Thursday, September 17, 2009

RFC 1135 “Helminthiasis of the Internet Worm”

1. What was the cause of the first Internet Worm? In specific, what vulnerabilities did the worm take advantage of in order to spread through the Internet?
Answer:
It was a code that was developed specifically for targeting flawed utility programs in Unix systems and infected in particular Sun Microsystems Sun 3 systems and VAX computers running variants of 4 BSD UNIX. Some of the systems’ vulnerabilities allowed a free ride for the worm to attach itself to vector programs, establish itself as a shell, and proceeded by one of three routes: rsh, fingerd, or sendmail. But first it would attempt to establish a connection on the telnet or rexec ports first before attempting the infection methods to spread through the Internet.
This first Internet worm was traced to a twenty-three-year-old Cornell University graduate student named Robert Tappan Morris, Jr. He had launched it by infecting a machine at MIT from his terminal in Ithaca, New York. The worm identified other nearby computers on the Internet by rifling through various electronic address books found on the MIT machine. Its purpose was simple: to transmit a copy of itself to the machines, where it would there run alongside existing software and repeat the cycle.
When asked why he unleashed the worm, Morris said he wanted to count how many machines were connected to the Internet.
2. Are those vulnerabilities still present?
Answer:
The same vulnerabilities for the Unix operating system are not the same, just as the malware infestations are not the same. As a matter of fact, another Unix-like operating system has evolved called Linux. Today vulnerabilities still exist for these two operating systems but they are different, since technology has advanced so much that different anti-worm and anti-virus tools are consistently being developed. (See zdnet article below)
http://homes.cerias.purdue.edu/~spaf/tech-reps/823.pdf
http://yupnet.org/zittrain/archives/11
http://www.zdnet.com.au/insight/soa/Linux-Unix-viruses-demand-special-attention/0,139023731,120275738,00.htm

Wednesday, September 16, 2009

Is it Time to Supplement Desktop Security Protections

The article “Is it Time to Supplement Desktop Security Protections?” posted April 20, 2009, caught my attention because Bruce Van Nice goes further than just giving his perspective on safety for internet users through current protections. He proposes that there is a lot more that can be done to help the user beyond Desktop protection software. He is aware how Internet users struggle to get the best protection they can get without having the expertise to know whether they are actually getting the right anti-malware protection they need. Almost all users are under the assumption that the only thing they can do is use Desktop software and become aware of the different types of malware threats such as viruses, worms, and phishing. He states that this is not enough obviously because in the past few months there has been a dramatic increase in Internet-based attacks. He targets the Service providers because they are in the position to deliver network based protections that would benefit the Internet user tremendously. He believes that network based protections can complement and enhance existing desktop software.
I think that the fact that he is asking the question of the service providers to take the initiative to help the internet users is very important and something that should be conveyed to all users since they can pose the question to the Service Providers as they shop for the best service.

http://www.circleid.com/posts/20090420_time_to_supplement_desktop_security_protections/