Professional Documents
Culture Documents
Ns MODULE 1
Ns MODULE 1
nd
Computer Security
S).433
1.1 Introduction
This is a book on networlc and Internet security. Before we understand _the various co~cepts and ~hnical issues
related to security (i.e. trying to understand h9w to protect), it is essential .to know whg,t we are trying to
protect. The various dangers when we use comp~ters, corp.p_ut~r networ,ks and the bigg~st networ~ of
them all, the Internet and the likely pitfalls. The consequ~nces of not seting, up the right security policies,
framework and technology implementations. This chapter-attempts to clarify these basic concepts.
We start with a discussion of the basic question: Why is security required in the first place? People
sometimes say that security is like statistics: the extent -of data it reveals is trivial, the extent of data-it
[ conceals is vital! In other words, the right security infrastructure opens up just enough doors that are
1 mandatory. It protects everything else. We discuss a few real-life incidents that should prove beyond
doubt that security cannot simply be compromised. Especially these days when serious business and
?ther types of ~ansaction~ are ~ing ~onducted over t~e Internet to s~ch_a large e~tent, inadeq~ate or
I improper secunty mecharusms can bnng the whole busmess down or play havoc with people's lives!
I We then discuss the key principles of security. These principles help us identify the various areas,
l which are crucial while determining the security threats and possible solutions to tackle them. Since
1 electronic documents and messages are now becoming equivalent to paper documents in terms of their
1
legal validity and binding, we examine the various implications in this regard.
I This is followed by a discussion of the types of attacks. There are certain theoretical concepts
I associated with attacks and there is a practical side to it as well. We shall discuss all these aspects.
FinaIIy, we discuss some modem security problems. This will pave the way for further discussions of
network and Internet security concepts.
useful, but not something to be protected. When computer applications were developed to handle
financial and personal data, the real need for security was feh like never before. People realized that data
on compute_rs was an extremely important aspect of modem life. Therefore, various areas in security
began to gam prominence. Two typical examples of such security mechanisms were as follows:
• Provide a user id and password to every user and use that information to authenticate a user
• Encode information stored in the databases in some fashion so that it is not visible to users who do
not have the right permissions
Organizations empl~yed their own mechanisms in order to provide for these kinds of basic security
mechanisms. As technology improved, the communication infrastructure became extremely mature and,
newer and newer applications began to be developed for various user deman~s and needs. Soon, people
realized that the basic security measures were not quite enough. •
Furthermore, the Internet took the world by storm and there were many examples of what could
happen if th~ e was insufficient security built in applications developed for the Internet. Figure 1.1
shows such an example of wpllJ.~lf! }yle»en when you use your credit card for making purchases over the
Internet. From the user's conipufe1e tAe(iser details such as user id, order details such as order id and item
id, and payment details such as credit card information travel across the Internet to the server (i.e. to the
merchant's computer). The merchant's server stores these details in-its database.
There are various security holes here. First of all, an intruder can capture the credit carq details as they
travel from the client to the server. If we somehow protect this transit from an intruder's attack, it still
does not so)ve our problem. Once the merchant receives the credit card details and validates them so as
to process the order and later obtain payments, the merchant stores the credit card details into its
database. Now, an attacker can simply succeed in accessing this database and gain access to all the credit
B I I
Order Id: 90
Item Id: 156 s~nier
Credit Card Number:
1234567890
Issued By: Visa
Valid Till: Jan 2006
Server
Database
I- Fig. 1.1 Example of information traveling from a client to a server over the Internet
_ _ _ _ _ _ __ _ ____:A~tta~c~ks~o~n~C~omputers and Computer Security 3
Traditional attack: Produce coins LiSing some machinery and bring them into circulation.
•••••••••
Modern attack: Steal half a dollar from million accounts in a few minutes time digitally.
A trusted system is a computer system that can be trusted to a specified extent to enforce a
specified security policy.
Trusted systems were initially of primary interest to the military. However, these days, the concept has
spanned across various areas, most prominently in the banking and financial community, but the concept
never caught on. Trusted systems often use the term reference monitor. This is an entity that is at the
Attacks on Computers and Computer Security 5
Attacker
t Analog signal
,J
modem
Digital signal
Analog signal
+
nJL +
niodem
t
Bank
way in ensuring adequate security management practices. A good security policy generally takes care of
four key aspects, as follows:
• Affordability Cost and effort in security implementation.
• Functionality Mechanism of providing security.
• Cultural issues Whether the policy gels well with people's expectations, working style and beliefs.
• Legality . Whether the policy meets the legal requirements.
Once a security policy is in place, the following points should be ensured.
(a) Explanation of the policy to all concerned.
(b) Outline everybody's responsibilities.
(c) Use simple language in all communications.
(d) Establishment of accountability. -
(e) Provision for exceptions and periodic reviews.
1.4.1 Confidentiality
The principle of confidentiality specifies that only the sender and the intended recipient(s) should be able
lo access the contents of a message. Confidentiality gets compromised if an unauthorized person is able
loaccess a message. Example of compromising the confidentiality of a message is shown in Fig. 1.4.
Here, the user of computer A sends a message to user of computer B. (Actually, from here onwards, we
8 Cryptography and Network Secur_ity
-"---_ _ _____ _ _ _ __
[I] Secret 0
1.4.2 Authentication
Authentication mechanisms help establish proof of identities. The authentication process ensures that
the origin of a electronic message or document is correctly identified. For instance, suppose that user C
sends an electronic document over the Internet to user B. However, the trouble is·that user Chad posed
as user A when she sent this document to user B. How would user B know that the message has come
from user C, who is posing as user A? A real life example of this could be the case of a user C, posing as
user A, sending a funds transfer request (from A's account to C's account) to bank B. The bank might
happily transfer the funds from A's account to C's account - after all, it would think that user A has
,-quested for the funds transfer! This concept is shown in Fig. 1.5. This type of attack is called as
fabrication.
1.4.3 Integrity
When the contents of a message are changed after the sender sends it, but before it reaches the intended
recipient, we say that the integrity of the message is lost. For example, suppose you write ~9heck for
$100 to pay for the goods bought from the US. However, when you see your next account statement, you
are startled to see that the check resulted in a payment of $1000! This is the case for loss of message
integrity. Conceptually, this is shown in Fig. 1.6. ~ere, user C tampers with a message originally sent by
user A, which is actually destined for user B. User C somehow manages to access it, change its contents
J
Attacks on Computers and Computer Security 9
lam
user A
~' Transfer
$100
to D
I
I
Actual route of the message
Transfer
$ 1000
toe
1.4.4 Non-repudiation
There are situations where a user sends a message and later on refuses that she had sent that message. For
instance, user A could send a funds transfer request to bank B over the Internet. After the bank performs
the funds transfer as per A's instructions, A could claim that she never sent the funds transfer instruction
to the bank! Thus, A repudiates or denies, her funds transfer instruction. The principle of non-
repudiation defeats such possibilities of denying something, having done it. This is shown in Fig. 1.7.
Non-repudiation does not allow the sender of a message to refute the claim of not sending
that message.
10 Cn;ptography and Network Security
Q
which you claim to have
received
1.4.6 Availability
The principle of availability states that resources (i.e. information) should be available to authorized
patties at all times. For example, due to the intentional actions of an unauthorized user C, an authorized
user A may not be able to contact a server computer B, as shown in Fig. 1.8. This would defeat the
principle of availability. Such an attack is called as interruption.
101
• .bl
I
- Attacks on Computers and Computer Security 11
We may be aware of the traditional OSI standard for Network Model (titled OSI. Network
Model 7498-1), which describes the seven layers of the networking technology (application,
presentation, session, transport, network, data link and physical). A very less known standard on similar
lines is the OSI standard for Security Model (titled OSI Security Model 7498-2). This also defines
seven layers of security in the form of:
• Authentication
• Access control
• Non repudiation
• Data integrity
• Confidentiality
• Assurance or Availability
• Notarization or Signature
We shall be discussing upon most of these topics in this book.
Having explained the various principles of security, let us now discuss the various types of attacks
that are possible, from a technical perspective.
Fig. 1.9.
Legal attacks
Publicity attacks
Criminal attacks
I
I- Fig. 1.9 Classification of attacks as understood in general tenns
attacks.
Publicity Attacks Publicity attacks occur because the attackers want to see their names appear on
tele vision news channels and newspapers. History suggests that these types of attackers are usually not
hardcore criminals. They are people such as students in universities or employees in large organizations,
who seek publicity by adopting a novel approach of attacking computer systems.
One form of publicity anacks is to damage (or deface) the Web pages of a site by attacking it. One of
the most famous such attacks occurred on the US Department of Justice's Web site in 1996. The New
York Times home page was also famously defaced two years later.
Legal Attacks Thi s form of attack is quite novel and unique. Here, the attacker tries to make the judge
or the jury doubtful about the security of a computer system. This works as follows. The attacker attacks
the computer system and the attacked party (say a bank or an organization) manages to take the attacker .
to the court. While the case is being fought, the attacker tries to convince the judge and the jury that there
is inherent weakness in the computer system and that she has done nothing wrongful, The aim of the
attacker is to exploit the weakness of the judge and the jury in technology matters.
For example, an attacker may sue a bank for a performing an online transaction, which she never
wanted to perform. In court, she could innocently say something like The bank's Web site asked me to
enter a pass1rord and that is all that I provided; I do not know what happened thereafter. A judge is
likely to sympathize with the attacker!
Attacks on Computers and Computer Security 13
Attack Description
Fraud Modem fraud attacks concentrate on manipulating some aspects of
electronic currency, credit cards, electronic stock certificates, checks,
letters of credit, purchase orders, ATMs, etc. ,l'J ,
Scams Scams come in various forms , some of the most common ones being sale
of services, auctions, multi.level mar~eting scheples, general merchandise
and business opportunities, etc. People are enticed to send money in return
. I ., ' 1 .
of great pro fiits, b ut end up losing their money. A very common examp e 1s
r, J .
the Nigeria scam, where an email from Nigeria (Jnd other Afric~n
countries) entices people to deposit money info a bank account with a
promise of hefty gains. Whosoever gets caught in this scam loses ITIOney
heavily. .
Destruction
- · Some sort of ~rudge is the motive behind such attacks. For example,
,
unhappy employees attack their own organization, whereas terrorists' strike
at mu_ch bigger levels. For example, fo the year 2000, there was an attack
against popular Internet sites such as . Yahoo!, CNN, eBay, Buy.com,
Amazon.com and e*Trade where .authorized\ - .users,of
. these sites•failed to
log in or.access these sites.
Identity theft This is best understood with a quote from Bruce ~ch·neier: Why steal from
I . .
someone when you can just become · that person? In other words, an
·, . attacker does not steal anything.from a legitimate user - he be_comes that
legitimate user! For example, it is much easier to manage to get the
password of someone else's bank account or to actually be able to get a
credit card on someone else's name. Then that privilege can be misused
until it gets detected.
Intellectual property theft Intellectual pr:operty theft ranges from_stealing companies' trade secrets,
databases, digital music and videos, electronic documents and books,
software and so on . .
Brand theft It is quite easy to set up fake Web sites that look like real Web sites. How
would a common user know if she is visiting the HDFC Bank site or an
attacker's site? Innocent users end up providing their secrets and personal
details on these fake sites to the attackers. The attackers use these details to
thyn access the real site, causing an i<l.entity theft:
Theoretical Concepts As we discussed earlier, the principles of security face threat from various
attacks. These attacks are generally classified into four categories, as mentioned earlier. They are:
• Interception - Discussed in the context of confidentiality, earlier. It means that an unauthorized
party has gained access to a resource. The party can be a person, program or computer-based
system. Examples of interception are copying of data or programs and listening to network traffic.
1_4_ _ _ _ _ _ _ _ _ _~C::.'..ryp~to~gr~a'l'.p~hy1_:_a~n-"-d.'...:N~etw~or'.':k.'.:'.S'.:::ec::_u::_:rity7.___ _ _ _ _ _ _ _ _ ______
• Fabrication - Discussed in the context of authentication, earlier. This involves creation of illegaJ
-:ibjects on a computer system. For example, the attacker may add fake records to a database.
• Modification - Discussed in the context of integrity, earlier. For example the attacker may modify 1--
the values in a database.
• Interruption - Discussed in the context of availability, ear!ier. Here, the resource beco~es
unavailable, lost or unusable. Examples of interruption are causing problems to a hardware device,
erasing program, data or operating system components.
These attacks are further grouped into two - - - - - - - - - - - - - - - -
types: passive attacks and active attacks, as Attacks
shown in Fig. 1.10.
Let us discuss these two types of attacks now.
Passive attacks Passive attacks are those,
wherein the attacker indulges in eavesdropping or Active attacks
Passive attacks
monitoring of data transmission. In other words,
the attacker aims to obtain information that is in
transit. The term passive indicates that _the a~tacker I- Fi . l.lO Types of attacks
does not attempt to perform any mod1ficat1ons to g (
the data. In fact, this is also why passive attacks are harder to detect. Thus, the general approach to deal
with passive attacks is to think about prevention, rather than detection or corrective actions.
Passive attacks do not involve any modifications to the contents of an original message.
Figure 1.11 shows further classification of passive attacks into two sub-categories. These categories
are namely, release of message contents and traffic analysis.
Active attacks Unlike passive attacks, the active attacks are based on modification of the original
L message in some manner or the creation of a false message. These attacks cannot be prevented easily.
However, they can be detected with some effort and attempts can,ft>e made to recover from them. These
attacks can be in the form of interruption, modification and fabrication.
In active attacks, the contents of the original message are modified in some way.
7 'Active attacks
Interruption Fabrication
Modification
(Masquerade) (Denial Of Service-DOS)
Note that both the beneficiary and the amount have been changed - instead, only one of these could
have also caused alteration of the message.
Denial Of Service (DOS) attacks make an attempt to prevent legitimate users from accessing some
services, which they are eligible for. For instance, an unauthorized user might send too many login
l
requests to a server using random user ids one after the other in quick succession, so as to flood the
network and deny other legitimate users from using the network facilities.
Security attacks can happen at the application level or the network level.
Virus One can launch an application-level attack or a network level attack using a virus. In simple
terms, a virus is a piece of program code that attaches itself to legitimate program code_and runs when
Attacks on Computers and Computer Security 17
. the legitimate program runs. It can then infect other programs in that computer or programs that are in
~other computers but on the same network. This is shown in Fig. 1.14. In this example, after deleting all
the files from the current user's computer, the virus self-propagates by sending its code to all users
whose email addresses are stored in the current user's address book.
(a) Original clean code (b) Virus infected code (c) Virus code
There is another popular category of viruses, called as the macro virus. This virus affects specific
application software, such as Microsoft Word or Microsoft Excel. These viruses affect the documents \ "
created by users and spread quite easily since such documents are very commonly exchanged over
em_ail. There is a feature called as macro these application software programs, which allows the users to
wnte small useful utility programs within the documents. Viruses attack these macros and hence the
name macro virus. .l
Worm Similar in concept to a virus, a worm is actually different in implementation. A virus modifies
a program (i.e. it attaches itself to the program under attack). A worm, however, does not modify a
program. Instead, it replicates itself again and again. This is shown in Fig. 1.15. The replication grows so
much that ultimately the computer or the network on which the worm resides, becomes very slow, finally
coming to a halt. Thus, the basic purpose of a worm attack is different from that of a virus. A worm
attack attempts to make the computer or the network under attack unusable by eating all its resources.
Perform
Replicate resource-eating
itself tasks, but no
destruction
()
17
Perform Perform
Q
Replicate resource-eating resource-eating
itself tasks, but no tasks, but no
Q
resource-eating
tasks, but no Perform
resource-eating Perform
destruction resource-eating
17 tasks, but no
destruction tasks, but no
l7 destruction
Worm code 17
Perform
resource-eating ...
tasks, but no
destruction
17
A worm does not perform any destructive actions and instead, only consumes system
,,:sources to bring it down.
Trojan Horse A Trojan horse is a hidden piece of code, like a virus. However, the purpose of a
Trojan horse is different. Whereas the main purpose of a virus is to make some sort of modifications to
the target computer or network, a Trojan horse attempts to reveal confidential information to an attacker.
The name (Trojan horse) is due to the Greek soldiers, who hid inside a large hollow horse, which was
pulled by Troy citizens, unaware of its contents. Once the Greek soldiers entered the city of Troy, they
opened the gates for the rest of Greek soldiers. .
Attacks on Computers and Computer Securiti; 19
In a similar fashion, a Trojan horse could silently sit in the code for a Login screen by attaching itself
' ' to it. When the user enters the user id and password, the Trojan horse could capture these oetails and send
this infomiation to the attacker without the knowledge of the user who had entered the id and password.
The attacker can then merrily use the user id and password to gain access to the system. This is shown in
Fig. 1.16.
Login program
Trojan horse
Login code
I ~ttack~r· I
Applets and ActiveX Controls Applets and ActiveX controls were born due to the technological
development of the World Wide Web rylWW) application (usually referred to simply as the Web) of the
Internet. In its simplest form, tlie Web consists of communication between client and server computers
using a communications protocol called as Hyper Text Transfer Protocol (HTTP). The client uses a
piece of software called as W~b browser. The server runs a program called as Web server. In its
simplest form, a browser sends a HTTP request for a Web page to a Web server. The Web server locates
this Web page (actually a computer file) and sends it back to the Web browser, again using HTTP. The
Web browser interprets the contents of that file and shows the results on the screen to the user. This is
shown in Fig. 1.17. Here, the client sends a request for a Web page called as www.yahoo.com/info,
which the server sends back to the client.
Many Web pages contain .small programs that get downloaded onto the client along with the Web
page itself. These programs then ez<:~cute inside the browser. Sun Microsystems provides Java applets
for this purpose and Microsoft's1technology makes use of ActiveX controls for the same purpose. Both
are essentially small programs that get downloaded along with a Web page and then execute on the
client. This is shown in Fig. 1.18. Here;, the server sends an applet along with the Web page to the client.
20 - - - - - - - - - - -~ C!Jry(.f.p~to'.e.g~ra~ph~y'._a
- '.'~n:_
d.'N
. . '.:'.et:w
:~or~k~S=
ec:.:u:.:ri~ty'....-_ _ _ _ _ __ __ __
I I
Please send me the Web
r-:=:l page www.yahoo.com/info
SeNer
1-----------~
HTTP Request
= =
EJ HTTP Response
[~l
= =
Web page
www.yahoo.com/info
8=
.I
B
Web page
www.yahoo,com/info
These apparently innocuous programs can sometimes cause havocs. What if such a program perfonns
1
' a virus-l~ke activi~y by deleting files on the user's hard disk or stealing some personal infonnation or
sending Junk emails to all the USP.rs whose addresses are contained in the user's address book?
To prevent th~se attacks, Java applets have strong security checks as to what they can do·and what
they cannot. ActiveX controls h~v~ no such restrictions. Moreover, a new version of apple~~ called as
signed applets allows accesses smular to Acti veX. Of course, a number of checks have been lin place to
ensure that n~i~~r applets nor ActiveX controls can do a lot of damage and even if they somehow
manage to do it, it can be detected. However, at least in theory, they pose some sort of security risks.
Java applets (from Sun Microsystems) and ActiveX controls ( from Microsoft Corporation)
are small client-side programs that might cause security problems, if use,d by ,attackers with
a malicious intention.
Cookies Cookies were born as a result of a specific characteristic of the Internet. The Internet uses
HTfP protocol, which is stateless. Let us understand what it means and what are its implications.
Suppose that the client sends an HITP request for a Web page to the server. The Web server locates
that page on its disk, sends it back to the client and completeiy forgets about this interaction! If the client
wants to continue this interaction, it must identify itself to the server in the next HTTP request.
Otherwise, the server would not know that this same client had sent a HTTP request earlier. Since a
typical application is likely to involve a number of interactions between the.client and the. sefVer, there
must be some mechanism for the client to identify itself to the server each time "It sends an HTTP request
tq the server. For this, cookies are used. Cookies are perhaps the most popular mechanism of maintaining
the state information (i.e. ,identifying a client to a server). A cookie is just one or more pieces of
infonnation stored as text strings in a text file on the disk of the client computer (i.e. the Web browser).
Actually, a Web server sends the Web browser a cookie and the browser stores it on the hard disk of the
client computer. The browser then sends a copy of the cookie to the server during the next HITP request.
'Phis is used for identification purposes as shown in Figs 1.19 (a) and 1.19 (b).
This 'works as follows:
(a~ ~en you interact with a Web site for the first time, the site might want you to register yourself.
itf~ually, this means that the Web server sends a page to you wherein .yoti have a fonn to enter your
Qfinne, address and 0ther details such as date of birth, interests etc. ·
·(a); When you complete this fonn and _send it to the server with the help of your browser, the server
stpres this infonnation into its database.·Additionally, it also creates a unique id for you. It stores
tliis id along with your infonnation in the database (as shown in Fig. l.19(b)) and also sends the id
back to you in the fonn of a cookie.
(a) The ne?(t time you interact with the server, you do not have to enter any infonnation such as your
name and address. Your browser would automati~ally send your id (i.e.Jhe .c;ookie) along with the
J-JITP request for a particular page to the server (as .shown in Fig. l.~9Gb)). .
(a) 'the server now takes this id, tries to find a match in its database an~ having fm,md it, knows that
you are a registered user. Accordingly, it sends you the next page. As illustrated in the figure, it
could be a simple welcome message. In practical situations, this could be used for many other
purposes.
People perceive that cookies are dangerous . .Actually, this is generally not true. Cookies can do little,
if any, harm to you. Firstly, the \\;eb server that originally created a cookie can only access the cookie.
Secondly, cookies can contain onlY text-based inf9nnation. Thirgfy, the user can refuse acc~pting cookies.
22 Cryptography and Network Security
Wsb
browser
Name: John
Address: ...
City: ...
- Web
server
I
... 1
i I
I
,. "'-.
I
Step 1
'[§]'
Id: 123456
Web · ·web
browser se~er ·
= Welcome
John!
. 1
Step4
123456 John
123457 Pete
some modern tricks allow attackers to misuse cookies in terms of collecting personal data and
'· invading people's privacy. This attack works is as follows:
1. An advertising agency (say My Ads) contacts major Web sites and places banner ads for its
corporate clients' products on their pages. It pays some fees to the site owners for this.
2. Instead of providing an actual image that can be embedded by the respective Web sites in their
pages directly, it provides a link (URL) to add to each page. This is shown in Fig. 1.20.
Today's Headlines
i
t
http://www.myads.com/5726740919.jpeg
The Web page contains a very small (almost invisible) image, corres-
ponding to the URL of My Ads. The image is not visible to the user, but
it must be brought in by the news channel server nevertheless.
_. ,.
1-: Fig. 1.20 · Embedding almost invisible Images corresponding to ad_vertisements
1
3. Each URL contains a unique number in the file part. For example, http://www.myads.com/
5726740919.jpeg. ; ' · ·
4. When a user visits a page for the first time, the browser fetches the advertisement image from My
Ads along with 1the main HTML page for tl1e site it is visiting. This is shown in the earlier diagram.
5. When the user ,visits the main site (e.g. _the, news site), My Ads sends a cookie to the browser
containing a unique user ID and records the relationship
I
between this user ID an'cl the file name.
•
6. Later, wh.enJhe sam~ user visits another page, the browser sees another reference to My Ads.
7. Uie bJowser s.endS'the vrevious cookie to My Ads and also fetches the current page from My Ads,
as bef9{e.
8. My Ad.f knows that .the same us~r ha~ visited apother Web page now.
9. It addsthis reference to its database.
As ~e can guess, over time, My Ads has a lot of information about the Web pages the user visits, the
actions it performs, etc. The advertisement from My Ads can be a single pixel in the same background
color, making it even more difficult for the user to know that advertisements are appearing!
JavaSctjpt, VffS~~pt and ]Script . A Web page is constructed usiqg a special language called as
Hyper Text Mark~p Language (HTML). it is a tag-based language. A tag begins with the symbol <>
and it ends with <I>. Between these boundaries of ¢e tags, the actual information to be displayed on the ·
user's computer is mentioned. As an example, let us consider how the tag pair <B> and <IB> can be used
10 change the text font to boldface. This is shown in Fig. 1.21.
t'
<b> This is an example of text being displayed in boldface. </b>
I- Fig. 1.22 Output resulting from the use of the <b> and </b> HTML tags to display the
specified text in boldface
In addition to HTML tags, a Web page can contain client-side scripts. These are small programs
written in scripting languages like JavaScript, VBScript or Jscript, which are executed inside the Web
browser on the client computer. For instance, let us assume that a user visits the Web site of an online
bookshop. Suppose that the Web site mandates that the user must place an order for at least three books.
Then, the Web page can contain a small JavaScript program, which can ensme that this condition is met
before the user can place the order. Otherwise, the JavaScript program would not allow the user to
proceed. Note that HTML cannot be used for this purpose, as its sole purpose is to display text on the
client computer in a pre-specified fonnat. To perfonn dynamic actions, such as the one discussed here,
we ueed scripts.
These scripts can be dangerous at times. Since these scripts are small programs, they can perfonn a lot
of actions on the client's computer. Of course, there are restrictions as to what a scripting program can
and cannot do. However, incidents of security breaches have been reported, blaming the scripting
languages.
wher
r·-·- ·- ·- ·-·- ·-·- ·-·- ·-·-·- ·- ·- ·-· .
'Detection -'
.... __ ~Loom, v;ru, ;, _:
:_:::,:J_::_ . _:
1 Generation
nd
2 Gen~rafi~ri
;: ::"'""'"T""'rn : :: '.
3rcl Generation
.l :::AciMrps
Full-featured protection
::::j ·
. ·-· -·-·-·-·-·-·-·- ·-· -·-·- ·-·- ·J