Structure Of Worms In Internet Security

Characterizing Internet Worm Infection Structure Internet worms are malicious software that can compro- and have been one of top security threats since the.

Welcome to the Security 1:1 series of articles

In Part 1 we start right off with Viruses and Worms - get to know the definitions and what differentiates them. Nowadays both terms are quite often used interchangeable but there are still differences between them. We look further more on the classifications and what are the characteristics of each types. We will have a bit historical look at both known and most devastating viruses and worms in the past.

I will provide you as well with references to Symantec write-ups about those threat where both in-depth characteristics and removal processes can be checked. Throughout the series I invite you as well to watch the youtube videos from Norton and Symantec channels introducing various types of threats and attacks - those are shown in really informative sometimes as well funny way and are very easy to understand.

The Security 1:1 series consist so far of following articles:

Security 1:1 - Part 1 - Viruses and Worms

Security 1:1 - Part 2 - Trojans and other security threats

Security 1:1 - Part 3 - Various types of network attacks

1. Viruses

Virus - a malicious program able to inject its code into other programs/applications or data files. After successful code replication the targeted areas become infected. By definition virus installation is done without user s consent and spreads in form of executable code transferred from one host to another.. Purpose of viruses is very often of a harmful nature - data deletion or corruption on the targeted host leading up to system in-operability in worst case scenario.

Viruses can spread pretty fast over network, shares or removable media. On many occasions the virus spread scenarios are connected with social engineering attacks, where end-users are tricked to execute malicious links or download malicious files, in some other cases malicious email attachments are being opened by end-users which ends in infection. Viruses as already mentioned have as well ability to inject the code in other legitimate executable files - when afterwards run by end-users - the virus code contained in the infected program is being executed simultaneously. Viruses can take avail of known OS security vulnerabilities that allow them to access the target host machines.

Video - Symantec Guide to Scary Internet Stuff: Pests on Your PC - Viruses, Trojans Worms

Depending on virus residence we can classify viruses in following way:

Resident Virus - virus that embeds itself in the memory on a target host. In such way it becomes activated every time the OS starts or executes a specific action.

Non-resident Virus - when executed this type of virus actively seeks targets for infections - either on local, removable or network locations. Upon further infection it exits - this way is not residing in the memory any more.

Boot sector Virus - virus that targets specifically a boot sector MBR on the host s hard drive. This type of viruses is being loaded to memory every time when an attempt is being made to boot from the infected drive - this kind of viruses loads well before the OS loads. Boot sector viruses were quite common in the 90s where the infection was spread mostly through the infected floppy disks left in the bootable drives.

Macro Virus - virus written in macro language, embedded in Word, Excel, Outlook etc. documents. This type of viruses is being executed as soon as the document that contain it is opened - this corresponds to the macro execution within those documents that under normal circumstances is automatic.

A well-known example of a macro virus is Melissa virus 1999, very widespread in that time. The damage caused by it worldwide was estimated on over 1.1 billion dollars. The creator of the virus David L. Smith was sentenced in 2002 to 20 months in federal prison - the maximum sentence could have been much higher though but David agreed to cooperate with federal authorities on finding other virus and malware creators.

Reference:

2000-122113-1425-99

W97M.Melissa.A also known as W97M.Mailissa is macro virus that has a payload to email itself using MS Outlook. The subject of the e-mail is Important Message From USERNAME. Melissa is a typical macro virus which has an unusual payload. When a user opens an infected document, the virus will attempt to e-mail a copy of this document to up to 50 other people, using Microsoft Outlook.

Another classification of viruses can result from their characteristics:

File-infecting Virus File-Infector - classic form of virus. When the infected file is being executed the virus seeks out other files on the host and infects them with malicious code. The malicious code is being inserted either at the begging of the host file code prepending virus ; in the middle mid-infector ; or at the end appending virus. A specific type of viruses called cavity virus can even injects the code in the gaps in the file structure itself. The start point of the file executions is changed to the start of the virus code to ensure that it is run when the file is executed - afterwards the control may or may not be passed on to the original program in turn. Depending on the infections routing the host file may become otherwise corrupted and completely non-functional. More sophisticated viral forms allow though the host program execution while trying to hide their presence completely see polymorphic and metamorphic viruses.

Polymorphic Virus - this kind of viruses can change its own signature every time it replicates and infects a new file in order to stay undetected from antivirus programs. Every new variation of the virus is being achieved by using different encryption method each time the virus file is being copied. This type of viruses is especially difficult in detection by any detection programs due to the number of variants - sometimes going in hundreds or even thousands.

Metamorphic Virus - the virus is capable of changing its own code with each infection. The rewriting process may cause the infection to appear different each time but the functionality of the code remains the same. The metamorphic nature of this virus type makes it possible to infect executables from two or more different operating systems or even different computer architectures as well. The metamorphic viruses are ones of the most complex in build and very difficult to detect.

Stealth Virus - memory resident virus that utilises various mechanisms to avoid detection. This avoidance can be achieved for example by removing itself from the infected files and placing a copy of itself in a different location. The virus can also maintain a clean copy of the infected files in order to provide it to the antivirus engine for scan, while the infected version still remains undetected. Furthermore the stealth viruses are actively working to conceal any traces of their activities and changes made to files.

The first known full-stealth Virus was Brain - a type of boot infector. The virus monitors physical disk I/O and redirects any attempt on reading a Brain-infected boot sector to where the original disk sector is stored.

Armored Virus - very complex type of virus designed to make it s examination much more difficult than in case of traditional viruses. By using various methods armored viruses can also protect itself from antivirus software by fooling it into believing that the virus location is somewhere else than real location - which of course makes the detection and removal process more difficult.

Multipartite Virus - virus that attempts to attack both the file executables as well as the master boot record of the drive at the same time. This type may be tricky to remove as even when the file executable part is clean it can re-infect the system all over again from the boot sector if it wasn t cleaned as well.

Camouflage Virus - virus type that is able to report as a harmless program to the antivirus software. In such cases where the virus has similar code to the legitimate non-infected files code the antivirus application is being tricked that is has to do with the legitimate program as well - this would work only but in case of basic signature based antivirus software. As nowadays antivirus solutions became more elaborate the camouflage viruses are quite rare and not a serious threat due to the ease of their detection.

Companion Virus - unlike traditional viruses the companion virus does not modify any files but instead compromises the feature of DOS that allows executables with different extensions here. exe and. com to be run with different priorities. This way where user tries to execute the legitimate program without specifying the extension itself and expects program.exe to be run, the virus is run instead - with the program.com executable as this one is first in the alphabetical order. Companion virus is an older type and became increasingly rare since introduction of Windows XP. Nowadays this kind of viruses can be still unintentionally run if the host machine does not have the option for show file extensions activated and user accidentally clicks the companion virus file.

Cavity Virus - unlike tradition viruses the cavity virus does not attach itself to the end of the infected file but instead uses the empty spaces within the program files itself that exists there for variety of reasons. This way the length of the program code is not being changed and the virus can more easily avoid detection. The injection of the virus in most cases is not impacting the functionality of the host file at all. The cavity viruses are quite rare though.

One good example of cavity virus is Lenigh - early DOS cavity infector, that was specifically targeting command.com files and using unused portions of the file s code.

2. Worms

Worm - this malicious program category is exploiting operating system vulnerabilities to spread itself. In its design worm is quite similar to a virus - considered even its sub-class. Unlike the viruses though worms can reproduce/duplicate and spread by itself - during this process worm does not require to attach itself to any existing program or executable. In other words it does not require any interaction for reproduction process - this capability makes worm especially dangerous as they can spread and travel across network having a devastating effect on both the host machines, servers as well consuming network bandwidth. More invasive worms target to tunnel into the host system and from within to allow code execution or remote control from the attacker. Some worms can as well include a viral component that infects executable files.

The most common categorization of worms relies on the method how they spread:

email worms: spread through email massages - especially through those with attachments

internet worms: spread directly over the internet by exploiting access to open ports or system vulnerabilities

network worms: spread over open, unprotected network shares

multivector worms: having two or more various spread capabilities

Some of the most known and destructive worms by dates :

Worm created by a student of computer university on Philippines. The worm was arriving in email inboxes with the simple subject of ILOVEYOU and an attachment LOVE-LETTER-FOR-YOU.TXT.vbs. The final vbs extension was hidden, leading unsuspecting users to think it was a text file. Upon opening the attachment, the worm sent a copy of itself to everyone in the Windows Address Book and with the user s sender address. It also made a number of malicious changes to the user s system. Symantec Security Response has identified 82 variants of this worm.

More than 45 million computers around the globe have supposedly been infected by various strains of the worm. The Ford Motor Company shut off its email system after being hit by the worm. Some others affected were Silicon Graphics, the Department of Defense including the Pentagon, Daimler-Chrysler, The Motion Picture Association of America. Estimates of the worm s damage: over 10 billion.

VBS.LoveLetter.Var

2000-121815-2258-99

CodeRed and CodeRed II 2001

Worm that targeted servers running the Microsoft IIS Internet Information Server Web Server. The worm propagates by installing itself into a random Web server using a known buffer overflow exploit, contained in the file Idq.dll. It contains the text string Hacked by Chinese., which is displayed on web pages that the worm infected. The original CodeRed had a payload that caused a Denial of Service DoS attack on the White House Web server. CodeRed II has a different payload that allows its creator to have full remote access to the Web server.

The reported cost of worm activities: 2 billion

CodeRed II

2001-080421-3353-99

Sobig 2003

One of the most destructive worms ever. The worm sends itself to all the addresses it finds in the. txt. eml. html. htm. dbx, and. wab files. It was able to send over a million copies of itself within just a few hours of the outbreak. Sobig was the first of the spam botnet worms. While some worms, like Tanatos, dropped trojans on the computers they infected, Sobig was the first to turn computers into spam relays. The worm was stalling or completely crashing Internet gateways and email servers worldwide.

Total estimated damage costs of the worm: 37 billion.

W32.Sobig.A mm

2003-010913-1627-99

Blaster Worm is a worm that propagates by exploiting the Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability BID 8205 affecting both Windows 2000 and Windows XP machines. Once a computer was infected, it displayed a message box indicating that the system would shut down in a couple of minutes. It has also a date triggered payload that launches a DDoS attack against windowsupdate.com.

The Blaster worm shut down CTX, the largest railroad system in the Eastern U.S., for hours, crippled the new Navy/Marine Corps intranet, shut down Air Canada s check-in system. Overall estimated damage caused by the worm: 320 million.

W32.Blaster.Worm

2003-081113-0229-99 tabid 2

Sasser 2004

Sasser Worm is a worm that attempts to exploit the vulnerability described in Microsoft Security Bulletin MS04-011. The worm was written by German Student of Computer Science. It spreads by scanning the randomly selected IP addresses for vulnerable systems. When a vulnerable system is found, a worm on the worm will send shell code to the target computer that attempts to exploit the LSASS buffer overflow vulnerability. Sasser was exploiting the same vulnerabilities used by Blaster - here as well Windows 2000 and XP affected. Sasser also displayed a notice indicating that the system was shutting down.

Security experts estimate that infected computers numbered in the millions. British Airways suffered delays when the worm hit Terminal Four at London s Heathrow Airport. Other affected companies were Sampo Bank in Finnland, Deutsche Post, Delta Airlines Estimated, British Coastguard, French Stock Exchange and the France Presse news agency. Damage costs caused by the worm estimated to: 500 million.

W32.Sasser.Worm

2004-050116-1831-99

MyDoom 2004 - known also as Novarg

One of the most damaging email worms ever released. Worm was spreading as well through the file sharing systam Kazaa. Worm was arriving as an attachment with the file extension. bat. cmd. exe. pif. scr, or. zip. When a computer is infected, the worm sets up a backdoor into the system by opening TCP ports 3127 through 3198, which can potentially allow an attacker to connect to the computer and use it as a proxy to gain access to its network resources.

The impact of the worm was experienced worldwide as it was able to cause slowdowns of internet traffic. Estimated reported costs of the worm: 38 billion.

W32.Mydoom.A mm

2004-012612-5422-99

Downadup spreads primarily by exploiting the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability MS08-067 BID 31874, which was first discovered in late-October of 2008. It scans the network for vulnerable hosts, but instead of flooding it with traffic, it selectively queries various computers in an attempt to mask its traffic instead. It also takes advantage of Universal Plug and Play to pass through routers and gateways. It also attempts to spread to network shares by brute-forcing commonly used network passwords and by copying itself to removable drives.

It has the ability to update itself or receive additional files for execution. It does this by generating a large number of new domains to connect to every day. The worm may also receive and execute files through a peer-to-peer mechanism by communicating with other compromised computers, which are seeded into the botnet by the malware author.The worm blocks access to predetermined security-related websites so that it appears that the network request timed out. Furthermore, it deletes registry entries to disable certain security-related software, prevent access to Safe Mode, and to disable Windows Security Alert notifications.

It has an extremely large infection base – estimated to be between 10-15 million computers. This is largely attributed to the fact that it is capable of exploiting computers that are running unpatched Windows XP SP2 and Windows 2003 SP1 systems. From interesting facts it is to mention that the vulnerability that allowed Conficker to spread had been patched for a little over a month before the worm appeared. Still, millions of computers were not updated. Estimated damage cost of the worm: 9 billion.

W32.Downadup

2008-112203-2408-99

Simple steps to protect yourself from the Conficker Worm

content id TECH93179

The Stuxnet computer worm is perhaps the most complicated piece of malicious software ever build.

The worm targets industrial control systems in order to take control of industrial facilities, such as power plants. The ultimate goal of Stuxnet is to sabotage such facility by reprogramming programmable logic controllers PLCs to operate as the attackers intend them to, most likely out of their specified boundaries. Stuxnet was discovered in July, but is confirmed to have existed at least one year prior and likely even before. The majority of infections were found in Iran. While the attacker s exact motives for doing so are unclear, it has been speculated that it could be for any number of reasons with the most probable intent being industrial espionage. Incredibly, Stuxnet exploits four zero-day vulnerabilities, which is unprecedented.

Stuxnet was the first piece of malware to exploit the Microsoft Windows Shortcut LNK/PIF Files Automatic File Execution Vulnerability BID 41732 in order to spread. The worm drops a copy of itself as well as a link to that copy on a removable drive. When a removable drive is attached to a system and browsed with an application that can display icons, such as Windows Explorer, the link file runs the copy of the worm. Due to a design flaw in Windows, applications that can display icons can also inadvertently run code, and in Stuxnet s case, code in the. lnk file points to a copy of the worm on the same removable drive. Furthermore, Stuxnet also exploits the Microsoft Windows Server Service RPC Handling Remote Code Execution Vulnerability BID 31874, which was notably used incredibly successfully by W32.Downadup a.k.a Conficker, as well as the Microsoft Windows Print Spooler Service Remote Code Execution Vulnerability BID 43073. The worm also attempts to spread by copying itself to network shares protected by weak passwords.

W32.Stuxnet

2010-071400-3123-99

The Hackers Behind Stuxnet

https://www-secure.symantec.com/connect/blogs/hackers-behind-stuxnet

W32.Stuxnet Dossier

Stuxnet 0.5: The Missing Link

https://www-secure.symantec.com/connect/blogs/stuxnet-05-missing-link

Video - Stuxnet: How It Infects PLCs

Video - Stuxnet 0.5: The Missing Link

Wikipedia references.

Internet security is a branch of computer security specifically related to the Internet, often involving browser security but also network security on a more general level as it applies to other applications or operating systems on a whole. Its objective is to establish rules and measures to use against attacks over the Internet. 1 The Internet represents an insecure channel for exchanging information leading to a high risk of intrusion or fraud, such as phishing. 2 Different methods have been used to protect the transfer of data, including encryption.

Contents

1 Types of security

1.1 Network layer security

1.2 Internet Protocol Security IPsec

1.3 Security token

1.4 Electronic mail security

1.4.1 Background

1.4.2 Pretty Good Privacy PGP

1.4.3 Multipurpose Internet Mail Extensions MIME

1.4.4 Message Authentication Code

2 Firewalls

2.1 Role of firewalls in web security

2.2 Types of firewall

2.2.1 Packet filter

2.2.2 Stateful packet inspection

2.2.3 Application-level gateway

3 Malicious software

4 Denial-of-service attack

5 Phishing

6 Browser choice

7 Application vulnerabilities

8 Internet security products

8.1 Antivirus

8.2 Password Managers

8.3 Security suites

9 See also

10 References

11 External links

Types of security edit

Network layer security edit

TCP/IP protocols may be secured with cryptographic methods and security protocols. These protocols include Secure Sockets Layer SSL, succeeded by Transport Layer Security TLS for web traffic, Pretty Good Privacy PGP for email, and IPsec for the network layer security.

Internet Protocol Security IPsec edit

IPsec is designed to protect TCP/IP communication in a secure manner. It is a set of security extensions developed by the Internet Task Force IETF. It provides security and authentication at the IP layer by transforming data using encryption. Two main types of transformation that form the basis of IPsec: the Authentication Header AH and ESP. These two protocols provide data integrity, data origin authentication, and anti-replay service. These protocols can be used alone or in combination to provide the desired set of security services for the Internet Protocol IP layer.

The basic components of the IPsec security architecture are described in terms of the following functionalities:

Security protocols for AH and ESP

Security association for policy management and traffic processing

Manual and automatic key management for the Internet key exchange IKE

Algorithms for authentication and encryption

The set of security services provided at the IP layer includes access control, data origin integrity, protection against replays, and confidentiality. The algorithm allows these sets to work independently without affecting other parts of the implementation. The IPsec implementation is operated in a host or security gateway environment giving protection to IP traffic.

Security token edit

Some online sites offer customers the ability to use a six-digit code which randomly changes every 30–60 seconds on a security token. The keys on the security token have built in mathematical computations and manipulate numbers based on the current time built into the device. This means that every thirty seconds there is only a certain array of numbers possible which would be correct to validate access to the online account. The website that the user is logging into would be made aware of that devices serial number and would know the computation and correct time built into the device to verify that the number given is indeed one of the handful of six-digit numbers that works in that given 30-60 second cycle. After 30–60 seconds the device will present a new random six-digit number which can log into the website. 3

Electronic mail security edit

Background edit

Email messages are composed, delivered, and stored in a multiple step process, which starts with the message s composition. When the user finishes composing the message and sends it, the message is transformed into a standard format: an RFC 2822 formatted message. Afterwards, the message can be transmitted. Using a network connection, the mail client, referred to as a mail user agent MUA, connects to a mail transfer agent MTA operating on the mail server. The mail client then provides the sender s identity to the server. Next, using the mail server commands, the client sends the recipient list to the mail server. The client then supplies the message. Once the mail server receives and processes the message, several events occur: recipient server identification, connection establishment, and message transmission. Using Domain Name System DNS services, the sender s mail server determines the mail server s for the recipient s. Then, the server opens up a connection s to the recipient mail server s and sends the message employing a process similar to that used by the originating client, delivering the message to the recipient s.

Pretty Good Privacy PGP edit

Pretty Good Privacy provides confidentiality by encrypting messages to be transmitted or data files to be stored using an encryption algorithm such as Triple DES or CAST-128. Email messages can be protected by using cryptography in various ways, such as the following:

Signing an email message to ensure its integrity and confirm the identity of its sender.

Encrypting the body of an email message to ensure its confidentiality.

Encrypting the communications between mail servers to protect the confidentiality of both message body and message header.

The first two methods, message signing and message body encryption, are often used together; however, encrypting the transmissions between mail servers is typically used only when two organizations want to protect emails regularly sent between each other. For example, the organizations could establish a virtual private network VPN to encrypt the communications between their mail servers over the Internet. 4 Unlike methods that can only encrypt a message body, a VPN can encrypt entire messages, including email header information such as senders, recipients, and subjects. In some cases, organizations may need to protect header information. However, a VPN solution alone cannot provide a message signing mechanism, nor can it provide protection for email messages along the entire route from sender to recipient.

Multipurpose Internet Mail Extensions MIME edit

MIME transforms non-ASCII data at the sender s site to Network Virtual Terminal NVT ASCII data and delivers it to client s Simple Mail Transfer Protocol SMTP to be sent through the Internet. 5 The server SMTP at the receiver s side receives the NVT ASCII data and delivers it to MIME to be transformed back to the original non-ASCII data.

Message Authentication Code edit

A Message authentication code MAC is a cryptography method that uses a secret key to encrypt a message. This method outputs a MAC value that can be decrypted by the receiver, using the same secret key used by the sender. The Message Authentication Code protects both a message s data integrity as well as its authenticity. 6

Firewalls edit

A computer firewall controls access between networks. It generally consists of gateways and filters which vary from one firewall to another. Firewalls also screen network traffic and are able to block traffic that is dangerous. Firewalls act as the intermediate server between SMTP and Hypertext Transfer Protocol HTTP connections.

Role of firewalls in web security edit

Firewalls impose restrictions on incoming and outgoing Network packets to and from private networks. Incoming or outgoing traffic must pass through the firewall; only authorized traffic is allowed to pass through it. Firewalls create checkpoints between an internal private network and the public Internet, also known as choke points borrowed from the identical military term of a combat limiting geographical feature. Firewalls can create choke points based on IP source and TCP port number. They can also serve as the platform for IPsec. Using tunnel mode capability, firewall can be used to implement VPNs. Firewalls can also limit network exposure by hiding the internal network system and information from the public Internet.

Types of firewall edit

Packet filter edit

A packet filter is a first generation firewall that processes network traffic on a packet-by-packet basis. Its main job is to filter traffic from a remote IP host, so a router is needed to connect the internal network to the Internet. The router is known as a screening router, which screens packets leaving and entering the network.

Stateful packet inspection edit

In a stateful firewall the circuit-level gateway is a proxy server that operates at the network level of an Open Systems Interconnection OSI model and statically defines what traffic will be allowed. Circuit proxies will forward Network packets formatted unit of data containing a given port number, if the port is permitted by the algorithm. The main advantage of a proxy server is its ability to provide Network Address Translation NAT, which can hide the user s IP address from the Internet, effectively protecting all internal information from the Internet.

Application-level gateway edit

An application-level firewall is a third generation firewall where a proxy server operates at the very top of the OSI model, the IP suite application level. A network packet is forwarded only if a connection is established using a known protocol. Application-level gateways are notable for analyzing entire messages rather than individual packets of data when the data are being sent or received.

Malicious software edit

A computer user can be tricked or forced into downloading software onto a computer that is of malicious intent. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true malicious malware and unintentionally harmful software.

A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet.

Computer Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.

Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout.

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator s of the malware in order for the restriction to be removed.

Scareware is scam software with malicious payloads, usually of limited or no benefit, that are sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.

Spyware refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user s consent.

A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless, so that a user willingly allows it to be downloaded onto the computer.

Denial-of-service attack edit

A denial-of-service attack DoS attack or distributed denial-of-service attack DDoS attack is an attempt to make a computer resource unavailable to its intended users. Although the means to carry out, motives for, and targets of a DoS attack may vary, it generally consists of the concerted efforts to prevent an Internet site or service from functioning efficiently or at all, temporarily or indefinitely. According to businesses who participated in an international business security survey, 25 of respondents experienced a DoS attack in 2007 and 16.8 experienced one in 2010. 7

Phishing edit

Main article: Phishing

Phishing is where the attacker pretends to be a trustworthy entity, either via email or web page. Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media or other avenues. Often tactics such as email spoofing are used to make emails appear to be from legitimate senders, or long complex subdomains hide the real website host. 8 9 Insurance group RSA said that phishing accounted for worldwide losses of 1.5 Billion in 2012. 10

Browser choice edit

Main article: Browser security

Web browser statistics tend to affect the amount a Web browser is exploited. For example, Internet Explorer 6, which used to own a majority of the Web browser market share, 11 is considered extremely insecure 12 because vulnerabilities were exploited due to its former popularity. Since browser choice is more evenly distributed Internet Explorer at 28.5, Firefox at 18.4, Google Chrome at 40.8, and so on 11 and vulnerabilities are exploited in many different browsers. 13 14 15

Application vulnerabilities edit

Main article: Application security

Applications used to access Internet resources may contain security vulnerabilities such as memory safety bugs or flawed authentication checks. The most severe of these bugs can give network attackers full control over the computer. Most security applications and suites are incapable of adequate defense against these kinds of attacks. citation needed

Internet security products edit

Antivirus edit

Antivirus software and Internet security programs can protect a programmable device from attack by detecting and eliminating viruses; Antivirus software was mainly shareware in the early years of the Internet, when. but there are now when. several free security applications on the Internet to choose from for all platforms. 16

Password Managers edit

A password manager is a software application that helps a user store and organize passwords. Password managers usually store passwords encrypted, requiring the user to create a master password; a single, ideally very strong password which grants the user access to their entire password database. 17

Security suites edit

So called security suites were first offered for sale in 2003 McAfee and contain a suite of firewalls, anti-virus, anti-spyware and more. 18 They may now offer theft protection, portable storage device safety check, private Internet browsing, cloud anti-spam, a file shredder or make security-related decisions answering popup windows and several were free of charge 19 as of at least 2012.