Chapter 11
Software Flaws and Malware
If automobiles had followed the same development cycle as the computer,a Rolls-Royce would today cost $100, get a million miles per gallon,and explode once a year, killing everyone inside.
—Robert X. Cringely
My software never has bugs. It just develops random features.
—Anonymous
11.1 Introduction
Why is software an important security topic? Is it really on par with crypto, access control, and protocols? For one thing, virtually all of information security is implemented in software. If your software is subject to attack, all of your other security mechanisms are vulnerable. In effect, software is the foundation on which all other security mechanisms rest. We’ll see that software provides a poor foundation on which to build security—comparable to building your house on quicksand.1
In this chapter, we’ll discuss several software security issues. First, we consider unintentional software flaws that can cause security problems [183]. Then we consider malicious software, or malware, which is intentionally designed to be bad. We’ll also discuss the future of malware, and we’ll mention a few other types of software-based attacks.
Software is a big subject, so we continue with software-related security topics in the next two chapters. Even with three chapters worth of material we can, as usual, do little more than scratch the surface.
11.2 Software Flaws
Bad software is everywhere [143]. For example, the NASA Mars Lander, which cost $165 million, ...
