Securing Software, Data and End Points

Software presents the largest attack surface of nearly every organization’s information systems, and its creation is often poorly managed. The vast majority of software vulnerabilities are accidental but repeat offenses. Repeats and reprises of classic design and programming errors, being made over and over again by each new generation of programmers.  And when they’re not exploiting those kinds of software vulnerabilities, attackers take advantage of poorly maintained, often under-protected software, and thus exploit other operational and procedural vulnerabilities as they travel along their attack vector to their desired targets. 

We are not going to do a deep dive into the common weaknesses of software, nor how they get put in by designers and programmers. You won’t need to learn programming or how to read code to help your organization dramatically improve the security of its software or the supply chains that bring that software to the organization’s end users.

The term “malicious code” refers to the many types of malware in use today. In many cases, people use the term “virus” incorrectly to include all types of malware. In fact, a virus is only one form of malware. 

Malware is the joining of the two terms “malicious” and “software.” It is often used to discuss the various forms of malicious software code that have been written to cause damage or perform unauthorized activity on a system. Malware is not used to describe a software bug or logic flaw in a system because those are not written to intentionally perform unauthorized actions. There are many forms of malware in use today, and over the years it has evolved as malware authors have had to discover new ways to compromise a system and to achieve its goals.  It’s important to differentiate between malware and potentially unwanted programs (PUPs). Many adware and spyware programs are viewed as having legitimate business and organizational uses; in fact, the trade groups that represent advertisers, workplace employee performance monitoring and vendors of these programs argue that when used legitimately, the organization clearly wants them installed and in use, even if some of their employees are hesitant.  This is why many threat intelligence services, anti-malware and security systems vendors and others refer to programs with no demonstrably hostile or malicious intent as separate from programs that are clearly hostile by design and use.  Some malware (also called malcode) is overt and obvious, doing extensive damage to systems and data within a short time of its introduction, while other malware is hidden and can lie dormant on a system for months or years undetected, just waiting to respond to a call from the implementer of the malware.  Early versions of malware were either a virus or a worm and often spread by passing floppy disks from person to person (like the Brain computer virus) or exploiting a network connection (e.g., Morris worm). The infected floppy disk would contain a (boot sector) virus that overwrote the boot sector on the hard disk. When the disk was inserted into a system, the system would read the boot sector to determine what data was on the disk and load the virus sitting in the boot sector. With this means of transmission, it took years for such a virus to spread around the world. Other virus types included the macro virus that would exploit the macro language used in some office productivity products, or the various forms of malware that would spread as email attachments or through links in an email.