CSC 379 SUM2008:Week 3, Group 2: Difference between revisions
m (→Links and Sources: modifying links) |
|||
(39 intermediate revisions by 3 users not shown) | |||
Line 1: | Line 1: | ||
== Costs and Benefits of Malware Countermeasures == | == Costs and Benefits of Malware Countermeasures == | ||
Examine the changing nature of malware distribution and forms. | Examine the changing nature of malware distribution and forms. What ethical concerns are raised by this new set range of threats? Examine the effects (costs and benefits) of countermeasures designed to address these new threats. | ||
==Evolution of Malware | |||
== | == Malware and Their Countermeasures == | ||
==Costs and Benefits of Countermeasures== | Due to the fast evolution of malwares, number of technologies has emerged to lessen the risks and dangers of fast spreading threats. On the other hand variety of technologies has been revealed to help with reducing the risks of the previously undiscovered threats. Nevertheless malwares are becoming increasingly stealthy and increasingly malicious in the sense of collection of private and directly valuable personal information. The days that malwares were being constructed for the sole reason of fame and infamy are gone now. We are now dealing with malicious applications that are trying to collect private and valuable personal information from unaware users. This has caused a billion dollar illicit industry. | ||
===Evolution of Malware=== | |||
Many early viruses were not written to cause serious harm to computers, but were rather written as experiments or pranks meant to be annoying. For instance, the first [http://en.wikipedia.org/wiki/Internet_Worm internet worm] was not intended to cause the millions in damage, but was rather written to gauge the size of the internet. Even the [http://en.wikipedia.org/wiki/Melissa_virus Melissa virus], written in 1999, was originally intended as a prank. | |||
Another category of malware that appeared is the type intended to cause data loss. These can either delete files on a hard disk or corrupt a file system by writing junk data. This can be compared to graffiti, as the author's tag follows the malware as it spreads. | |||
Since 2003, another form of malware that has become increasingly widespread is software intended for profit. The rise of broadband internet access has allowed this form of malware to spread. These can include viruses and worms designed to take control of computers for exploitation or denial-of-service attacks designed for extortion. | |||
Furthermore, a new form of for-profit malware that has emerged is [http://en.wikipedia.org/wiki/Spyware spyware]. Unlike other viruses, spyware is not spread through email, but rather installed through exploiting security holes or packaged with software. Spyware is designed to monitor a user's web-surfing, display advertisements, or redirect affiliate marketing revenue to the creator. | |||
An additional form of malware is BOTS. BOTS infect a computer and lie dormant until instructions are sent. BOTS are responsible for most of the spam that is propogated. Many of the new BOTS last only for one day, not nearly enough time for anti-virus programs to respond. | |||
===Evolution of Threat Speed=== | |||
Based on a report in the Wall Street Journal [1], in 1999 it would take up to 281 days from the time that a computer system security flaw was announced until a malicious code would take advantage of that. However as of January 2004 this number declined to 10. The rate of the distribution has changed dramatically as well. Based on an article that was published by the CERT Coordination Center at Carnegie Mellon University, as of January 2003 a SQL based worm ([http://en.wikipedia.org/wiki/SQL_slammer_%28computer_worm%29 slammer]) infected ninety percent of the vulnerable servers within the first 10 minutes of the distribution. Currently it takes only 6 days between the revelation of a vulnerability and the release of its exploit. Given that the average time that it takes to release a patch for the exploited flaw is 54 days [2] which means that it is not very effective. | |||
===Evolution of Threat Stealth=== | |||
Financial motivations cause malwares to become more advanced in hiding and preventing detection. Rootkits and bots are some of the tools that malwares are using to hide themselves [3]. Since the number of different viruses and worms is doubling every six month [4], the chance of persisting undiscovered malwares increases dramatically. However as the antivirus and anti spyware applications evolving and providing a better protection for the operating systems, most of the malware authors have focused on higher level web applications which are more vulnerable due to the lack of defense, and that has caused lot of privacy violation incidents [5, 6]. | |||
===The Ethics of Malware=== | |||
* Unethical Malware | |||
:As malware has evolved over the years, so have the ethical concerns associated with them. In the early days of malware, as distribution was primarily accomplished through [http://findarticles.com/p/articles/mi_hb3234/is_200608/ai_n18987515 email], unsuspecting users would easily find themselves downloading harmful applications with a simple mouse click. Thinking that they were clicking a link to an [http://billmullins.wordpress.com/2008/06/10/open-a-greeting-card-email-get-infected-by-malware/ e-card] from a friend or downloading new pictures of their nephew or their favorite [http://www.securecomputing.net.au/News/93604,angelina-jolie-pictures-trigger-malware-surge.aspx celebrity], uninformed and novice users would unknowingly open up their computer to the [http://www.f-secure.com/v-descs/mydoom_x.shtml embedded malware]. In many of these cases, the security of the computer systems of these users would become compromised, usually without their knowledge. Personal information such as account numbers, Social Security Numbers, passwords, and other such confidential information would no longer be private and would be in the hands of the author of the malware. Gaining unauthorized access to an innocent person's personal information is obviously unethical and new threats make it even harder for people to protect themselves. Additionally, many of these emailed attacks were achieved because the originator was posing as someone trusted by the user and as such, the user would open the malicious email without a second thought. Posing as someone else through email may not be illegal, but it is certainly unethical and when done with malicious intent, it is most certainly immoral. | |||
:Some [http://www.scambusters.org/fakeantivirus.html new malware] is designed in such a way that it mimics the software that is supposed to prevent it, and as a result people are given a false sense of security as the software that they thought was protecting them turns out to be the very software that is infecting them. These [http://resources.alibaba.com/article/204514/10_Tips_to_help_you_avoid_fake_anti_virus_software_scams.htm new threats] will pretend that they are finding various infections on a person's computer and prompt the user to clean their system, in much the same way that a real anti-virus program would work. However, in the case of malware, instead of cleaning the system, the user is actually downloading additional viruses, trojans, and worms into their system. These [http://www.spywarewarrior.com/rogue_anti-spyware.htm "fake"] anti-virus programs are particularly difficult to remove from a system since many of them have embedded themselves to a point that most users would be unable to completely remove them. Such "fake" anti-virus programs are not limited to PC's as even [http://www.f-secure.com/weblog/archives/00000575.html mobile devices] and [http://www.cnet.com.au/software/security/0,239029558,339285176,00.htm Macs] can find themselves victims. | |||
:A new popular form of malware attack comes in the form of [http://www.builderau.com.au/news/soa/-Web-threats-to-surpass-e-mail-pests/0,339028227,339275066,00.htm?feed=pt_trojan infected webpages] that attack an unsuspecting user simply by accessing the affected URL. In these webpages, the user doesn't need to download anything because the malware is often attacking the plug-ins of their browser. Common plug-ins such as [http://blog.mozilla.com/security/2007/09/12/quicktime-to-firefox-issue/ Quicktime], [http://campustechnology.com/articles/58272/ Flash], and even [http://www.pcadvisor.co.uk/news/index.cfm?newsid=12975 language packs] can be the conduits for malware. By attacking a user simply for accessing a website, the authors of these attacks are undermining the overall freedom of the Internet because a user has no way of knowing whether or not a website is safe. Ethically, these attacks are as bad or even worse than the previous examples because the authors are exploiting the user's browser which can in turn attack even the most careful of users and in turn, affect a very large portion of internet users. | |||
*Ethical Malware | |||
:The line between what is and isn't ethical is somewhat blurred when it comes to malware. One of the most common forms of malware today is designed as a form of advertisement. Though it is intrusive and often annoying to the user, it's purpose isn't to steal from a person's computer, rather it is trying to entice new business from potentially interested consumers. Another positive use of malware is it's use by law-enforcement officials. When trying to build a case against a suspected criminal, law-enforcement officials can use malware in the same way as those attempting to steal from an innocent person. They can use the malware to gain access to the files on the target's computer which can then be used to build their case. In the case of child pornography investigations, this [http://www.revenews.com/jimmydaniels/ethical-malware-ethical-hacking/ tactic] can be a very successful one as the police can infect pornographic images with their malware, upload them to newsgroups frequented by pedophiles, and in turn give them access to the computers of anyone that might download the image. | |||
===Costs and Benefits of Countermeasures=== | |||
There are several countermeasures to fight against malware. Arguably, the most important is a anti-virus application like [http://shop.symantecstore.com/store/symnahho/en_US/DisplayProductDetailsPage/ThemeID.106300/pgm.13843400/productID.77408500 Symantec Norton AntiVirus or [http://usa.kaspersky.com/ Kaspersky Anti-Virus]. These programs offer protection against viruses and many other types of malware by use of a blacklist. However, it is impossible to stay completely ahead of all viruses, so there is a lapse between the time a new virus is released and the time it takes to get the blacklist updated and installed on machines. These programs often must be purchased and come with subscription fees. | |||
For spyware, there are other options that are available. Because of the anti-virus programs' slow response to the boom of spyware, free spyware programs surfaced. Programs such as [http://www.safer-networking.org/en/home/index.html Spybot-Search and Destroy] and [http://lavasoft.com/products/ad_aware_free.php Ad-Aware] offer free scans and removal of spyware. | |||
Another option to prevent malware is to avoid the programs that malware developers target. Microsoft operating systems are the most popular and thus the most often targeted for attack. Switching to another operating system can reduce the number of viruses one can greatly limit the number of malware programs that can harm one's system. Furthermore, Internet Explorer is the browser most often targeted and switching to [http://www.mozilla.com/en-US/firefox/ Firefox] or [http://www.opera.com/ Opera] will limit the available viruses one can obtain. | |||
==Links and Sources== | ==Links and Sources== | ||
[http://www.mysecurecyberspace.com/secure/web-browsing/threats/malware.html | 1. D. Bank, "Computer Worm Is Turning Faster," The Wall Street Journal,May 27, 2004. | ||
2. Symantec Internet Security Threat Report, Volume VIII, Published September 2005 [http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_symantec_internet_security_threat_report_viii.pdf pdf] | |||
3. http://en.wikipedia.org/wiki/Rootkit | |||
4. Symantec Internet Security Threat Report, Volume VIII, Published September 2005 [http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_symantec_internet_security_threat_report_viii.pdf pdf] | |||
5. J. Swartz, "40 million credit card holders may be at risk," USA TODAY, June 19, 2005, http://www.usatoday.com/money/perfi/general/2005-06-19-breach-usatx.htm | |||
6. L. Mearian, "System break-in nets hackers 8 million credit card numbers,"COMPUTERWORLD, February 24, 2003, http://www.computerworld.eom/securitytopics/security/story/0,10801,78747,00.html | |||
7. Malware Evolution: A Snapshot of Threats and Countermeasures in 2005 Written by Brian Witten and Carey Nachenberg | |||
8. Carnegie Mellon - malware explanation [http://www.mysecurecyberspace.com/secure/web-browsing/threats/malware.html] | |||
9. Additional information about malware [http://searchwindowssecurity.techtarget.com/generic/0,295582,sid45_gci1249124,00.html] | |||
10. [http://www.caci.com/business/ia/threats.html http://www.caci.com/business/ia/threats.html] | |||
11. [http://www.symantec.com/business/theme.jsp?themeid=threatreport http://www.symantec.com/business/theme.jsp?themeid=threatreport] | |||
12. [http://www.gtisc.gatech.edu/pdf/Real%20Message_WSJ_061808.pdf?mod=technology_columns_featured_lsc http://www.gtisc.gatech.edu/pdf/Real%20Message_WSJ_061808.pdf?mod=technology_columns_featured_lsc] | |||
13. [http://news.zdnet.co.uk/security/0,1000000189,39280540,00.htm http://news.zdnet.co.uk/security/0,1000000189,39280540,00.htm] |
Latest revision as of 13:03, 29 July 2008
Costs and Benefits of Malware Countermeasures
Examine the changing nature of malware distribution and forms. What ethical concerns are raised by this new set range of threats? Examine the effects (costs and benefits) of countermeasures designed to address these new threats.
Malware and Their Countermeasures
Due to the fast evolution of malwares, number of technologies has emerged to lessen the risks and dangers of fast spreading threats. On the other hand variety of technologies has been revealed to help with reducing the risks of the previously undiscovered threats. Nevertheless malwares are becoming increasingly stealthy and increasingly malicious in the sense of collection of private and directly valuable personal information. The days that malwares were being constructed for the sole reason of fame and infamy are gone now. We are now dealing with malicious applications that are trying to collect private and valuable personal information from unaware users. This has caused a billion dollar illicit industry.
Evolution of Malware
Many early viruses were not written to cause serious harm to computers, but were rather written as experiments or pranks meant to be annoying. For instance, the first internet worm was not intended to cause the millions in damage, but was rather written to gauge the size of the internet. Even the Melissa virus, written in 1999, was originally intended as a prank.
Another category of malware that appeared is the type intended to cause data loss. These can either delete files on a hard disk or corrupt a file system by writing junk data. This can be compared to graffiti, as the author's tag follows the malware as it spreads.
Since 2003, another form of malware that has become increasingly widespread is software intended for profit. The rise of broadband internet access has allowed this form of malware to spread. These can include viruses and worms designed to take control of computers for exploitation or denial-of-service attacks designed for extortion.
Furthermore, a new form of for-profit malware that has emerged is spyware. Unlike other viruses, spyware is not spread through email, but rather installed through exploiting security holes or packaged with software. Spyware is designed to monitor a user's web-surfing, display advertisements, or redirect affiliate marketing revenue to the creator.
An additional form of malware is BOTS. BOTS infect a computer and lie dormant until instructions are sent. BOTS are responsible for most of the spam that is propogated. Many of the new BOTS last only for one day, not nearly enough time for anti-virus programs to respond.
Evolution of Threat Speed
Based on a report in the Wall Street Journal [1], in 1999 it would take up to 281 days from the time that a computer system security flaw was announced until a malicious code would take advantage of that. However as of January 2004 this number declined to 10. The rate of the distribution has changed dramatically as well. Based on an article that was published by the CERT Coordination Center at Carnegie Mellon University, as of January 2003 a SQL based worm (slammer) infected ninety percent of the vulnerable servers within the first 10 minutes of the distribution. Currently it takes only 6 days between the revelation of a vulnerability and the release of its exploit. Given that the average time that it takes to release a patch for the exploited flaw is 54 days [2] which means that it is not very effective.
Evolution of Threat Stealth
Financial motivations cause malwares to become more advanced in hiding and preventing detection. Rootkits and bots are some of the tools that malwares are using to hide themselves [3]. Since the number of different viruses and worms is doubling every six month [4], the chance of persisting undiscovered malwares increases dramatically. However as the antivirus and anti spyware applications evolving and providing a better protection for the operating systems, most of the malware authors have focused on higher level web applications which are more vulnerable due to the lack of defense, and that has caused lot of privacy violation incidents [5, 6].
The Ethics of Malware
- Unethical Malware
- As malware has evolved over the years, so have the ethical concerns associated with them. In the early days of malware, as distribution was primarily accomplished through email, unsuspecting users would easily find themselves downloading harmful applications with a simple mouse click. Thinking that they were clicking a link to an e-card from a friend or downloading new pictures of their nephew or their favorite celebrity, uninformed and novice users would unknowingly open up their computer to the embedded malware. In many of these cases, the security of the computer systems of these users would become compromised, usually without their knowledge. Personal information such as account numbers, Social Security Numbers, passwords, and other such confidential information would no longer be private and would be in the hands of the author of the malware. Gaining unauthorized access to an innocent person's personal information is obviously unethical and new threats make it even harder for people to protect themselves. Additionally, many of these emailed attacks were achieved because the originator was posing as someone trusted by the user and as such, the user would open the malicious email without a second thought. Posing as someone else through email may not be illegal, but it is certainly unethical and when done with malicious intent, it is most certainly immoral.
- Some new malware is designed in such a way that it mimics the software that is supposed to prevent it, and as a result people are given a false sense of security as the software that they thought was protecting them turns out to be the very software that is infecting them. These new threats will pretend that they are finding various infections on a person's computer and prompt the user to clean their system, in much the same way that a real anti-virus program would work. However, in the case of malware, instead of cleaning the system, the user is actually downloading additional viruses, trojans, and worms into their system. These "fake" anti-virus programs are particularly difficult to remove from a system since many of them have embedded themselves to a point that most users would be unable to completely remove them. Such "fake" anti-virus programs are not limited to PC's as even mobile devices and Macs can find themselves victims.
- A new popular form of malware attack comes in the form of infected webpages that attack an unsuspecting user simply by accessing the affected URL. In these webpages, the user doesn't need to download anything because the malware is often attacking the plug-ins of their browser. Common plug-ins such as Quicktime, Flash, and even language packs can be the conduits for malware. By attacking a user simply for accessing a website, the authors of these attacks are undermining the overall freedom of the Internet because a user has no way of knowing whether or not a website is safe. Ethically, these attacks are as bad or even worse than the previous examples because the authors are exploiting the user's browser which can in turn attack even the most careful of users and in turn, affect a very large portion of internet users.
- Ethical Malware
- The line between what is and isn't ethical is somewhat blurred when it comes to malware. One of the most common forms of malware today is designed as a form of advertisement. Though it is intrusive and often annoying to the user, it's purpose isn't to steal from a person's computer, rather it is trying to entice new business from potentially interested consumers. Another positive use of malware is it's use by law-enforcement officials. When trying to build a case against a suspected criminal, law-enforcement officials can use malware in the same way as those attempting to steal from an innocent person. They can use the malware to gain access to the files on the target's computer which can then be used to build their case. In the case of child pornography investigations, this tactic can be a very successful one as the police can infect pornographic images with their malware, upload them to newsgroups frequented by pedophiles, and in turn give them access to the computers of anyone that might download the image.
Costs and Benefits of Countermeasures
There are several countermeasures to fight against malware. Arguably, the most important is a anti-virus application like Symantec Norton AntiVirus or [http://usa.kaspersky.com/ Kaspersky Anti-Virus. These programs offer protection against viruses and many other types of malware by use of a blacklist. However, it is impossible to stay completely ahead of all viruses, so there is a lapse between the time a new virus is released and the time it takes to get the blacklist updated and installed on machines. These programs often must be purchased and come with subscription fees.
For spyware, there are other options that are available. Because of the anti-virus programs' slow response to the boom of spyware, free spyware programs surfaced. Programs such as Spybot-Search and Destroy and Ad-Aware offer free scans and removal of spyware.
Another option to prevent malware is to avoid the programs that malware developers target. Microsoft operating systems are the most popular and thus the most often targeted for attack. Switching to another operating system can reduce the number of viruses one can greatly limit the number of malware programs that can harm one's system. Furthermore, Internet Explorer is the browser most often targeted and switching to Firefox or Opera will limit the available viruses one can obtain.
Links and Sources
1. D. Bank, "Computer Worm Is Turning Faster," The Wall Street Journal,May 27, 2004.
2. Symantec Internet Security Threat Report, Volume VIII, Published September 2005 pdf
3. http://en.wikipedia.org/wiki/Rootkit
4. Symantec Internet Security Threat Report, Volume VIII, Published September 2005 pdf
5. J. Swartz, "40 million credit card holders may be at risk," USA TODAY, June 19, 2005, http://www.usatoday.com/money/perfi/general/2005-06-19-breach-usatx.htm
6. L. Mearian, "System break-in nets hackers 8 million credit card numbers,"COMPUTERWORLD, February 24, 2003, http://www.computerworld.eom/securitytopics/security/story/0,10801,78747,00.html
7. Malware Evolution: A Snapshot of Threats and Countermeasures in 2005 Written by Brian Witten and Carey Nachenberg
8. Carnegie Mellon - malware explanation [1]
9. Additional information about malware [2]
10. http://www.caci.com/business/ia/threats.html
11. http://www.symantec.com/business/theme.jsp?themeid=threatreport
12. http://www.gtisc.gatech.edu/pdf/Real%20Message_WSJ_061808.pdf?mod=technology_columns_featured_lsc
13. http://news.zdnet.co.uk/security/0,1000000189,39280540,00.htm