SlideShare ist ein Scribd-Unternehmen logo

Malware

Mariwan Hama Saeed
Mariwan Hama Saeed

Malware in Computer Systems: Problems and Solutions

Technologie
1 von 14
Downloaden Sie, um offline zu lesen
CELE Project 2012 Mariwan Hama Saeed 2110342 10 weeks Computer Science MSc. Advanced Computing Science Permission given to use this project Word count: 3095 Malware in Computer Systems: Problems and Solutions 8 June 2012
Abstract Malware is a harmful programme, which has incredibly developed over the last decade. It infects computer systems, deletes data files and steals valuable information from the computer. This paper will focus on providing the most effective solutions to malware that might mitigate the problems. It investigated four types of malware as well as it provided the best three countermeasures. It suggests to computer users a number of practices, such as training the staff about the security software. Students who study computer science may get some benefits from this project.
Contents Abstract Introduction ....................................................................................................... 1 1. Malware ......................................................................................................... 2 1.1 Virus ..................................................................................................... 2 1.2 Worm .................................................................................................... 2 1.3 Trojan ................................................................................................... 3 1.4 Spyware ................................................................................................ 4 2. Countermeasures of Malware ............................................................................. 5 2.1 Firewall ................................................................................................. 5 2.2 Security Software ................................................................................... 6 2.3 Training ................................................................................................ 7 Conclusion ......................................................................................................... 9 List of references ................................................................................................ 10
Introduction Malware, which is a contraction of malicious software, is designed to destroy computer systems and programmes. It has changed significantly and rapidly in the last decade and the security software has greatly developed in the recent years. Today, there are many forms of malware such as virus, worm, Trojan and spyware. Consequently, there are a number of computer systems around the world which have been damaged as a result of malware. Recently, the latest threat the Flame has been discovered. This threat is a form of the malware that has been found in Iran and has been reported by both Aleks (2012) and Symantec Security Response (2012) as the most complicated threat in the recent year is located in the Middle-East. Aleks, who is a Kaspersky Lab expert, shows that Kaspersky antivirus provided the solution for that threat as well as Symantec Corporation. The purpose of this paper is to evaluate the problems of malware and provide the best solutions of malware on computers. Firstly, the kinds of malware which include virus, worm, Trojan and spyware will be examined. Secondly, the best effective solutions will be presented which include firewall, security software, and training. This project identifies the computer systems which are damaged as a result of harmful programmes. Furthermore, it will show how the problems of malware can be mitigated via hardware such as firewall or via software such as antivirus. However, this project has not provided the completed solutions of threats because this is only a short project on harmful software and indicates the countermeasures in a very few papers. 1
1. Malware According to Moir (2003) defines that malware is related to any harmful programmes which are designed to damage computer systems and programmes such as virus, worm, Trojan and spyware. 1.1 Virus Virus is one of the types of Malware which is a piece of code that attaches to a programme or a file. When the infected programme is run by a user, the virus executes secretly without the user’s noticing (Vacca 2009:56-57). Stallings (200:602) indicates that many viruses need four stages to infect and destroy computer systems. Firstly, dormant phase which is a stage known as an idle step because the virus is idle and it is activated by date or by another programme. Secondly, the virus tries to copy itself to another programme in the propagation phase. Thirdly, triggering phase in this step the virus is ready to perform its function that is caused by several of system tasks such as counting number of times. Damaging programmes, erasing files and then shutting down or restarting of the computer are done by the virus in the execution phase. These steps are changed from one computer to another computer and from one operating system to another one. It also depends on the types of vulnerable points in the system. There are many types of viruses one of them is a macro virus. This is one of the most common of viruses that infect application programmes such as Microsoft Word, Excel and Access. When these programmes are opened, the virus executes itself and performs different actions such as deleting files and replicates itself to another programme. File infector is another type of virus that attaches to executable codes (com and exe) and infect them when the files are installed. After that the virus will execute (Cole et al. 2005:558). Virus has three main actions. Firstly, the virus generates itself between computers on a network. This is a significant point, which distinguishes a virus from other kinds of malware. Secondly, it installs itself on a computer without users noticing. Furthermore, it damages software by changing, deleting the software and randomly executes files then locks many sources such as mouse and keyboard (Salomon 2010:43). 1.2 Worm Salomon (2010:99) defines the worm as “a programme that executes independently of other programmes, replicates itself, and spreads through a network from computer to computer.” This may mean that the worm is harmful software which infects host to host via a vulnerable hole and a security hole in the systems. The main difference between viruses and worms is that the viruses always hide in programmes, however, the worms 2
are working independently. Moreover, worms are mostly used by hackers rather than viruses because the worms spread from computer to computer across network connections (Kizza 2009:127-128). Stallings (2005:607) notes that the worm uses some ways for spreading itself. Firstly, it uses email facilities to copy itself from system to system. Secondly, the execution methods help the worm to run itself to other systems. After that, it consumes login facilities in order to duplicate itself from one system to a different system. There are several types of worms, Morris is a famous kind of them. It was formed by Robert Morris in 1998 Morris spreads on the UNIX operating system and uses various numbers of techniques for copying itself. It makes several illegal actions such as, receiving, sending and forwarding emails automatically, it also makes a combination between user accounts and it exploits fingerprinting protocols. Code Red is another style of the worms, which was released in 2001, exploits a security hole within the Microsoft Internet Information Server (IIS) and disables the system file checker in Microsoft Windows. This worm infected nearly 360,000 servers in 14 hours. In addition, Nimda is another type of them that was created in 2001. It causes several issues in computers and Internet systems, for example modifying Internet document extensions and it creates several copies of itself under various names Stallings (2005:608-609). 1.3 Trojan Collin (2004:338) explains that Trojan is a programme, which is put into a system by hackers. It copies information without user's authorisation. Sometimes, the Trojans might be useful programmes, such as games and anti-viruses. Users are aware of the installation processes of Trojans, but they do not know about their hidden processes (Vacca 2009:122). Trojans are different from viruses and worms because they do not copy themselves. They might pass many security controls and they might not be stopped by firewalls, these can be great threats to the security of organizations (Cole et al. 2008:312-313). Trojan causes many actions. Firstly, it might steal data or may monitor user’s action (Vacca 2009:295). Secondly, it is used for hacking technique by providing pieces of hidden code in a benefit programme for example Green Saver. Moreover, Trojan uses an executable script, such as JavaScript for introducing them into a user's workstation. Also, the Trojan enters into the system via a lack of security to obtain unauthorized access of resources (Vacca 2009:681). Furthermore, it can be indirectly used to complete actions, whilst unauthorized users cannot finish them directly. For example, Trojan can be used 3
for reading files in another system (Stallings 2005:601). Trojan might run additional code that performs a harmful activity in the system. Attackers use it in order to spreading viruses or other types of malware into systems without the user’s attention (Cole 2005:486-487). There are many types of Trojan that the Farfli Trojan77 is a one kind of Trojan. It was created in 2007 that spreads massively, downloads and installs onto the computer. This affected browsers, which were developed by Chinese programmers (Vacca 2009:681). Net-Bus and Sub-Seven are other types of Trojan, which are used by the hackers and the attackers for destroying systems and stealing significant information from the systems (Nestler 2011:142-143). 1.4 Spyware According to Collin (2004:313), spyware is a kind of software that might be installed on the user's computer without their knowledge and it sends the user’s information to the real source of itself. This means that spyware is created for stealing personal information of the computer users. The main distinction between spyware, viruses and worms is that spyware easily spread in the computers and they can be removed quickly. Furthermore, pop-ups and spam are increased as a result of some types of spyware. These are harassing users of the computer. In 2005 the NCSA reported that 61% of the computers were affected by spyware around the world (CA, Geier, and Geier 2007:5-7). Spyware uses many ways to gather information for the central source. Firstly, it uses keystrokes which are responsible for copying sensitive information and passwords of the computer’s user. Secondly, emails are used by the spyware for sending user’s data to the creator of the spyware. Thirdly, much of the spyware are copying communications between computer users and then sends to the spyware’s owner. Some applications and websites are used by the spyware for monitoring users (Cole et al. 2008:314). Spyware can do many huge actions. The spyware might be installed in computers without user authorisation; it may find some ways to enter computers via free soft-wares and games, which are downloaded from websites. Some types of spyware destroy desktop icons, computer programmes and web browsers. This is annoying computer users. It makes computers and the Internet slowdown that is a significant problem when users are trying to download large files, watching online videos and using computer programmes (CA, Geier, and Geier 2007:5-7). 4
2. Countermeasures of Malware There are many ways that can be used for mitigating the impacts of the malware on computer systems. This section will explain the solutions of malware in terms of Firewall, Security Software and Training. 2.1 Firewall The rapid growth of technology in terms of Internet and computers led to growth in the number of users and activities of the users but no all activities of the users are acceptable. Computers should have been protected against of the unacceptable actions of the users. Therefore, home computers and organisation computers need protection because they are facing threats from the internal users and the external users. The administrators of these computers should be able to find ways to protect the computers. A firewall is one of the best ways for protecting computers (Kizza 2009:249). Microsoft Corporation (n.d.) defines that the firewall as “ a software programme or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.” This means that the firewall is a protection of computer systems in a considerable way. The hardware and software firewalls are designed to protect computers from Malware, which include Trojans, Viruses, Spywares and Worms. A personal computer usually one computer that is better to protect it by software firewall that is called a personal firewall (Salomon 2010:202-203). Cole et al. (2008:318) indicate that the personal firewall is a software work on the user’s computer that can be very effective and it can block inside actions and outside actions that come from the Internet. It allows the users of the computer to manually block and permit in and out traffic. However, for connecting various numbers of computers and producing group of computers this needs protection. In that situation, it is better to use a hardware firewall, which is the same as the personal firewall in working but it is more robust than personal firewall (Salomon 2010:202-203). According to Cole et al. (2008:59-60), There are many problems can be solved by a firewall. The firewall helps operating system services for distinguishing fake applications and fake users. This is called poor authentication. It scans free programmes in a highly effective way and identifies which one of them is not optimized and creates a vulnerability hole in the security of the computer operating system. Moreover, hackers are blocked in a highly effective way by firewall. The firewall works all times against attackers, who are 5
responsible for destroying computer programmes because it can be able to block some types of attacks. However, the firewall has many limitations for some kind of problems. Some of the attackers can bypass the firewall. In this situation the firewall cannot block that attackers. Some internal threats cannot remove by firewall such as employees who work with external attacker against the companies. In addition, firewall cannot detect all types of malware because it would be impossible for the firewall to scan all emails, messages and programmes for identifying which types of malware they include (Stallings 2005:623- 624). It is clear that for providing the most effective security for any organisations and companies the firewall is not perfect because it can solve some problems not all of the problems. Security software is another solution that can be used with firewalls for establishing that purpose. 2.2 Security Software Today, much software is designed for securing computer operating systems. Antivirus programmes are one of the most effective programmes that are widely used for securing computers against viruses, worms and Trojans. Computer users also use anti-spyware programmes which are another programme for protecting computers from spyware. Antivirus software, which is one of the best programmes, can be used to protect computers from malware. In the past, antivirus programmes were very simple software packages and viruses were uncomplicated codes. The viruses were solved easily. However, the viruses are more complicated, such as Flame virus, which was reported by Kaspersky and Norton anti-virus programmes as one of the sophisticated viruses that spread in the middle-east last month. Similar to viruses’ antivirus software has significantly grown. Many antivirus programmes use three steps to eliminate viruses from the infected systems one of them is detection step. In this step when the infection has happened, the antivirus programme may locate the virus. Identification is the second stage that viruses are identified by the antivirus programme. Removal is the final, in this stage antivirus programme remove the viruses. However, when the anti-virus programmes are unable to clean the infected systems from viruses in those stages, restoring backup version of the system might be one of the possible alternative ways to solve this problem (Stallings 2005:610). 6
Currently, there are many antivirus programmes that can be used to protect computer systems. Microsoft Security Essentials is one of the antivirus programmes, which is used to guard computer systems from threats. It is free, easy to use and it does not need to scan the computer systems or update itself because it does automatically via the Microsoft website. It can be said Norton and Kaspersky antivirus programmes are the best antivirus programmes that can be used to protect systems and eliminate viruses from an infected system. They need virus signature updates because they use virus signature updates for eliminating and protecting systems from the latest viruses (Cole et al. 2008:317-318). It is clear that some antivirus programmes can not able to remove threats such as spyware because antivirus programmes face a number of difficult obstacles. Vacca (2009:61-62) points out that one of the challenges for the antivirus programmes is a complicated malware, which is growing continuously. The infected system is another obstacle for the antivirus programmes. Moreover, many malware stay in memory that affect files and attack the computer system processes. Sometimes the antivirus programmes are turned off by some of the most dangerous threats. In this situation that is possible to use anti-spyware programmes, which are one of the alternative programmes that can be used for removing and cleaning systems from spyware. Anti-spyware programmes guard computer systems from spyware. Today, there are many numbers of anti-spyware programmes that can be seen. Microsoft Corporation (n.d.) argues that the Microsoft Windows Defender one of the programmes that can able to protect systems from a various number of spyware but it needs updating to work properly. It offers two ways to scan computer systems against spyware. Real-time protection in this way the programme alerts the user about the spyware when the spyware wants to install on the system. Scanning options that is the second way offers the user the schedule scan and the custom scan of the system against the spyware. However the security software may not able to protect the computer systems completely. Training method is one of the ways that can assist the security programmes and the firewalls to provide the highly protection of the computer systems against the malware. 2.3 Training Training is an additional protection for the firewalls and the security software for countermeasures of Malware. It can be provided for members and staffs of any organisations because the implementation of a robust and secure organization such as universities and companies is not enough and needs highly skilled employees in terms of 7
security. Today new vulnerabilities and new threats are discovered. It is important for IT staffs in any organisation to be prepared for identifying the vulnerabilities and threats Vacca (ed.) (2009:9-10). Cole et al. (2008) indicate that there are many practices that can be provided for IT staffs. They should open only expected emails no stranger emails because many stranger emails include graphic files and audio files. These files are used by hackers and attackers for spreading threats and catching useful information. Another practice for the staffs should use other email clients for reading and receiving questionable emails because these emails may be shared by other members in public clients. It seems possible that IT staffs should know how to use the security programmes and how can update these programmes. It is better to scan all the downloaded files from emails before using to protect the computer systems from threats. 8
Conclusion The issues of malware have not been solved completely in this project because they have developed considerably. This paper has discussed the problems of the dangerous types of the malware and has provided some significant countermeasures for the malware. The solutions have been presented in great ways in terms of firewalls, the security software and providing training in a highly useful way for the staff of an organisation because insecure organisation is more sustainable to be effected by threats than a more secure one. According to Microsoft Corporation (n.d.), it seems that Microsoft Windows Defender and Microsoft Security Essential are the programmes that may be very useful for mitigating the problems of malware. However, Cole et al. (2008) suggest that there are many practices of the members of the organisations that can be provided. It is clear that this paper has not suggested all the possible solutions to reduce the problems of harmful programmes because this is limited in terms of the number of words. It also suggested that for any users of computer around the world they should be able to use the security programmes and know how these programmes are updated via the Internet and how can the infected computer be solved. Today, the number of hackers and attackers has extremely grown. They use various types of malware for stealing information and damaging, deleting computer systems and data files. It will be better for other researchers to provide extra solutions for the malware. 9
List of References Aleks (2012) The Flame: Questions and Answers [online] available from <http://www.securelist.com/en/blog/208193522/The_Flame_Questionsand_An swers> [5 May 2012] CA, Geier, E., and Geier J. (2007) Simple Computer Security. Indianapolis: Wiley Publishing Cole E., Krutz R., and Conley J. W. (2005) Network Security Bible. Indianapolis: Wiley Publishing Cole, E., Krutz, R. L., Conley, W. J., Reisman, B., Ruebush, M., Gollmann, D., and Reese, R. (2008) Network Security Fundamentals. Danvers: Wiley Publishing Collin, S.M.H. (2004) Dictionary of Computing. Bloomsbury Publishing Plc: Peter Collin Publishing Kizza, J. M. (2009) Guide to Computer Network Security. London: Springer Microsoft Corporation (n.d.) what is a firewall [online] available from <http://www.microsoft.com/security/pc-security/firewalls-whatis.aspx> [27 May 2012] Microsoft Corporation (n.d.) Microsoft Security Essentials [online] available from <http://windows.microsoft.com/en-US/windows/products/security-essentials > [2 May 2012] Microsoft Corporation (n.d.) Windows Defender [online] available from <http://windows.microsoft.com/en-US/windows7/products/features/windows-defender> [2 May 2012] Moir, R. (2003) Defining Malware [online] available from < http://technet.microsoft.com/en-us/library/dd632948.aspx> [20 May 2012] Nestler, V., Conklin, A., White, G., and Hirsch, M. (2011) Principles of Computer Security. New York: McGraw-Hill Salomon, D. (2010) the elements of computer security. London: Springer 10
Stallings, W. (2005) Cryptography and Network Security Principles and Practices. London: Prentice Hall Symantec Security Response (2012) Flamer: Highly Sophisticated and Discreet Threat Targets the Middle East [online] available from <http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet- threat-targets-middle-east> [5 May 2012] Vacca, J. R. (ed.) (2009) Computer and Information Security. Burlington: Morgan Kaufmann 11

Empfohlen

viruses
virusesviruses
viruses
khadija habib
 
A short course on computer viruses
A short course on computer virusesA short course on computer viruses
A short course on computer viruses
UltraUploader
 
Ids 005 computer viruses
Ids 005 computer virusesIds 005 computer viruses
Ids 005 computer viruses
jyoti_lakhani
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
Mirza Adnan Baig
 
Viruses and Anti-Viruses
Viruses and Anti-VirusesViruses and Anti-Viruses
Viruses and Anti-Viruses
Ayman Hussein
 
Int 2 software slides 2010
Int 2 software slides 2010Int 2 software slides 2010
Int 2 software slides 2010
iarthur
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_study
dilsherece
 
Malicious software group 24
Malicious software group 24Malicious software group 24
Malicious software group 24
Muhammad Zain
 

Empfohlen

viruses
virusesviruses
viruses
khadija habib
 
A short course on computer viruses
A short course on computer virusesA short course on computer viruses
A short course on computer viruses
UltraUploader
 
Ids 005 computer viruses
Ids 005 computer virusesIds 005 computer viruses
Ids 005 computer viruses
jyoti_lakhani
 
Final malacious softwares
Final malacious softwaresFinal malacious softwares
Final malacious softwares
Mirza Adnan Baig
 
Viruses and Anti-Viruses
Viruses and Anti-VirusesViruses and Anti-Viruses
Viruses and Anti-Viruses
Ayman Hussein
 
Int 2 software slides 2010
Int 2 software slides 2010Int 2 software slides 2010
Int 2 software slides 2010
iarthur
 
Dilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_studyDilsher idrees mustafa_6_a_vulnerabilities_study
Dilsher idrees mustafa_6_a_vulnerabilities_study
dilsherece
 
Malicious software group 24
Malicious software group 24Malicious software group 24
Malicious software group 24
Muhammad Zain
 
O p
O pO p
O p
saman Iftikhar
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systems
Sejahtera Affif
 
Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_ Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_
wargames12
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
nkosana cusson ngwenya
 
Secure System Password (SSP) Application for NT Editor Hacking Tool
Secure System Password (SSP) Application for NT Editor Hacking ToolSecure System Password (SSP) Application for NT Editor Hacking Tool
Secure System Password (SSP) Application for NT Editor Hacking Tool
iosrjce
 
Operating System & Application Security
Operating System & Application SecurityOperating System & Application Security
Operating System & Application Security
Sunipa Bera
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit Analysis
Symantec
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
Manish Kumar
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final ppt
aritradutta22
 
Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer viruses
theonlineguru
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
AJAY VISHKARMA
 
Install operating system
Install operating systemInstall operating system
Install operating system
Abdulrahman Zalah
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
Zero Science Lab
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
17 DE SEPTIEMBRE
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
Ajit Gaddam
 
Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016
dilahkmpk
 
Sattt
SatttSattt
Sattt
satya0564
 
Presentación1
Presentación1Presentación1
Presentación1
Alex Figueroa
 
Signature based virus detection and protection system
Signature based virus detection and protection systemSignature based virus detection and protection system
Signature based virus detection and protection system
Md. Hasan Basri (Angel)
 
Types of computer malware 101
Types of computer malware 101Types of computer malware 101
Types of computer malware 101
Cloud Solutions SA
 
Detecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsDetecting hardware virtualization rootkits
Detecting hardware virtualization rootkits
Edgar Barbosa
 

Weitere ähnliche Inhalte

Was ist angesagt?

Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systems
Sejahtera Affif
 
Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_ Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_
wargames12
 
Secure System Password (SSP) Application for NT Editor Hacking Tool
Secure System Password (SSP) Application for NT Editor Hacking ToolSecure System Password (SSP) Application for NT Editor Hacking Tool
Secure System Password (SSP) Application for NT Editor Hacking Tool
iosrjce
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit Analysis
Symantec
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
AfiqEfendy Zaen
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
Zero Science Lab
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
Ajit Gaddam
 
Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016
dilahkmpk
 

Was ist angesagt? (20)

O p
O pO p
O p
 
Cscu module 02 securing operating systems
Cscu module 02 securing operating systemsCscu module 02 securing operating systems
Cscu module 02 securing operating systems
 
Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_ Computer virus_the_things_u_must_know_
Computer virus_the_things_u_must_know_
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Secure System Password (SSP) Application for NT Editor Hacking Tool
Secure System Password (SSP) Application for NT Editor Hacking ToolSecure System Password (SSP) Application for NT Editor Hacking Tool
Secure System Password (SSP) Application for NT Editor Hacking Tool
 
Operating System & Application Security
Operating System & Application SecurityOperating System & Application Security
Operating System & Application Security
 
Symantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit AnalysisSymantec White Paper: W32.Ramnit Analysis
Symantec White Paper: W32.Ramnit Analysis
 
Types of malicious software and remedies
Types of malicious software and remediesTypes of malicious software and remedies
Types of malicious software and remedies
 
Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5Virus and Malicious Code Chapter 5
Virus and Malicious Code Chapter 5
 
Virus and antivirus final ppt
Virus and antivirus final pptVirus and antivirus final ppt
Virus and antivirus final ppt
 
Different types of computer viruses
Different types of computer virusesDifferent types of computer viruses
Different types of computer viruses
 
list of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for malewarelist of Deception as well as detection techniques for maleware
list of Deception as well as detection techniques for maleware
 
Install operating system
Install operating systemInstall operating system
Install operating system
 
Exploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systemsExploitation and distribution of setuid and setgid binaries on Linux systems
Exploitation and distribution of setuid and setgid binaries on Linux systems
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Operating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability reportOperating systems security 2007 vulnerability report
Operating systems security 2007 vulnerability report
 
Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016Week9 chapter 02_2.6.1.2_up_2016
Week9 chapter 02_2.6.1.2_up_2016
 
Sattt
SatttSattt
Sattt
 
Presentación1
Presentación1Presentación1
Presentación1
 
Signature based virus detection and protection system
Signature based virus detection and protection systemSignature based virus detection and protection system
Signature based virus detection and protection system
 

Andere mochten auch

introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
Spandan Patnaik
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
ThreatConnect
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
aztechtchr
 

Andere mochten auch (11)

Types of computer malware 101
Types of computer malware 101Types of computer malware 101
Types of computer malware 101
 
Detecting hardware virtualization rootkits
Detecting hardware virtualization rootkitsDetecting hardware virtualization rootkits
Detecting hardware virtualization rootkits
 
introduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horseintroduction to malwares,virus,trojan horse
introduction to malwares,virus,trojan horse
 
MALWARE AND ITS TYPES
MALWARE AND ITS TYPESMALWARE AND ITS TYPES
MALWARE AND ITS TYPES
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Future
 
Malicious Software
Malicious SoftwareMalicious Software
Malicious Software
 
Open Source Malware Lab
Open Source Malware LabOpen Source Malware Lab
Open Source Malware Lab
 
Introduction to Malware
Introduction to MalwareIntroduction to Malware
Introduction to Malware
 
Computer Viruses & Management Strategies
Computer Viruses & Management Strategies Computer Viruses & Management Strategies
Computer Viruses & Management Strategies
 
Malware
MalwareMalware
Malware
 
Computer Malware
Computer MalwareComputer Malware
Computer Malware
 

Ähnlich wie Malware

Presentation2
Presentation2Presentation2
Presentation2
Jeslynn
 
Threats of Computer System and its Prevention
Threats of Computer System and its PreventionThreats of Computer System and its Prevention
Threats of Computer System and its Prevention
Universitas Pembangunan Panca Budi
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
sankhadeep
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
Joy Chakraborty
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
KRT395
 
Final Project _Smart Utilities
Final Project _Smart UtilitiesFinal Project _Smart Utilities
Final Project _Smart Utilities
Pasan Alagiyawanna
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
ainizbahari97
 
Survey on Computer Worms
Survey on Computer WormsSurvey on Computer Worms
Survey on Computer Worms
rahulmonikasharma
 

Ähnlich wie Malware (20)

computer virus Report
computer virus Reportcomputer virus Report
computer virus Report
 
Presentation2
Presentation2Presentation2
Presentation2
 
Threats of Computer System and its Prevention
Threats of Computer System and its PreventionThreats of Computer System and its Prevention
Threats of Computer System and its Prevention
 
virus
virusvirus
virus
 
Computer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon ChakrabortyComputer Virus And Antivirus-Sumon Chakraborty
Computer Virus And Antivirus-Sumon Chakraborty
 
Computer crimes
Computer crimesComputer crimes
Computer crimes
 
Computer viruses by joy chakraborty
Computer viruses by joy chakrabortyComputer viruses by joy chakraborty
Computer viruses by joy chakraborty
 
Presentation24190
Presentation24190Presentation24190
Presentation24190
 
System_security.pptx
System_security.pptxSystem_security.pptx
System_security.pptx
 
Virus, Worms And Antivirus
Virus, Worms And AntivirusVirus, Worms And Antivirus
Virus, Worms And Antivirus
 
Final Project _Smart Utilities
Final Project _Smart UtilitiesFinal Project _Smart Utilities
Final Project _Smart Utilities
 
Computervirus
Computervirus Computervirus
Computervirus
 
Ch19
Ch19Ch19
Ch19
 
Codigo Malicioso
Codigo MaliciosoCodigo Malicioso
Codigo Malicioso
 
(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code(Training) Malware - To the Realm of Malicious Code
(Training) Malware - To the Realm of Malicious Code
 
Ids 006 computer worms
Ids 006 computer wormsIds 006 computer worms
Ids 006 computer worms
 
Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)Computer virus (Microsoft Powerpoint)
Computer virus (Microsoft Powerpoint)
 
Computer Introduction-Lecture04
Computer Introduction-Lecture04Computer Introduction-Lecture04
Computer Introduction-Lecture04
 
Computer viruses and anti viruses
Computer viruses and anti virusesComputer viruses and anti viruses
Computer viruses and anti viruses
 
Survey on Computer Worms
Survey on Computer WormsSurvey on Computer Worms
Survey on Computer Worms
 

Kürzlich hochgeladen

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 

Kürzlich hochgeladen (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 

Malware

  • 1. CELE Project 2012 Mariwan Hama Saeed 2110342 10 weeks Computer Science MSc. Advanced Computing Science Permission given to use this project Word count: 3095 Malware in Computer Systems: Problems and Solutions 8 June 2012
  • 2. Abstract Malware is a harmful programme, which has incredibly developed over the last decade. It infects computer systems, deletes data files and steals valuable information from the computer. This paper will focus on providing the most effective solutions to malware that might mitigate the problems. It investigated four types of malware as well as it provided the best three countermeasures. It suggests to computer users a number of practices, such as training the staff about the security software. Students who study computer science may get some benefits from this project.
  • 3. Contents Abstract Introduction ....................................................................................................... 1 1. Malware ......................................................................................................... 2 1.1 Virus ..................................................................................................... 2 1.2 Worm .................................................................................................... 2 1.3 Trojan ................................................................................................... 3 1.4 Spyware ................................................................................................ 4 2. Countermeasures of Malware ............................................................................. 5 2.1 Firewall ................................................................................................. 5 2.2 Security Software ................................................................................... 6 2.3 Training ................................................................................................ 7 Conclusion ......................................................................................................... 9 List of references ................................................................................................ 10
  • 4. Introduction Malware, which is a contraction of malicious software, is designed to destroy computer systems and programmes. It has changed significantly and rapidly in the last decade and the security software has greatly developed in the recent years. Today, there are many forms of malware such as virus, worm, Trojan and spyware. Consequently, there are a number of computer systems around the world which have been damaged as a result of malware. Recently, the latest threat the Flame has been discovered. This threat is a form of the malware that has been found in Iran and has been reported by both Aleks (2012) and Symantec Security Response (2012) as the most complicated threat in the recent year is located in the Middle-East. Aleks, who is a Kaspersky Lab expert, shows that Kaspersky antivirus provided the solution for that threat as well as Symantec Corporation. The purpose of this paper is to evaluate the problems of malware and provide the best solutions of malware on computers. Firstly, the kinds of malware which include virus, worm, Trojan and spyware will be examined. Secondly, the best effective solutions will be presented which include firewall, security software, and training. This project identifies the computer systems which are damaged as a result of harmful programmes. Furthermore, it will show how the problems of malware can be mitigated via hardware such as firewall or via software such as antivirus. However, this project has not provided the completed solutions of threats because this is only a short project on harmful software and indicates the countermeasures in a very few papers. 1
  • 5. 1. Malware According to Moir (2003) defines that malware is related to any harmful programmes which are designed to damage computer systems and programmes such as virus, worm, Trojan and spyware. 1.1 Virus Virus is one of the types of Malware which is a piece of code that attaches to a programme or a file. When the infected programme is run by a user, the virus executes secretly without the user’s noticing (Vacca 2009:56-57). Stallings (200:602) indicates that many viruses need four stages to infect and destroy computer systems. Firstly, dormant phase which is a stage known as an idle step because the virus is idle and it is activated by date or by another programme. Secondly, the virus tries to copy itself to another programme in the propagation phase. Thirdly, triggering phase in this step the virus is ready to perform its function that is caused by several of system tasks such as counting number of times. Damaging programmes, erasing files and then shutting down or restarting of the computer are done by the virus in the execution phase. These steps are changed from one computer to another computer and from one operating system to another one. It also depends on the types of vulnerable points in the system. There are many types of viruses one of them is a macro virus. This is one of the most common of viruses that infect application programmes such as Microsoft Word, Excel and Access. When these programmes are opened, the virus executes itself and performs different actions such as deleting files and replicates itself to another programme. File infector is another type of virus that attaches to executable codes (com and exe) and infect them when the files are installed. After that the virus will execute (Cole et al. 2005:558). Virus has three main actions. Firstly, the virus generates itself between computers on a network. This is a significant point, which distinguishes a virus from other kinds of malware. Secondly, it installs itself on a computer without users noticing. Furthermore, it damages software by changing, deleting the software and randomly executes files then locks many sources such as mouse and keyboard (Salomon 2010:43). 1.2 Worm Salomon (2010:99) defines the worm as “a programme that executes independently of other programmes, replicates itself, and spreads through a network from computer to computer.” This may mean that the worm is harmful software which infects host to host via a vulnerable hole and a security hole in the systems. The main difference between viruses and worms is that the viruses always hide in programmes, however, the worms 2
  • 6. are working independently. Moreover, worms are mostly used by hackers rather than viruses because the worms spread from computer to computer across network connections (Kizza 2009:127-128). Stallings (2005:607) notes that the worm uses some ways for spreading itself. Firstly, it uses email facilities to copy itself from system to system. Secondly, the execution methods help the worm to run itself to other systems. After that, it consumes login facilities in order to duplicate itself from one system to a different system. There are several types of worms, Morris is a famous kind of them. It was formed by Robert Morris in 1998 Morris spreads on the UNIX operating system and uses various numbers of techniques for copying itself. It makes several illegal actions such as, receiving, sending and forwarding emails automatically, it also makes a combination between user accounts and it exploits fingerprinting protocols. Code Red is another style of the worms, which was released in 2001, exploits a security hole within the Microsoft Internet Information Server (IIS) and disables the system file checker in Microsoft Windows. This worm infected nearly 360,000 servers in 14 hours. In addition, Nimda is another type of them that was created in 2001. It causes several issues in computers and Internet systems, for example modifying Internet document extensions and it creates several copies of itself under various names Stallings (2005:608-609). 1.3 Trojan Collin (2004:338) explains that Trojan is a programme, which is put into a system by hackers. It copies information without user's authorisation. Sometimes, the Trojans might be useful programmes, such as games and anti-viruses. Users are aware of the installation processes of Trojans, but they do not know about their hidden processes (Vacca 2009:122). Trojans are different from viruses and worms because they do not copy themselves. They might pass many security controls and they might not be stopped by firewalls, these can be great threats to the security of organizations (Cole et al. 2008:312-313). Trojan causes many actions. Firstly, it might steal data or may monitor user’s action (Vacca 2009:295). Secondly, it is used for hacking technique by providing pieces of hidden code in a benefit programme for example Green Saver. Moreover, Trojan uses an executable script, such as JavaScript for introducing them into a user's workstation. Also, the Trojan enters into the system via a lack of security to obtain unauthorized access of resources (Vacca 2009:681). Furthermore, it can be indirectly used to complete actions, whilst unauthorized users cannot finish them directly. For example, Trojan can be used 3
  • 7. for reading files in another system (Stallings 2005:601). Trojan might run additional code that performs a harmful activity in the system. Attackers use it in order to spreading viruses or other types of malware into systems without the user’s attention (Cole 2005:486-487). There are many types of Trojan that the Farfli Trojan77 is a one kind of Trojan. It was created in 2007 that spreads massively, downloads and installs onto the computer. This affected browsers, which were developed by Chinese programmers (Vacca 2009:681). Net-Bus and Sub-Seven are other types of Trojan, which are used by the hackers and the attackers for destroying systems and stealing significant information from the systems (Nestler 2011:142-143). 1.4 Spyware According to Collin (2004:313), spyware is a kind of software that might be installed on the user's computer without their knowledge and it sends the user’s information to the real source of itself. This means that spyware is created for stealing personal information of the computer users. The main distinction between spyware, viruses and worms is that spyware easily spread in the computers and they can be removed quickly. Furthermore, pop-ups and spam are increased as a result of some types of spyware. These are harassing users of the computer. In 2005 the NCSA reported that 61% of the computers were affected by spyware around the world (CA, Geier, and Geier 2007:5-7). Spyware uses many ways to gather information for the central source. Firstly, it uses keystrokes which are responsible for copying sensitive information and passwords of the computer’s user. Secondly, emails are used by the spyware for sending user’s data to the creator of the spyware. Thirdly, much of the spyware are copying communications between computer users and then sends to the spyware’s owner. Some applications and websites are used by the spyware for monitoring users (Cole et al. 2008:314). Spyware can do many huge actions. The spyware might be installed in computers without user authorisation; it may find some ways to enter computers via free soft-wares and games, which are downloaded from websites. Some types of spyware destroy desktop icons, computer programmes and web browsers. This is annoying computer users. It makes computers and the Internet slowdown that is a significant problem when users are trying to download large files, watching online videos and using computer programmes (CA, Geier, and Geier 2007:5-7). 4
  • 8. 2. Countermeasures of Malware There are many ways that can be used for mitigating the impacts of the malware on computer systems. This section will explain the solutions of malware in terms of Firewall, Security Software and Training. 2.1 Firewall The rapid growth of technology in terms of Internet and computers led to growth in the number of users and activities of the users but no all activities of the users are acceptable. Computers should have been protected against of the unacceptable actions of the users. Therefore, home computers and organisation computers need protection because they are facing threats from the internal users and the external users. The administrators of these computers should be able to find ways to protect the computers. A firewall is one of the best ways for protecting computers (Kizza 2009:249). Microsoft Corporation (n.d.) defines that the firewall as “ a software programme or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.” This means that the firewall is a protection of computer systems in a considerable way. The hardware and software firewalls are designed to protect computers from Malware, which include Trojans, Viruses, Spywares and Worms. A personal computer usually one computer that is better to protect it by software firewall that is called a personal firewall (Salomon 2010:202-203). Cole et al. (2008:318) indicate that the personal firewall is a software work on the user’s computer that can be very effective and it can block inside actions and outside actions that come from the Internet. It allows the users of the computer to manually block and permit in and out traffic. However, for connecting various numbers of computers and producing group of computers this needs protection. In that situation, it is better to use a hardware firewall, which is the same as the personal firewall in working but it is more robust than personal firewall (Salomon 2010:202-203). According to Cole et al. (2008:59-60), There are many problems can be solved by a firewall. The firewall helps operating system services for distinguishing fake applications and fake users. This is called poor authentication. It scans free programmes in a highly effective way and identifies which one of them is not optimized and creates a vulnerability hole in the security of the computer operating system. Moreover, hackers are blocked in a highly effective way by firewall. The firewall works all times against attackers, who are 5
  • 9. responsible for destroying computer programmes because it can be able to block some types of attacks. However, the firewall has many limitations for some kind of problems. Some of the attackers can bypass the firewall. In this situation the firewall cannot block that attackers. Some internal threats cannot remove by firewall such as employees who work with external attacker against the companies. In addition, firewall cannot detect all types of malware because it would be impossible for the firewall to scan all emails, messages and programmes for identifying which types of malware they include (Stallings 2005:623- 624). It is clear that for providing the most effective security for any organisations and companies the firewall is not perfect because it can solve some problems not all of the problems. Security software is another solution that can be used with firewalls for establishing that purpose. 2.2 Security Software Today, much software is designed for securing computer operating systems. Antivirus programmes are one of the most effective programmes that are widely used for securing computers against viruses, worms and Trojans. Computer users also use anti-spyware programmes which are another programme for protecting computers from spyware. Antivirus software, which is one of the best programmes, can be used to protect computers from malware. In the past, antivirus programmes were very simple software packages and viruses were uncomplicated codes. The viruses were solved easily. However, the viruses are more complicated, such as Flame virus, which was reported by Kaspersky and Norton anti-virus programmes as one of the sophisticated viruses that spread in the middle-east last month. Similar to viruses’ antivirus software has significantly grown. Many antivirus programmes use three steps to eliminate viruses from the infected systems one of them is detection step. In this step when the infection has happened, the antivirus programme may locate the virus. Identification is the second stage that viruses are identified by the antivirus programme. Removal is the final, in this stage antivirus programme remove the viruses. However, when the anti-virus programmes are unable to clean the infected systems from viruses in those stages, restoring backup version of the system might be one of the possible alternative ways to solve this problem (Stallings 2005:610). 6
  • 10. Currently, there are many antivirus programmes that can be used to protect computer systems. Microsoft Security Essentials is one of the antivirus programmes, which is used to guard computer systems from threats. It is free, easy to use and it does not need to scan the computer systems or update itself because it does automatically via the Microsoft website. It can be said Norton and Kaspersky antivirus programmes are the best antivirus programmes that can be used to protect systems and eliminate viruses from an infected system. They need virus signature updates because they use virus signature updates for eliminating and protecting systems from the latest viruses (Cole et al. 2008:317-318). It is clear that some antivirus programmes can not able to remove threats such as spyware because antivirus programmes face a number of difficult obstacles. Vacca (2009:61-62) points out that one of the challenges for the antivirus programmes is a complicated malware, which is growing continuously. The infected system is another obstacle for the antivirus programmes. Moreover, many malware stay in memory that affect files and attack the computer system processes. Sometimes the antivirus programmes are turned off by some of the most dangerous threats. In this situation that is possible to use anti-spyware programmes, which are one of the alternative programmes that can be used for removing and cleaning systems from spyware. Anti-spyware programmes guard computer systems from spyware. Today, there are many numbers of anti-spyware programmes that can be seen. Microsoft Corporation (n.d.) argues that the Microsoft Windows Defender one of the programmes that can able to protect systems from a various number of spyware but it needs updating to work properly. It offers two ways to scan computer systems against spyware. Real-time protection in this way the programme alerts the user about the spyware when the spyware wants to install on the system. Scanning options that is the second way offers the user the schedule scan and the custom scan of the system against the spyware. However the security software may not able to protect the computer systems completely. Training method is one of the ways that can assist the security programmes and the firewalls to provide the highly protection of the computer systems against the malware. 2.3 Training Training is an additional protection for the firewalls and the security software for countermeasures of Malware. It can be provided for members and staffs of any organisations because the implementation of a robust and secure organization such as universities and companies is not enough and needs highly skilled employees in terms of 7
  • 11. security. Today new vulnerabilities and new threats are discovered. It is important for IT staffs in any organisation to be prepared for identifying the vulnerabilities and threats Vacca (ed.) (2009:9-10). Cole et al. (2008) indicate that there are many practices that can be provided for IT staffs. They should open only expected emails no stranger emails because many stranger emails include graphic files and audio files. These files are used by hackers and attackers for spreading threats and catching useful information. Another practice for the staffs should use other email clients for reading and receiving questionable emails because these emails may be shared by other members in public clients. It seems possible that IT staffs should know how to use the security programmes and how can update these programmes. It is better to scan all the downloaded files from emails before using to protect the computer systems from threats. 8
  • 12. Conclusion The issues of malware have not been solved completely in this project because they have developed considerably. This paper has discussed the problems of the dangerous types of the malware and has provided some significant countermeasures for the malware. The solutions have been presented in great ways in terms of firewalls, the security software and providing training in a highly useful way for the staff of an organisation because insecure organisation is more sustainable to be effected by threats than a more secure one. According to Microsoft Corporation (n.d.), it seems that Microsoft Windows Defender and Microsoft Security Essential are the programmes that may be very useful for mitigating the problems of malware. However, Cole et al. (2008) suggest that there are many practices of the members of the organisations that can be provided. It is clear that this paper has not suggested all the possible solutions to reduce the problems of harmful programmes because this is limited in terms of the number of words. It also suggested that for any users of computer around the world they should be able to use the security programmes and know how these programmes are updated via the Internet and how can the infected computer be solved. Today, the number of hackers and attackers has extremely grown. They use various types of malware for stealing information and damaging, deleting computer systems and data files. It will be better for other researchers to provide extra solutions for the malware. 9
  • 13. List of References Aleks (2012) The Flame: Questions and Answers [online] available from <http://www.securelist.com/en/blog/208193522/The_Flame_Questionsand_An swers> [5 May 2012] CA, Geier, E., and Geier J. (2007) Simple Computer Security. Indianapolis: Wiley Publishing Cole E., Krutz R., and Conley J. W. (2005) Network Security Bible. Indianapolis: Wiley Publishing Cole, E., Krutz, R. L., Conley, W. J., Reisman, B., Ruebush, M., Gollmann, D., and Reese, R. (2008) Network Security Fundamentals. Danvers: Wiley Publishing Collin, S.M.H. (2004) Dictionary of Computing. Bloomsbury Publishing Plc: Peter Collin Publishing Kizza, J. M. (2009) Guide to Computer Network Security. London: Springer Microsoft Corporation (n.d.) what is a firewall [online] available from <http://www.microsoft.com/security/pc-security/firewalls-whatis.aspx> [27 May 2012] Microsoft Corporation (n.d.) Microsoft Security Essentials [online] available from <http://windows.microsoft.com/en-US/windows/products/security-essentials > [2 May 2012] Microsoft Corporation (n.d.) Windows Defender [online] available from <http://windows.microsoft.com/en-US/windows7/products/features/windows-defender> [2 May 2012] Moir, R. (2003) Defining Malware [online] available from < http://technet.microsoft.com/en-us/library/dd632948.aspx> [20 May 2012] Nestler, V., Conklin, A., White, G., and Hirsch, M. (2011) Principles of Computer Security. New York: McGraw-Hill Salomon, D. (2010) the elements of computer security. London: Springer 10
  • 14. Stallings, W. (2005) Cryptography and Network Security Principles and Practices. London: Prentice Hall Symantec Security Response (2012) Flamer: Highly Sophisticated and Discreet Threat Targets the Middle East [online] available from <http://www.symantec.com/connect/blogs/flamer-highly-sophisticated-and-discreet- threat-targets-middle-east> [5 May 2012] Vacca, J. R. (ed.) (2009) Computer and Information Security. Burlington: Morgan Kaufmann 11