Malicious Software, Unknown Threats and Potential Solutions - Research Paper Example

?Running head: MALICIOUS SOFTWARE, UNKNOWN THREATS AND POTENTIAL SOLUTIONS Malicious Software, Unknown Threats and Potential Solutions Insert Insert Course Title Insert Instructor’s Name 08 November 2011 Malicious Software, Unknown Threats, and Potential Solutions Problem Statement Malicious software consists of code, scripts, and active contents that are designed to disrupt and deny proper operations of information systems. Malicious software also gathers unauthorized information, thus leading to loss of privacy and confidentiality of information. Systems’ vulnerability to malicious software and unknown threats is the main cause of information and system attacks, destruction and interruption of normal system functioning and processing of information. Malicious intentions result into destruction of system hardware, information, and software whereby, disclosure of confidential information results, through unauthorized users having access to the system and information. Unauthorized usage also results in modification and interruption of the information system. Interception occurs when information that resides in a computer system is copied by unauthorized user (Abdullah, 2010, p.3). Other threats include malware, which is constituted by viruses, computer worms and Trojan horses that are generally common in the computer networks and websites. The possibility of making money through malware distribution and solution has propagated the online distribution, which is a major threat. This is the case since the popularity of viruses, computer worms and Trojan horses consequently increases popularity of similar antivirus that is traded for commercial purposes (Ryuya, 2011, p.514). Defects with respect to homogeneous binary files are an indication of presence of unknown threats and malicious software. Indications of threats may include infections such as viruses, Trojan horse programs and even original file format alterations (Weber, et al., 2002, p. 2). Motivation Malicious software and unknown threats have time and again presented new threats that call for new ways of detection and prevention within the information technology environment. Unknown threats and malware software call for modern malware detection solutions such as proactive malware detection system that enables prevention of future attacks and those that were previously unknown. Modern detection system also reduces the rate of false alarms, since successful detection of attacks is made (Volynkin, State University of New York at Binghamton: Electrical Engineering. 2007, p.47). Dynamics of malicious software are characterized by strains such as code red-2, which is a fast spreading worm that can be solved using a complex mathematical model that is based on approach of compartmentalization. The solution is made possible through predicting the state of the system for the purpose of converting unaffected targeted nodes into noninfectious and infectious nodes (Hemraj and Dinesh, 2007, p. 491). Hackers have gone ahead to exploit zero day threats, since these threats have no characteristic signature that can be detected. The exploitation takes advantage of polymorphing code of the unknown threat that varies with every page loaded. However, technological firms have competitively undertaken to advance models for detecting malicious and unknown threats for their customers. Through intensive marketing and competition, new knowledge regarding malicious software attacks has been created by software firms. Although software firms seek to gain profitability in software applications, solutions for complex and dynamic malicious software attacks are gaining a positive insight (Michael and Mikhael, 2010, p.597). Invisible malicious codes on the web execute when the browser loads web pages containing the software. Malicious codes use cross-site scripting to retrieve codes that are more dangerous from third party sites, which plants the malware, steals data and takes control of the system through leveraging operating system and web browser vulnerability. Information systems form a vital part of organizations such as financial institutions. Considering the risk factor of malicious software and unknown threats that faces information systems, financial institutions further face the challenge of botnets that are predominantly effected by criminals. Botnets form major means through which spam distribution is done globally with hosting phishing websites being common (Michel and Johannes, 2009, p. 22). Solution Solutions to malicious software and unknown threats begin with detection, which forms the main aspect of protection using an antivirus to detect a huge variety of malicious programs. Efficiency of an antivirus depends on its capability to detect new modifications of worms, previously known viruses and Trojans from the web and those located in executable files that are modified by utilities of the archive. Detections systems such Sophos Labs enable detection of web pages that are newly infected on the Internet every four seconds. Prevention of these new infections relies on interlocking phases of the protection system. The nature of businesses is the determinant factor as to the definition and enforcement of right security policies. In case of online sales and advertising, it is essential to control access to data and maintain authorized data use and handling with respect to laws. However, prevention and detection of malicious software and unknown threats require advancements, considering the growing dependency on websites and interconnections. Cyber attacks have advanced and increased in sophistication, given the embedded networks interdependencies and secure network vulnerabilities. Security measures for such sophistication may include encryption, message authentication, and key management through restriction of embedded networks (Jyostna and Pagmaja, 2011, p. 3855). More to detection of malicious software and unknown threats, it is important to be proactive in counterattacking threats that may have been detected and therefore have gained access into the system. Counterattack is favorable for actions against hackers who exploit any slight chances of non-detection to take advantage of vulnerable systems. Organizations that are dependent on Internet information must put in place elements such as firewalls, web and email filtering, as well as anti-virus software. Where connections are made to third parties, organizations must put in place data encryption and ensure user authentication prior to data access. Web filtering for screening sites is recommended for all institutions, since spreading malware uses the web as spreading vector. Web filtering prevents systems from unknown threats, malware, phishing, spyware, and even enables general safe browsing. Users are unable to detect suspicious sites on the web since malicious codes are invisible; therefore, web filtering becomes essential. Email filtering is also essential since malware software infiltrates information systems through e-mail spam. Email filtering enables clean email usage that is free from malware and spam. Web filtering applies the use of anti-spam software on gateway servers and email service providers that provide email-filtering services to prevent malware and spam entry. Software vendors have made antivirus and sales agency where completion and image is core, although antivirus solutions are more important to information technology and protection. User’s choice of antivirus depends more on protection from malicious programs and unknown threats other than product pricing, design, and advertisement. The basic user criterion is the technical performance of the antivirus with respect to specific information technology threats that it can guard against, many modern antivirus products contain techniques capable of both the identification of known malicious threats and the detection of previously unknown malicious software. The use of antivirus as a solution is more appropriate, since it seeks to block malware threat introduction, to detect its presence, to prevent the cause of damage and to enable recovery of the system from the attack (Bidgoli, 2006, p 450). Antivirus manufacturers need to focus on protecting information and system users from all kinds of malware. It is also important to note that users may be tempted to use two designs of antivirus for maximum protection though it is not workable. Running two anti viruses concurrently causes installation of two interceptors into the system kernel on the same part, thus making the two anti virus motors to conflict among themselves. Operating systems, being the existing control mechanisms to access of systems and information, cannot protect the system from malicious software since the operating system cannot allow for observation of how an application is working. Malicious detection, prevention and recovery therefore require third party solutions such as monitoring tools that enable users to confirm the validity of a software to prevent malice (Schimid and Hill, 2002, p.2). Summary Malware consists of codes, scripts, and other active contents designed to disrupt or deny normal operations, gather information that leads to loss of privacy and gain unauthorized access to system resources. As the world moves more and more towards a digitally based global economy, the potential effects of malicious software become increasingly dangerous. The average person has multiple digital devices that they rely on daily for their communication and business needs, and the average business is even more reliant on digital devices and applications. Considering these facts, criminals are innovating elaborate methods to compromise data systems to acquire potential valuable information, and many of these threats go undetected until they are exposed by law enforcement agencies. Many of these agencies are partnering with manufacturers who develop digital devices in order to minimize this form of criminal activity at the source. Minimizing the criminal activity relies on finding solutions to information interruptions, modification, interception and even destruction of information through advances such as the use of Portable Executable Analysis Toolkits to detect malicious codes. More to the advances are inclusions and designing of features that detect soft wares and executables that do not fit in with the normal bytes. The use of buffer overflow protection system and Host-based intrusion prevention systems enables counterattack measure on zero day threats mainly used by modern day criminals. Anti-malware applies behavior-based detection through which executable codes that perform suspicious codes, such as writing on the drivers of the operating systems are detected and stopped. Counterattack measures may also include live anti-virus and cloud based reputation systems that detect online data that is in real time. As new threats are discovered, live antivirus and cloud based reputation systems are frequently updated to provide up-to-date characteristic signatures as new threats are discovered. References Abdullah, A. (2010). Information System Security Measures and Countermeasure: Protecting Organizational Assets from Malicious Attacks. Communications of the IBIMA, p. 1-9. Bidgoli, H. (2006). The handbook of information security. NJ: John Wiley and Sons. Hemraj, S. and Dinesh, S. (2007). Malicious Objects Dynamics in the Presence of Anti Malicious Software. European Journal of Scientific Research, Vol. 18 Issue 3, pp. 491-499. Jyostna, K., and Padmaja, V. (2011). Secure Embedded System Networking: An Advanced Security Perspective. International Journal of Engineering Science & Technology, Vol. 3, Issue 5, pp. 3854-3862. Michael, G.R., and Mikhael, S. (2010). The Impact of Malicious Agents on the Enterprise Software Industry. MIS Quarterly, Vol. 34, Issue 3, pp.595-610. Michel, V. A., and Johannes, M. B. (2009). Emerging Threats to Internet Security Incentives, Externalities and Policy Implications. Journal of Contingencies & Crisis Management, Vol. 17, Issue 4, pp. 221-232. Ryuya, U. (2011). Protocol and Method for Preventing Attacks from the Web. World Academy of Science, Engineering & Technology, pp. 514-519. Schimid, M., and Hill, F. (2002). Protecting Data from Malicious Software. Retrieved from http://www.acsac.org/2002/papers/28.pdf. Volynkin, A.S. (2007). Advanced methods of detection of malicious software. State University of New York at Binghamton: Electrical Engineering. MI: ProQuest. Weber, M. et al. (2002). A toolkit for Detecting and Analyzing Malicious Software. NY: Cigital Inc. Read More