What is
Malicious Software?
Computers do what they are told. This is achieved through the execution of "programs" consisting of logical instructions. The author of the program tells the computer what to do. Attackers can author programs that execute on your computer system as "malicious software".
Two general forms of malicious software are Trojan horses and trap doors. A Trojan horse is typically included as part of what appears to be a "friendly" program. Examples include viruses, worms, back doors and logic bombs. A Trojan horse is often designed to provide the attacker with unauthorized access to information while providing an apparently useful function. A software trap door is typically included in programs that otherwise provide some form of access control (e.g., the mechanism that determines if a given user is authorized to access specific data). A trap door is often designed to be triggered by unique data (e.g., an obscure character string), resulting in unmediated access by the attacker to the system resources. Trojan horses and trap doors can be designed to be practically undetectable.
Most computer systems have little or no protection against a well motivated attacker's use of malicious software to subvert the system. Most of the "trusted" or "secure" versions of mainstream vendor's operating systems are not designed to counter this type of threat. Even when these vendors have the security of their products evaluated, they do so at low levels of assurance -- well below that needed to counter malicious software.
The risks associated with malicious software should be considered when selecting the minimum assurance that a given security policy is correctly enforced.
This essay describes threats to computer systems, with a detailed section on malicious software.
- What is a Security Policy?
- Assurance that the Security Policy is Correctly Enforced
- Integrity:
Letting Your Enemies Enhance Your System