Malware Is No Longer Written For Fun: Computer Security

0
340
Malware Is No Longer Written For Fun

Let’s remember one old true cyber security breach story. It’s probably the first online security breach in the Internet’s history. On November 2, 1988, about 60,000 computers, which were connected to the Internet, acted strangely. They started to slow down, because they were running a malicious code that demanded processor time and that spread itself to other computers. The software was traced back to 23 year old Cornell University graduate student Robert Tappan Morris, Jr. When questioned about the motive for his actions, Morris said “he wanted to count how many machines were connected to the Internet”. His explanation was verified with his code, but it turned out to be buggy, nevertheless.

On January 25, 2003, SQL Slammer dramatically slowed down general Internet traffic, starting at 05:30 UTC. It spread rapidly, infecting most of its 75,000 victims within ten minutes. And we can continue with the examples.

Many early infectious programs were written as experiments or pranks. Today, malware is used primarily to steal sensitive personal, financial, or business information for the benefit of others. Since the rise of widespread broadband Internet access, malware is no longer written for fun.

Malware is sometimes used broadly against government or corporate websites to gather guarded information, or to disrupt their operation in general. Nowadays, malware is more and more often used against individuals to gain personal information such as social security numbers, bank or credit card numbers, and so on. Left un-guarded, personal and networked computers can be at considerable risk against these threats.

The Main Types of Malware

Trojan horses

For a malicious program to accomplish its goals, it must be able to run without being detected, shut down, or deleted. When malware is disguised as something normal or desirable, users may willfully install it without realizing it. This is the technique of the Trojan horse or Trojan. One of the most common ways that spyware is distributed is as a Trojan horse, bundled with a piece of desirable software that the user downloads from the Internet. When the user installs the software, the spyware is installed along with it. The malicious code may take effect immediately and can lead to many undesirable effects, such as deleting the user’s files or installing additional harmful software.

Rootkits

Once malware is installed on a system, it is essential that it stays concealed, to avoid detection. Techniques known as rootkits allow this concealment, by modifying the host’s operating system so that the malware is hidden from the user. Rootkits can prevent a malicious process from being visible in the system’s list of processes, or keep its files from being read.

Backdoors

Crackers typically use backdoors to secure remote access to a computer, while attempting to remain hidden from casual inspection. To install backdoors crackers may use Trojan horses, worms, or other methods. A backdoor is a method of bypassing normal authentication procedures. Once a system has been compromised, one or more backdoors may be installed in order to allow easier access in the future. Backdoors may also be installed prior to malicious software, to allow attackers entry.

Anti-Virus and Anti-Malware Software

We know that unbreakable protections do not exist; however, there are protections which are economically unreasonable to break. We can develop that kind of protection for each and every given case whether it is CD/DVD-method of distribution, or on-line licensing, by writing of key generation algorithms using asymmetric cryptography, etc.

Who We Are

Codedgers Inc. is registered in Toronto, Canada. There are 3 keywords in company name:

  1. Code
  2. Edge
  3. Codger

At least now you partially know whom you are dealing with.

We are generally focused on the system programming for Windows OS and GNU/Linux OS, cryptographic programs development and compilers creation.

Let us give you a few reasons why to choose us:

Relatively low prices – see the detailed Pros and Cons in our blog.

Highly qualified professionals – every Codedgers employee has to come through a serious two-stage interview.

Best project management methods:

  • zero-defect development (ZDD) – Tom DeMarco is totally right – most of the defects are already in the code before even the testing begins. The conclusion is therefore quite simple – one must truly devote as much attention as possible to the application architecture. Also we use informal code review keeping in mind the fact it is the only quality assurance practice that is able to catch out up to 80% of the bugs in code. And code review is able to find the bugs early. Remember: the earlier you find the bug in the development cycle, the less it costs to fix it!
  • some selected elements of CMM
  • Japanese have an astonishing kaizen practice. Some of its elements we also use in our day-to-day business processes. One example: each and every company must have some sort of the coding standard. If you wrote one and never updated it you probably do not follow the kaizen spirit. The standards must be continuously reviewed and improved. Again and again and again.
  • Most of TDD adepts usually forget about acceptance testing. We do not. Our smoke phase is quite well developed – we use lots of Microsoft, Google and Apple quality assurance tools. Some of the examples are: AppVerifier and clang, Driver Verifier and KLEE and many-many others
  • Software estimation is truly one of the biggest difficulties of the industry. Quite often the initial estimates are subject of about up to 4 times to change. Also it is close to impossible to estimate something when your development process is chaotic. As we have well-controlled and well-established development our estimates are more correct. We also use some advanced methods so the chances of the success are even higher.

High code quality:

  • We don’t really think TDD is a panacea. However, being test infected makes sense 🙂
  • We use some selected IEEE standards IEEE 830, IEEE 829, IEEE 1008 in our day to day practice.
  • We use lots of metrics.

We have gathered many materials and articles during the years of our hard work as investigators and researchers, explorers of new computer science technologies. And we thought that our experience could be helpful to other developers in their work. We want to share our experience with the community, and we run the blog on the site for English speaking community. There are a few examples below:

PEP8 and Nesting Depth Metric

Company code style is one of the most essential policies to follow for any programming-related IT-organization. It helps to organize interaction between developers, especially for Agile teams, makes code more readable and avoid conflicts like “where to put curly braces”. For the Python developers it is strongly recommended to follow PEP 8 – Style Guide for Python Code. This PEP declares: Code lay-out Imports Whitespace in Expressions and Statements Comments Documentation Strings Version Bookkeeping Naming Conventions Programming Recommendations So it is very useful, and it is used as coding standard in many organizations. However, it doesn’t declare some other useful …

A Couple of Words about TDD

Unit-test coding supposes to be one of the most significant methodological achievements of the industry, let’s say, for about last 15 years. The Internet is full of enthusiastic exclamations [1, 5, 6]. However, there are some not so enthusiastic ones or even without any enthusiasm at all [2, 3, 13]. A humble attempt to consider pluses and minuses of TDD (test driven development) based on literature research and some practice is being made in this article. At the beginning, it’s necessarily to clarify the terminology because there is some misunderstanding: saying TDD one means one thing and another one means …

Metrics – LoC

This is going to be a small set of articles devoted to metrics. The first one is about LoC – Line of Code. I think that the first reaction on that phrase is smile. Many of us have heard about an anecdotal case at Macintosh when they tried to count the lines of code and measure productivity. There is even a classic saying of Kenneth Thompson: “One of my most productive days was throwing away 1000 lines of code”. Actually, counting SLOC is routine and boring: we simply carefully count the lines one by one including code lines itself, comments …

So, if the software development is not your company’s core activity but you need to protect the sensitive information that you are dealing with, let us know. We offer a wide variety of the software development services. Most of the time, we do turnkey contracting. That is you come to us with your ideas and end up with the final version of your product. We do everything: software requirements specification, software architecture evaluation, quality assurance and of course the actual development.

Please note that Codedgers Inc., in spite of using own mail service, can not guarantee that mail messages can not be intercepted. All email messages are traversing through a 3rd party mail server unencrypted (even if SSL/TLS is used to transfer messages between servers). This means that all unencrypted email messages should be treated as if read by 3rd parties. Please use encryption when sending sensitive information to Codedgers Inc. (see our PGP key below). Codedgers Inc. cannot be held responsible for any potential leak of information that has been sent to Codedgers Inc. via unencrypted email. In order to exclude the possibility of Man-In-The-Middle attacks, you are encouraged to verify the fingerprint of this key before using it. This can be done by phone only. This website cannot be trusted for key verification.

(Visited 65 times, 1 visits today)