Malicious Mobile Code: Virus Protection for Windows is a book of questions with answers and solutions. How do computer viruses affect PCs running Windows? Can a DOS virus infect a Windows NT file system (NTFS) partition? What are the differences in the way Windows 9x and Windows NT handle computer viruses? Can DOS viruses use Windows NT domains or ActiveDirectory™ to spread? Is Java or ActiveX more secure? What are the best steps anyone can take to protect themselves against malicious mobile code? Each chapter will answer these questions and more. Most chapters are organized in five parts:
Malicious code examples
The Technology overview provides enough background so the reader can understand the potential exploits. Then representative examples of different exploits and malicious attacks are summarized to demonstrate the different tactics that malicious code has successfully used against a particular technology. Next, the reader is shown how to recognize a malicious code attack and rule out false positives. The “Removal” section of each chapter gives step-by-step instructions for cleaning up the mess after a particular malicious attack has happened. Lastly, and most importantly, each chapter ends with recommendations for prevention.
The first quarter of the book is dedicated to conventional computer viruses, with the bulk of the book focusing on the newer Internet-related coding attacks.
What’s the difference between a virus and a worm? Why do people write malicious mobile code? This chapter starts with a gentle introduction to the subculture and history of malicious mobile code. We will discuss the types and classifications of rogue programs, as well as the laws on the books intended to punish those who harm others with computer code.
This chapter covers the basics of DOS-based computer viruses. You cannot understand the bulk of malicious mobile code without understanding DOS viruses. This section contains virus structure models, the world’s smallest (32-byte) virus, and basics of protection that can be applied to all malicious code.
These chapters cover viruses specifically written to thrive in Windows environments: Windows 3.1x, Windows 9x, Windows NT, as well as Windows ME and Windows 2000. Chapter 3 begins by thoroughly discussing Windows technologies and the differences between the platforms. Learn about new executable (NE) and portable executable (PE) files. Chapter 4 covers how DOS viruses interact with Windows platforms, Windows viruses, their detection and removal, and how to prevent them.
This section will thoroughly cover macro viruses including Word, Excel, and VBA viruses. You will learn how they are made and how to protect your system. Macro viruses went from a little known theoretical concept to the largest malicious mobile code type within a few years. It’s becoming less and less common to see boot- and file-infecting viruses. Learn about Office 2000’s new antivirus features.
Chapter 6 starts off by detailing Trojan horses
and worms and includes a serious discussion of one of today’s
remote administration tools
(RAT). RATs, like Back Orifice, allow hackers to take
control of your PC, transfer files, capture screen shots, and record
keystrokes. Along the way, I cover the typical Trojan horse sent via
email masquerading as an Internet joke.
instant messaging (IM) clients, like IRC and
ICQ, have become another way for computer viruses and Trojan horses
to spread. Join a chat discussion and your entire computer system
becomes an open book. Since not everyone on the Internet is familiar
with IM, I cover what it is and where additional resources can be
found. I explain the inner-workings of the different messaging
services, how bad guys exploit holes, and how to protect yourself.
Java, a programming language from Sun Microsystems, could be the language of the future. Its “write once, run anywhere” mantra is easy to love. Java was built from the ground up with a security “sandbox,” but it has leaks. When you surf on the Internet, your browser automatically downloads and runs Java applets. Some malicious applets are simply annoyances, while others can compromise your system’s security.
ActiveX is a Microsoft platform encompassing any programming tool they have that is Internet-aware. ActiveX uses an entirely different security approach that relies on end-user judgment and trusted authentication to protect computers. Once trusted, an ActiveX control can do anything it wants. Which is more secure, Java or ActiveX? This chapter also covers digital signing in detail.
The most popular malicious mobile code attacks are currently spread through email. Chapter 12 tells you what to look for and how to prevent email attacks. Although email exploits can happen to any electronic mail program, this chapter focuses on Microsoft Outlook. This chapter will include steps on how to quickly remove a widespread email worm attack.
How can you differentiate between the real and hoax virus reports? Can you get a virus from a graphics file? Can a virus make your monitor catch fire? Most of the people reporting viruses to me are sending me the same hoax virus email that I’ve seen for the hundredth time. You can end up getting such a jaundiced eye that picking out the real threats from the false positives takes effort. Learn what malicious mobile code can and can’t do, and how to decrease the amount of hoax reports in your environment.
Enterprise-wide protection is not as simple as installing the killer antivirus program. Yes, picking a good antivirus program that scans not only your files, but your emails and web content is a step in the right direction. But real protection means more. It means disabling booting from drive A. It means educating end users, practicing safe computing, and implementing good security policies. It means stopping the code from getting on the computer in the first place. This chapter takes all the lessons learned from the previous chapters and cohesively wraps up the lessons into a malicious mobile code defense plan. Companies that have followed this advice are among the most protected in the world.
The antivirus industry knows that no matter how well they fight malicious mobile code the harmful programs will keep coming. But where will they be coming from? From wherever the popular computer world goes.