Chapter 11: Malicious Mobile Code Protection

Previous page
Table of content
Next page

In recent years, Microsoft software has been the preferred target of some infamous Trojan horses, viruses, and worms. In Windows Server 2003, Windows XP, and the .NET framework, Microsoft provides clear responses to the malicious mobile code (MMC) threats: Software Restriction Policies (SRPs) and Code Access Security (CAS). Both technologies are discussed in the context of Windows Server 2003 authorization because they both provide solutions to authorize pieces of code to execute or perform particular tasks on a Windows-rooted computer system.

11.1 Malicious mobile code protection architecture

Before Windows Server 2003, XP, and the .NET framework, Microsoft has provided individual patches and extensions to most of its end-user applications like Office and Internet Explorer to deal with some of the MMC threats. In Windows Server 2003 and XP, Microsoft takes a different approach: MMC protection is moved from the application level to the OS level. Also, in the .NET framework MS provides a solution to provide MMC protection when the code is loaded into the .NET execution engine.

On the Windows Server 2003 and XP OS level, the new MMC protection technology affects all application code running on top of the OS. This technology is known as Software Restriction Policies (SRPs), or by its code name, SAFER. In the .NET development framework, Microsoft provides a technology known as Code Access Security (CAS). Both technologies are sometimes referred to as Microsoft’s new Code Authorization Layer (illustrated in Figure 11.1).

click to expand
Figure 11.1: Malicious mobile code protection architecture.

CAS is only available to applications that have been developed using the.NET development methodology and are using the .NET class libraries and methods. Software restriction policies can be used to protect against the execution of any executable. The SRP enforcement engine, however, is only available on Windows XP and Windows Server 2003 systems.

394

If you are looking for more information on how to protect your NT4 and Windows 2000 systems and legacy Microsoft applications against malicious mobile code, I advise you to regularly check the latest news on Microsoft security patches and malicious mobile code protection features on the Microsoft security Web site at http://www.microsoft.com/security. Also—and this is applicable to all Windows systems—I advise you to read the section on security patch management in chapter 18 of this book. It contains important information on how to automate the distribution of security patches in a Windows-rooted I.T. infrastructure to better protect your systems against MMC threats. For more general background on MMC, I recommend the book Malicious Mobile Code: Virus Protection for Windows by Roger A. Grimes (O’Reilly and Associates, 2001).



Previous page
Table of content
Next page
Windows Server 2003 Security Infrastructures. Core Security Features of Windows. NET
Windows Server 2003 Security Infrastructures: Core Security Features (HP Technologies)
ISBN: 1555582834
EAN: 2147483647
Year: 2003
Pages: 137
Authors: Jan De Clercq
BUY ON AMAZON
Interprocess Communications in Linux: The Nooks and Crannies
Beginning Cryptography with Java
Absolute Beginner[ap]s Guide to Project Management
C & Data Structures (Charles River Media Computer Engineering)
Wireless Hacks: Tips & Tools for Building, Extending, and Securing Your Network
Extending and Embedding PHP
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy