Best Practices for Protecting against Viruses, Spyware, and Hacking

As the value of information goes up, it is attracting more sophisticated kinds of thievery


December 29, 2008
URL:http://www.drdobbs.com/architecture-and-design/best-practices-for-protecting-against-vi/212700118

Capers Jones is Chief Scientist Emeritus of Software Productivity Research and author of numerous books on software engineering, including the upcoming "Best Practices in Software Engineering" (McGraw-Hill, 2009) on which this article is based. Copyright (c) 2008 by Capers Jones. All rights reserved.


As of 2009 the value of information is approaching the value of gold, platinum, oil and other expensive commodities. In fact as the global recession expands, the value of information is rising faster than the value of natural products such as metals or oil. As the value of information goes up, it is attracting more sophisticated kinds of thievery. In the past hacking and viruses were often individual efforts, sometimes carried out by students and even by high-school students sometimes just for the thrill of accomplishing the act.

However in today's world theft of valuable information has migrated to organized crime, terrorist groups, and even to hostile foreign governments. Not only that but denial of service attacks and "search bots" that can take over computers are powerful and sophisticated enough to shut down corporate data centers and interfere with government operations. This situation is going to get worse as the global economy declines.

Since computers are used to store valuable information such as financial records, medical records, patents, trade secrets, classified military information, customer lists, addresses and email addresses, phone number, and social security numbers the total value of stored information is in the range of trillions of dollars. There is no other commodity in the modern that is simultaneously so valuable and so easy to steal as information stored in a computer.

Not only are the increasing threats against software and financial data, but it is technically within the realm of possibility to hack into voting and election software as well. Any computer connected to the outside world by any means is at risk. Even computers that are physically isolated may be at some risk due to their electromagnetic emissions.

Although many individual organizations such as Homeland Security, the Department of Defense, the FBI, NSA, IBM, Microsoft, Google, Symantec, McAffee, Kaspersky, Computer Associates and scores of others have fairly competent security staffs and also security tools, the entire topic needs to have a central coordinating organization that would monitor security threats and distribute data on best practices for preventing them. The fragmentation of the software security world makes it difficult to organize defenses against all known threats, and to monitor the horizon for future threats.

Also, much of the security literature deals with threats after development and deployment. The need to address security as a fundamental principle of architecture, design, and development is poorly covered. A book related to this topic by Ken Hamer-Hodges, "Authorization Oriented Architecture," will deal with more fundamental subjects. Among these is automating computer security to move the problem from the user to the system itself. The way to do this is through detailed boundary management. That is why objects plus capabilities matter. Also security frames such as Google Caja which prevent redirection to phishing sites are best practices. The new E programming language is also a best practice, since it is designed to ensure optimum security.

The way to solve security problems is to consider the very foundations of the science and to build boundary control in physical terms based on "Principle of Least Authority" where each and every subroutine call is to an instance of a protected class of object. Only the authorization for the use of the invoked code should be the local names instantiated for the small task at hand: No Global items, No Global Name Space, No Global path names like C:/directory/file or URL http://123.456.789/file. Every subroutine is a protected call with boundary checking and all program references are dynamically bound from a local name at runtime with access control check included at all times. Some suggested general "best practices" from this source include:

Internet security is so hazardous as of 2009 that one emerging "best practice" is for sophisticated computer users to have two computers. One of these would used for web surfing and internet access. The second computer would not be connected to the internet and would accept only trusted inputs on physical media that are of course checked for viruses and spyware.

As this is being written Homeland Security is planning to construct a major new security research facility that will probably serve as a central coordination location for civilian government agencies. It would be useful to have a similar non-profit organization that could serve consumers and small software vendors.

Also alarming is the fact that hackers are now organized and have journals, web sites, and classes available for teaching hacking skills. In fact a review of the literature indicates that there is more information available about how to hack than on how to defend against hacking. As of 2009 the hacking "industry" seems to be larger and more sophisticated than the security industry, which is not surprising given the increasing value of information and the fundamental flaws in computer security methods.

Standard "best practices" include use of firewalls, antivirus packages, antispyware packages, and careful physical security. However as the race between hackers and security companies escalates, it is also necessary to use constant vigilance. Virus definitions should be updated daily for example. More recent "best practices" include biological defenses such as using finger prints or retina patterns in order to gain access to software and computers.

Some examples of the major threats in today's cyber world are discussed below in alphabetical order:

As can be seen from the variety of computer and software hazards in the modern world, protection of computers and software from harmful attacks requires constant vigilance. It also requires installation and usage of several kinds of protective software. Finally, both physical security and careless usage of computers by friends and relatives need to be considered. Security problems will become more pervasive the global economy sinks into recession. Information is one commodity that will increase in value no matter what is happening to the rest of the economy. Moreover both organized crime and major terrorist groups are now active players in hacking, denial of service, and other forms of cyber warfare.

Terms of Service | Privacy Statement | Copyright © 2024 UBM Tech, All rights reserved.