Computers viruses, spyware, ransomware, adware, worms, scareware, rogue software and, Troganhorse are different malware variants which intentionally damage or sabotage computers or servers. By embedding itself in other executable programs without the user’s awareness, computer malware spreads when the infected software is executed. Malware act against a user’s or networks intention and gain unauthorized access to sensitive information about the user or network. Sony music CD secretly installed a toolkit on computers to prevent illicit copying. However, the software also monitored the purchaser’s listening history, causing security issues. To detect a malware in a system and prevent further attacks firewalls and, anti-virus programs are used.
Malwares are used by government and hackers to steal and gain unauthorized access to a person’s business, financial or personal information like personal identification identity, bank passwords, and credit card number. Malware attacks have increased as internet usage has increased. Malware sabotage a computer operation and can be remotely controlled to send email spams to other computers.
Spyware is malicious software which spies a person’s web browsing history, redirect their affiliate revenues and display unnecessary ads. They are installed without a user’s knowledge and operate in the background by exploiting weakness in a computer’s security protection. Sony BGM toolkit is an example of spyware.
Ransomware disrupts a computer or network operation service with denial-of-service messages. The Hackers demand payment in return for restoring the site functionality and promise future security in return. Locker ransomeware and cryptoransomeware are the two types of ransomware:
- Cryptoransomeware lock down a system and encrypt its data.
- On the other hand, locker ransomeware lock a computer or network, but the content of the infected system do not get encrypted.
Click frauds use malware, which fake a person’s click on an advertisement, generating money in response.
Malware as a political weapon:
Malware can be used for political purposes by disrupting large scale operations and may lead to malfunctioning of industrial machinery. In the past Computers network/servers were shut down because of master record corruption and files deletion in what was described as “computer killing” Such attack was made by W32 Disttrack or Shamorn on Sony Entertainment on Nov, 25th, 2014.
Viruses, worms and other famous malwares are identified via their propagation mechanism rather than their action. Worms infect computer by actively transmitting themselves between networks. In general, a worm self-propagates, whereas a virus spread by executing malicious software on the computers network.
Operating system using old browser plugin versions, like Adobe Reader or Acrobat, Adobe Flash Player or Java SE is vulnerable to malware attack. Sometimes installing updated plugin versions do not uninstall their old versions. Hence, plugins must be updated regularly and older plugins must be uninstalled for security purposes. Malware commonly exploit buffer overrun vulnerability, by providing excess data containing malicious codes which is beyond a buffer capacity. When this data gets accessed by the hacker, the system executes what the hacker wants, not what the software intends.
USERS ERROR/ INSECURE DESIGN
Early PC’s were booted externally from floppy discs, until hard disk allowed these devices to be booted internally. However, these systems can still boot using DVD-Roms, CD-Rom, Floppy disk, USB Flash Drive. These boot devices are used to configure the operating system when necessary.
Malware infects an operation system when it is booted form an infected boot device. For instance, a virus infected system automatically copies the virus to any external hard drive, or USB device attached to it. The virus-infected USB will keep on infecting other computers where it is plugged. This form of infection is prevented by configuring the computer to boot only from internal disk. Booting can be done using boot devices by pressing certain keys during the boot process.
OVER Privileged CODE/Over Privileged USERS:
Privilege refers to the permission or access a user or program is given to make change in a system. In poorly configured operating system, both programs and user are given more privilege than necessary, which a malware can easily exploit. The malware take advantage by two ways: through over privileged code and over privileged user. Some systems allow privilege access to users by executive over-privileged code.
Systems and networks are subverted when malware gains privilege by running as over-privileged code. All users’ rights are granted to users executing the code, making the system vulnerable to potential malware attack in the form of disguised email attachment containing malicious files.
When all users are granted permission to modify a computer internal structure, such users are considered over-privileged users. In early microcomputer and home computer, there was no distinction between the root or administrator, and regular users. Some Malware gain unauthorized access making them over-privileged user. Malware then takes control and sabotage the operating system.
USE OF THE SAME OPERATING SYSTEM:
Using single type of Operating System is risky, because by infecting only a single computer on a network, a worm can easily be transmitted to other operating systems. Mac OS X and Microsoft Windows are the commonly used operating system, and by sabotaging only one operating system, other systems will likely be subverted. By using different Operating Systems, such as Linux O.S, all nodes are being protected from being part of the same directory. Hence, a complete shutdown in case of a malware attack can be prevented. This also gives infected nodes time to recover. However, such diversification is costly and adds complexity to the whole network.
Anti-Malware and anti-virus software
Anti-malware and anti-virus are tools which protect a user’s operating system by embedding themselves into the operating system kernel or core. These anti-malwares and anti-viruses function similarly to how a malware functions. When the operating system accesses a file, the file is first scanned by the anti-virus or anti-malware and if the accessed file turns out to be malware, the operation is terminated immediately. Then appropriate action is then taken as per configuration.
The system performance is impacted by the configuration of the anti-virus software, but it depends on how the software was configured. The goal is to stop the malware from exploiting bugs and triggering unusual system behavior. Anti-Malware stops a malware attack in the two ways
1: Anti-Malware prevents installation of malware software on the operating system. By scanning all the incoming network data, the anti-malware software provides real-time protection from malicious software/files it considers as threat.
2: Anti-Malware software detects and removes any malicious software/tool which is already been installed on the system. The anti-malware scans the operating system files installed software and window registry. All the infected files are displayed in the form of a list and to choose appropriate action against each individual file
Some viruses and malware get installed through users’ error, or by exploiting browsers. Malware inflicted damage can be restricted by “sand boxing” browsers. This isolates the browser from the computer and any change induced by the malware. The window defenders, malicious software removal tool and Microsoft Security essential are some examples of Microsoft Windows Anti-Malware and anti-virus software. Also, anti-virus and anti-malware software are available on the internet free for downloading. These are developed for non-commercial use. Some free non-commercial anti-malware software are competing with licensed commercial anti-malwares. Some viruses disable command prompt, task manager and system restore. These viruses can be removed by entering windows safe Mode with Networking through rebooting the System, and using Microsoft security scanner at the end.