In This context, as throughout, it should be borne in mind that the "system" under attack may be of various types, e.g. a single computer and operating system, a network or an application. Various factor make a system more vulnerable to malware:
Homogeneity: e.g. when all computers in a network run the same operating system; upon exploiting one, can exploit them all.
Weight Of Numbers : Simply because the vast majority of existing malware is written to attack Windows systems, then Windows systems are more vulnerable to succumbing to malware attacks regardless of the security strengths are more vulnerable of Windows itself.
Defects : Malware using defects in the operating system design.
Unconfirmed code : Code from a floppy disk, CD-ROM or USB device may be executed without the user's permission.
Over-privileged users : Some systems allow all users to modify their internal structures. This was the standard operating procedure for early microcomputer and home computer systems, where there was no distinction between an Administration or root, and a regular user of the system.
Over-privileged code : some systems allow code executed by a user to access all rights of that user. Also standard operating procedure for early microcomputer and home computer systems.
USE OF THE SAME OPERATING SYSTEM
An oft-cited cause of vulnerability of networks is consistent use of the same operating system. For example, Microsoft Windows or Mac OS X has such a large share of the market that concentrating on either could enable an exploited vulnerability to subvert a large number of systems. Instead, introducing diversity, purely for the sake of robustness, could increase short-term costs for training and maintenance. However, having a few diverse nodes would deter total shutdown of the network, and allow those nodes to help with recovery of the infected nodes. Such separate, functional redundancy could avoid the cost of a total shutdown.
SOFTWARE BUGS
Most systems contain bugs, or loopholes, which may be exploited by malware. A typical example is the buffer-overrun weakness, in which an interface designed to store data, in a small area of memory, allows the caller to suply more data than will fit. This extra data then overwrites the interface's own executable structure past the end of the buffer and other data. In this manner, malware can force the system to execute malicious code, by replacing legitimate code with its own payload of instructions or data values copied into live memory, outside the buffer area.
Originally, PCs had to be booted from floppy disks. Until recently it was common for computer to boot from an external device by default boot device. This meant that a live floppy disk or CD could subvert the computer during booting and boot into a modified operating system.
OVER-PRIVILEGED USERS
In some systems, non-administrator users are over-privileged by design, in the sense that they are allowed to modify internal structures of the system. In some environments, users are over-privileged because they have been inappropriately granted administrator or equivalent status. This is primarily a configuration decision, but on Microsoft Windows systems the default configuration is to over-privilege the user.
As privilege escalation exploits have increased this priority is shifting for the release of Microsoft Windows Vista. As a result, many existing applications that require excess privilege may have compatibility problems with Vista. However, Vista's User Account Control feature attempts to remedy applications not designed for under-privileged users, acting as a crutch to resolve the privileged access problem inherent in legacy applications.
Malware, running as over-privileged code, can use this privilege to subvert the system. Almost all currently popular operating systems, and also many scripting applications allow code too many privileges, usually in the sense that when a user executes code, the system allows that code all rights of that user. This makes users vulnerable to malware in the from of e-mail attachments, which may or may not be disguised.
ANTI-MALWARE STRATEGIES
As Malware attacks become more frequent, attention has begun to shift viruses and spyware protection, to malware protection, and programs that have been specifically developed to combat Malware.
Weekly Highlight
June 04, 2019
0 Comments