- Shopping Bag ( 0 items )
Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing ...
Malicious mobile code is a new term to describe all sorts of destructive programs: viruses, worms, Trojans, and rogue Internet content. Until fairly recently, experts worried mostly about computer viruses that spread only through executable files, not data files, and certainly not through email exchange. The Melissa virus and the Love Bug proved the experts wrong, attacking Windows computers when recipients did nothing more than open an email. Today, writing programs is easier than ever, and so is writing malicious code. The idea that someone could write malicious code and spread it to 60 million computers in a matter of hours is no longer a fantasy.The good news is that there are effective ways to thwart Windows malicious code attacks, and author Roger Grimes maps them out inMalicious Mobile Code: Virus Protection for Windows. His opening chapter on the history of malicious code and the multi-million dollar anti-virus industry sets the stage for a comprehensive rundown on today's viruses and the nuts and bolts of protecting a system from them. He ranges through the best ways to configure Windows for maximum protection, what a DOS virus can and can't do, what today's biggest threats are, and other important and frequently surprising information. For example, how many people know that joining a chat discussion can turn one's entire computer system into an open book?Malicious Mobile Code delivers the strategies, tips, and tricks to secure a system against attack. It covers:
Viruses today are more prevalent than ever before, and whether you're a home user or a system administrator, the need to protect your network or your company against attacks is imperative. Through intricately detailed prose, Grimes gives strategies, tips and tricks needed to secure any system. And he explains what viruses can and can't do, and how to recognize, remove and prevent them.
ActiveX is considered by many to be Microsoft's answer to Sun's Java language, but it is much more than that. Chapter 11 discusses ActiveX, digital signing, and Microsoft's Authenticode security program.
Unlike Java, there isn't an ActiveX programming language. Instead, ActiveX is a Microsoft platform initiative grouping software development tools that allow Windows programs to work across networks. Initially code-named "Sweeper", the ActiveX architecture was formally announced at a San Francisco Developer's Conference in early 1996, as Microsoft's way to address the booming Internet programming market. At that conference, a slew of new tools were announced in support of ActiveX, including- VBScript, the OLE Scripting Service, new APIs, Microsoft-developed Internet protocols, and ActiveX controls. Microsoft released these new tools as part of its ActiveX Software Development Kit (SDK). ActiveX is an extension of Microsoft's 32-bit Windows API and Component Object Model (COM) models, and is now covered under the umbrella of the Distributed COM (DCOM) architecture. DCOM encompasses all programming tools that allow a Windows client to use a server program over a network. This distributed programming architecture is eventually culminating in Microsoft's .NET initiative (covered in Chapter 15).
Although began as a reactionary response to competitive pressures, ActiveX is really just a natural evolution of Microsoft API's allowing data to be shared between applications. Microsoft's Object Linking and Embedding (OLE) technology allows users to place data objects from one application into another, something DOS couldn't do. The first versions of OLE allowed users to copy data objects from one program to another. For example, a graphic chart could be copied from a spreadsheet into a word processor. The next phase of OLE allowed a linked object to "live" in another application. Now, a user could edit a chart in a word processor, and with an OLE link to a spreadsheet have the changes made in one automatically reflected in the other. ActiveX extends the functionality and allows, not just the data, but the entire application to be shared across the Internet.
Today, you can save a spreadsheet or document directly to the Web, or allow multiple users flung far across the Internet to make changes to a document you created. Objects, pictures, even sound files, can be linked from their distributed locations onto one page. ActiveX includes all the tools and methods to allow programmers to distribute their applications across the web into user's desktops.
TIP: ActiveX programs can be installed, used, and executed by hundreds of applications, including Microsoft's Outlook, Outlook Express, and Office product lines. Throughout this chapter, I will be discussing ActiveX as it runs within a browser, even when I often mean to include other applications within the context of the discussion.
An ActiveX control is an executable program that can be automatically delivered over the Internet where it usually runs within a browser. Contrasted against Java applets which are created in their own special language, ActiveX controls can be written in many different languages, including: C++, Visual Basic, Visual C++, Delphi, Powersoft, Java, C-Sharp (C#) and Visual J++. And because ActiveX controls are based on the OLE specification, controls written in one language can be re-used within controls written in another language. ActiveX controls are compiled into fast 32-bit machine language for Windows platforms. This means they can run only on systems that work with the WIN32 API and lose the portability advantaged gained by Java.
Since ActiveX controls are compiled programs originating from a variety of programming languages, they aren't limited to a basic set of routines. Besides being able to jazz up web pages and build sophisticated user forms, ActiveX controls can be any program they want to be. Complete spreadsheet and database programs are no problem. Local disk systems can be manipulated, connections can be established to other computers and networks, files transferred, and all invisible to the user. It is this feature-rich, openness that worries security experts. Every type of malicious code exploit that can be attempted with viruses, worms, and trojans, can be accomplished with ActiveX.
When you accept a control for the first time, the control is downloaded to your computer and the appropriate registry entries are created. Controls are registered in the
HKEY_CLASSES_ROOT\CLSID subkey, and can also be found in
HKEY_LM\Software\Classes. ActiveX controls usually have the file extension, .OCX, which stands for OLE Control. The typical Windows system has dozens of controls installed. Most are located in C:\%windir%\SYSTEM and C:\%windir%\Program Files\Common Files\Microsoft Shared, if you have MS-Office installed. Controls downloaded and installed by Internet Explorer are usually located at C:\%windir%\Download Program Files.
TIP: Files in C:\%windir%\Download Program Files are specifically concealed by the newer versions of Windows and will not show up with a File Find or DIR command. But you can use Windows Explorer or the DOS Change Directory and find the hidden subdirectory.
TIP: Internet Explorer 3.x stores ActiveX controls in C:\%windir%\OCCACHE.
ActiveX controls can be defined as Safe for Scripting and Safe for Initialization by the software publisher. By designating the control as safe, the vendor is saying that the control cannot be used maliciously and is safe to be manipulated by other scripting languages. Safe for Initialization means that no matter what values are passed to the control during its startup, it cannot do damage to a user's system. Safe for Scripting means that the control cannot be used maliciously no matter how its manipulated. Although each control has two safety settings, most of the popular press focuses on the Safe for Scripting moniker, even though they are referring to both. Controls that can create, read, or write files, or write to the registry are not considered explicitly safe, unless their actions are predetermined and specific.
Without this predefined safety check, a seemingly innocuous program could easily be used to do harm that the original publisher (programmer) did not intend. For example, a control could be made to function as a popup word processor that a user could write with and save notes. If marked Safe For Scripting, a malicious web page might be able to load the control, create and save new files, and use it to overwrite the user's startup files. There is much discussion within the security industry over this controversial setting. Particularly, how does a vendor guarantee his control to be bug free and not susceptible to maliciousness from other programs? There is no standard way for a vendor to test the safety of their code. As we will see later, it's difficult for a vendor to consider all the possibilities of their program's interactions.
Safe for Scripting or Initialization does not mean the control is safe for use. There might be a control that scrambles and deletes all your files when you execute it. As long as the result was not implemented by a script or initiated during startup by an unintended third party, it could still qualify for the Safe for Scripting setting. Obviously, this control would not be safe to have on your computer.
ActiveX is often thought of as a Microsoft Java-clone. It isn't. Without the common goal of being optimized for Internet component-downloading, the two platforms don't share much in common. Here are some key differences.
Web developers include an <OBJECT> tag within their HMTL page (see Example 11-1) to automatically download a control to the browser, much as with a Java applet. The ID field defines the name used by any related scripting language that presents the control. The CLASSID is a globally unique identifier used to identify the control (something you'll need to become comfortable with to locate a specific control on your machine) and the CODEBASE contains file identification information (minimum version and location). HEIGHT and WIDTH tell the browser how many pixels tall and wide to make the displayed control. Other custom startup parameters, such as the background color, can be passed to the control as it starts....
About This Book;
Why Another Book on Viruses?;
What This Book Doesn’t Cover;
Organization of the Book;
Conventions Used in This Book;
Software Covered in This Book;
Comments and Questions;
Chapter 1: Introduction;
1.1 The Hunt;
1.2 What Is Malicious Mobile Code?;
1.3 Malicious Code and the Law;
1.4 Malicious Code-Writing Subculture;
1.5 MMC Terminology;
Chapter 2: DOS Computer Viruses;
2.2 DOS Technologies;
2.3 DOS Virus Technologies;
2.4 Types of DOS Viruses;
2.5 Virus Defense Mechanisms;
2.6 Examples of DOS Viruses;
2.7 Detecting a DOS-Based Computer Virus;
2.8 Removing a DOS Virus;
2.9 Protecting Yourself from Viruses;
2.10 Risk Assessment — Low;
Chapter 3: Windows Technologies;
3.1 Windows Technologies;
3.2 New Windows Versions;
Chapter 4: Viruses in a Windows World;
4.1 DOS Viruses on Windows Platforms;
4.2 Windows Viruses on Windows Platforms;
4.3 Signs and Symptoms of Windows NT Virus Infections;
4.4 Windows Virus Examples;
4.5 Detecting a Windows Virus;
4.6 Removing Viruses;
4.7 Removing Infected Files;
4.8 Preventing Viruses in Windows;
4.10 Risk Assessment — Medium;
Chapter 5: Macro Viruses;
5.1 Microsoft Office Version Numbers;
5.2 What Is a Macro Virus?;
5.3 Microsoft Word and Excel Macros;
5.4 Working with Macros;
5.5 Office 2000 Security;
5.6 Macro Virus Technologies;
5.7 Macro Virus Examples;
5.8 Detecting Macro Viruses;
5.9 Removing Macro Viruses and Repairing the Damage;
5.10 Preventing Macro Viruses;
5.11 Risk Assessment — High;
Chapter 6: Trojans and Worms;
6.1 The Threat;
6.2 What Are Trojan Horses and Worms?;
6.3 Signs and Symptoms;
6.4 Types of Trojans;
6.5 Trojan Technology;
6.6 Becoming Familiar with Your PC;
6.7 Trojan and Worm Examples;
6.8 Detecting and Removing Trojansand Worms;
6.9 Preventing Trojans and Worms;
6.10 Risk Assessment — High;
Chapter 7: Instant Messaging Attacks;
7.1 Introduction to Instant Messaging;
7.2 Types of Instant Messaging;
7.3 Introduction to Internet Relay Chat;
7.4 Hacking Instant Messaging;
7.5 Examples of IRC Attacks;
7.6 Detecting Malicious IM;
7.7 Removing Malicious IM;
7.8 Protecting Yourself from IM Attacks;
7.9 Risk Assessment — Medium;
Chapter 8: Internet Browser Technologies;
8.2 Browser Technologies;
8.3 Web Languages;
8.4 Other Browser Technologies;
8.5 When to Worry About Browser Content;
Chapter 9: Internet Browser Attacks;
9.1 Browser-Based Exploits;
9.2 Examples of Attacks and Exploits;
9.3 Detecting Internet Browser Attacks;
9.4 Removing and Repairing the Damage;
9.5 Preventing Internet Browser Attacks;
9.6 Risk Assessment — Medium;
Chapter 10: Malicious Java Applets;
10.2 Java Security;
10.3 Java Exploits;
10.4 Example Java Exploits;
10.5 Detecting Malicious Java Applets;
10.6 Removing Malicious Java Code;
10.7 Protecting Yourself from Malicious Java Code;
10.8 Risk Assessment — Low;
Chapter 11: Malicious ActiveX Controls;
11.2 ActiveX Security;
11.3 ActiveX Security Criticisms;
11.4 Malicious ActiveX Examples;
11.5 Detecting Malicious ActiveX Controls;
11.6 Removing and Preventing Malicious Active Controls;
11.7 Risk Assessment — Medium;
Chapter 12: Email Attacks;
12.2 Email Programs;
12.3 Email Exploits;
12.4 Detecting Email Attacks;
12.5 Removing Infected Email;
12.6 Preventing Email Attacks;
12.7 Risk Assessment — High;
Chapter 13: Hoax Viruses;
13.1 The Mother of All Computer Viruses;
13.2 Categories of Hoax Messages;
13.4 Removing and Preventing Hoax Viruses;
13.5 Risk Assessment — Low;
Chapter 14: Defense;
14.1 Defense Strategy;
14.2 Malicious Mobile Code Defense Plan;
14.3 Use a Good Antivirus Scanner;
14.4 Antivirus Scanning Locations;
14.5 The Best Steps Toward Securing Any Windows PC;
14.6 Additional Defense Tools;
14.7 Antivirus Product Review;
Chapter 15: The Future;
15.1 The Future of Computing;
15.2 MMC Exploits;
15.3 Real Defense Solutions;
Posted April 22, 2002
Roger Grimes book is a great desktop reference and field recovery resource book. Using it will save users and administrators who deal with malicious code from wasting critical time and money during resolution of malicious code problems. The author's unmatched writing approach has easy to follow and implement steps for anyone (user or administrator) who needs to diagnose and recover from a malicious mobile code infection. The book also has up to date step by step configuration recommendations for protecting operating systems and applications. And the best part is that the author understands the criticality of recovering data and clearly explains the field proven methods that give you the best chance of successfully recovering your data, applications and operating system files that have been affected by malicious code. When you need to understand malicious mobile code this is THE book to have, I don't call on a client or provide remote incident assistance without it.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.
Posted November 5, 2001
I like to think of myself as being fairly knowledgeable about what to look for regarding viruses, Trojans, worms, etc. However, I had no idea before reading this book how widespread all of these different malicious programs were and how they can infect any type of operating system or programming language. While Visual Basic Script may be the 'language of choice' for malicious code writers, viruses can appear with any language or in any form. This book takes an excellent look at various types of malicious programs, and the environments in which they appear. Ranging from DOS to Windows, HTML, Java, ActiveX, even macro viruses, it would seem no system is safe. And that's another way this book is an excellent reference. Not only does it describe in various chapters how a virus, worm or Trojan exists, it also gives examples of them and what to do in case your PC gets infected. Something else I liked about this book was its description of the various 'computer environments' (like DOS, HTML, Java, etc) and how malicious programmers can manipulate them to create potential disasters for your PC. No one is truly safe against malicious programmers and this book offers great advice on defending yourself against them.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.