9.5 ATTACKS FROM OUTSIDE THE SYSTEM
The threats discussed in the previous sections were largely caused from the
inside, that is, perpetrated by users already logged in. However, for machines
connected to the Internet or another network, there is a growing external threat. A
networked computer can be attacked from a distant computer over the network.
In nearly all cases, such an attack consists of some code being transmitted over
the network to the target machine and executed there doing damage. As more and
more computers join the Internet, the potential for damage keeps growing. In the
following sections we will look at some of the operating systems aspects of these
external threats, primarily focusing on viruses, worms, mobile code, and Java
It is hard to open a newspaper these days without reading about another com-
puter virus or worm attacking the world’s computers. They are clearly a major
security problem for individuals and companies alike. In the following sections
we will examine how they work and what can be done about them.
I was somewhat hesitant to write this section in so much detail, lest it give
some people bad ideas, but existing books give far more detail and even include
real code (e.g., Ludwig, 1998). Also the Internet is full of information about
viruses so the genie is already out of the bottle. In addition, it is hard for people to
defend themselves against viruses if they do not know how they work. Finally,
there are a lot of misconceptions about viruses floating around that need correc-
Unlike, say, game programmers, successful virus writers tend not to seek pub-
licity after their products have made their debut. Based on the scanty evidence
there is, it appears that most are high school or college students or recent gradu-
ates who wrote the virus as a technical challenge, not realizing (or caring) that a
virus attack can cost the collective victims as much as a hurricane or earthquake.
Let us call our antihero Virgil the virus writer. If Virgil is typical, his goals are to
produce a virus that spreads quickly, is difficult to detect, and is hard to get rid of
What is a virus, anyway? To make a long story short, a
is a program
that can reproduce itself by attaching its code to another program, analogous to
how biological viruses reproduce. In addition, the virus can also do other things
in addition to reproducing itself. Worms are like viruses but are self replicating.
That difference will not concern us here, so we will use the term ‘‘virus’’ to cover
both for the moment. We will look at worms in Sec. 9.5.5.
9.5.1 Virus Damage Scenarios
Since a virus is just a program, it can do anything a program can do. For
example, it can type a message, display an image on the screen, play music, or
something else harmless. Unfortunately, it can also erase, modify, destroy, or