Malicious Mobile Code: Virus Protection for Windows is a book of questions with answers and solutions. How do computer viruses affect PCs running Windows? Can a DOS virus infect a Windows NT file system (NTFS) partition? What are the differences in the way Windows 9x and Windows NT handle computer viruses? Can DOS viruses use Windows NT domains or ActiveDirectory™ to spread? Is Java or ActiveX more secure? What are the best steps anyone can take to protect themselves against malicious mobile code? Each chapter will answer these questions and more. Most chapters are organized in five parts:
Technology overview
Malicious code examples
Detection
Removal
Prevention
The Technology overview provides enough background so the reader can understand the potential exploits. Then representative examples of different exploits and malicious attacks are summarized to demonstrate the different tactics that malicious code has successfully used against a particular technology. Next, the reader is shown how to recognize a malicious code attack and rule out false positives. The “Removal” section of each chapter gives step-by-step instructions for cleaning up the mess after a particular malicious attack has happened. Lastly, and most importantly, each chapter ends with recommendations for prevention.
The first quarter of the book is dedicated to conventional computer viruses, with the bulk of the book focusing on the newer Internet-related coding attacks.
- Chapter 1
What’s the difference between a virus and a worm? Why do people write malicious mobile code? This chapter starts with a gentle introduction to the subculture and history of malicious mobile code. We will discuss the types and classifications of rogue programs, as well as the laws on the books intended to punish those who harm others with computer code.
- Chapter 2
This chapter covers the basics of DOS-based computer viruses. You cannot understand the bulk of malicious mobile code without understanding DOS viruses. This section contains virus structure models, the world’s smallest (32-byte) virus, and basics of protection that can be applied to all malicious code.
- Chapter 3, and Chapter 4
These chapters cover viruses specifically written to thrive in Windows environments: Windows 3.1x, Windows 9x, Windows NT, as well as Windows ME and Windows 2000. Chapter 3 begins by thoroughly discussing Windows technologies and the differences between the platforms. Learn about new executable (NE) and portable executable (PE) files. Chapter 4 covers how DOS viruses interact with Windows platforms, Windows viruses, their detection and removal, and how to prevent them.
- Chapter 5
This section will thoroughly cover macro viruses including Word, Excel, and VBA viruses. You will learn how they are made and how to protect your system. Macro viruses went from a little known theoretical concept to the largest malicious mobile code type within a few years. It’s becoming less and less common to see boot- and file-infecting viruses. Learn about Office 2000’s new antivirus features.
- Chapter 6
Chapter 6 starts off by detailing Trojan horses and worms and includes a serious discussion of one of today’s biggest threats:
remote administration tools
(RAT). RATs, like Back Orifice, allow hackers to take control of your PC, transfer files, capture screen shots, and record keystrokes. Along the way, I cover the typical Trojan horse sent via email masquerading as an Internet joke.- Chapter 7
The
instant messaging
(IM) clients, like IRC and ICQ, have become another way for computer viruses and Trojan horses to spread. Join a chat discussion and your entire computer system becomes an open book. Since not everyone on the Internet is familiar with IM, I cover what it is and where additional resources can be found. I explain the inner-workings of the different messaging services, how bad guys exploit holes, and how to protect yourself.- Chapter 8, and Chapter 9
Click on a link and your computer could be compromised! This two-chapter discussion on browser-based attacks focuses on HTML attacks and other HTML threats (such as Russian New Year), especially as it is related to Microsoft Internet Explorer. As the HTML standard evolves and gains more functionality, the risk of malicious attacks via the World Wide Web increases. Scripting languages, like Visual Basic and JavaScript, can easily cause damage to your computer data. Chapter 8 begins by describing the different World Wide Web technologies, like HTML, JavaScript, and cascading style sheets. Chapter 9 discusses HTML exploits and defenses.
- Chapter 10
Java, a programming language from Sun Microsystems, could be the language of the future. Its “write once, run anywhere” mantra is easy to love. Java was built from the ground up with a security “sandbox,” but it has leaks. When you surf on the Internet, your browser automatically downloads and runs Java applets. Some malicious applets are simply annoyances, while others can compromise your system’s security.
- Chapter 11
ActiveX is a Microsoft platform encompassing any programming tool they have that is Internet-aware. ActiveX uses an entirely different security approach that relies on end-user judgment and trusted authentication to protect computers. Once trusted, an ActiveX control can do anything it wants. Which is more secure, Java or ActiveX? This chapter also covers digital signing in detail.
- Chapter 12
The most popular malicious mobile code attacks are currently spread through email. Chapter 12 tells you what to look for and how to prevent email attacks. Although email exploits can happen to any electronic mail program, this chapter focuses on Microsoft Outlook. This chapter will include steps on how to quickly remove a widespread email worm attack.
- Chapter 13
How can you differentiate between the real and hoax virus reports? Can you get a virus from a graphics file? Can a virus make your monitor catch fire? Most of the people reporting viruses to me are sending me the same hoax virus email that I’ve seen for the hundredth time. You can end up getting such a jaundiced eye that picking out the real threats from the false positives takes effort. Learn what malicious mobile code can and can’t do, and how to decrease the amount of hoax reports in your environment.
- Chapter 14
Enterprise-wide protection is not as simple as installing the killer antivirus program. Yes, picking a good antivirus program that scans not only your files, but your emails and web content is a step in the right direction. But real protection means more. It means disabling booting from drive A. It means educating end users, practicing safe computing, and implementing good security policies. It means stopping the code from getting on the computer in the first place. This chapter takes all the lessons learned from the previous chapters and cohesively wraps up the lessons into a malicious mobile code defense plan. Companies that have followed this advice are among the most protected in the world.
- Chapter 15
The antivirus industry knows that no matter how well they fight malicious mobile code the harmful programs will keep coming. But where will they be coming from? From wherever the popular computer world goes.
Get Malicious Mobile Code now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.