Guide to Operating System SecurityWormsPrograms that replicate on the same computer or send themselves to many other computersCan open a back door9 Guide to Operating System SecurityHow Worms SpreadBuffer overflow (eg, Code Red and CodeRed II)Port scanning or port floodingCompromised passwords10 Guide to Operating System SecurityTrojan Horses and How They SpreadPrograms that at first appear useful, but can cause damage or provide a back doorExamplesBackdoor.EggheadAOL4FREESimpsons AppleScript Virus11 Guide to Operating System SecurityLocations for Viruses, Worms, and Trojan Horses (Continued)12 Guide to Operating System SecurityLocations for Viruses, Worms, and Trojan Horses (Continued)13 Guide to Operating System SecurityLocations for Viruses, Worms, and Trojan Horses (Continued)14 Guide to Operating System SecurityLocation for a UNIX/Linux System15 Guide to Operating System SecurityLocation for a Windows XP System16 Guide to Operating System SecurityTypical Methods Used by Malicious SoftwareExecutable methodsBoot and partitions sector methodsMacro methodsE-mail methodsSoftware exploitationSpyware17 Guide to Operating System SecurityExecutable MethodsFiles that contain lines of computer code that can be runExamples: .exe, .com, .bat, .bin, .btm, .cgi, .pl, .cmd, .msiCan infect source or execution code of a program18 Guide to Operating System SecurityBoot and Partition Sector MethodsParticularly affect Windows and UNIX systemsTypically infect/replace instructions in MBR or Partition Boot SectorCan corrupt address of primary partitionMay move boot sector to another location if size of virus exceeds space allocated for boot sectorEradication typically involves recreating MBR and Partition Boot Sector instructions19 Guide to Operating System SecurityMacro MethodsA virus can infect a macro and spread each time the macro is usedSoftware is configured so that macros are disabled unless digitally signed by a trusted source20 Guide to Operating System SecurityMacro Protection21 Guide to Operating System SecurityE-Mail MethodsSent as attachments to e-mail22 Guide to Operating System SecuritySoftware ExploitationParticularly aimed at new software and new software versionsExamples of potential vulnerabilitiesDNS servicesMessaging servicesRemote access servicesNetwork services and applications23 Guide to Operating System SecuritySpywareSoftware placed on a computertypically without user’s knowledge reports back information about user’s activitiesSome operate through monitoring cookies24 Guide to Operating System SecurityProtecting an OS from Malicious SoftwareInstall updatesView what is loaded when a system is bootedUse malicious software scannersUse digital signatures for system and driver filesBack up systems and create repair disksCreate and implement organizational policies25 Guide to Operating System SecurityInstalling Updates for WindowsWindows UpdateProvides access to patches that are regularly issuedService packsAddress security issues and problems affecting stability, performance, or operation of features included with the OS26 Guide to Operating System SecurityUsing Windows Update27 Guide to Operating System SecurityUsing Windows Update28 Guide to Operating System SecurityInstalling Updates for Red Hat Linux (Continued)Issued frequently; can be downloaded from Web siteRed Hat Network Alert Notification Tool must be configured29 Guide to Operating System SecurityInstalling Updates for Red Hat Linux (Continued)30 Guide to Operating System SecurityInstalling Updates for NetWareDownload updates and/or consolidated support packs from Novell’s Web site31 Guide to Operating System SecurityInstalling Updates for Mac OS XSoftware Update tool enables you to:Configure the system to automatically check for updates at specified
View Full Document