When it is examined, its totality, the magnitude of the software safety and reliability challenge facing us today makes the Y2K problem look minuscule by comparison. Hence, it is time to acknowledge the discipline of software safety and reliability and its importance to everyday life. Some people and organizations are starting to understand and respond to this challenge. For example, the FBI recently established a National Infrastructure Protection Center to protect safety-critical systems and software. Unfortunately, many still remain blissfully unaware of the situation or deny its existence. Contributing to the problem is the small number of universities that offer courses in software safety and reliability.
Firewalls are used to create security checkpoints at the boundaries of private networks. By providing the routing function between the private network and the Internet, firewalls inspect all communications passing between the two networks and either pass or drop the communications depending on how they match the programmed policy rules. If your firewall is properly configured and contains no serious exploitable bugs, your network will be as free from risk as possible.
Firewalls are among the newest developments in Internet technology. Developed from rudimentary security systems that major computer vendors like Compaq and IBM developed to secure their own networks in the mid-eighties, these network sentinels have developed in lock-step with the burgeoning threat of information warfare. The most interesting and innovative developments, like Network Address Translation and multi-layer security filtering, are so new that books just two years old are already obsolete.
The security problems of the past could be solved with simple packet filters and dial-back modem banks. The security problems of the future will require rifling through and validating every byte of an Internet message, requiring encrypted certification of a Web site’s true identity before connecting, and then encrypting nearly everything that travels between. Fortunately, as technology and the technological society it mirrors progress, these measures will become simple and invisible. As vendors make operating systems more hardened against attack, the World Wide Web will secretly grow more secure for people who will freely surf the Web as they please, hampered only by the occasionally warning that a site is not accredited or that a message contains suspicious content. This is as it should be.
The security problems of today are most effectively solved with firewalls and virtual private tunnels. Peripheral security utilities like intrusion detectors and security scanners do their part to alarm and alert, but firewalls will remain the foundation of Internet security until their functionality is built into the very protocols upon which the Internet operates and until every internet-connected computer contains the equivalent of a firewall. Even then, centralized management of internet policy may make firewalls a permanent addition to corporate networking.
【New Words】
subway
地道,地铁
totality
全体,总数
magnitude
大小,数量,量级
infrastructure
下部构造,基础下部组织
minuscule
草写小字,极小的
burgeon
嫩芽,萌芽
rudimentary
根本的,未发展的
permanent
永久的,持久的
9.2 Computer Viruses
Most viruses can also replicate themselves. All computer viruses are manmade. A simple virus that can make a copy of it over and over again is relatively easy to produce. Even such a simple virus is dangerous because it will quickly use all available memory and bring the system to a halt. An even more dangerous type of virus is one capable of transmitting itself across networks and bypassing security system.
The technical details of CIH’s infection mechanism are intriguing for the virus researcher; its payload is what sets it apart from other viruses. The payload consists of two parts, both of which are triggered when the right conditions are met. As the payload is a part of the infection mechanism, it is not triggered until the virus is resident in memory. The trigger condition is met when a file which has an EXE extension, but which is not a suitable host, is opened on the trigger date.
The first part of the payload code to trigger is what has given CIH the world’s sudden attention. Flash ROM technology has existed for several years. Having BIOS “flash able”, by storing it in such a chip, has allowed the basic bootstrap procedure and I/O routines of the PC to be rewritten by software. Early EPROM technologies allowed reprogramming the BIOS, but required the chip to be removed, erased under ultraviolet light and reprogrammed in dedicated hardware.
The second part of the load is common. It overwrites the first 2048 sectors (1MB) of each hard disk in the system with random data from memory. Anything overwritten in such a manner will be difficult or impossible to recover. The virus looks for further disks indefinitely and the machine -- despite running the hard disk continuously -- is unresponsive to user input.
PE files are executables used by Windows XP and Windows NT. APE file consists of a DOS executable, usually just a stub that indicates the program should be run under Windows, a PE header section and several data objects. These objects can contain executable code, information on imported and exported functions, data or relocation information. Each object following the PE header must be aligned within the file to start on a boundary that is an even power of two, between 512 bytes and 64KB.
