Home > Articles > Home & Office Computing > Microsoft Windows Desktop

  • Print
  • + Share This
From the author of

Trojan Horses and Viruses

One of the biggest security threats to your network are unauthorized scripts, applications, DLLs, applets, ActiveX, and any other code component that can run on the operating system. These components perform processes that can be destructive to system operation and data. The concept of the Trojan horse derives from the ancient tale of the battle of Troy and Greek soldiers being hidden within a giant wooden horse offered as a gift. That event created the saying "Beware of Greeks bearing gifts," but it might be better stated today as "Beware of geeks bearing unknown code." What might appear harmless could create significant losses.

Software components constructed by hostile individuals are generally imported through e-mail, FTP, or Web services; or are internally created and distributed within your network. Once a hostile component is strategically placed on a system, the "Trojan horse" waits to be executed by the user. All processes started within a user's session will run with that user's security token. Thus, when a user inadvertently runs a hostile component, the hostile assumes all of his rights and privileges. Additionally, the process will assign the user's default discretionary ACL to newly created objects, enabling it to create new elements with equal permission settings.

If a hostile individual is able to place the component on the user's machine in the first place, she obviously has some level of access (or else the user downloaded the component from the Web). This security threat is also probably looking for a way to improve its current access rights, and the administrator's account is its most promising target.

There are a number of defensive stances you can employ against Trojan horses and viruses, including the following:

  • Never run applications under the Administrator account.

  • Use auditing and scripts to search for components in suspect directories.

  • Ensure that the environmental parameters are set correctly.

  • Don't run software from unknown sources, and use up-to-date antivirus software.

  • + Share This
  • 🔖 Save To Your Account