Many of us who use use security products on our computers religiously are bewildered to find that we still get infected with malware. How does this happen? No matter what we do, our computers are constantly in touch with the vectors that carry malicious software. Thomas Greene explains what this means, and what we can do about it.
NO DOUBT MOST OF US can sympathize with this Register reader:
Hi Mr. Greene, I have just read your article on the severe Windows security hole and I still cannot for the life of me fathom ports—there are so many! I have been on line now for two years and have had to reformat my hard drive so many times due to viruses, etc., that I’m getting bored with it—lol! I have the latest antivirus software and a firewall up and running, but still I get problems. Any help will be so greatly appreciated; I’m not IT informed in any way—as u can tell! I can work my way round a PC with the basics. Any help at all with the security of a PC (is there such a thing?) will be much appreciated.
Thanks, –Rich in the UK
Rich’s good-natured attitude may be concealing a trace of exasperation as he closes, wondering if securing a PC is even possible. It is possible, of course, and not even terribly difficult, but there’s a good deal more to it than antivirus software and firewalls. He seems to have learned the conventional wisdom well enough, yet his computer is still getting infected with malware. Although we may use security products conscientiously, malicious programs still find their way onto our systems in large numbers. How does this happen? Blame it on software bugs, system vulnerabilities, malware, and the vectors that deliver them to us. Vector comes from the Latin vehere, to carry. Our computers are in constant contact with vectors, or carriers, of infection and exploitation. Generally speaking
A bug is any programming error that causes unforeseen and undesirable conditions, including, but not limited to, vulnerabilities.
A vulnerability is any security weakness that can be attacked deliberately, either with software or with a series of commands, to cause undesirable system behavior or impede desired behavior.
An exploit is any command or any sequence of commands that can leverage a bug or a vulnerability (and when the command sequence is designed to be executed automatically, we call this a scripted exploit).
Malware is any software program or any component such as a plugin or an ActiveX control that can exploit a bug or a vulnerability, or cause undesirable system behavior or impede desired behavior in and of itself.
A vector is any mechanism or agent that spreads, or enables the spread of, malware and scripted exploits.
From a security point of view, the Internet is a vast, virtual ecosystem filled with predators and parasites as well as “prey” and “hosts,” much as we find in any biological system. Just as living things are susceptible to attack from parasites and disease germs, software systems are vulnerable to malware and exploits, and some more so than others. And just as parasites, germs, and the vermin that carry them are everywhere in the real world, the Internet too is teeming with malware and exploit code and the vectors that deliver them—and that’s why Rich’s firewall and AV software have let him down. He is, in a sense, relying on a flu shot to protect against lice.
There’s an important advantage in the real world that has no analogy in the realm of information technology: biodiversity. The entire IT ecosystem is divided into a few technological monocultures, analogous to the agribusiness and livestock industries, where a lack of genetic diversity can lead to blights and epidemics. The world of computing is very much the same, with Cisco Systems running much of the Internet and high-end network infrastructure; Microsoft, Oracle, and Sun running much of the enterprise application (e.g., database) and server realm; and Microsoft acting as the McDonald’s of personal computing, running nearly everything in the consumer desktop arena. In this environment, if you’ve got an exploit against Cisco, then you’ve got an exploit against most routers on the Internet; if you’ve got an exploit against Windows, you’ve got an exploit against virtually every client system and quite a few servers as well. Monocultures, whether biological or artificial, invite epidemics. Just as the operators of agricultural conglomerates and factory feedlots must aggressively control disease-carrying vermin to protect their genetically challenged inventory of plants and animals, so we must control the many vector of contagion affecting our rather inbred computer systems and networks.
This chapter is from Computer Security for the Home and Small Office by Thomas C. Greene (Apress, 2004, ISBN: 1590593162). Check it out at your favorite bookstore today. Buy this book now.