Modified System Component Attacks

Popularity:

10

Simplicity:

8

Impact:

10

Risk Rating:

9

Even if the operating system executes on a Trusted Platform that performs an authenticated boot, it is still vulnerable to many attacks due to the fact that modern operating systems are huge pieces of software and contain many bugs. The monolithic kernels that are used nowadays are not suitable for effectively analyzing the security of the code and rarely implement strong security mechanisms and policies, as this can drastically reduce system performance. These security deficiencies can get worse due to the high exposure of open-source code such as the Linux kernel, despite the fact that it is constantly corrected and upgraded.

The second kind of vulnerabilities that facilitate these attack vectors is via configuration data. As system software becomes more and more complex, configuring the whole operating system becomes a tedious and difficult task, leading to threats of misconfigured services that will either crash system components or enable attackers to

* Geoffrey Strongin, "Trusted Computing Using AMD 'Pacifica' and 'Presidio' Secure Virtual Machine Technology" in Information Security Technical Report, vol. 10, issue 2 (2005): 120-132.

bypass security policies. Although operating systems constantly improve in terms of security, feature creep combined with the growing numbers of Linux distributions increase the attack surface by multiplying the number of possible configurations.

These two kinds of vulnerabilities are exploited by malicious code in order to inject incorrect data or malware into the system. This can, in effect, not only compromise the security of the system but also make the user think the system is secure, in which case secrets can then be revealed. Many malware programs attempt to disarm security tools such as antivirus and firewalls once inside the system and then hide themselves from the system, possibly hibernating so as to not be revealed by their actions.

Was this article helpful?

0 0
Spyware Removal Tricks And Advice

Spyware Removal Tricks And Advice

Say Goodbye to Spyware Forever. You don’t have to be a tech wizard to remove and avoid spyware. Let me show you how. Say No To The Hackers And Spy’s, And Keep Your PC Safe From All Interruptions Popups and Scam’s Today with a Few Easy Steps.

Get My Free Ebook


Post a comment