Cybersecurity for Everyone by David B. Skillicorn

Author:David B. Skillicorn
Language: eng
Format: epub
Publisher: CRC Press
Published: 2020-10-15T00:00:00+00:00

4.3What does malware do?

Most computer systems divide their operations into three different kinds: those that can be done by any user, those that can only be done by the operating system (and so which require administrator accounts with special permissions), and those that are done when the system is first turned on. The actions that can be done by any user are the most restricted; users can use the software on the computer but typically cannot install some kinds of new software, and cannot see or change critical files. The operating system can do anything in the whole running system. Because of this, operating system accounts (administrator accounts) are restricted to systems staff who are trained, including in security. In phone systems, the operating system capabilities are not available to users at all, remaining under the control of the operating system developer (unless the phone is rooted). Finally, the actions that are done when the system is turned on are especially powerful because they happen before any checking can be done.

Malware can be targeted at any of these three layers. User space malware is the easiest to install, because actions of an ordinary user can create the opportunity to install it surreptitiously, but as a consequence it has the smallest opportunities. This is the reason why users are often encouraged to always carry out their ordinary work using an account like this, even when they have full control of their system and could use an administrator account for everything.

Malware targeted at the operating system level is harder to install, because it requires a higher level of permission, but provides greater opportunities. Malware targeted at the code that executes when a device is turned on is the hardest to install but is, of course, the most powerful since it controls the way in which the device is configured.

The ease with which malware can be removed also reflects how difficult it was to install in the first place. Malware detection software can usually find user space malware and often malware in the operating system, but finding and removing malware in the code that runs when the device is turned on is much more difficult.

It is also possible that malware is installed in the hardware itself. This kind of malware requires installation as part of the manufacturing process, making it much more expensive, but also much, much harder to detect. This is typically the realm of governments.

Malware can be used for a range of purposes, from vandalism all the way to non-kinetic military attacks. Some of the goals of those who distribute malware are:

Making money. The most obvious motivation for deploying malware is its use by criminals to make money. This turns out to be harder than it looks, but criminals are inventive and they have found ways. The most successful so far has been ransomware. Here malware encrypts the files of the target machine using a key known only to the attacker. The malware then informs the user of how much money to pay in order to get the file system unencrypted again.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.