Trusted Computing and the Enterprise Software Ecosystem: Part 1 (of 7)

Part 1. Trusted Computing Basics

It is almost surprising to think how accustomed we’ve grown to the threat of malicious software attacks in this era of rapidly maturing computer technology. Known more broadly as malware, malicious software may take the form of computer viruses, worms, Trojan horses, logic bombs, rootkits, backdoors, bots, keystroke loggers, crimeware, spyware, and more. A recent news article from the Association for Computing Machinery, ACM gives the number of new computer viruses in the first half of 2010 to be over one million, a 50 percent increase compared with 2009.[1]

A key problem within this threatening climate is that of preventing malware infection. Most computer users within the enterprise context have some understanding of the threat and its consequences, and do their part by following such elementary practices as avoiding suspicious email attachments, not installing software of unknown origins, avoiding suspicious Web links, etc. IT departments are acutely aware of their need for prevention and deploy a whole range of strategies including antivirus software, automated system patching, policy-driven security configuration, Web access regulation, firewalls, email scanning, analyzing network traffic patterns, etc.

An equally important problem, although surprisingly less discussed, is that of detecting malware infection. Given a computer server delivering terabytes of storage, web, or database data, or a client laptop busily serving a company engineer or finance officer, how can an IT department detect when malware has compromised the system? Pathological behavior (unprompted rebooting, missing system files, lewd console messages, etc.) may be an obvious indicator, as are the "hits" found by scanning software, but malware increasingly operates in stealth mode, providing few indicators as it silently logs private data, copies keystrokes, saves application screen shots, transfers data over the network, or even uses the host to launch attacks on peer computers.

The problem of detecting malware infection may be rephrased from the standpoint of trust: How can an enterprise IT department maintain trust of a computer that is deployed in a threatening malware environment and provides little indication when a compromise occurs?

[1] "Number of New Computer Viruses at Record High", ACM News, September 13, 2010.

Для получения подробной информации о возможностях оптимизации компилятора обратитесь к нашему Уведомлению об оптимизации.