CompTIA Security_ Deluxe Study Guide_ SY0-201 - Emmett Dulaney [53]
Unfortunately, many rootkits are written to get around antivirus and antispyware programs that are not kept up-to-date. The best defense you have is to monitor what your system is doing and catch the rootkit in the process of installation.
As these new threats have developed, so have some excellent programs for countering them. Within any search engine, you can find a rootkit analyzer for your system, including Spybot, Spyware Doctor, and AdAware.
One of the most important measures you can take to proactively combat software attacks is to know common file extensions and the applications they’re associated with. For example, the .scr filename extension is used for screensavers, and viruses are often distributed through the use of these files. No legitimate user should be sending screensavers via e-mail to your users, and all attachments with the .scr filename extension should be banned from entering the network.
Table 2.3, while not comprehensive, contains the most common filename extensions for files that should and should not, as a general rule, be allowed into the network as e-mail attachments.
TABLE 2.3 Common Filename Extensions for E-mail Attachments
Understanding OVAL
The Open Vulnerability and Assessment Language (OVAL) is a community standard written in XML that strives to promote open and publicly available security content. It consists of a language, interpreter, and repository and is meant to standardize information between security tools.
As of this writing, version 5.4 is available, and you can find it at http://oval.mitre.org.
Surviving Malicious Code
Malicious code refers to a broad category of software threats to your network and systems, including viruses, Trojan horses, bombs, and worms. Your users depend on you to help keep them safe from harm and to repulse these attacks. When successful, these attacks can be devastating to systems, and they can spread through an entire network. One such incident involved the Melissa virus that effectively brought the entire Internet down for a few days in March 1999. This virus spread to millions of Outlook and Outlook Express users worldwide. Variants of this virus are still propagating through the Internet.
The following sections will briefly introduce you to the types of malicious code you’ll encounter. I’ll also explain the importance of antivirus software.
Viruses
A virus is a piece of software designed to infect a computer system. The virus may do nothing more than reside on the computer. A virus may also damage the data on your hard disk, destroy your operating system, and possibly spread to other systems. Viruses get into your computer in one of three ways: on contaminated media (floppy, USB drive, or CD-ROM), through e-mail and peer-to-peer sites, or as part of another program.
Viruses can be classified as polymorphic, stealth, retroviruses, multipartite, armored, companion, phage, and macro viruses. Each type of virus has a different attack strategy and different consequences.
Estimates for losses due to viruses are in the billions of dollars. These losses include financial loss as well as lost productivity.
The following sections will introduce the symptoms of a virus infection, explain how a virus works, and describe the types of viruses you can expect to encounter and how they generally behave. I’ll also discuss how a virus is transmitted through a network and look at a few hoaxes.
Symptoms of a Virus Infection
Many viruses will announce that you’re infected as soon as they gain access to your system. They may take control