Hostile Software

Hostile software programs may have several different types of functions. These functions may cause damage or allow unauthorized access to be gained allowing the program to be spread or information may be compromised. These are some functions that hostile software may perform:

• Damaging operating systems.
• Damaging or destroying data.
• Sniffing the network for any data or passwords.
• Installing itself or some other hostile software on computer systems for later use.
• Acquisition of unencrypted passwords on the network.
• Forwarding compromised information to hostile parties through the firewall.
• Harvesting e-mail addresses.
• Putting unsolicited advertisements on infected computer systems. These programs are called adware and may come with other "useful" applications.
• Spyware - A type of program that usually comes with a useful application but sends information to its creator about what the computer user is doing on the internet. Some of these programs creators actually tell the user that the program comes with ability to see what the user is doing on the internet. Others do not.

You should be aware that all types of hostile programs such as viruses and trojans can perform any of the above functions. There is a tendency for viruses to only damage systems or data, and trojan programs to send compromised data to other parties, but either type of program can perform any of the functions. This is why all unauthorized programs are a very serious matter.

Viruses

Viruses reproduce themselves by attaching themselves to other files that the used does not realize are infected. Viruses are spread today mainly through E-mail attachments. The attachment may be a file that is a legitimate file but the virus may be attached as a macro program in the file. An example is a Microsoft word file. These files can contain macro programs which can be run by Microsoft Word. A virus may infect these files as a macro and when they get on the next user's computer, they can infect other files. These virus programs normally take advantage of a security vulnerability of the running application. In the case of this example a Microsoft Word macro permission security vulnerability is exploited. Viruses can directly affect executable files or Dynamic Link Library (DLL ) files that the operating systems and applications use to run.

Usually the virus will spread before it will do anything that may alert the user to its presence.

The countermeasure to prevent virus programs from infiltrating your organization is to implement the countermeasures in the section titled "Software vulnerability Control". Running virus scanning software on every computer in the organization is a primary step in minimizing this step.

Trojan Horse Software

The name "Trojan horse" comes from the historical incident where the Greeks built a horse statue as a tool to take the city of Troy. They hid soldiers inside. The people of Troy thought that they were victorious and the gods had given them the horse as a gift, they pulled the horse inside the city. At night the soldiers inside the horse snuck out and opened the gates of the city letting the main Greek army into the city.

Trojan horse software is software that appears to have some useful function, but some hidden purpose awaits inside. This purpose may be to send sensitive information from inside your organization to the author of the software.

The countermeasure to prevent trojan horse programs from infiltrating your organization is to implement the countermeasures in the section titled "Software vulnerability Control". Allowing only approved software with proper testing to be run in the organization will minimize the threat of these programs. The organizational security policy can help ensure that all members of the organization operate in compliance with this countermeasure.