427 Botnet fm qxd

Tripwire is an example of a defensive technique that has been referred to
as object reconciliation, integrity detection, change detection, integrity
checking, or even integrity management, though these terms are not strictly
interchangeable. It was at one time seen as the future of virus detection, when
the main alternative was exact identification of viruses, resulting in an
inevitable window of vulnerability between the release of each virus or
variant and the availability of detection updates. For a while, most mainstream
antivirus packages included some form of change detection software, and
many sites used it as a supplement to known virus detection. However,
Microsoft operating environments became bigger, more sophisticated, and
more complex, and the processing overhead from ongoing change detection
and changes in the threat landscape meant that the range of places that a virus
could hide grew fewer. It’s probable that the disappearance of change detec-
tors from antivirus toolkits is as much to do with a lack of customer enthu-
siasm. Nonetheless, the continued popularity of Tripwire suggests that there is
still a ready place for some form of change detection in security, especially in
integrity management.
Are You 0wned?
Trusting Trust
“Reflections on Trusting Trust” was a Turing Award Lecture by Ken
Thompson and published in 
Communications of the ACM
(Association
for Computing Machinery) in 1984. For a short paper, it’s had quite an
impact on the world of computer security. In it, Thompson talks about
what he described as the cutest program he ever wrote, which he
describes in three stages.
Stage one addresses the classic programming exercise of writing a
program that outputs an exact copy of its own source. To be precise, the
example he provides is a program that 
produces
a self-producing pro-
gram, can be written by another program, and includes an “arbitrary
amount of excess baggage.” Stage two centers on the fact that a C com-
piler is itself written in C. (In fact, it doesn’t have to be, but this chicken-
and-egg scenario is important to Thompson’s message.) Essentially, it

Download 6,98 Mb.

Do'stlaringiz bilan baham: