S COMPUTER VIRUSES Ralph Roberts

Total Page:16

File Type:pdf, Size:1020Kb

S COMPUTER VIRUSES Ralph Roberts ... COMPUTE!'s COMPUTER VIRUSES Ralph Roberts COMPUTE! Books Greensboro, North Carolina Radnor, Pennsylvania ,... Other Books by Ralph Roberts: COMPUTEl's Using Turbo Basic COMPUTEl's Using Borland's Sprint The Price Guide to Autographs Auction Action! Analysis with Reflect The Power of Turbo Prolog The Word Processor Buyer's Survival Manual Editor: Stephen Levy Copyright 1988, COMPUTE! Publications, Inc. All rights reserved. Reproduction or translation of any part of this work beyond that permitted by Sections 107 and 108 of the United States Copyright Act without the permission of the copyright owner is unlawful. Printed in the United States of America 10 9 8 7 6 5 4 3 2 1 Library of Congress Cataloging-in-Publication Data Roberts, Ralph COMPUTEt's computer viruses p. cm. Includes index. ISBN 0-87455-178-1 1. Computer viruses. I. Title. QA76.76.C68R62 1988 005.8--dc19 88-28556 The authors and publisher have made every effort in the preparation of this book to insure the ac­ curacy of the programs and information. However, the information in this book is sold without warranty, either express or implied. Neither the authors nor COMPUTE! Publications, Inc. will be liable for any damages caused or alleged to be caused directly, indirectly, incidentally, or con­ sequentially by the programs or information in this book. The opinions expressed in this book are solely those of the author and are not necessarily those of COMPUTE! Publications, Inc. COMPUTE! Books, Post Office Box 5406, Greensboro, NC 27403, (919) 275-9809, is a Capital Cities/ABC, Inc. company, and is not associated with any manufacturer of personal computers. IBM is a registered trademark and OS/2 is a trademark of Inter­ national Business Machines Corporation. MS-DOS is a registered trademark of Microsoft Corporation. Apple and Macintosh are trademarks of Apple Computer, Inc. Amiga is a trademark of Commodore-Amiga. Atari and Atari ST are trademarks of Atari Corporation. CONTENTS Preface ....................................... v Acknowledgements ............................. vi 1. Your Computer May Be Sick! ................. 1 2. History and Infamous Viruses ................. 9 3. How Viruses Work ......................... 17 4. Fighting Viruses and Practicing Safe Computing . 31 5. How the Experts Deal with Viruses .... .. 55 6. Corporate Initiatives for PC Data Security Pamela Kane ............................ 81 7. The Case of the Gerbil Virus that Wasn't Raymond M. Glath ....................... 91 8. IBM PCs and Compatibles . .. 95 9. Macintosh ............................... 133 10. Atari ... .. 145 11. Amiga .................................. 151 12. The Only Good Virus Is a Dead Virus ........ 163 Index ...................................... 168 ... PREFACE What if all the data on your computer's hard disk and/or floppies suddenly disappears? Millions of characters of infor­ mation are irretrievably gone and the only thing left in return is an infantile message like "Arfl Arfl Gotcha!"or "Welcome to the dungeon ... beware the virus." The destructive rampages of these terrible little hidden programs from sick minds are not limited to high risk users who download indiscriminately from pirate electronic bulletin boards. Associated Press and United Press International stories in recent months have reported that such major institutions as NASA, Lehigh University, Miami (Ohio) University, AReO Oil, Hebrew University in Israel, and others have had com­ puter virus attacks. Viruses can attack your system even if you don't have a telephone modem. Like a biological virus, a computer virus can replicate itself and be spread (through the use of "Trojan horse" programs) from system to system. Trade a floppy disk with a friend and you may unwittingly be destroying large amounts of important data in your system, be it a single-user computer or a large tele­ phone-linked network of 20,000 terminals. It's not even enough to have good backup-a timed release virus can also be in the backup disks or tape, destroying data time after frustrating time. There have been viruses reported for all of the major brands of computers. Those with IBM and compatibles, and Macintoshes are currently the most vulnerable, but the poten­ tial threat to all machines is scary. Like vaccinating against smallpox or typhoid fever, there are prudent steps computer users can take that may very well save them hours and days of work, or even more than that. Whether you're a single computer owner or the manager of a large area network, this book offers relief from the fear and the very real danger of a viral infection in your system. It will v help you understand and implement ways to protect your sys­ tem, as well as those of your friends and clients who put pro­ grams into their own systems that were copied off your disks. Typhoid Mary was a dishwasher who, while not sick her­ self, spread that disease to many others. Imagine how poor Mary would be sued today. This book helps you protect your­ self in many ways. Acknowledgments The author gratefully acknowledges all those who helped in the preparation of this book, with special thanks to: Ray Glath, Ross Greenberg, and Pam Kane. And to those other staunch virus fighters: Ron Benvenisti, Dennis Director, Chuck Gilmore, Eric Hansen, Dr. Harold Highland, John McAfee, Mike Riemer, Howard Upchurch, Steve Tibbett, and Jeff Shulman. And to: Stephen Levy, Claudia Earhart, Pam Williams, and all my other friends at COMPUTE! Books. And most especially to you, the reader, in hopes that this book proves helpful. vi 1 YOUR COMPUTER MAY BE SICK! Virus: "Something that corrupts or poisons the mind or the soul. " Webster's New Collegiate Dictionary "Over one percent, or about a quarter of a million IBM PCs and compatibles are already infected," says Larry DiMartin, president of Computer Integrity Corporation, publishers of the commercial viral protection program, Vaccinate. A computer virus is a small program, usually hidden as a code segment of a larger host or Trojan horse program. It has the ability to replicate itself, and to move from computer to computer through the transfer of disks, or by electronic communications. You're safe only if you never buy a program, never borrow a disk from a friend, never call a computer net­ work or electronic bulletin board, never turn on and use your computer at all. In other words, the possibility of a computer viral infection cannot be eliminated totally, only minimized. While not alive, the resemblance in the actions of a com­ puter virus to the reproductive and infectious qualities of a bio­ logical virus is uncanny, even horrifying. Hence the name computer virus. Viruses mayor may not be harmful. Their effects range from the humorous to the catastrophic. A destructive virus could wipe out data it has taken you or your company years to accumulate, including backups. Whatever the effect, someone is messing with your system without your permission. This book helps you to: Avoid neglect! Detect! Protect! 1 Chapter 1 One factor on our side is that a computer virus must be machine-specific. An Amiga virus isn't going to thrive in an IBM environment; a Macintosh virus can't wipe out Atari disks. This is the good news. The bad news is that the Computer Virus Industry Association-a group of software companies who manufacture and sell antiviral products-has already identified viruses on most of the major categories of personal computers being sold today. These include over 20 different types that attack IBM pes and compatibles, 4 are Macintosh­ specific, 4 prey on Amigas, and 6 more infect other types of computer architecture. These, of course, are just the ones that have been verified as existing. The scope of the virus problem (as evidenced by more and more reports) continues to grow. The odds are with an individual computer owner right now; however, the odds will continue to drop if things go unchecked. Next month, next year, your computer might catch a virus. It could be sick already. Where Do Viruses Come From? Computers have always been prone to losing large amounts of data in the blink of an eye. Equipment malfunction, operator error-the reasons are many and varied. In this crazy world, you must also add those who deliberately want to destroy your data. These electronic terrorists come in many stripes. Some, like medical experimenters who may have carelessly let a biological bug escape from the laboratory, did not unleash their viruses into the world information pool intentionally. The term virus was coined by a University of California graduate student, Fred Cohen. He demonstrated how to write a computer program that could infiltrate and attack a computer system in much the same way that a biological virus infects a human. Other students and educators have experimented with these nasty little codes. So have hackers (a description that used to be honorable, but now has been sullied by those few who abuse their knowledge) and various research and develop­ ment groups. An intelligence agency is not going to overlook this means of disrupting an enemy country's informational infrastructure. 2 Your Computer May Be Sick It's obvious and logical that a good many governments could already be experimenting, perhaps even field testing such com­ puter viruses. A second group are pranksters, those individuals or groups who have a "message" to disseminate, or just pure jokers who want to mess with your system (though not necessarily destruc­ tively). The Macintosh Peace virus-supposedly benign and well-intentioned, but still frightening many computer owners­ is a prime example of this. According to a February 12, 1988 UPI report, the source of this Macintosh virus is Richard Brandow, publisher of a 40,OOO-circulation magazine called MacMag, based in Mon­ treal, Quebec. The report quotes a spokesman for the magazine as confirming this.
Recommended publications
  • Reversing Malware [Based on Material from the Textbook]
    SoftWindows 11/23/05 Reversing Malware [based on material from the textbook] Reverse Engineering (Reversing Malware) © SERG What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Reverse Engineering (Reversing Malware) © SERG Reversing Malware • Revering is the strongest weapon we have against the creators of malware. • Antivirus researchers engage in reversing in order to: – analyze the latest malware, – determine how dangerous the malware is, – learn the weaknesses of malware so that effective antivirus programs can be developed. Reverse Engineering (Reversing Malware) © SERG Distributed Objects 1 SoftWindows 11/23/05 Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Reverse Engineering (Reversing Malware) © SERG Typical Purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Reverse Engineering (Reversing Malware) © SERG Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Reverse Engineering (Reversing Malware) © SERG Distributed Objects 2 SoftWindows 11/23/05 Viruses • Viruses are self-replicating programs that usually have a malicious intent.
    [Show full text]
  • Topics in Malware What Is Malware?
    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Metamorphic viruses • Instead of encrypting the program’s body and making slight alterations in the decryption engine, alter the entire program each time it is replicated. • This makes it extremely difficult for antivirus writers to use signature-matching techniques to identify malware. • Metamorphism requires a powerful code analysis engine that needs to be embedded into the malware. Metamorphic viruses: Operation • Metamorphic engine scans the code and generates a different version of it every time the program is duplicated. • The metamorphic engine performs a wide variety of transformations on the malware and on the engine itself.
    [Show full text]
  • TCP SYN-ACK) to Spoofed IP Addresses
    Joint Japan-India Workshop on Cyber Security and Services/Applications for M2M and Fourteenth GISFI Standardization Series Meeting How to secure the network - Darknet based cyber-security technologies for global monitoring and analysis Koji NAKAO Research Executive Director, Distinguished Researcher, NICT Information Security Fellow, KDDI Outline of NICT Mission As the sole national research institute in the information and communications field, we as NICT will strive to advance national technologies and contribute to national policies in the field, by promoting our own research and development and by cooperating with and supporting outside parties. Collaboration between Industry, Academic Institutions and Government R&D carried out by NICT’s researchers Budget (FY 2012): approx. 31.45 Billion Yen (420 Million US$) Personnel: 849 Researchers: 517 PhDs: 410 R&D assistance (as of April 2012) to industry and life convenient Japan Standard Time and academia Space Weather Forecast services Forecast Weather Space of the global community community global the of Growth of Economy of Japanese Growth Promotion of ICT a more for Security and Safety businesses Interaction with National ICT Policy problems major solve to Contribution 2 Internet Security Days 2012 Network Security Research Institute Collabor • Cyber attack monitoring, tracking, • Dynamic and optimal deployment of ation security functions analysis, response and prevention New GenerationNetwork Security • Prompt promotion of outcomes • Secure new generation network design Security Cybersecurity Architecture Laboratory Security Organizations Laboratory Daisuke Inoue Shin’ichiro Matsuo Kazumasa Taira Koji Nakao (Director General) (Distinguished Researcher) Security • Security evaluation of cryptography Fundamentals • Practical security • Post quantum cryptography Laboratory • Quantum security Shiho Moriai Recommendations for Cryptographic Algorithms and Key Lengths to Japan e-Government and SDOs 3 Internet Security Days 2012 Content for Today • Current Security Threats (e.g.
    [Show full text]
  • Malware Slides
    Topics in Malware What is Malware? • Malware (malicious software) is any program that works against the interest of the system’s user or owner. • Question: Is a program that spies on the web browsing habits of the employees of a company considered malware? • What if the CEO authorized the installation of the spying program? Uses of Malware • Why do people develop and deploy malware? – Financial gain – Psychological urges and childish desires to “beat the system”. – Access private data – … Typical purposes of Malware • Backdoor access: – Attacker gains unlimited access to the machine. • Denial-of-service (DoS) attacks: – Infect a huge number of machines to try simultaneously to connect to a target server in hope of overwhelming it and making it crash. • Vandalism: – E.g., defacing a web site. • Resource Theft: – E.g., stealing other user’s computing and network resources, such as using your neighbors’ Wireless Network. • Information Theft: – E.g., stealing other user’s credit card numbers. Types of Malware • Viruses • Worms • Trojan Horses • Backdoors • Mobile code • Adware • Sticky software Viruses • Viruses are self-replicating programs that usually have a malicious intent. • Old fashioned type of malware that has become less popular since the widespread use of the Internet. • The unique aspect of computer viruses is their ability to self-replicate. • However, someone (e.g., user) must execute them in order for them to propagate. Viruses (Cont’d) • Some viruses are harmful (e.g.,): – delete valuable information from a computer’s disk, – freeze the computer. • Other viruses are harmless (e.g.,): – display annoying messages to attract user attention, – just replicate themselves.
    [Show full text]
  • Limiting Vulnerability Exposure Through Effective Patch Management: Threat Mitigation Through Vulnerability Remediation
    Limiting Vulnerability Exposure through effective Patch Management: threat mitigation through vulnerability remediation Submitted in fulfilment of the requirements of the degree MASTER OF SCIENCE in the Department of Computer Science of Rhodes University Dominic Stjohn Dolin White <[email protected]> January 2006 Abstract This document aims to provide a complete discussion on vulnerability and patch management.It looks first at the trends relating to vulnerabilities, exploits, attacks and patches. These trends provide the drivers of patch and vulnerability management. Understanding these allows the fol- lowing chapters to present both policy and technical solutions to the problem. The policy lays out a comprehensive set of steps that can be followed by any organisation to implement their own patch management policy, including practical advice on integration with other policies, manag- ing risk, strategies for reducing downtime and vulnerability and generating patch metrics. It then discusses how best a vendors should implement a related patch release policy that will allow end-users to most effectively and timeously mitigate vulnerabilities. The next chapter discussed the technical aspect of automating parts of such a policy and how defence in depth can be ap- plied to the field of patch management. The document then concludes that patch management is becoming more difficult and the guidelines described will go a long way into creating a workable and effective means for mitigating exposure to vulnerabilities. However, more research is needed into vulnerabilities, exploits and particularly into threats. Contents 1 Introduction 1 1.1 Backgrounds .................................... 1 1.2 PatchManagement ................................. 3 1.2.1 Definitions ................................. 4 1.3 TheNeedforPatchManagement.
    [Show full text]
  • Security Testing
    Dependable Software Systems Security Testing © SERG Computer Security • The goal of computer security is to protect computer assets (e.g., servers, applications, web pages, data) from: – corruption – unauthorized access – denial of authorized access – malicious software • Security is strengthened by: – physically limiting the access of computers to trusted users – hardware mechanisms (e.g., biometrics) – operating system mechanisms that impose rules on untrusted programs (e.g., role-based access control) – anti-virus software to detect malware – secure coding techniques (e.g., array bounds checking) to make code less vulnerable to security attacks. © SERG Approach to Software Security • Verify that security mechanisms are trustworthy • Verify that security architecture adheres to the security policy • Verify that the applications that constitute the system are trustworthy – i.e., they have been developed using secure coding practices, or they are not malware. © SERG Security Architecture • A security architecture is a specification that is used as a guide to enforce security constraints • It specifies where security mechanisms (e.g., encryption, firewalls) need to be positioned in the software architecture • The quality of a security architecture also depends on the security of the applications that constitute the system © SERG Security Architecture • Security architecture describes the position of security mechanisms in the software architecture and comprises: – subsystems • e.g., web servers, application servers, DBMS, directories, web
    [Show full text]
  • Virus V Kontextu Nových Médií
    Historie počítačového viru Náhoda, šum a parazit v technologických sítích • rušení signálu v telegrafických sítích • Parazit v technologických sítích v 19.st. - člověk 1912 – Anarchie vln Radioamatéři jako předchůdci hackerů Předpoklady pro vznik počítačového viru (40. – 50. Léta) • John von Neumann - Idea replikace – 40.léta • myšlenka celulárního automatu, který reprodukuje sám sebe – kniha - Theory of Self- Reproducing Automata (1966) • V 70. letech John Horton Conway zjednodušuje Neumannovy myšlenky a navrhuje systém s velmi jednoduchými pravidly vývoje 1. Živá buňka s méně než dvěma živými sousedy umírá (Příliš malá hustota populace) 2. Živá buňka s 2-3 živými sousedy přežívá do další generace 3. Živá buňka s více než třemi živými sousedy umírá (příliš velká hustota populace) 4. Mrtvá buňka s přesně třemi sousedy ožívá (reprodukce) Game of life na Atari 2600 - https://www.youtube.com/watch?v=bSWhDHybXDY Von Neumannova architektura • 1. operační paměť • 2. aritmeticko-logická jednotka • 3. řadič – řídicí jednotka • 4. vstupní zařízení • 5. výstupní zařízení • Univerzální struktura počítače • Sekvenční zpracování dat • Programy i data se uchovávají v téže operační paměti • programy podobné virům byly označovány jako červy – programy, jež narušovaly osobní prostor jiných programů, často produkovaly náhodné operace a chyby - důsledek této architektury Užitečné, neškodné a zábavné samoreprodukční programy (60. -70. léta) • Core wars (od 1961) – vzájemný boj programů • https://www.youtube.com/watch?v=R2Qjc- dAD_k • Cookie program (70. léta)
    [Show full text]
  • Super Cd-Rom Ii! for Amiga & Cd32
    I utoriais imagine .s.u ■ uciaivitL* 650M b OF GAMES. UTILITIES, OBJECTS AND MORE SUPER CD-ROM II! Hi Quality Version Available on AMIGALAND.COMFOR AMIGA & CD32 On CD-ROM: Exclusive game - Leading Lap SE Fast paced racing game never before released! Plus!!! 650Mb of utilities, demos, music, graphics, games and more ... CD-ROM edition (A 3.5 inch DD l\Io CD-ROM ? Ask your newsagent now. disk Edition is also available) VIDEO BACKUP 3 H 3 H O H U INT. DRIVES FLOPI n m M M i n n a PC881 A 5 00 ................................... £ 3 0 . 9 5 IoEXTENDER PC882 A2000 .................................£ 3 5 . 9 5 can add upto to 50% to PC883 A600/1200 ......................£ 3 5 . 9 5 ty and works [ T 3 lin g S Floppies end even the RAM disk. Disk official GVP RAM SIMMs. SYQUEST EZ ■ i M J i i i r m Expander works on eny Amiga with 4MB GVP RAM £ 1 5 1 GIGABYTE 3.5 SCSI......................£ 2 5 9 16MB GVP RAM £ 5 4 1 GIGABYTE 3.5 SCSI EXTERNAL £ 3 3 5 DISK EXPANDER £ 1 9 . 9 5 MICROPOLIS MIIIIBIIIII 2 GIGABYTE 3.5 SCSI £ C A L L A 68060 accelerator board for the A200 4 GIGABYTE 3.5 SCSI £ C A L L SCSI case s u ita b le lo r CD-ROM /HD/DAT running at 50MHz and allowing up* 9 GIGABYTE 3.5 SCSI £ C A L L and Optical drives. 128MB of user installable memory anc HITACHI SCSHI ha rd disk controller. 5 .2 5 - SCSI o r IDE CASE ..........
    [Show full text]
  • Exploration of Clustering Overlaps in a Ransomware
    EXPLORATION OF CLUSTERING OVERLAPS IN A RANSOMWARE NETWORK BASED ON LINK STRUCTURES AND CONTENT RELEVANCE (Exploration of temporal events and the formation of cluster overlap in a ransomware network) BERNARD CHUKWUEMEKA OGAZI-ONYEMAECHI PhD, MEng, MSc, BSc Doctor of Philosophy (PhD) SCHOOL OF COMPUTING, SCIENCE AND ENGINEERING UNIVERSITY OF SALFORD A Thesis Submitted in Partial Fulfilment of the Requirements for the Degree of Doctor of Philosophy MARCH 2019 Contents EXPLORATION OF CLUSTERING OVERLAPS IN A RANSOMWARE NETWORK BASED ON LINK STRUCTURES AND CONTENT RELEVANCE ................................. i Contents ................................................................................................................................. ii List of figures ....................................................................................................................... vi List of Appendices ................................................................................................................ xi Acknowledgments ............................................................................................................... xii Dedication........................................................................................................................... xiii Declaration ......................................................................................................................... xiv Abstract...............................................................................................................................
    [Show full text]
  • Hi Quality Version Available on AMIGALAND.COM
    ISSN 1164-1746 379458403200300740 DINATEUR CREATIF Hi Quality Version Available on AMIGALAND.COM COLOGNE - LONDRES Chasse aux sorcières Dossier "J’aime mon Amiga..." SpeedMaker Le quartz qui tue! Tabby Une tablette graphique pour moins de 700F Kit tour pour 4000 - Forge - Frame Machine - Streamers index du n‘l au n°73 Décembre 1994 n° 74 Suisse 9.8 FS, Belgique 225FB, Canada $7 REIOTKIfK 142 PiJf- luL'Sx'jr /> . Vszi'js -ijjJsaztë ji> - j)i> . CITIZEN vos Images!! X S e a t Pro +++ r&téor d'images TFF, è Un générateur de paysage» La botte à rythme sharewa- fondions mfrttié- frectaux è vous couper le ra pour taira da iroa un véri­ & oufTfe II table teenoboy II Hi Quality Version Available on AMIGALAND.COM La gestion de vos comptée Lee derniers Antivirus pfus bancaires qui voue évitera les utilitaires du moment A bien des déconvenues. '-■Mr-fi -ran H . ,> Lijj JiW/'j. - i~ j JJJJ jj 'Jv 'jfjàrJ-Jï j -jl '- ï- jjjjw ijr jjj-tJjj ;/ pitiir ju j 'Us -jOuj »/S jcjf. p^jriir ü^ itêf&jjp. f 'J S Z jJ d ; 500 & 2000 ■+■*■: 500/500+/600/ 121X1 :51KV500+/6<N)/2<>00 +- : 500+/600 : louies machines - f : 1200/4000 SOMMAIRE Editorial S p é c ia l W orld of Am iga - Cologne 4 FES - Londres 3 Débat: j'aim e mon Am iga 36 Les salons de Londres et Cologne ont Synthetic Art 12 montré ces dernières semaines qu’un certain CDROM 54 enthousiasme persiste pourLAmiga. RTC Expérience 35 In d e x A Londres les exposants sur Amiga au Am igaNews n i à 73 70 Future Entertainment Show sc prononçaient Tests Hardware plus que content du résultat, et prêt pour le T a b b y 14 salon dédié Amiga qui se tiendra à Wembley S p c e d M a k c r 18 Streamer Tandberg 20 du 9 au 11 décembre.
    [Show full text]
  • Limiting Vulnerability Exposure Through Effective Patch Management: Threat Mitigation Through Vulnerability Remediation
    Limiting Vulnerability Exposure through effective Patch Management: threat mitigation through vulnerability remediation Submitted in fulfilment of the requirements of the degree MASTER OF SCIENCE in the Department of Computer Science of Rhodes University Dominic Stjohn Dolin White <[email protected]> January 2006 Abstract This document aims to provide a complete discussion on vulnerability and patch management. The first chapters look at the trends relating to vulnerabilities, exploits, attacks and patches. These trends describe the drivers of patch and vulnerability management and situate the dis- cussion in the current security climate. The following chapters then aim to present both policy and technical solutions to the problem. The policies described lay out a comprehensive set of steps that can be followed by any organisation to implement their own patch management policy, including practical advice on integration with other policies, managing risk, identifying vulner- ability, strategies for reducing downtime and generating metrics to measure progress. Having covered the steps that can be taken by users, a strategy describing how best a vendor should implement a related patch release policy is provided. An argument is made that current monthly patch release schedules are inadequate to allow users to most effectively and timeously mitigate vulnerabilities. The final chapters discuss the technical aspect of automating parts of the policies described. In particular the concept of ’defense in depth’ is used to discuss additional strategies for ’buying time’ during the patch process. The document then goes on to conclude that in the face of increasing malicious activity and more complex patching, solid frameworks such as those provided in this document are required to ensure an organisation can fully manage the patching process.
    [Show full text]
  • Citation: Peacock, Donna (2013) from Underground Hacking to Ethical Hacking
    Citation: Peacock, Donna (2013) From underground hacking to ethical hacking. Doctoral thesis, Northumbria University. This version was downloaded from Northumbria Research Link: http://nrl.northumbria.ac.uk/32285/ Northumbria University has developed Northumbria Research Link (NRL) to enable users to access the University’s research output. Copyright © and moral rights for items on NRL are retained by the individual author(s) and/or other copyright owners. Single copies of full items can be reproduced, displayed or performed, and given to third parties in any format or medium for personal research or study, educational, or not-for-profit purposes without prior permission or charge, provided the authors, title and full bibliographic details are given, as well as a hyperlink and/or URL to the original metadata page. The content must not be changed in any way. Full items must not be sold commercially in any format or medium without formal permission of the copyright holder. The full policy is available online: http://nrl.northumbria.ac.uk/policies.html From Underground Hacking to Ethical Hacking Donna Peacock PhD 2013 From Underground Hacking to Ethical Hacking Donna Peacock A thesis submitted in partial fulfilment of the requirements of the University of Northumbria at Newcastle for the degree of Doctor of Philosophy Research undertaken in the School of Arts and Social Sciences September 2013 1 Table of Contents Table of Contents ....................................................................................................................
    [Show full text]