Where do viruses live? What does a worm need to flourish? A concise description of software requirements for malware.Three Criteria for Malware Existence
No operating system or application is vulnerable to malicious programs unless external programs, no matter how simple, can be launched. If an external program, even the simplest, can be launched within an operating system or application, then it will be vulnerable to malicious programs. Most contemporary operating systems and applications need to work with other programs, so they do end up being vulnerable. Potentially vulnerable OS and applications include:
- All popular desktop operating systems
- Most office applications
- Most graphical editors
- Project applications
- Any applications with in-built script language
Computer viruses, worms, Trojans have been written for countless operating systems and applications. On the other hand, there are still numerous OSs and applications that are free from malware so far. Why is this so? What makes one OS more attractive to virus writers than others?
Malware appears in any given environment when the following criteria are met:
- The operating system is widely used
- Reasonably high-quality documentation is available
- The targeted system is insecure or has a number of documented vulnerabilities
All three criteria are key factors and all three need to be met before the given system will be targeted by virus writers.
In the first place, in order for hackers and cyber vandals to even consider any system, the target needs to be popular enough for them to access it. Once an OS or application is widely available and marketed successfully, it turns into a viable target for virus writers.
A quick look at the number of malicious programs written for Windows and Linux shows that the volume of malware is roughly proportional to the respective market share of these two operating systems.
Detailed documentation is necessary for both legal developers and hackers, since documentation includes descriptions of available services and rules for writing compatible programs.
For instance, most mobile phone vendors do not share this information, leaving both legal vendors and hackers helpless. On the other hand, some vendors of smart phones do publish their documentation. The first viruses for Symbian (Worm.SymbOS.Cabir.a) and Windows CE (WinCE.Duts.a) appeared shortly after the documentation was published in mid-2004.
The architecture of a well-built (constructed designed) OS or applications needs to take security into account. A secure solution does not allow new or unsanctioned programs extensive access to files or potentially dangerous services. This leads to difficulties, as a fully secure system, will block not only malware, but 'friendly' programs as well. As a result, none of the widely available systems can be called truly secure.
Java machines that launch Java applications in 'sandbox' mode come close to achieving secure conditions. As a matter of fact, there have been no viruses or Trojans which pose a serious threat written in Java for a long time, though non-viable proof of concept malware does occasionally appear. Malware written in Java appeared only when vulnerabilities in Java Virtual Machine security were discovered and publicized.
No comments:
Post a Comment