Hardware Reference
In-Depth Information
an attacker is aware of the fl aw, and a tool or technique that the attacker can use to
exploit that vulnerability for malicious purposes is readily available. When criminals use a
vulnerability to attack a system, it's called an exploit .
Although some OSs are considered to be more secure than others, the reality is that all OSs
have weaknesses that, when discovered, are exploited. To guard against exploits, Windows,
Linux, and Mac OSs all have mechanisms to update and patch their OS automatically as
programmers become aware of vulnerabilities. That's why it's important to download and
install all available updates and service packs for your OS promptly. Refer back to Chapter 5,
“Maintaining a Computer,” and Chapter 6 for details on Windows Update.
Applications can also be exploited, although it happens less frequently because an
application is a smaller and less appealing target to a criminal. Widely used applications
such as Microsoft Offi ce are most often the targets of application exploit attempts.
As an application or OS ages, more and more security patches become available for it,
to the point that rolling them all out individually to users becomes unwieldy. At that point,
the OS or application manufacturer typically releases a service pack. A service pack is a
collection of critical updates (and sometimes minor enhancements) that are released as
a group. A service pack is much like a regular update except that it takes longer to download
and install, and you can't usually remove it after installing it.
Viruses
A virus is computer code that inserts itself into an executable fi le. When that fi le is run, the
virus's code executes along with the application's code. The virus hides itself inside its host
fi le, so it's not obvious that it's there. A virus's code can cause all manner of mischief, from
annoying-but-harmless things like displaying a message, to really destructive things like
deleting all fi les of a certain type or causing your OS to stop working. Most viruses also
have a self-replicating component that causes them to spread from one executable fi le to
another. This usually happens via RAM. When the infected fi le executes, the virus code is
copied into RAM, and from there it can attach itself to other executable fi les.
Many other types of malware are loosely grouped under the banner of “virus” and
are detected and removed by antivirus software (covered later in this chapter), but they're
actually not viruses because they don't hide themselves in executable fi les. Instead they may
be worms or Trojan horses, explained in the following sections.
Trojan Horses
Trojan horses (often known as Trojans) are rogue applications that may appear to
do something useful (and, in fact, may do some small useful things) but also secretly do
something malicious, such as damage your system or install a privacy-compromising
application. One insidious type of Trojan horse, for example, is a program that claims to
scan your system for malware but instead causes system problems (which it tries to get you
to pay to get rid of) or installs its own malware, such as a keylogger. A keylogger records
all keystrokes and sends the information to a fi le or to a remote location. The hacker can
Search WWH ::




Custom Search