Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message."— Presentation transcript:

1 Chapter 9 Security 9.7 - 9.8 Malware Defenses

2 Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message … Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639 Greetings from General Encryption To purchase a decryption key for your hard disk, please send $100 in small unmarked bills to Box 2154, Panama City, Panama. Thank you. We appreciate your business.

3 Types of Viruses Companion virus Executable program virus Parasitic virus Memory-resident virus Boot sector virus Device driver virus Macro virus Source code virus Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

4 Figure 9-27. A recursive procedure that finds executable files on a UNIX system. Executable Program Viruses (1) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639...

5 Figure 9-27. A recursive procedure that finds executable files on a UNIX system. Executable Program Viruses (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639...

6 Figure 9-28. (a) An executable program. (b) With a virus at the front. (c) With a virus at the end. (d) With a virus spread over free space within the program. Parasitic Viruses Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

7 Figure 9-29. (a) After the virus has captured all the interrupt and trap vectors. (b) After the operating system has retaken the printer interrupt vector. (c) After the virus has noticed the loss of the printer interrupt vector and recaptured it. Boot Sector Viruses Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

8 Spyware (1) Description: Surreptitiously loaded onto a PC without the owner’s knowledge Runs in the background doing things behind the owner’s back Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

9 Spyware (2) Characteristics: Hides, victim cannot easily find Collects data about the user Communicates the collected information back to its distant master Tries to survive determined attempts to remove it Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

10 How Spyware Spreads Possible ways: Same as malware, Trojan horse Drive-by download, visit an infected web site Web pages tries to run an.exe file Unsuspecting user installs an infected toolbar Malicious activeX controls get installed Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

11 Actions Taken by Spyware Change the browser’s home page. Modify the browser’s list of favorite (bookmarked) pages. Add new toolbars to the browser. Change the user’s default media player. Change the user’s default search engine. Add new icons to the Windows desktop. Replace banner ads on Web pages with those the spyware picks. Put ads in the standard Windows dialog boxes Generate a continuous and unstoppable stream of pop-up ads. Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

12 Types of Rootkits (1) Firmware rootkits Hypervisor rootkits Kernel rootkits Library rootkits Application rootkits Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

13 Figure 9-30. Five places a rootkit can hide. Types of Rootkits (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

14 Figure 9-31. A simplified view of a hardware firewall protecting a LAN with three computers. Firewalls Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

15 Figure 9-32. (a) A program. (b) An infected program. (c) A compressed infected program. (d) An encrypted virus. (e) A compressed virus with encrypted compression code. Virus Scanners (1) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

16 Figure 9-33. Examples of a polymorphic virus. Virus Scanners (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

17 Antivirus and Anti-Antivirus Techniques Virus scanners Integrity checkers Behavioral checkers Virus avoidance Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

18 Figure 9-34. How code signing works. Code Signing Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

19 Figure 9-35. The operation of a jail. Jailing Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

20 Figure 9-36. (a) A program. (b) System call graph for (a). Model-Based Intrusion Detection Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

21 Figure 9-37. (a) Memory divided into 16-MB sandboxes. (b) One way of checking an instruction for validity. Sandboxing Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

22 Figure 9-38. Applets can be interpreted by a Web browser. Interpretation Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

23 Java Security (1) JVM byte code verifier checks if the applet obeys certain rules: Does the applet attempt to forge pointers? Does it violate access restrictions on private-class members? Does it try to use a variable of one type as another type? Does it generate stack overflows? underflows? Does it illegally convert variables of one type to another? Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

24 Figure 9-39. Some examples of protection that can be specified with JDK 1.2. Java Security (2) Tanenbaum, Modern Operating Systems 3 e, (c) 2008 Prentice-Hall, Inc. All rights reserved. 0-13- 6006639

Download ppt "Chapter 9 Security 9.7 - 9.8 Malware Defenses. Malware Can be used for a form of blackmail. Example: Encrypts files on victim disk, then displays message."

Similar presentations

Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.

 Application software consists of programs designed to make users more productive and/or assist with personal tasks.  Growth of internet simplified.
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.

Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.

Dr. John P. Abraham Professor UTPA 2 – Systems Threats and Risks.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.

AVG 8.5 Product Line Welcome to a safe world …. | Page 2 Contents  Components Overview  Product Line Overview  AVG 8.0 Boxes.
ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.

ROOTKIT VIRUS by Himanshu Mishra Points to be covered Introduction History Uses Classification Installation and Cloaking Detection Removal.
Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.

Students: Jacek Czeszewski and Marcos Verdini Rosa Professor: José Manuel Magalhães Cruz.
3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.

3 Section C: Installing Software and Upgrades  Web Apps  Mobile Apps  Local Applications  Portable Software  Software Upgrades and Updates  Uninstalling.
1 Security Chapter 9 9.1 The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.

1 Security Chapter The security environment 9.2 Basics of cryptography 9.3 User authentication 9.4 Attacks from inside the system 9.5 Attacks from.
Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.

Security strategy. What is security strategy? How an organisation plans to protect and respond to security attacks on their information technology assets.
1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.

1 Pertemuan 05 Malicious Software Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.

Computer Security Fundamentals by Chuck Easttom Chapter 5 Malware.
Buffer Overflow Attacks Figure 9-21. (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.

Buffer Overflow Attacks Figure (a) Situation when the main program is running. (b) After the procedure A has been called. (c) Buffer overflow shown.
Chapter 5 System Software.

Chapter 5 System Software.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.

Computer Viruses By Patsy Speer What is a Virus? Malicious programs that cause damage to your computer, files and information They slow down the internet.
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Chapter Nine Maintaining a Computer Part III: Malware.

Chapter Nine Maintaining a Computer Part III: Malware.
R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

R. FRANK NIMS MIDDLE SCHOOL A BRIEF INTRODUCTION TO VIRUSES.

Similar presentations

Ads by Google