The term rootkit is a concatenation of root and the word kit. The term rootkit has negative connotations through its association with malware, Rootkit installation can be automated, or an attacker can install it once theyve obtained root or Administrator access. Obtaining this access is a result of attack on a system. Once installed, it possible to hide the intrusion as well as to maintain privileged access. The key is the root or administrator access, full control over a system means that existing software can be modified, including software that might otherwise be used to detect or circumvent it. Rootkit detection is difficult because a rootkit may be able to subvert the software that is intended to find it, detection methods include using an alternative and trusted operating system, behavioral-based methods, signature scanning, difference scanning, and memory dump analysis. When dealing with firmware rootkits, removal may require hardware replacement, the term rootkit or root kit originally referred to a maliciously modified set of administrative tools for a Unix-like operating system that granted root access.
These first-generation rootkits were trivial to detect by using such as Tripwire that had not been compromised to access the same information. Lane Davis and Steven Dake wrote the earliest known rootkit in 1990 for Sun Microsystems SunOS UNIX operating system, the compiler would detect attempts to compile a new version of the compiler, and would insert the same exploits into the new compiler. A review of the code for the login command or the updated compiler would not reveal any malicious code. This exploit was equivalent to a rootkit, the first malicious rootkit for the Windows NT operating system appeared in 1999, a trojan called NTRootkit created by Greg Hoglund. It was followed by HackerDefender in 2003, the first rootkit targeting Mac OS X appeared in 2009, while the Stuxnet worm was the first to target programmable logic controllers. In 2005, Sony BMG published CDs with copy protection and digital rights management software called Extended Copy Protection, the software included a music player but silently installed a rootkit which limited the users ability to access the CD.
Software engineer Mark Russinovich, who created the rootkit detection tool RootkitRevealer, the ensuing scandal raised the publics awareness of rootkits. To cloak itself, the rootkit hid from the user any file starting with $sys$, soon after Russinovichs report, malware appeared which took advantage of that vulnerability of affected systems. One BBC analyst called it a public relations nightmare, Sony BMG released patches to uninstall the rootkit, but it exposed users to an even more serious vulnerability. The company eventually recalled the CDs, in the United States, a class-action lawsuit was brought against Sony BMG. The taps began sometime near the beginning of August 2004 and were removed in March 2005 without discovering the identity of the perpetrators, the intruders installed a rootkit targeting Ericssons AXE telephone exchange
A firewall is a fire-resistant barrier used to prevent the spread of fire for a prescribed period of time. Firewalls are built between or through buildings, electrical transformers, or within an aircraft or vehicle. Firewalls can be used to subdivide a building into separate areas and are constructed in accordance with the locally applicable building codes. Firewalls are a portion of a passive fire protection systems. Firewalls can be used to separate-high value transformers at a substation in the event of a mineral oil tank rupture. The firewall serves as a containment wall between one oil-filled transformer and other neighboring transformers, building structures, and site equipment. There are three classifications of fire rated walls, fire walls, fire barriers, and fire partitions. To the layperson, the use of language typically includes all three when referring to a firewall unless distinguishing between them becomes necessary. In addition specialty fire-rated walls such as a High Challenge Fire Wall would require further distinctions and this allows a building to be subdivided into smaller sections.
If a sections becomes structurally unstable due to fire or other causes, a fire barrier wall, or a fire partition, is a fire-rated wall assembly that provides lower levels of protection than typically provided by a fire wall. The main differences are that these fire resistant walls are not structurally self-sufficient, Fire barriers are continuous through concealed spaces to the floor deck or roof deck above the barrier. Fire rating - Fire walls are constructed in such a way as to achieve a code-determined fire-resistance rating, germany includes repeated impact force testing upon new fire wall systems. Other codes require impact resistance on a performance basis Design loads – Fire wall must withstand a minimum 5 lb. /sq. ft. substation transformer firewalls are typically free-standing modular walls custom designed and engineered to meet application needs. Building firewalls typically extend through the roof and terminate at a height above it. They are usually finished off on the top with flashing for protection against the elements and structural firewalls in North America are usually made of concrete, concrete blocks, or reinforced concrete.
Older fire walls, built prior to World War II, utilized brick materials, Fire barrier walls are typically constructed of drywall or gypsum board partitions with wood or metal framed studs. Penetrations – Penetrations through fire walls, such as for pipes and cables, Penetrations must not defeat the structural integrity of the wall, such that the wall cannot withstand the prescribed fire duration without threat of collapse. Openings – Other openings in Fire walls, such as doors and windows, must be fire-rated fire door assemblies, firewalls are used in varied applications that require specific design and performance specifications
Antivirus or anti-virus software, sometimes known as anti-malware software, is computer software used to prevent and remove malicious software. Antivirus software was developed to detect and remove computer viruses. However, with the proliferation of other kinds of malware, antivirus software started to provide protection from other computer threats and this computer virus infected Digital Equipment Corporations PDP-10 mainframe computers running the TENEX operating system. The Creeper virus was deleted by a program created by Ray Tomlinson. The Creeper virus was followed by several other viruses, the first known that appeared in the wild was Elk Cloner, in 1981, which infected Apple II computers. In 1983, the computer virus was coined by Fred Cohen in one of the first ever published academic papers on computer viruses. Cohen used the computer virus to describe a program that. The first IBM PC compatible in the computer virus. From then, the number of viruses has grown exponentially, most of the computer viruses written in the early and mid-1980s were limited to self-reproduction and had no specific damage routine built into the code.
That changed when more and more programmers became acquainted with computer virus programming, before internet connectivity was widespread, computer viruses were typically spread by infected floppy disks. Antivirus software came into use, but was updated relatively infrequently, during this time, virus checkers essentially had to check executable files and the boot sectors of floppy disks and hard disks. However, as internet usage became common, viruses began to spread online, there are competing claims for the innovator of the first antivirus product. Possibly, the first publicly documented removal of an in the computer virus was performed by Bernd Fix in 1987. In 1987, Andreas Lüning and Kai Figge founded G Data Software, they also produced Virus Construction Kits. In 1987, the Ultimate Virus Killer was released and this was the de facto industry standard virus killer for the Atari ST and Atari Falcon, the last version of which was released in April 2004. In 1987, in the United States, John McAfee founded the McAfee company and, at the end of that year, in the meanwhile, in Czechoslovakia, Peter Paško, Rudolf Hrubý and Miroslav Trnka created the first version of NOD antivirus.
In 1987, Fred Cohen wrote that there is no algorithm that can detect all possible computer viruses. Finally, in the end of 1987, the first two heuristic antivirus utilities were released, Flushot Plus by Ross Greenberg and Anti4us by Erwin Lanting
A computer virus is a type of malicious software program that, when executed, replicates by reproducing itself or infecting other computer programs by modifying them. Infecting computer programs can include as well, data files, or the sector of the hard drive. When this replication succeeds, the areas are said to be infected with a computer virus. The term virus is commonly, but erroneously, used to refer to types of malware. The majority of active malware threats are actually trojan horse programs or computer worms rather than computer viruses, the term computer virus, coined by Fred Cohen in 1985, is a misnomer. Virus writers use social engineering deceptions and exploit detailed knowledge of security vulnerabilities to gain access to their hosts computers and computing resources. Computer viruses currently cause billions of dollars worth of damage each year, due to causing system failure, wasting computer resources, corrupting data, increasing maintenance costs. The work of von Neumann was published as the Theory of self-reproducing automata, in his essay von Neumann described how a computer program could be designed to reproduce itself.
Von Neumanns design for a computer program is considered the worlds first computer virus. In 1972, Veith Risak, directly building on von Neumanns work on self-replication, the article describes a fully functional virus written in assembler programming language for a SIEMENS 4004/35 computer system. In 1980 Jürgen Kraus wrote his diplom thesis Selbstreproduktion bei Programmen at the University of Dortmund, in his work Kraus postulated that computer programs can behave in a way similar to biological viruses. The Creeper virus was first detected on ARPANET, the forerunner of the Internet, Creeper was an experimental self-replicating program written by Bob Thomas at BBN Technologies in 1971. Creeper used the ARPANET to infect DEC PDP-10 computers running the TENEX operating system, Creeper gained access via the ARPANET and copied itself to the remote system where the message, Im the creeper, catch me if you can. The Reaper program was created to delete Creeper, in fiction, the 1973 Michael Crichton sci-fi movie Westworld made an early mention of the concept of a computer virus, being a central plot theme that causes androids to run amok.
Alan Oppenheimers character summarizes the problem by stating that. theres a pattern here which suggests an analogy to an infectious disease process. To which the replies are stated, Perhaps there are similarities to disease and. In 1982, a program called Elk Cloner was the first personal computer virus to appear in the wild—that is, outside the single computer or lab where it was created. Written in 1981 by Richard Skrenta while in the grade at Mount Lebanon High School near Pittsburgh, it attached itself to the Apple DOS3.3 operating system
In cryptography, encryption is the process of encoding a message or information in such a way that only authorized parties can access it. Encryption does not of itself prevent interference, but denies the intelligible content to a would-be interceptor, in an encryption scheme, the intended information or message, referred to as plaintext, is encrypted using an encryption algorithm, generating ciphertext that can only be read if decrypted. For technical reasons, an encryption scheme usually uses an encryption key generated by an algorithm. It is in possible to decrypt the message without possessing the key. An authorized recipient can decrypt the message with the key provided by the originator to recipients. In symmetric-key schemes, the encryption and decryption keys are the same, communicating parties must have the same key before they can achieve secure communication. In public-key encryption schemes, the key is published for anyone to use. However, only the party has access to the decryption key that enables messages to be read.
Public-key encryption was first described in a document in 1973. Encryption has long used by militaries and governments to facilitate secret communication. It is now used in protecting information within many kinds of civilian systems. Encryption can be used to protect data at rest, such as stored on computers. In recent years, there have been reports of confidential data, such as customers personal records. Encrypting such files at rest helps protect them should physical security measures fail, in response to encryption of data at rest, cyber-adversaries have developed new types of attacks. There have been reports of data in transit being intercepted in recent years. Data should be encrypted when transmitted across networks in order to protect against eavesdropping of network traffic by unauthorized users, standards for cryptographic software and hardware to perform encryption are widely available, but successfully using encryption to ensure security may be a challenging problem. A single error in design or execution can allow successful attacks.
Sometimes an adversary can obtain unencrypted information without directly undoing the encryption, see, e. g. traffic analysis, TEMPEST, or Trojan horse
In automotive engineering, the firewall is the part of the automobile body that separates the engine compartment from the passenger compartment. It is most commonly a component of the body or, in monocoque construction, a separate steel pressing. The name originates from steam-powered vehicles, the firewall separates the driver from the fire heating the boiler. In aviation, a firewall on an aircraft isolates the engine from other parts of the airframe, in single-engine aircraft, it is the part of the fuselage that separates the engine compartment from the cockpit. In most multi-engine propeller aircraft, the firewall typically divides the nacelle from the wing of the aircraft, put the throttle to the firewall refers to setting the engine to run at maximum speed
Digital Equipment Corporation
Digital Equipment Corporation, known as DEC and using the trademark Digital, was a major American company in the computer industry from the 1950s to the 1990s. DEC was a vendor of computer systems, including computers, software. Their PDP and successor VAX products were the most successful of all minicomputers in terms of sales, DEC was acquired in June 1998 by Compaq, in what was at that time the largest merger in the history of the computer industry. At the time, Compaq was focused on the market and had recently purchased several other large vendors. DEC was a major player overseas where Compaq had less presence, Compaq had little idea what to do with its acquisitions, and soon found itself in financial difficulty of its own. The company subsequently merged with Hewlett-Packard in May 2002, as of 2007 some of DECs product lines were still produced under the HP name. From 1957 until 1992, DECs headquarters were located in a wool mill in Maynard. DEC was acquired in June 1998 by Compaq, which merged with Hewlett-Packard in May 2002.
Some parts of DEC, notably the business and the Hudson. Initially focusing on the end of the computer market allowed DEC to grow without its potential competitors making serious efforts to compete with them. Their PDP series of machines became popular in the 1960s, especially the PDP-8, looking to simplify and update their line, DEC replaced most of their smaller machines with the PDP-11 in 1970, eventually selling over 600,000 units and cementing DECs position in the industry. Originally designed as a follow-on to the PDP-11, DECs VAX-11 series was the first widely used 32-bit minicomputer and these systems were able to compete in many roles with larger mainframe computers, such as the IBM System/370. The VAX was a best-seller, with over 400,000 sold, at its peak, DEC was the second largest employer in Massachusetts, second only to the Massachusetts State Government. The rapid rise of the business microcomputer in the late 1980s, DECs last major attempt to find a space in the rapidly changing market was the DEC Alpha 64-bit RISC instruction set architecture.
DEC initially started work on Alpha as a way to re-implement their VAX series, DEC was acquired in June 1998 by Compaq, in what was at that time the largest merger in the history of the computer industry. At the time, Compaq was focused on the market and had recently purchased several other large vendors. DEC was a major player overseas where Compaq had less presence, Compaq had little idea what to do with its acquisitions, and soon found itself in financial difficulty of its own. The company subsequently merged with Hewlett-Packard in May 2002, as of 2007 some of DECs product lines were still produced under the HP name
A backdoor is a method, often secret, of bypassing normal authentication in a product, computer system, cryptosystem or algorithm etc. Backdoors are often used for securing remote access to a computer, a backdoor may take the form of a hidden part of a program, a separate program, or may be a hardware feature. Although normally surreptitiously installed, in some cases backdoors are deliberate and these kinds of backdoors might have legitimate uses such as providing the manufacturer with a way to restore user passwords. Default passwords can function as if they are not changed by the user. Some debugging features can act as if they are not removed in the release version. In 1993 the United States government attempted to deploy an encryption system, the chip was unsuccessful internationally and in business. The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference.
They noted a class of active infiltration attacks that use trapdoor entry points into the system to bypass security facilities, the use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning, and thus the term backdoor is now preferred. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J. P. Anderson and D. J. Edwards in 1970. A backdoor in a system might take the form of a hard coded user. Although the number of backdoors in systems using proprietary software is not widely credited, programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer, such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines.
A sophisticated attempt to plant a backdoor in the Linux kernel, exposed in November 2003, added a small and this difference is easily overlooked, and could even be interpreted as an accidental typographical error, rather than an intentional attack. In January 2014, a backdoor was discovered in certain Samsung Android products, the Samsung proprietary Android versions are fitted with a backdoor that provides remote access to the data stored on the device. Harder to detect backdoors involve modifying object code, rather than source code – object code is much harder to inspect, as it is designed to be machine-readable, object code backdoors can be removed by simply recompiling from source. This leads to changes in the system and tools being needed to conceal a single change. As this requires subverting the compiler, this in turn can be fixed by recompiling the compiler, after this is done, the source meta-backdoor can be removed, and the compiler recompiled from original source with the compromised compiler executable, the backdoor has been bootstrapped
A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a network to spread itself, relying on security failures on the target computer to access it. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, many worms that have been created are designed only to spread, and do not attempt to change the systems they pass through. However, as the Morris worm and Mydoom showed, even these payload free worms can cause major disruption by increasing network traffic, the actual term worm was first used in John Brunners 1975 novel, The Shockwave Rider. In that novel, Nichlas Haflinger designs and sets off a data-gathering worm in an act of revenge against the men who run a national electronic information web that induces mass conformity. You have the biggest-ever worm loose in the net, and it automatically sabotages any attempt to monitor it, theres never been a worm with that tough a head or that long a tail. S.
Court of Appeals estimated the cost of removing the virus from each installation was in the range of $200–53,000, Morris himself became the first person tried and convicted under the 1986 Computer Fraud and Abuse Act. Any code designed to do more than spread the worm is typically referred to as the payload, typical malicious payloads might delete files on a host system, encrypt files in a ransomware attack, or exfiltrate data such as confidential documents or passwords. Probably the most common payload for worms is to install a backdoor and this allows the computer to be remotely controlled by the worm author as a zombie. Networks of such machines are referred to as botnets and are very commonly used for a range of malicious purposes. Worms spread by exploiting vulnerabilities in operating systems, vendors with security problems supply regular security updates, and if these are installed to a machine the majority of worms are unable to spread to it. If a vulnerability is disclosed before the security patch released by the vendor, users need to be wary of opening unexpected email, and should not run attached files or programs, or visit web sites that are linked to such emails.
However, as with the ILOVEYOU worm, and with the growth and efficiency of phishing attacks. Anti-virus and anti-spyware software are helpful, but must be kept up-to-date with new pattern files at least every few days, the use of a firewall is recommended. In the April–June,2008, issue of IEEE Transactions on Dependable and Secure Computing, the researchers discovered how to contain the kind of worm that scans the Internet randomly, looking for vulnerable hosts to infect. They found that the key is for software to monitor the number of scans that machines on a network send out. When a machine starts sending out too many scans, it is a sign that it has been infected, allowing administrators to take it off line, in addition, machine learning techniques can be used to detect new worms, by analyzing the behavior of the suspected computer. Those worms allowed testing by John Shoch and Jon Hupp of the Ethernet principles on their network of Xerox Alto computers, the Nachi family of worms tried to download and install patches from Microsofts website to fix vulnerabilities in the host system—by exploiting those same vulnerabilities
Two-factor authentication is a method of confirming a users claimed identity by utilizing a combination of two different components. Two-factor authentication is a type of multi-factor authentication, a good example from everyday life is the withdrawing of money from a cash machine, only the correct combination of a bank card and a PIN allows the transaction to be carried out. The use of multiple factors to prove ones identity is based on the premise that an unauthorized actor is unlikely to be able to supply the factors required for access. Knowledge factors are the most commonly used form of authentication, in this form, the user is required to prove knowledge of a secret in order to authenticate. A password is a word or string of characters that is used for user authentication. This is the most commonly used mechanism of authentication, many multi-factor authentication techniques rely on password as one factor of authentication. Variations include both longer ones formed from words and the shorter, purely numeric, personal identification number commonly used for ATM access.
Traditionally, passwords are expected to be memorized, many secret questions such as Where were you born. Are poor examples of a factor because they may be known to a wide group of people. Possession factors have been used for authentication for centuries, in the form of a key to a lock, the basic principle is that the key embodies a secret which is shared between the lock and the key, and the same principle underlies possession factor authentication in computer systems. A security token is an example of a possession factor, disconnected tokens have no connections to the client computer. They typically use a screen to display the generated authentication data. Connected tokens are devices that are connected to the computer to be used. There are a number of different types, including card readers, wireless tags and these are factors associated with the user, and are usually biometric methods, including fingerprint readers, retina scanners or voice recognition. The major drawback of authentication performed including something that the user possesses is that the token must be carried around by the user.
Loss and theft are a risk, there are costs involved in procuring and subsequently replacing tokens of this kind. In addition, there are inherent conflicts and unavoidable trade-offs between usability and security, to authenticate themselves, people can use their personal access license plus a one-time-valid, dynamic passcode consisting of digits. The code can be sent to their device by SMS or via a special app
Authentication is the act of confirming the truth of an attribute of a single piece of data claimed true by an entity. In other words, authentication often involves verifying the validity of at least one form of identification, Authentication is relevant to multiple fields. In art and anthropology, a problem is verifying that a given artifact was produced by a certain person or in a certain place or period of history. In computer science, verifying a persons identity is required to allow access to confidential data or systems. With autographed sports memorabilia, this could involve someone attesting that they witnessed the object being signed, a vendor selling branded items implies authenticity, while he or she may not have evidence that every step in the supply chain was authenticated. The second type of authentication is comparing the attributes of the object itself to what is known about objects of that origin. For example, an art expert might look for similarities in the style of painting, check the location and form of a signature, or compare the object to an old photograph.
The physics of sound and light, and comparison with a physical environment, can be used to examine the authenticity of audio recordings, photographs. Documents can be verified as being created on ink or paper readily available at the time of the implied creation. Attribute comparison may be vulnerable to forgery, in art and antiques, certificates are of great importance for authenticating an object of interest and value. Certificates can, however, be forged, and the authentication of these poses a problem. For instance, the son of Han van Meegeren, the well-known art-forger, forged the work of his father and provided a certificate for its provenance as well, see the article Jacques van Meegeren. Criminal and civil penalties for fraud and counterfeiting can reduce the incentive for falsification and other financial instruments commonly use this second type of authentication method. The third type of authentication relies on documentation or other external affirmations, in criminal courts, the rules of evidence often require establishing the chain of custody of evidence presented.
This can be accomplished through a written evidence log, or by testimony from the police detectives, some antiques are accompanied by certificates attesting to their authenticity. Signed sports memorabilia is usually accompanied by a certificate of authenticity and these external records have their own problems of forgery and perjury, and are vulnerable to being separated from the artifact and lost. In computer science, a user can be access to secure systems based on user credentials that imply authenticity. A network administrator can give a user a password, or provide the user with a key card or other device to allow system access