BN.com Gift Guide

Malicious Mobile Code: Virus Protection for Windows

( 2 )

Overview

Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing ...

See more details below
Other sellers (Paperback)
  • All (28) from $1.99   
  • New (8) from $5.00   
  • Used (20) from $1.99   
Sending request ...

Overview

Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing malicious code. The idea that someone could write malicious code and spread it to 60 million computers in a matter of hours is no longer a fantasy.The good news is that there are effective ways to thwart Windows malicious code attacks, and author Roger Grimes maps them out inMalicious Mobile Code: Virus Protection for Windows. His opening chapter on the history of malicious code and the multi-million dollar anti-virus industry sets the stage for a comprehensive rundown on today's viruses and the nuts and bolts of protecting a system from them. He ranges through the best ways to configure Windows for maximum protection, what a DOS virus can and can't do, what today's biggest threats are, and other important and frequently surprising information. For example, how many people know that joining a chat discussion can turn one's entire computer system into an open book?Malicious Mobile Code delivers the strategies, tips, and tricks to secure a system against attack. It covers:

  • The current state of the malicious code writing and cracker community
  • How malicious code works, what types there are, and what it can and cannot do
  • Common anti-virus defenses, including anti-virus software
  • How malicious code affects the various Windows operating systems, and how to recognize, remove, and prevent it
  • Macro viruses affecting MS Word, MS Excel, and VBScript
  • Java applets and ActiveX controls
  • Enterprise-wide malicious code protection
  • Hoaxes
  • The future of malicious mobile code and how to combat such code
These days, when it comes to protecting both home computers and company networks against malicious code, the stakes are higher than ever.Malicious Mobile Code is the essential guide for securing a system from catastrophic loss.

Viruses today are more prevalent than ever before, and whether you're a home user or a system administrator, the need to protect your network or your company against attacks is imperative. Through intricately detailed prose, Grimes gives strategies, tips and tricks needed to secure any system. And he explains what viruses can and can't do, and how to recognize, remove and prevent them.

Read More Show Less

Product Details

  • ISBN-13: 9781565926820
  • Publisher: O'Reilly Media, Incorporated
  • Publication date: 8/28/2001
  • Edition description: 1 ED
  • Edition number: 1
  • Pages: 544
  • Product dimensions: 6.99 (w) x 9.13 (h) x 1.04 (d)

Meet the Author

Roger A. Grimes (CPA, CISSP, CEH, MCSE: Security) is a 19-year Windows security veteran with 6 books and over 150 national magazine articles on the subject. Roger is a 3-time Microsoft MVP in Windows Security (and MVP of the Month in December 2005). He participated in the Microsoft Windows Server 2003 Learning curriculum and was an Early Achiever of theWindows Server 2003 MSCE: Security desination. Roger has written advanced Windows security courses for Microsoft, Foundstone, and SANS.

Read More Show Less

Read an Excerpt

Chapter 11: Malicious ActiveX Controls

ActiveX is considered by many to be Microsoft's answer to Sun's Java language, but it is much more than that. Chapter 11 discusses ActiveX, digital signing, and Microsoft's Authenticode security program.

ActiveX

Unlike Java, there isn't an ActiveX programming language. Instead, ActiveX is a Microsoft platform initiative grouping software development tools that allow Windows programs to work across networks. Initially code-named "Sweeper", the ActiveX architecture was formally announced at a San Francisco Developer's Conference in early 1996, as Microsoft's way to address the booming Internet programming market. At that conference, a slew of new tools were announced in support of ActiveX, including- VBScript, the OLE Scripting Service, new APIs, Microsoft-developed Internet protocols, and ActiveX controls. Microsoft released these new tools as part of its ActiveX Software Development Kit (SDK). ActiveX is an extension of Microsoft's 32-bit Windows API and Component Object Model (COM) models, and is now covered under the umbrella of the Distributed COM (DCOM) architecture. DCOM encompasses all programming tools that allow a Windows client to use a server program over a network. This distributed programming architecture is eventually culminating in Microsoft's .NET initiative (covered in Chapter 15).

Although began as a reactionary response to competitive pressures, ActiveX is really just a natural evolution of Microsoft API's allowing data to be shared between applications. Microsoft's Object Linking and Embedding (OLE) technology allows users to place data objects from one application into another, something DOS couldn't do. The first versions of OLE allowed users to copy data objects from one program to another. For example, a graphic chart could be copied from a spreadsheet into a word processor. The next phase of OLE allowed a linked object to "live" in another application. Now, a user could edit a chart in a word processor, and with an OLE link to a spreadsheet have the changes made in one automatically reflected in the other. ActiveX extends the functionality and allows, not just the data, but the entire application to be shared across the Internet.

Today, you can save a spreadsheet or document directly to the Web, or allow multiple users flung far across the Internet to make changes to a document you created. Objects, pictures, even sound files, can be linked from their distributed locations onto one page. ActiveX includes all the tools and methods to allow programmers to distribute their applications across the web into user's desktops.

TIP:   ActiveX programs can be installed, used, and executed by hundreds of applications, including Microsoft's Outlook, Outlook Express, and Office product lines. Throughout this chapter, I will be discussing ActiveX as it runs within a browser, even when I often mean to include other applications within the context of the discussion.

ActiveX Controls

An ActiveX control is an executable program that can be automatically delivered over the Internet where it usually runs within a browser. Contrasted against Java applets which are created in their own special language, ActiveX controls can be written in many different languages, including: C++, Visual Basic, Visual C++, Delphi, Powersoft, Java, C-Sharp (C#) and Visual J++. And because ActiveX controls are based on the OLE specification, controls written in one language can be re-used within controls written in another language. ActiveX controls are compiled into fast 32-bit machine language for Windows platforms. This means they can run only on systems that work with the WIN32 API and lose the portability advantaged gained by Java.

Since ActiveX controls are compiled programs originating from a variety of programming languages, they aren't limited to a basic set of routines. Besides being able to jazz up web pages and build sophisticated user forms, ActiveX controls can be any program they want to be. Complete spreadsheet and database programs are no problem. Local disk systems can be manipulated, connections can be established to other computers and networks, files transferred, and all invisible to the user. It is this feature-rich, openness that worries security experts. Every type of malicious code exploit that can be attempted with viruses, worms, and trojans, can be accomplished with ActiveX.

When you accept a control for the first time, the control is downloaded to your computer and the appropriate registry entries are created. Controls are registered in the HKEY_CLASSES_ROOT\CLSID subkey, and can also be found in HKEY_LM\Software\Classes. ActiveX controls usually have the file extension, .OCX, which stands for OLE Control. The typical Windows system has dozens of controls installed. Most are located in C:\%windir%\SYSTEM and C:\%windir%\Program Files\Common Files\Microsoft Shared, if you have MS-Office installed. Controls downloaded and installed by Internet Explorer are usually located at C:\%windir%\Download Program Files.

TIP:   Files in C:\%windir%\Download Program Files are specifically concealed by the newer versions of Windows and will not show up with a File Find or DIR command. But you can use Windows Explorer or the DOS Change Directory and find the hidden subdirectory.

TIP:   Internet Explorer 3.x stores ActiveX controls in C:\%windir%\OCCACHE.

ActiveX Scripting

Scripting languages, like VBScript, JScript, JavaScript, Python, PowerScript, Tck/Tk, and Perl, can be used within a web page to direct the functionality of an ActiveX control. ActiveX controls can be written to run differently based upon the parameters passed to it by the scripting language that calls it. For example, a web site can start the ActiveX downloading process as soon as the web page loads, or tell the control to manipulate different files based on end-user input.

Safe for scripting and initializing

ActiveX controls can be defined as Safe for Scripting and Safe for Initialization by the software publisher. By designating the control as safe, the vendor is saying that the control cannot be used maliciously and is safe to be manipulated by other scripting languages. Safe for Initialization means that no matter what values are passed to the control during its startup, it cannot do damage to a user's system. Safe for Scripting means that the control cannot be used maliciously no matter how its manipulated. Although each control has two safety settings, most of the popular press focuses on the Safe for Scripting moniker, even though they are referring to both. Controls that can create, read, or write files, or write to the registry are not considered explicitly safe, unless their actions are predetermined and specific.

Without this predefined safety check, a seemingly innocuous program could easily be used to do harm that the original publisher (programmer) did not intend. For example, a control could be made to function as a popup word processor that a user could write with and save notes. If marked Safe For Scripting, a malicious web page might be able to load the control, create and save new files, and use it to overwrite the user's startup files. There is much discussion within the security industry over this controversial setting. Particularly, how does a vendor guarantee his control to be bug free and not susceptible to maliciousness from other programs? There is no standard way for a vendor to test the safety of their code. As we will see later, it's difficult for a vendor to consider all the possibilities of their program's interactions.

Safe for Scripting or Initialization does not mean the control is safe for use. There might be a control that scrambles and deletes all your files when you execute it. As long as the result was not implemented by a script or initiated during startup by an unintended third party, it could still qualify for the Safe for Scripting setting. Obviously, this control would not be safe to have on your computer.

Differences between ActiveX and Java

ActiveX is often thought of as a Microsoft Java-clone. It isn't. Without the common goal of being optimized for Internet component-downloading, the two platforms don't share much in common. Here are some key differences.

  • An ActiveX object is compiled, not interpreted. This means ActiveX programs can run extremely fast as compared to Java programs.
  • ActiveX controls can be made with many different languages. Java applets can only be made by Java.
  • ActiveX controls can do more than Java applets.
  • ActiveX doesn't have the platform independence of Java.
  • ActiveX controls only work in Microsoft's Internet Explorer browser (or with Netscape's browser with an ActiveX plug-in).
  • With ActiveX there is no difference between the security rights given local or remote programs.

Activating ActiveX

Web developers include an <OBJECT> tag within their HMTL page (see Example 11-1) to automatically download a control to the browser, much as with a Java applet. The ID field defines the name used by any related scripting language that presents the control. The CLASSID is a globally unique identifier used to identify the control (something you'll need to become comfortable with to locate a specific control on your machine) and the CODEBASE contains file identification information (minimum version and location). HEIGHT and WIDTH tell the browser how many pixels tall and wide to make the displayed control. Other custom startup parameters, such as the background color, can be passed to the control as it starts....

Read More Show Less

Table of Contents

Preface;
About This Book;
Why Another Book on Viruses?;
What This Book Doesn’t Cover;
Organization of the Book;
Conventions Used in This Book;
Software Covered in This Book;
Comments and Questions;
Acknowledgments;
Chapter 1: Introduction;
1.1 The Hunt;
1.2 What Is Malicious Mobile Code?;
1.3 Malicious Code and the Law;
1.4 Malicious Code-Writing Subculture;
1.5 MMC Terminology;
1.6 Summary;
Chapter 2: DOS Computer Viruses;
2.1 Introduction;
2.2 DOS Technologies;
2.3 DOS Virus Technologies;
2.4 Types of DOS Viruses;
2.5 Virus Defense Mechanisms;
2.6 Examples of DOS Viruses;
2.7 Detecting a DOS-Based Computer Virus;
2.8 Removing a DOS Virus;
2.9 Protecting Yourself from Viruses;
2.10 Risk Assessment — Low;
2.11 Summary;
Chapter 3: Windows Technologies;
3.1 Windows Technologies;
3.2 New Windows Versions;
3.3 Summary;
Chapter 4: Viruses in a Windows World;
4.1 DOS Viruses on Windows Platforms;
4.2 Windows Viruses on Windows Platforms;
4.3 Signs and Symptoms of Windows NT Virus Infections;
4.4 Windows Virus Examples;
4.5 Detecting a Windows Virus;
4.6 Removing Viruses;
4.7 Removing Infected Files;
4.8 Preventing Viruses in Windows;
4.9 Future;
4.10 Risk Assessment — Medium;
4.11 Summary;
Chapter 5: Macro Viruses;
5.1 Microsoft Office Version Numbers;
5.2 What Is a Macro Virus?;
5.3 Microsoft Word and Excel Macros;
5.4 Working with Macros;
5.5 Office 2000 Security;
5.6 Macro Virus Technologies;
5.7 Macro Virus Examples;
5.8 Detecting Macro Viruses;
5.9 Removing Macro Viruses and Repairing the Damage;
5.10 Preventing Macro Viruses;
5.11 Risk Assessment — High;
5.12 Summary;
Chapter 6: Trojans and Worms;
6.1 The Threat;
6.2 What Are Trojan Horses and Worms?;
6.3 Signs and Symptoms;
6.4 Types of Trojans;
6.5 Trojan Technology;
6.6 Becoming Familiar with Your PC;
6.7 Trojan and Worm Examples;
6.8 Detecting and Removing Trojansand Worms;
6.9 Preventing Trojans and Worms;
6.10 Risk Assessment — High;
6.11 Summary;
Chapter 7: Instant Messaging Attacks;
7.1 Introduction to Instant Messaging;
7.2 Types of Instant Messaging;
7.3 Introduction to Internet Relay Chat;
7.4 Hacking Instant Messaging;
7.5 Examples of IRC Attacks;
7.6 Detecting Malicious IM;
7.7 Removing Malicious IM;
7.8 Protecting Yourself from IM Attacks;
7.9 Risk Assessment — Medium;
7.10 Summary;
Chapter 8: Internet Browser Technologies;
8.1 Introduction;
8.2 Browser Technologies;
8.3 Web Languages;
8.4 Other Browser Technologies;
8.5 When to Worry About Browser Content;
8.6 Summary;
Chapter 9: Internet Browser Attacks;
9.1 Browser-Based Exploits;
9.2 Examples of Attacks and Exploits;
9.3 Detecting Internet Browser Attacks;
9.4 Removing and Repairing the Damage;
9.5 Preventing Internet Browser Attacks;
9.6 Risk Assessment — Medium;
9.7 Summary;
Chapter 10: Malicious Java Applets;
10.1 Java;
10.2 Java Security;
10.3 Java Exploits;
10.4 Example Java Exploits;
10.5 Detecting Malicious Java Applets;
10.6 Removing Malicious Java Code;
10.7 Protecting Yourself from Malicious Java Code;
10.8 Risk Assessment — Low;
10.9 Summary;
Chapter 11: Malicious ActiveX Controls;
11.1 ActiveX;
11.2 ActiveX Security;
11.3 ActiveX Security Criticisms;
11.4 Malicious ActiveX Examples;
11.5 Detecting Malicious ActiveX Controls;
11.6 Removing and Preventing Malicious Active Controls;
11.7 Risk Assessment — Medium;
11.8 Summary;
Chapter 12: Email Attacks;
12.1 Introduction;
12.2 Email Programs;
12.3 Email Exploits;
12.4 Detecting Email Attacks;
12.5 Removing Infected Email;
12.6 Preventing Email Attacks;
12.7 Risk Assessment — High;
12.8 Summary;
Chapter 13: Hoax Viruses;
13.1 The Mother of All Computer Viruses;
13.2 Categories of Hoax Messages;
13.3 Detection;
13.4 Removing and Preventing Hoax Viruses;
13.5 Risk Assessment — Low;
13.6 Summary;
Chapter 14: Defense;
14.1 Defense Strategy;
14.2 Malicious Mobile Code Defense Plan;
14.3 Use a Good Antivirus Scanner;
14.4 Antivirus Scanning Locations;
14.5 The Best Steps Toward Securing Any Windows PC;
14.6 Additional Defense Tools;
14.7 Antivirus Product Review;
14.8 Future;
14.9 Summary;
Chapter 15: The Future;
15.1 The Future of Computing;
15.2 MMC Exploits;
15.3 Real Defense Solutions;
15.4 Summary;
Colophon;

Read More Show Less

Customer Reviews

Average Rating 5
( 2 )
Rating Distribution

5 Star

(2)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted April 22, 2002

    Understandable and Comprehensive Step by Step Reference Book.

    Roger Grimes book is a great desktop reference and field recovery resource book. Using it will save users and administrators who deal with malicious code from wasting critical time and money during resolution of malicious code problems. The author's unmatched writing approach has easy to follow and implement steps for anyone (user or administrator) who needs to diagnose and recover from a malicious mobile code infection. The book also has up to date step by step configuration recommendations for protecting operating systems and applications. And the best part is that the author understands the criticality of recovering data and clearly explains the field proven methods that give you the best chance of successfully recovering your data, applications and operating system files that have been affected by malicious code. When you need to understand malicious mobile code this is THE book to have, I don't call on a client or provide remote incident assistance without it.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted November 5, 2001

    Excellent Virus Reference Book

    I like to think of myself as being fairly knowledgeable about what to look for regarding viruses, Trojans, worms, etc. However, I had no idea before reading this book how widespread all of these different malicious programs were and how they can infect any type of operating system or programming language. While Visual Basic Script may be the 'language of choice' for malicious code writers, viruses can appear with any language or in any form. This book takes an excellent look at various types of malicious programs, and the environments in which they appear. Ranging from DOS to Windows, HTML, Java, ActiveX, even macro viruses, it would seem no system is safe. And that's another way this book is an excellent reference. Not only does it describe in various chapters how a virus, worm or Trojan exists, it also gives examples of them and what to do in case your PC gets infected. Something else I liked about this book was its description of the various 'computer environments' (like DOS, HTML, Java, etc) and how malicious programmers can manipulate them to create potential disasters for your PC. No one is truly safe against malicious programmers and this book offers great advice on defending yourself against them.

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)