Computer Software Security
█ BRIAN HOYLE
Computer software security refers to the use of software to prevent damage to computer files, programs, and operating systems, as well as to monitor a personal computer (PC) or laptop for theft.
Anti-virus software. A recommended feature for any computer that is connected to the Internet is software that protects the computer from viruses. Like biological viruses, computer viruses need the machinery of another host, in this case a computer, to make new copies of themselves and infect another host computer. There are upwards of
100,000 known viruses, with new viruses being detected literally every day.
Viruses can enter computers via different routes. A common route is as an attachment to an email. When the email is opened the virus is triggered to disrupt whatever computer code it has been targeted towards. Viruses that target email addresses can distribute themselves to other computer very quickly. An infamous example is the "Love" virus, which infected millions of computers worldwide within hours of its release in May 2000.
There are a wide variety of anti-virus software programs available that will recognize, quarantine and destroy many of these viruses. Anti-virus programs need to be updated frequently (often accomplished automatically "on-line" with some vendors products) to keep pace with the appearance of new viruses.
Theft. Next to viruses, theft represents the biggest security issue for computer users. Various hardware options are designed to lessen the chance of theft. Anti-theft software is also available. There are several software programs that aim to lessen the usability, and so the appeal, of a stolen computer (particularly laptop computers). In one setup, a registered identifier number is beamed out when the stolen computer is hooked up to the Internet. Proprietary software can detect and even track the location of the sending computer. Another strategy uses motion-sensing software that is adjusted to the motion patterns of the normal user. A different range of motions that are uncharacteristic of the principle user can trigger an audio alarm. As well, the computer is triggered to shut down and reboot. The user then needs to supply a complicated password to use the computer and even to read the scrambled files (see below) from the hard drive. This protection occurs even when the computer is shut off.
Data encryption and ownership. Encryption is the scrambling of the data so as to make the data undecipherable. Encryption programs can scramble the data that is resident in the computer as well as data sent to another computer via email. The message can be reassembled to the original format if the receiving computer has an encryption program installed.
With contracts being sent over the Internet, the ownership and legal status of such information has become an important issue. Digital signatures can be affixed to a document sent via the Internet to establish ownership, in the same way that a signature on a paper contract is legally binding. Countries including the United States have sanctioned the use of digital signatures.
Authorization and intrusion. Software programs allow a hierarchy of approvals to be established for access to data. In a company, for example, senior managers can be authorized to view and even manipulate data that more junior personnel do not have access to. Other programs act as guardians of the data, and detect any unauthorized or unusual actions on the computer (i.e., hacking).
Computers connected to the Internet are often equipped with software known as a firewall. The firewall functions to monitor incoming transmissions and to restrict those that are deemed suspicious. It is a controlled gateway that limits who and what can pass through. A number of vendors offer firewall programs. Like anti-virus software, these programs can and should be frequently updated, since those who seek to maliciously gain remote access to computers are constantly developing methods to thwart the firewall barrier.
█ FURTHER READING:
Bentley, Tom, and Jon Hastings. Safe Computing: How to Protect Your Computer, Your Body, Your Data, Your Money and Your Privacy in the Information Age. Concord, CA: Untechnical Press, 2000.
Bishop, Matt. Computer Security: Art and Science. Boston: Addison Wesley Professional, 2002.
Cheswick, William R., Steven M. Bellovin, and Aviel D. Rubin. Firewalls and Internet Security: Repelling the Wiley Attacker, Second Edition. Boston: Addison Wesley Professional, 2003.
Stoll, Clifford. Cuckoo's Egg: Tracking a Spy through the Maze of Computer Espionage. New York: Simon and Schuster, 2000.
Whittaker, James A., and Herbert Thompson. How to Break Software Security: Art and Science. Boston: Addison Wesley Professional, 2002.