Our lecture 3 of Information Technology Security course is about Program Security.
Security implies some degree of trust that the program enforces expected confidentiality, integrity, and availability. While program security is our first step on how to apply security to computing.
Program errors are generally divided into two types which are malicious and nonmalicious program error.
Nonmalicious Program Errors
Nonmalicious program errors are unintentional error which causes by mistakes made by programmers and developer.
Nonmalicious program errors causes program malfunction but do not lead to serious security vulnerabilities.
Attack associated to programs error:
* Cross site scripting
* Injection flaws
* Malicious file execution
* Insecure direct object reference
* Cross site request forgery
* Information leakage and improper error handling
* Broken authentication and session management
* Insecure crypto storage
* Insecure comms
* Failure to restrict URL access
Viruses and Other Malicious Code
Malicious Code has been "officially" defined by Cohen in 1984 but the virus behaviour known since at least 1970.
Malicious code exploit the weaknesses in computer software and is intended to cause undesired effects, security breaches or damage to a system.
Damage could be in form of :
* Modification/destruction
* Stolen data
* Unauthorized access
* Damage on system
* or other forms not intended by users
Examples of malicious codes:
* Trojan Horse : contain unexpected, additional functionalities.
* Virus :attach itself to program and infect other programs.
* Worm :a program which replicates itself and causes execution of the new copy.
* Bacteria : replicates until it fills all disk space, or CPU cycles
* Logic Bomb :malicious code that activates on an event
* Trap door : allow unauthorized access to functionality.
* Spyware : Can steal your information, can steal your email addresses, can see what Web sites you visit, slow down your computer and etc.
Preventing Virus Infection
a) Protection against viruses
* detection tools
* identification tools
* removal tools
b) Scanners and disinfectors are the most popular classes of anti-virus software.
c) Personal and administrative practices and
d) Ways to prevent Virus infections:
* Use only commercial software acquired from reliable, well established vendors.
* Test all new software on an isolated computer.
* Do not put a floppy disk in the machine unless it has been scanned first.
* Do not open attachments to email unless they have been scanned. Including turn of the auto open of attachments in mail readers.
* Scan any downloaded files before they are run.
* At least once a week update the virus signature data files.
e) Make a bootable disk with a virus scan program on it and write protected.
f) Make and retain backup copies of executable system files.
There is no real way to measure the amount of damage that malicious code can do. All one can do is estimate, and that is only for the discovered programs, what about the ones that haven't been discovered or haven't been executed, or worst the ones that haven't been written yet.
