jump to navigation

Preventing the Spread of Computer Worms November 11, 2013

Posted by 7832johnsob in Security.

In the article “The Internet Worm Program: An Analysis” by Eugene H. Spafford, the first computer worm is described and investigated. After the worm initially began spreading, specifically targeting Sun 3 and VAX machines with BSD Unix as the operating system, there was a suggested fix which “included a preliminary patch of the sendmail mail agent, and the suggestion to rename one or both of the C compiler and loader to prevent their use” [1]. Ensuring that the sendmail patches were updated and installed was crucial for system administrators.

The article also points out some preemptive steps that can be taken to mitigate the risks of spreading worms to more computers. To prevent buffer overflow exploits, Spafford recommends replacing vulnerable C routines like sprintf, etc. with ones that do bounds checking by passing a bounds value to the function. Then all privileged versions should be “examined for unchecked uses of the original calls, with those calls being replaced by the new bounded versions” [1]. Spafford suggests that the debug option for applications should “prompt the user for the super user’s password and the password should not be static” [1]. This would prevent the use of the debug option of an application to bypass authentication. Spafford also suggests that server configuration and command files owned by a common user id could be separating by having every background process and subsystem run on a different user id [1]. This would isolate the different subsystems increasing the difficultly of compromising the full system in one attempt because multiple different passwords would need to be cracked. Lastly, the strength and guess-ability of user passwords can be vastly improved to increase the difficulty of guessing a password. From the general user perspective, this is the main thing that can be done to prevent user accounts from being hacked. Also, checking and limiting the number of password attempts as well as saving encrypted passwords in a read only shadow file for system administrators with a privileged call to encrypt and compare passwords with a delay can help prevent worms for guessing passwords through brute force [1]. Overall, using ideas like component isolation, bounds checking, and strong passwords coupled with password verification mechanisms (like shadow files and monitoring the number of password attempts) can help prevent the spread of worms by making malicious accessibility of new systems harder.

I mentioned that the main thing a general user can do to prevent spreading worms is to have a strong, hard to guess password. With the increasing abilities of modern day computing resources, do you think that having a strong password is enough to prevent/delay worms from spreading? Aside from avoiding introducing malicious content to their computers, what other steps can a general user take?




[1] E. H. Spafford, “The Internet Worm Program: An Analysis”.




No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: