Viruses, Worms, and Buffer Overflow's may differ in how they propagate from system to system, but the ultimate goal of each is to inject some fragment of unauthorized machine instructions into a computer system for execution. The author of the unauthorized instruction is thus able to subvert the target computer system to their own agenda, for example further propagating the unauthorized code fragment, launching denial of service attacks on a third parties, harvesting secret information or executing a malicious payload. Having established a foothold in the system, the unauthorized code typically establishes a dialogue with higher level operating system functions. Once available, this rich set of functionality permits the unauthorized programmer access to a wide set of capabilities with which to further his or her cause. Although the unauthorized machine instructions may not cause actual damage to the system or attempt to circumvent security for ulterior motives, even seemingly benign code consumes system resources and affects compatibility of various programs therefore it can properly be termed “malicious code.”
A common hardware architecture and the wide scale deployment of a small number of operating systems in the enterprise and personal computing space has resulted in large groups of computers that share common properties, the result is that a successful hardware architecture and operating system based attack is likely to be wildly successful once released into the enterprise or internet computing environment. In some notable cases the level of success has been such that the impact has extended to systems and activities not directly targeted. The traditional defense against this type of assault has focused on the development (and if necessary correction) of safe code, i.e. code that does not contain flaws which might be utilized to subvert a target system. In addition computer users in both the home and the enterprise computing environment have deployed firewalls in an effort to limit access to protected computing resources. Scanning technologies are deployed in both the firewall on Personal Computers and on enterprise class servers in an effort to identify unauthorized programs and to remove them before they can execute. Systems must be kept up to date with the latest patches installed to defend against newly discovered flaws and vulnerabilities. The final defense is to search for and remove systems that exhibited ‘viral behavior’. In each case the defenses have been shown to be imperfect.