You are the System Administrator for a large organisation for the manufacture of gadgets for the gadgets industry. In order to make your task easier, you are to write a Bash shell script called “accounts”, which creates and maintains user accounts on a Linux system.

The Linux system has 10 user groups for users that work within the following areas:
finance, purchasing, manufacture, test, shipping, hr, sales, repair, research, development. Occasionally, you get a composite file from HR that lists new members of staff but also you receive a composite file that lists staff that has been made
redundant. The script should adhere to the following guidelines:
· The script must be a single script, i.e. it must not be multiple scripts that call one another. Comments where necessary must be included to explain operation.
· Place your Name and DCU ID at the top of the script.

· You must test your script on a computer in S212 that has SUSE 10.x installed. DO NOT assume that if it runs on Cygwin that it will run on Linux!

· The Bash shell should be the default user shell.

· New UIDs start at 5000 and new GIDs start at 1000

· A check must be done to avoid duplication of; usernames, UID, groups, GID.

· Usernames are created in lowercase, with max 8 characters. The username is created using a combination of the last name characters followed by the 1st character from first name, e.g. Joe Goldsmith would be goldsmij.

· User home directories, with permissions drwx–x–x, are set up within the home/groupname directories, e.g. /home/research, /home/finance, etc.
· Entries in the /etc/aliases file should be made to allow “Human Readable” email addresses, e.g. joe.goldsmith:goldsmij.

· A user’s public_html directory, with permissions drwxr-xr-x , should be created in each user’s home directory.

· Password aging should be applied with a time value of 50 days.

· Users should be forced to change their passwords at there first login.

· The passwdkey binary is used to generate the 13 character encrypted password entry for the /etc/shadow file. It takes one argument, the password in plain text, and returns the encrypted password.

· The script file must manipulate the various system files directly without calling the system utilities like; useradd, userdel, etc.
· At beginning of your script, set the following variables to allow your script to
be portable to any system:
1) etcdir=$HOME/assign2/etc
2) homedir=$HOME/assign2/home
3) keygen=$HOME/assign2/passwdkey
4) hrfile=$HOME/assign2/hrfile
· Because your script will be run by you as a standard user, then obviously the chown and newaliases utilities, when called upon, will fail to run. However, you must still include the code to call these utilities at the appropriate location within the script so that user root can run the full script. This can be done by examining the variable $USER and if it returns root, then these utilities may be run, otherwise they are skipped over and a warning “Must be root to run the chown or newaliases utilities” is displayed.

· When your script is run, a menu should be presented on screen as follows:

Please select option that you require:

1) Create new user group

2) Create new user account

3) Delete user account

4) Create multiple user accounts from formatted file

5) Delete multiple user accounts from formatted file

6) Suspend user account

7) Re-Instate user account

8) Make user a member also of another group

9) Show home directory space usage for all users

10) Exit

· When a new user group is formed, a subdirectory with that name must also be
created within the home directory.

· Selecting a menu item should, where appropriate, lead to other submenus.
o For 2 or 8 it would be appropriate to show groups that users can join.
o For 3 it would be appropriate to show users on system.
o For 6 or 8 it would be appropriate to show non-suspended users on system
o For 7 it would be appropriate to show suspended users on system

Accounts File

#!/bin/bash
#Sameer Kumar
#53129300
#DME4
#Assignment 2 -  Account Managment Script
#EE438
#05/4/2007
#initialise  variables
etcdir=$HOME/assign2/etc
homedir=$HOME/assign2/home
keygen=$HOME/assign2/passwdkey
hrfile=$HOME/assign2
#interface
echo ”    “
echo “Welcome to the Account Management  Program”
echo ”    “
echo “Please select the option that you  require (1 -10) and press enter”
echo ”    “
echo “1. Create a new  user group”
echo ”    “
echo “2. Create a new user account”
echo  ”    “
echo “3. Delete a user account”
echo ”    “
echo “4.  Create multiple user accounts from formatted file”
echo ”    “
echo  “5. Delete multiple user accounts from formatted file”
echo ”    “
echo  “6. Suspend a user account”
echo ”    “
echo “7. Re-instate user  account”
echo ”    “
echo “8. Make a user a member also of another  group”
echo ”    “
echo “9. Show home directory space usage for  all users”
echo ”    “
echo “10. Exit”
echo ”    “
read  reply;
echo ”    “
#################################################################################################
#1. create new user group
if [ "$reply" = 1 ]; then
clear
echo  “Currently there are the following user groups :”
#list characters,  find, read,
ls -l $homedir|grep “^d”|cut -c 50-80
echo “Enter the  name for the new user group :”
read groupselection
groupselection=`echo$groupselection|tr[:upper:][:lower:]`
val=1
while[  "$val" = 1 ]; do
#if the user group is in the group file
if[  `grep -w $groupselection $etcdir/group|cut -d":" -f1` ]; then
echo  “Sorry that is a duplicate user group”
echo “Please choose a  different name or press z to go back to the main menu”
read answer
#make them lowercase
answer=`echo $answer|tr[:upper:][:lower:]`
if[  "$answer" = z ];then
#return to the main menu
./accounts
else
groupselection=$answer
fi
val=1
else
val=0
fi
done
#if there is the existing line, take last id from the end of the  group file, cast string to integer
if[ `tail /$etcdir/group  --lines=1|cut -d":" -f3` ]; then
lastgroupid=`tail/$etcdir/group  –lines=1|cut -d”:” -f3`
declare -i lastgroupid
else
#if there  is not a line, set to 999
lastgroupid=999
fi
#if =<999
if[  $lastgroupid -le 999 ]; then
usergroupid=1000
else
#add 1 to  last id
lastgroupid=$lastgroupid+1
#make new id
usergroupid=$lastgroupid
fi
mkdir $homedir/$groupselection
echo “The New User Group has been  created”
#add the new line to group file
echo  $groupselection:x:$usergroupid:>> /$etcdir/group
fi
esac
echo “Would you like to go back to the main menu (y/n) ?”
read  reply
if [ "$reply" = y ]
echo “Back to the main menu…”
./accounts
val=0
fi
#############################################################################################
#Create new user account#
if [ "$reply" = 2 ]; then
clear
echo  “Please enter new users full name and press enter:”
read f_name
#1st  letter of first name
name1=`echo $f_name|cut -c0-1`
#last 7  letters of last name
name2=`echo $f_name|cut -d” ” -f2|cut -c1-7`
#create  username from last 7 letters of last name, 1st letter of first name
username=`echo  $name2$name1 | tr [:upper:] [:lower:]`
num=1
name3=2
#to avoid  creating the same usernames
while [ "$num" = 1 ]; do
if [ `grep  -w $username $etcdir/passwd |cut -d":" -f1` ]; then
#take the 1st  letter if the same name exists
name1=`echo $f_name|cut -c0-1`
#last  6 characters of last name
name2=`echo $f_name|cut -d” ” -f2|cut  -c1-6`
declare -i name3
#add 1 to the end of username
name3=$name3+1
#create  username
username=`echo $name2$name1″$name3″ | tr [:upper:]  [:lower:]`
num=1
else
username=$username
num=0
fi
done
echo  “The new username is: $username…”
#if line present in file use  last existing id from passwd file, cast string to integer
if [ `tail  /$etcdir/passwd --lines=1|cut -d":" -f3` ]; then
lastid=`tail  /$etcdir/passwd –lines=1|cut -d”:” -f3`
declare -i lastid
else
lastid=4999
fi
#if  =<4999
if [ "$lastid" -le 4999 ]; then
#set first id to 5000
userid=5000
else
#add  1 to lastid
lastid=$lastid+1
#create new id
userid=$lastid
echo  “The new user ID is $userid…”
#to create email addresses, insert  a dot in the space between names
aliasfield=`echo $f_name|sed -e ’s/  /./’`
#add to aliases file
`echo $aliasfield:$username >>  /$etcdir/aliases`
echo “Enter password :”
read pass
#encrypt  the password
encrypt=$pass
echo “Current user groups :”
#display  the current user groups
ls -l $homedir|grep “^d”|cut -c 50-80
#prompt  user
echo “Enter the group name you want to add the user to :”
#password  file entry
read groupselection
#lower case letters for group
groupselection=`echo  $groupselection | tr [:upper:] [:lower:]`
num=1
while [ "$num" = 1  ]; do
#if the group is in the group file
if [ `grep -w  $groupselection $etcdir/group |cut -d":" -f1` ]; then
echo “The  ‘$groupselection’ group has been successfully entered…”
num=0
else
echo  “The inputted group $groupselection does not exist, please try again or  press Z to go back to the main menu…”
read groupselection
num=1
elif[  "$groupselection" = z ]
then
#return to the main menu
./accounts
fi
done
#get group id from file
groupid=`grep $groupselection  /$etcdir/group|cut -d”:” -f3`
echo “The group id is $groupid”
#find  the line that the group in question is on
adduserline=`grep $groupid  /$etcdir/group`
#add username to end of groupline
sed -e  “s/$adduserline/$adduserline, $username/g” $etcdir/group >  $etcdir/grouptemp
#delete occurances of “:,”
sed -e “s/:, /:/g”  $etcdir/grouptemp > $etcdir/group
#remove the temporary file
rm  $etcdir/grouptemp
echo “Creating $username directory…”
#set  permissions drwx–x–x
mkdir $homedir/$groupselection/$username -m 711
echo  “Creating $username’s public_html directory…”
#set permissions  drwxr-xr-x
mkdir $homedir/$groupselection/$username/public_html -m  755
#output this entry to the passwd file, this allows it to be  called later
`echo  $username:x:$userid:$groupid:$f_name:$homedir/$groupselection/$username:/bin/bash  >> /$etcdir/passwd`
#output this entry to the shadow file
`echo  $username:$encrypt:0:0:50:7:-1:: >> /$etcdir/shadow`
#only  root can use utilities chown and newaliases
if [ "$USER" = "root" ];  then
#set owner of directory
chown -R $username  $homedir/$groupselection/$username/
newaliases
else
echo  “WARNING - MUST BE ROOT TO RUN THE CHOWN OR NEWALIASES UTILITIES”
fi
fi
fi
esac
echo “Would you like to go back to the main menu (y/n) ?”
read  reply
if [ "$reply" = y ]
echo “Back to the main menu…”
./accounts
val=0
fi
##################################################################################################
#Delete user account#
if [ $reply = 3 ]; then
clear
echo  “The list of all the current system users :”
cat $etcdir/passwd|cut  -d”:” -f1
echo “Choose the username and press enter to delete  their account :”
read del_user
echo “Do you wish to continue  to delete $del_user? (y/n)”
read answer
#read the upper and lower  case characters
answer=`echo $answer | tr [:upper:] [:lower:]`
if [  "$answer" = y ]; then
echo “Currently deleting $del_user from  aliases file…”
cp $etcdir/aliases $etcdir/aliasestemp
sed -e  /:$del_user/d $etcdir/aliasestemp > $etcdir/aliases
#delete from  aliases file
rm $etcdir/aliasestemp
echo “Currently deleting  $del_user from passwd file…”
cp $etcdir/passwd $etcdir/passwdtemp
sed  -e /$del_user:/d $etcdir/passwdtemp > $etcdir/passwd
#delete from  passwd file
rm $etcdir/passwdtemp
echo “Currently deleting  $del_user from shadow file…”
cp $etcdir/shadow $etcdir/shadowtemp
sed  -e /$del_user:/d $etcdir/shadowtemp > $etcdir/shadow
#delete user  from shadow file
rm $etcdir/shadowtemp
echo “Currently  deleting  $del_user’s name from his group…”
mv  $homedir/$groupselection/$del_user $etcdir/grouptemp
rm  $etcdir/grouptemp
#delete from group file
echo “Currently  deleting $del_user from group file…”
cp $etcdir/group  $etcdir/grouptemp
sed -e “s/, $del_user//g” $etcdir/grouptemp >  $etcdir/group
cp $etcdir/group $etcdir/grouptemp
sed -e  “s/$del_user, //g” $etcdir/grouptemp > $etcdir/group
cp  $etcdir/group $etcdir/grouptemp
sed -e “s/$del_user//g”  $etcdir/grouptemp > $etcdir/group
rm $etcdir/grouptemp
echo  “Currently deleting $del_user’s directory…”
#delete users directory
groupselection=`grep  $del_user $etcdir/group|cut -d”:” -f1`
echo “$del_user has been  entirely deleted from the system.”
else
#return to the main menu
./accounts
fi
fi
esac
####################################################################################################
#Create Multiple user accounts from formatted file#
if [ $reply =  4 ]; then
clear
echo “In order to create any users from a  formatted file - it must be named ‘HRfile’ and be placed in the  ‘assign2′ directory”
echo “The following are the contents of this  file :”
#show hrfile
cat $hrfile
echo “Do you wish to  continue adding new users? (y/n)”
read response
response=`echo  $response | tr [:upper:] [:lower:]`
if [ "$response" = n ]; then
echo  “Returing to main menu…”
#return to the main menu
./accounts
else
echo “Currently adding the new users…”
#copy hrfile to temporary  location, edit this file
cp $hrfile $assign2/hrfiletemp
#keep the  firstline line
firstline=`head -n 1  $assign2/hrfiletemp`
#take  this from the file
sed -e /”$firstline”/d $assign2/hrfiletemp >  $assign2/hrfiletemp2
cp $assign2/hrfiletemp2 $assign2/hrfiletemp
#get  the number of lines
lines=`grep “:” $assign2/hrfiletemp -c`
int=0
while  [ $lines -gt $int ]; do
#store a new firstline line
firstline=`head  -n 1  $assign2/hrfiletemp`
#get fullname
f_name=`echo  $firstline|cut -d”:” -f1`
f_name=`echo $f_name | tr [:upper:]  [:lower:]`
#1st letter of first name
name1=`echo $f_name|cut  -c0-1`
#last 7 letters of last name
name2=`echo $f_name|cut -d” ”  -f2|cut -c1-7`
#create username from  last 7 letters of last name,  1st letter of first name
username=`echo $name2$name1 | tr [:upper:]  [:lower:]`
#to avoid creating the same usernames
num=1
name3=2
while  [ "$num" = 1 ]; do
if [ `grep -w $username $etcdir/passwd |cut -d":"  -f1` ]; then
#take the 1st letter if the same name exists
name1=`echo  $f_name|cut -c0-1`
#last 6 characters of last name
name2=`echo  $f_name|cut -d” ” -f2|cut -c1-6`
declare -i name3
#add integer to  end of username
name3=$name3+1
#create the username
username=`echo  $name2$name1″$name3″ | tr [:upper:] [:lower:]`
num=1
else
username=$username
num=0
fi
done
#output end of file
if [ `tail /$etcdir/passwd --lines=1|cut  -d":" -f3` ]; then
#take last existing id from passwd file
lastid=`tail  /$etcdir/passwd –lines=1|cut -d”:” -f3`
#cast string to int
declare  -i lastid
else
lastid=4999
fi
#if <=4999
if [  "$lastid" -le 4999 ]; then
#set first id to 5000
lastid=5000
else
#add  1 to lastid
lastid=$lastid+1
#create new id
userid=$lastid
fi
#to create email addresses, insert a dot in the space between names
aliasfield=`echo  $f_name|sed -e ’s/ /./’`
#add to aliases file
`echo  $aliasfield:$username >> /$etcdir/aliases`
#get the  password
pass=`echo $firstline|cut -d”:” -f2`
#translate the  password
pass=`echo $pass | tr [:upper:] [:lower:]`
#encrypt the  password
encrypt=$pass
#get group
groupselection=`echo  $firstline|cut -d”:” -f3`
groupselection=`echo $groupselection | tr  [:upper:] [:lower:]`
num=1
while [ "$num" = 1 ]; do
#if the  group is in the group file
if [ `grep -w $groupselection  $etcdir/group |cut -d":" -f1` ]; then
num=0
else
echo “The  inputted group $groupselection does not exist, please re-enter group  name…”
read groupselection
num=1
fi
done
#get group  id from file
groupid=`grep $groupselection /$etcdir/group|cut -d”:”  -f3`
echo “The group id is $groupid”
adduserline=`grep  $groupid /$etcdir/group`
#find the line that the group in question is  on
sed -e “s/$adduserline/$adduserline, $username/g” $etcdir/group  > $etcdir/grouptemp
sed -e “s/:, /:/g” $etcdir/grouptemp >  $etcdir/group
rm $etcdir/grouptemp
echo “Creating $username  directory…..”
#set permissions drwx–x–x
mkdir  $homedir/$groupselection/$username -m 711
echo “Creating $username’s  public_html directory……”
#set permissions drwxr-xr-x
mkdir  $homedir/$groupselection/$username/public_html -m 755
#output  entry for new user to passwd file create an entry in the passwd file
`echo   $username:x:$userid:$groupid:$f_name:$homedir/$groupselection/$username:/bin/bash  >> /$etcdir/passwd`
#output entry for new user to shadow  file
`echo $username:$encrypt:0:0:50:7:-1:: >> /$etcdir/shadow`
#limit use of utilities to user root
if [ "$USER" = "root" ];  then
chown -R $username $homedir/$groupselection/$username/
newaliases
else
echo  “WARNING - USER MUST BE ROOT TO USE CHOWN OR NEWALIASES UTILITIES”
fi
sed -e /”$firstline”/d $assign2/hrfiletemp > $assign2/hrfiletemp2
cp  $assign2/hrfiletemp2 $assign2/hrfiletemp
declare -i int
int=$int+1
done
rm  $assign2/hrfiletemp2
rm $assign2/hrfiletemp
fi
fi
esac
echo  “Would you like to go back to the main menu (y/n) ?”
read reply
if  [ "$reply" = y ]
echo “Back to the main menu…”
./accounts
val=0
fi
###############################################################################
#Delete multiple user accounts from formatted file#
if [ $reply =  5 ]; then
clear
echo “To Delete users from file - The file  ‘HRfile’ must exist in the ‘assign2′ directory”
echo “The contents of  this file are shown below:”
#show
cat $hrfile
echo  “Proceed with deleting these users? y/n”
read response
response=`echo  $response | tr [:upper:] [:lower:]`
if [ "$response" = n ]; then
echo  “Returing to main menu…”
./accounts
else
echo “Deleting  users…”
cp $hrfile $assign2/hrfiletemp
firstline=`head -n 1   $assign2/hrfiletemp`
sed -e /”$firstline”/d $assign2/hrfiletemp >  $assign2/hrfiletemp2
cp $assign2/hrfiletemp2 $assign2/hrfiletemp
#get  line count
lines=`grep “:” $assign2/hrfiletemp -c`
int=0
while  [ $lines -gt $int ]; do
firstline=`head -n 1  $assign2/hrfiletemp`
#get full name
f_name=`echo $firstline|cut -d”:” -f1`
f_name=`echo  $f_name | tr [:upper:] [:lower:]`
#enter username in aliases  file, passwd file, group file, shadow file
#take first letter of  first name
name1=`echo $f_name|cut -c0-1`
#take last 7 letters  of last name
name2=`echo $f_name|cut -d” ” -f2|cut -c1-7`
#create  username from the above
username=`echo $name2$name1 | tr [:upper:]  [:lower:]`
echo “Deleting user $username from aliases file…”
cp  $etcdir/aliases $etcdir/aliasestemp
sed -e /:$username/d  $etcdir/aliasestemp > $etcdir/aliases
#Remove user from aliases  file
rm $etcdir/aliasestemp
#remove user from aliases file
echo  “Deleting user $username from passwd file…”
cp $etcdir/passwd  $etcdir/passwdtemp
sed -e /$username:/d $etcdir/passwdtemp >  $etcdir/passwd
#remove user from passwd file
rm $etcdir/passwdtemp
#remove user from passwd file
echo “Deleting user $username from  shadow file…”
cp $etcdir/shadow $etcdir/shadowtemp
sed -e  /$username:/d $etcdir/shadowtemp > $etcdir/shadow
#remove user  from shadow file
rm $etcdir/shadowtemp
#remove username from  shadow file
echo “Deleting user $username’s directory”
groupselection=`echo  $firstline|cut -d”:” -f3`
groupselection=`echo $groupselection | tr  [:upper:] [:lower:]`
rm -r $homedir/$groupselection/$username
#remove  username’s directory
echo “Deleting user $username from group file…”
cp  $etcdir/group $etcdir/grouptemp
#Remove user from group file
sed  -e “s/, $username//g” $etcdir/grouptemp > $etcdir/group
cp  $etcdir/group $etcdir/grouptemp
sed -e “s/$username, //g”  $etcdir/grouptemp > $etcdir/group
cp $etcdir/group  $etcdir/grouptemp
sed -e “s/$username//g” $etcdir/grouptemp >  $etcdir/group
rm $etcdir/grouptemp
echo “User $username’s  account has been removed from the system.”
sed -e /”$firstline”/d  $assign2/hrfiletemp > $assign2/hrfiletemp2
cp $assign2/hrfiletemp2  $assign2/hrfiletemp
declare -i int
int=$int+1
done
rm  $assign2/hrfiletemp2
rm $assign2/hrfiletemp
fi
fi
esac
echo “Would you like to go back to the main menu (y/n) ?”
read  reply
if [ "$reply" = y ]
echo “Back to the main menu…”
./accounts
val=0
fi
#########################################################################################
#Suspend user account#
if [ $reply = 6 ]; then
clear
echo  “The list of the non-suspended system users :”
#add star to the  front of password in shadow file
grep -v ‘*’ $etcdir/shadow|cut -d”:”  -f1
echo “Enter the username to suspend the account :”
read  username
username=`echo $username | tr [:upper:] [:lower:]`
#Search  passwd file for this username
num=1
while [ "$num" = 1 ]; do
#if  you search and find it
if [ `grep -w $username $etcdir/passwd |cut  -d":" -f1` ]; then
echo “Do you wish to continue to suspend  $username’s account (y/n)?”
read reply
reply=`echo $reply | tr  [:upper:] [:lower:]`
if [ "$reply" = n ]; then
#return to the main  menu
./accounts
else
num=0
fi
else
echo  “‘$username’ does not exist, please re-enter username or Z to go back to  the main menu :”
read username
username=$username
username=`echo  $username | tr [:upper:] [:lower:]`
if [ "$username" = z ]; then
#return  to the main menu
./accounts
else
username=$username
fi
fi
fi
done
#search for username, store password
thepass=`grep -w $username  /$etcdir/shadow|cut -d”:” -f2`
#use first letter of password
firstletter=`echo  $thepass|cut -c 0-1`
#Check if this user is already suspended if the  first letter is a *
if [ "$firstletter" = "*" ]; then
echo “The  $username account is already suspended…”
echo “Returning to main  menu…”
./accounts
else
#use 2nd field
cp $etcdir/shadow  $etcdir/shadowtemp
#get the password
thepass=`grep -w $username  /$etcdir/shadowtemp|cut -d”:” -f2`
#sed for 2nd field in file and  replace with *2nd field
sed -e “s/$thepass/*$thepass/g”  $etcdir/shadowtemp > $etcdir/shadow
rm $etcdir/shadowtemp
#change  the user home directory permission t
userhome=`grep $username  /$etcdir/passwd| cut -d”:” -f6`
#no permissions
chmod 000  $userhome
echo “$username’s account is suspended”
fi
echo  “Would you like to go back to the main menu (y/n) ?”
read reply
if  [ "$reply" = y ]
echo “Back to the main menu…”
./accounts
num=0
fi
###################################################################################
#Re-Instate user account#
if [ $reply = 7 ]; then
clear
echo “The list of the currently suspended users on the system :”
#search  shadow file for entries beginning with *
grep ‘*’ $etcdir/shadow|cut  -d”:” -f1
echo “Enter the username to re-instate the account :”
read  username
username=`echo $username | tr [:upper:] [:lower:]`
#search  passwd file for this username
num=1
while [ "$num" = 1 ]; do
#if  you search and find it
if [ `grep -w $username $etcdir/passwd |cut  -d":" -f1` ]; then
echo “Do you wish to continue to re-instate  $username’s account (y/n)?”
read reply
reply=`echo $reply | tr  [:upper:] [:lower:]`
if [ "$reply" = n ]; then
echo “Back to  the main menu…”
./accounts
else
num=0
fi
else
echo  “‘$username’ does not exist, please try again or Z to go back to the  main menu :”
read username
username=`echo $username | tr [:upper:]  [:lower:]`
username=$username
if [ "$username" = z ]; then
echo  “Back to the main menu…”
./accounts
else
username=$username
fi
fi
fi
done
#Check if this user is already suspended if the first letter is a *
thepass=`grep  -w $username /$etcdir/shadow|cut -d”:” -f2`
firstletter=`echo  $thepass|cut -c 0-1`
if [ "$firstletter" = "*" ]; then
#use  2nd field
cp $etcdir/shadow $etcdir/shadowtemp
thepass=`grep -w  $username /$etcdir/shadowtemp|cut -d”:” -f2`
thenewpass=`echo  $thepass|cut -c 2-`

#sed for *2nd field in file and replace with  2nd field
sed -e “s/$thepass/$thenewpass/g” $etcdir/shadowtemp >  $etcdir/shadow
rm $etcdir/shadowtemp

#revert back to the  original home directory permissions
userhome=`grep $username  /$etcdir/passwd| cut -d”:” -f6`
#set permissions drwx–x–x
chmod  711 $userhome
echo “$username’s account has been re-instated”
else
echo  “$username’s account is already active…”
fi
esac
echo  “Would you like to go back to the main menu (y/n) ?”
read reply
if  [ "$reply" = y ]
echo “Back to the main menu…”
./accounts
val=0
fi
###################################################################################
#Make user a member of another group#
if [ $reply = 8 ]; then
clear
echo “Please enter the username of the user :”
read  username
#read the username from upper and lowercase letters
username=`echo  $username | tr [:upper:] [:lower:]`
#search the passwd file for  the username
num=1
while [ "$num" = 1 ]; do
if [ `grep -w  $username $etcdir/passwd |cut -d":" -f1` ]; then
num=0
else
echo  “Username ‘$username’ does not exist, please try again or Z to go back  to the main menu :”
read username
username=$username
if [  "$username" = z ]; then
#return to the main menu
./accounts
else
username=$username
fi
fi
fi
done
echo “The list of the existing groups are :”
#display all  existing groups
ls -l $homedir|grep “^d”|cut -c 50-80
echo “Enter  groupname to add user to”
read groupselection
#search the group  file for the groupname
num=1
while [ "$num" = 1 ]; do
if [  `grep -w $groupselection $etcdir/group |cut -d":" -f1` ]; then
num=0
else
echo  “Group does not exist, please re-enter groupname or Z to go back to the  main menu :”
read groupselection
groupselection=$groupselection
if  [ "$groupselection" = z ]; then
#return to the main menu
./accounts
else
groupselection=$groupselection
fi
fi
done
#if the user already exists and the group already exists
groupline=`grep  -w $groupselection $etcdir/group | cut -d”:” -f4`
if [ `echo  $groupline|grep $username | cut -d"," -f1` ]; then
echo “This user  has already joined this group”
else
echo “Adding user  ‘$username’ to the group ‘$groupselection’”
adduserline=`grep  $groupselection /$etcdir/group`
sed -e “s/$adduserline/$adduserline,  $username/g” $etcdir/group > $etcdir/grouptemp
sed -e “s/:, /:/g”  $etcdir/grouptemp > $etcdir/group
fi
esac
echo  “Would you like to go back to the main menu (y/n) ?”
read reply
if  [ "$reply" = y ]
echo “Back to the main menu…”
./accounts
num=0
fi
##################################################################################
#show home directory space usage for all users#
if [ $reply = 9  ]; then
clear
#show overall disk space usage
t_disk_sp=`du -h|  tail -n 1| cut -c1-3`
echo “Total disk space usage for all users  is : $t_disk_sp”
echo “View individual disk space consumed by  each user? (y/n)”
read individual
individual=`echo $individual |  tr [:upper:] [:lower:]`
if [ "$individual" = y ]; then
echo  “Would you like to display all the users on the system? (y/n)”
read  sys_usr
sys_usr=`echo $sys_usr | tr [:upper:] [:lower:]`
if [  "$sys_usr" = y ]; then
echo “The list of all the system users :”
#show  users
cat $etcdir/passwd| cut -d”:” -f1
fi
echo “Select  the username to view disk space usage :”
read username
#get  user home directory from passwd file
userhome=`grep $username  /$etcdir/passwd| cut -d”:” -f6`
u_disk_sp=`du -h $userhome|tail -n  1|cut -d”/” -f1`
echo “Total disk space usage for user ‘$username’ is  : $u_disk_sp”
else
echo “Back to the main menu…”
./accounts
fi
fi
esac
#####################################################################################
#exit gracefully
if [ "$reply" = 10 ]; then
clear;
echo  “Goodbye and Have a Nice Day :)!!!”
fi
esac
#####################################################################################
#if the user does not enter a number in the range [1-10]
if [  "$reply" = * ]; then
clear
echo “That request cannot be  processed!!!”
#return to the main menu
./accounts
fi
esac
#####################################################################################
esac
exit 0
VN:F [1.8.8_1072]
Rating: 0.0/10 (0 votes cast)
VN:F [1.8.8_1072]
Rating: 0 (from 0 votes)

1. Introduction to Malware

Malicious Software, Malware, is one of the biggest scourges plaguing the internet today. It can be hardware, software, or firmware that is intentionally included or inserted in a system for a harmful purpose. [19] This ranges from the loss of data, damage to computers, servers or networks, security breaches or extraction of sensitive information. As broadband capacity and network coverage increases, the spread of such applications is swift in comparison to the past when it relied on disks. This form has passed away due to the evolution of computers and widespread use of the internet.

In the beginning, Malware was formed simply to see how far a program could spread or multiply across various interconnected computers. They mutated into programs that could cause damage. In recent times, Malware has become a profitable business. Information about the user, advertising or redirecting users to particular websites create financial windfalls for the author. Some cyber criminals have been known to store incriminating evidence on infected machines, thus evading prosecution.

1.1 Types of Malware

The types of Malware fall into one of the following categories: Virus, Worm, Trojan, Spyware, Adware, Dialers or Hijackers.

1.1.1 Viruses:

Viruses were named as such as their characteristics match biological viruses. They pass from computer to computer in the same way as the human strain envelopes people. They operate by latching onto real applications or by email by sending itself to the entire contents of the address book. In the 1980’s, they spread via floppy disks while in the 1990’s by bulletin boards. They needed the user to explicitly execute it. The first virus was written in 1982 as a joke which targeted the Apple DOS 3.3 and was known as the “Elk Cloner”. In 1986, the first boot sector virus (c)Brain was created by two brothers in Pakistan to prevent against privacy. [20]

1.1.2 Worms:

Worms replicate by copying itself from one system to another generally over a network. They act by exploiting vulnerabilities in all types of software. Data can be damaged directly and/or the system may become unstable. They tend to largely affect networks by consuming bandwidth or causing packet-loss. A single worm can propagate on multiple machines simultaneously. The first implementation of a worm was in 1988 by researchers at Xerox Parc in order to improve the CPU cycle use efficiency across an entire network. The first worm to attract notoriety was the Morris Worm released the same year causing havoc and massive disruption. [21]

1.1.3 Trojans:

Trojans are true to its original story, it is not as it seems as in it claims to do one thing but does something else, a “serpent beneath the rose” – Shakespeare. Possible consequences after execution include hard disk format or concealing processes, files and system data. Spyware comes in the form of a Trojan as it is always hidden in the application. They may install a rookit on the system which is a set of tools an intruder can use, one of them being the ability to mask the Malware process from the user. In 2005, Sony created a storm after being caught installing a rookit on their audio CD’s. they took this step in order to stop piracy but this was counter productive.

1.1.4 Spyware:

Spyware is any software that aids in gathering information about a person or organization without their explicit permission or knowledge. It does not spread like viruses or worms but from a visited website. It has the ability to modify code or redirect traffic to a particular page, or retrieve information such as passwords, credit cards, about the user. Identity theft is a possible consequence of Spyware. It does not affect a computer in the style of a worm or virus but does affect the speed of the OS.

1.1.5 Adware:

Adware is any software application in which advertising banners or pop ups are displayed while the program is running. Many applications that are free have Adware running as a source of revenue which is covered in the License Agreement. It is generally accompanied by spyware and records the clients selections in order to display relevant advertisements. Some adware programs are known to reinstall after the user has deleted them.

1.1.6 Dialers:

Dialers infect by taking control of the modem to connect to a premium rate telephone number, thus creating a profit for the number’s owner. This connection would be live for long time slots with victims not realizing until receiving their phone bill. Due to this problem, Eircom blocked such foreign premium lines in specific countries. They put in place a verification process. [22]

1.1.7 Hijackers:

Hijackers manipulate different elements of your web browser, search bar, search pages or home page. They may redirect or guide you to certain sites, or to their own search engine if you attempt a search. Should you mistype an address or attempt to go to a site they would rather you not, such as an anti-malware page, you will not complete your request. Hijackers almost exclusively target Internet Explorer. [22] Hijackers would be considered a form of Spyware, but its motivation is specific.

1.2 Introduction to the Malware component on which the case study is based

I have chosen the Code Red Worm as my case study. There were 2 worms, Code Red I, released on July 13th 2001 and Code Red II on August 4th, 2001. These worms are also known as CodeRed.v3, CodeRed.C, W32.Bady.CCodeRed.F and CodeRed III. This phenomenal program replicated itself over 250,000 times in approximately nine hours on July 19, 2001. At its peak, CodeRed I infected 2,000 machines every minute, and infected 359,000 machines and cost $1.2 billion, according to the BBC. [9]

2. Case Study Detail

2.1 Propagation

All systems on the internet are searched for un-patched Windows NT or 2000 servers running Microsoft’s IIS web server. This section shall deal with the human contributions and the exploitation of system weaknesses.

2.1.1 Human contribution

Microsoft had already released a security patch for IIS that fixed the security hole on June 18, 2001. However not everyone had patched their servers, including Microsoft themselves. [23] This lack of action allowed the worm to spread rapidly. It is plausible that the author only became aware of the security hole after Microsoft’s patch release.

2.1.2 Exploit of computer and system weaknesses

CodeRed I was released 3 weeks after the announcement and corresponding release of the patch for the security hole, Microsoft Security Bulletin MS01-033. CodeRed operates over 3 cycles – scanning, flooding and dormancy. During the first phase, all systems on the internet are searched for Windows NT or 2000 servers running Microsoft’s IIS web server. This consumes a great deal of bandwidth and in some cases causing a total shutdown of the network. In the flooding phase, un-patched servers were exploited by the program copying itself to that server. After infection, the new program then targets other servers. The worm also sent copies of itself to the e-mail addresses in an infected computer, deleted files and directories, filled up space on the hard drive and sent out files to the Internet. This period lasted for 20 days. For the next 8 days, in its dormancy, it launches its attack on the White House. [13]

Microsoft’s IIS web server contains a .dll file. idq.dll contains an error in the code which reveals an unchecked buffer which deals with input URL’s. Susceptible servers containing this file are subjected to a buffer overflow attack once the worm makes a connection. This attack initiates prior to any indexing functionality. idq.dll operates in the %SYSTEMROOT% giving the worm total command when it takes advantage of this weakness. The consequences of this result in the extra data which is created overwriting adjacent memory bits. For example this data may contain variables, application data or other buffers.

CodeRed II exploits the same weaknesses but there are subtle differences which are outlined later.

2.2 Source code analyses

The infected machine executes CodeRed I from memory. Before the worm begins its path, it verifies whether the date falls between the 1st and 19th of the month. If this is the case, a random list of IP addresses is generated. The worm scans each address on the list searching for vulnerable machines. It endeavors to reproduce countless times by sending HTTP queries. The first CodeRed utilizes a static seed in its random number generator. The seed is the point where the worm starts its random number generator. This results in each infected machine producing identical lists of IP addresses. This ensured that the first version of the worm spread slowly as all machines on the list were either secure or contaminated.

Once the date reaches the 20th of the month, the worm is programmed to stop spreading. It begins its Denial-of-Service attack from 20th – 28th persecuting www1.whitehouse.gov.

In CodeRed II, the worm searches for the GetProcAddress function in the kernel32.dll\\\’s export table in the IIS server and then finds the addresses needed for further infection.

LoadLibraryA
CreateThread
….
….
GetSystemTime [13]

Another bug exists in Microsoft Windows, the “relative shell path”. The worm writes a shell program, “explorer.exe” in the SYSTEM context directory. This bug loads the “new” file instead of the original explorer.exe. Part of the worms application is deposited in the explorer.exe file giving the author remote access capabilities. This is known as a VirtualRoot and would be considered the Trojan element of the worm.

This changes the HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ SFCDisable registry key, halting all file system security. This allows the hacker to remotely access the C: and D: through a web browser. The Trojan adds read/write rights using the HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Services \ W3SVC \ Parameters \Virtual Roots registry key. [12]

WS2_32.dll is loaded by the worm. This file contains the functions socket, closesocket and WSAGetLastError. Using the ExitWindowsEx from user32.dll, the worm reboots the system.

The worms searches for two different markers.

  1. “29A,” deals with the installation of the Trojan, VirtualRoot.

2. A semaphore, “CodeRedII.” If this exists, the worm sets off into an infinite slumber. [12]

The worm checks for the default language on the machine. If this reveals any form of the Chinese Language, it creates 600 new threads compared to the 300 for all other languages. Resulting from these threads are the random IP addresses of target web servers. During these operations, the main thread copies cmd.exe from the Windows NT system folder to the following locations:

C: \ Inetpub \ Scripts \ root.exe
D: \ Inetpub \ Scripts \ root.exe
C: \ Program Files \ Common Files \ System \ msadc \ root.exe
D: \ Program Files \ Common Files \ System \ msadc \ root.exe [12]

The worm is dormant for 24 on non-Chinese systems and 48 hours on other systems.

The computer boots up after sleeping. Additionally, if the time of year is October or if it is 2002, the computer restarts and executes the virus again. [13]

CodeRed II is similar to CodeRed I with a few exceptions. It is considered a variant as it uses the same buffer overflow technique. It does not launch a Denial-of-Service attack or deface web pages in the same manner. Only some top level hosts were infected with “Hacked by Chinese!”. It does not use a static seed but rather a random one. Its main threat is the installation of the back door which allows any program to be executed making the system prone to further exploits. [11]

It applies a mask to the random generated IP addresses to produce its list of potential carriers. While CodeRed I infected systems randomly, the second version infected machines belonging to the same subnet. This worm has the means to control root-level access remotely making this a much deadlier version than its predecessor.

CodeRed II generates a random IP address and then applies a mask to produce the IP address to probe. The CodeRed II worm is much more dangerous than CodeRed because CodeRed II installs a mechanism for remote, root-level access to the infected machine.

Where the original worm tried to infect other computers at random, Code Red II tried to infect machines on the same subnet as the infected machine.

2.3 Payload analyses

Both programs always searched for other IIS servers to infect.

CodeRed I ruined the affected page to declare:

“HELLO! Welcome to http://www.worm.com! Hacked By Chinese!”

Some hosts were defaced with this signature in CodeRed II.

During its sleeping period, the worm launches denial of service attacks on several fixed IP addresses.

While in its scanning phase, the worm did no form of testing to see if the targeted server was running a vulnerable version of IIS or even running IIS at all. Apache access logs diplayed log files of the character N repeated 224 times. [8] The typical signature of CodeRed II is the same with X instead of N. [23]

For CodeRed II, on Chinese systems, it creates 600 threads and spreads for 48hours. On a non-Chinese system it creates 300 threads and spreads for 24 hours.
Due to the magnitude of the countless probes sent to infiltrate new addresses and the mass of infected systems, the traffic created a larger blow to the worldwide network. Some modems, routers, switches and even printers were not left unscathed. These devices could not be infected but ultimately had to reboot or crash when the worm was sent to them.

2.4 Containment of this Malware component

The capabilities of a hacker to connect remotely from an infected machine to other machines depends on the explicit compostion of the network. It is recommended that the design of the network considers the intrinsic high risk danger that that machines are exposed to on the internet. This can be drastically minimised by using procedures such as a Perimeter Network, utilizing minimal services and isolating interaction with internal networks. [44]

If the script mappings for Internet Data Administration (.ida) and Internet Data Query (.idq) files do not exist, the bug cannot be exercised.

The compiler or the programmer can prevent buffer overflows by sufficient bounds checking.

Today, the majority of servers operating MS Windows run the 2003 server edition, impregnable against this type of attack. MS Windows 2000 systems are currently being phased out with support already discontinued for MS Windows 95 and 98.

To manually remove CodeRed I, apply the security patch and follow the steps:

Delete the files

C: \ inetpub \ scripts \ root.exe,

C: \ program files \ common files \ system\ msadc \ root.exe,
D: \ inetpub \ scripts\ root.exe,

D: \ program files \ common files \ system \ msadc \ root.exe.

Restart the computer to completely remove the worm. [12]

Manually removing CodeRed II is a more arduous task. The security patch should be applied and the following steps taken:

1. In the running processes, close the current process associated with the dropped Trojan. Norton detects this as Trojan.VirtualRoot.

2. Delete the recently created explorer.exe files including hidden and system files.

3. Delete the 4 files mentioned for removal of CodeRed I if they are present.

4. Using the Computer Manager on the web server, remove the open shares.

Registry Files:

  1. Find the key:HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\W3SVC\Parameters\Virtual Roots CodeRed II created 2 of these values which must be erased.
  2. Select and Delete: /C & /D
  3. Select:

/MSADC & /Scripts

  1. From the current value data, remove 217 and substitute with the value 201. After the system reboots, the proper values are formed.
  2. Choose from:
    • MS Windows 2000 system, proceed to step 6.
    • Not a MS Windows 2000 system, skip to step 9.

6. Find the key:

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ WinLogon

7. Select:

SFCDisable

8. Substitute the integer 0 for the value currently assigned.

9. Exit.

10. Reboot the system to ensure that CodeRed II has been completely erased.

[24]

2.5 Reason why this Malware was unleashed

This author of CodeRed I chose the Whitehouse in order to attack the American Government. In CodeRed II, he punished general society with Chinese systems receiving a greater penalty.

2.6 Profile of the author of this Malware

Many presumed after CodeRed I that the author was Chinese as he left “Hacked By Chinese!” as his signature. However CodeRed II targets Chinese machines vigorously. This would suggest to me that the author is neither Chinese nor American.

2.7 Prosecution against Malware author

The author of Code Red I has never been found and hence has evaded prosecution.

3. Global Economic Consequences as a result of Malware

According to the digital risk management firm, mi2g, the cost of Malware increased to $166bn in 2004. [26] No figures were available for more recent years.

Many corporations, large and small may lose network connections during an infection period. Software would require upgrades, especially if it has been reformatted after an attack. The recovery of data is an expensive process requiring a specialist company. Most forms of Malware consume a portion of bandwidth causing congestion. All time lost must be reallocated resulting in overtime payments or outsourcing. The helpdesk of any organisation would be under tremendous pressure to provide a speedy resolution. From my personal experience during Intra, I was part of the Network Administration Team. Although we were never attacked by a particularly potent form of Malware, the Helpdesk was in charge of the first line of defence against such an attack. All these factors combine to create a loss of productivity and business.

Some organisations in the past have placed rewards for the capture of certain virus authors. In 2003, Microsoft launched a $5 million reward program for this purpose. [27]

According to estimates from Ferris Research, the global cost of spam was €38 billion in 2005, €13 billion alone for US companies. The cost per employee, in time spent checking it, is currently €3,500 per annum. More astonishing is that 98% of fraud scams and security problems originate from junk email. [26]

4. Legal Position on Malware

While the law varies greatly globally, the definition of Malware corresponds universally. The general consensus is that Malware is intrusive, intended to cause harm or is considered criminal activity. In defining these laws, the terminology is crucial.

4.1 Globally

In Asia, there is very little regulation to convict a virus author. Some countries like China and North Korea have censored the internet but this may seem to have exasperated the problem.

In the EU, Technology laws are purposely defined as “technology neutral” meaning it relies on very broad, general definitions. Specific rules would be easier to implement but would become obsolete quickly. If specific definitions were used, it would be easier for developers to side step the laws. [29]

In the USA, there are 3 pieces of legislation covering Spyware. In 2004, Securely Protect Yourself Against Cyber Trespass Act, SPY ACT [33], Software Principles Yielding Better Levels Of Consumer Knowledge Act, SPY BLOCK Act [28] and the Internet Spyware Prevention Act, I-SPY Act [31] were introduced. The principles of these legislations was to prevent the unauthorised transmission of sensitive information and unacknowledged installation of software and access without authorisation.

Regarding Spam, the CAN-SPAM Act and the SPAM Act were set up in the USA and Australia respectively in 2004. [30] The purpose of these bills include being honest and specific in the subject line, providing a valid email address and an unsubscribe option.

In the UK, the Computer Misuse Act, CMA, deals with all forms of Malware. This broad act considers hacking, viruses, unauthorized access to computer systems, materials and modifications to be criminal acts of law. [35]

4.2 Nationally (Ireland)

Ireland does not have any specific laws pertaining to Malware. Similar to the EU and British governments, our laws are broad and can be applied across many technologies. The laws that are relevant to Malware include the following:

The Criminal Damage Act, 1991 decrees that it is an offence to intentionally or recklessly damage computer data and programmes or to threaten or possess anything with the intention of doing so and to access data without authorisation. [36]

The Electronic Commerce Act, 2000 introduced a number of offences relating to the misuse of electronic signatures and such creation devices. [36]

The Criminal Justice Theft & Fraud Offences Act, 2001 declares it an offence to dishonestly operate or cause to be operated a computer with the intention of making a gain for oneself or for another, or of causing loss to another person. [36]

There however some loopholes in our law. Like CodeRed I launched a Denial-of- Service attack on the White House, such an attack is not outlawed here. It cannot be classified as either damage of data or unauthorised access to data as described in the Act. [36]

Adware laws are covered by Advertising laws and so can exploit the laws here.

4.3 Effectiveness of the Law in Malware prevention

As can be seen by the sheer magnitude of Malware protruding into our lives, the law is not very effective in its prevention.

Like CodeRed, very good authors tend to evade prosecution while amateur writers are captured. The authors of the Sasser worm, Blaster worm and Maxwell were all “script kiddies” who were caught. Marc Rogers of the University of Manitoba in Winnipeg, Canada, and a former cyber detective has identified 4 different types of hacker: the old school hackers interested in analysing code, the “Script-Kiddie” category, consisting mainly of young males who download prewritten, scripts intent on vandalising or disrupting systems, the professional criminals, “scammers”, who are like highly organised groups who make a living from breaking into computer systems and selling the information and the final category relates specifically to ‘Virus Writers’ and ‘Coders’ who write the code of the virus but tend not to use it themselves. [37]

From the point of Malware, we must be wary of the Script Kiddies who wish to become notorious. They look at scripting viruses as a creative hobby. They are increasing at a rapid rate.

5. Global anti-virus/worm market

5.1 Current Global Market Value and Future Growth/Annum

The global antivirus market is thriving. Total revenue reached €2.85 billion in 2004, up 36 percent from 2003, market researcher IDC said in December. They forecast this market will grow to nearly 100% more to €5.6 billion in 2009. [16]

For 2006, McAfee, an anti-virus provider filed profits of $35 million, down 9% on the previous year. [38] Total revenue reached $1.06 billion and share prices stand at $29.89. [39] For the same year, Symantec, a larger corporation, generated revenues of $4.14 billion and announced a 5 year revenue growth of 37.16%. However, profits were down 8.8% on the previous year. Share prices are at $17.95. [41] Checkpoint Technologies produced revenues of $575 million compared to $579 million for the year before. Share prices stand at $24.31. [42]

From these figures it can be seen that these companies are extremely profitable. However profits have dwindled since last year. Symantec announced some minor job losses as a result. All companies though, are expecting growths for the coming year. It would appear that the market has stabilized after many years of bumper growths.

5.2 Do you think an Anti-Malware corporation will ever go bankrupt?

None of the companies mentioned filed any debt for the previous year. I do not think that many Anti-Malware corporations will go bankrupt, with the obvious exceptions of bad management. Computers shall become more sophisticated and there shall always be bugs in software, and authors, in good practise release details of these bugs. Hackers exploit these bugs when known and Anti-Malware companies will always be needed to fix this situation. There will always be virus writers trying to gain notoriety.

Consider early January 1992. The media in a hysterical frenzy announced that a virus, Michaelango, was going to wreck havoc at any moment. John McAfee, inventor and CEO of McAfee Antivirus, told journalists that approximately 5 million computers would be affected by this virus, a deadly hard disk erasing strain. This prediction increased sales significantly. This virus did eventually strike only 10,000 computers. Many media members claimed this was due to their reporting.

PC coverage is becoming greater by the day. More systems increase the chances of infection. Most wireless networks are not protected. Currently Dublin City Council have plans to make the city centre a Wi-Fi zone. If not properly secured, the potential for Malware propagation is enormous. Whilst not a major threat presently, the potential of Mobile phone Malware is a threat. These are areas in which antivirus companies could extend into if the situation deteriorates.

The main competitor to antivirus companies is from the open source community which is dealt with in the next section.

5.3 Is non-free, e.g. Norton Internet Security, better than the free, e.g. AVG, anti-virus software and Zonelabs firewall combination?

As a regular user of AVG Free and Spybot for the last 3 years, I can confidently say that free is just as good as non-free for home use. That time has been Malware free. I have recently started using Zonelabs Firewall and can confirm this is an excellent free product. One detraction maybe that there is no support but this is only a minor matter for personal use. It is rumoured that the Norton and McAfee packages have been deconstructed many times by virus writers making them insecure. Open source packages tend to be of a high calibre due to the large amount of programmers, testers and debuggers that are ardent supporters of antivirus packages. All source code is available which allows anyone to edit. Any improvements are generally sent to the authors and which would be incorporated in future updates.

For the corporate sector where revenue depends on the data hosted, a commercial anti-virus is preferred. During my Intra Work Experience, Version 1, my employer choose Sophos due to its online technical support. If they were to choose an open source package, there is no service agreement covering the company in the event of data loss making this a high risk choice. No free anti-virus applications offer this. AVG is not available for commercial use and cannot be installed on servers. There are no free antivirus packages that offer comprehensive support to corporations.

6. Conclusions

This paper covers many aspects of Malware. It is a problem that we all can make a contribution against, even by writing letters highlighting this issue makes a difference.

6.1 Lessons learned

Before undertaking this project, I had a vague idea of the workings behind virus authors, antivirus companies and the laws presiding over such matters. Upon completion I have a much greater understanding of these topics which will endeavour me to be more careful against such Malware. Whilst researching on which virus I would base my study on, I was amazed at the sheer volume of malicious software on the internet. Having a suitable antivirus and firewall is the minimum of my protection needs. I would ensure that any network I am working on be secure against any threats.

Virus authors are extremely intelligent and governments should put incentives in place in which these authors could test their talents. Maybe an online community should be set up where many software problems are posed and these writers could test their skills.

6.2 Threats posed

By April 2006, there were 115,000 known viruses. This number is growing daily. These were all directed at Windows Systems. Any of these computers that are connected facilitate their spread. Using any sort of storage device carries a risk of infection. There are many viruses that are “in the wild” which have not been released. This is sombre message which is the reality of today.

Any device with a programmable operating system is susceptible to Malware. It is written for many reasons with money as the mitigating factor. In the future we can look forward to new forms of Malware, maybe even on our stereo systems!

6.3 Preventive measures you deem necessary to thwart future threats

Microsoft has 90% of the market share in consumer PC’s, Linux and Macintosh own the majority of the remaining 10%. Users of these operating systems experience little or no malware activity. Switching to either of these systems is another option.

When a new patch is released the user should install that patch immediately. All anti-malware applications should have their definition files up to date. This would greatly reduce future threats.

All anti-malware companies should continue in their research preventing future attacks. I feel that a committee should be set up monitoring anti-virus companies and virus writers. Although there is no evidence of collusion between the two, it is in anti-virus companies interests that these writers continue to thrive.

Jonathan Yarden’s article makes many excellent points. It should be noted that in his observations, 90% of people actually contribute to the spread of viruses through their ignorance. [15] Perhaps companies that depend on a virus free environment should offer training towards preventive measures of viruses.

Bibliography:

John Whelan, EE438 Secure Systems Administration and Internetwork Security Course Notes.

References:

1. Symantec, www.symantec.com,12/02/2007

2. McAffee, www.mcaffee.com,12/02/2007

3. CarnegieMellon Software Engineering Institute, www.cert.org,12/02/2007

4. 62nds, http://62nds.com/pg/e90.php,12/02/2007

5. TotallyGeek, http://www.totallygeek.com/vscdb/,12/02/2007

6. Zonelabs, http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads,12/02/2007

7. Grisoft, http://free.grisoft.com/freeweb.php,12/02/2007

8. Symantec, http://www.symantec.com/home_homeoffice/products/category.jsp?pcid=is, 12/02/2007

9. Wikipedia, http://en.wikipedia.org/wiki/Code_Red_worm,12/02/2007

10. Microsoft, http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx,12/02/2007

11. Caida, http://www.caida.org/analysis/security/code-red/coderedv2_analysis.xml,13/02/2007

12. Bullguard, http://www.bullguard.com/antivirus/vit_codered_f.aspx, 13/02/2007

13. Symantec, http://www.symantec.com/security_response/writeup.jsp?docid=2001-080421-3353-99&tabid=2,13/02/2007

14. Wikipedia, http://en.wikipedia.org/wiki/Anti-virus,13/02/2007

15. ZDNet Asia, http://www.zdnetasia.com/techguide/security/0,39044901,39290756,00.htm, 13/02/2007

16. ZDNet.co.uk, http://news.zdnet.com/2100-1009_22-6078249.html,13/02/2007

17. Usa Today, http://www.usatoday.com/tech/columnist/ericjsinrod/2005-02-16-sinrod_x.htm,13/02/2007

18. Apple, http://www.apple.com/getamac/viruses.html,13/02/2007

19. University of Oulu, http://www.ee.oulu.fi/research/ouspg/sage/glossary/, 18/02/2007

20. Wikipedia, http://en.wikipedia.org/wiki/Computer_virus, 18/02/2007

21. Wikipedia, http://en.wikipedia.org/wiki/Computer_worm, 18/02/2007

22. Ars Technica, http://arstechnica.com/articles/paedia/malware.ars, 18/02/2007

23. Wikipedia, http://en.wikipedia.org/wiki/Code_Red_II_%28computer_worm%29, 19/02/2007

24. Symantec, http://www.symantec.com/security_response/writeup.jsp?docid=2001-080421-3353-99&tabid=3, 19/02/2007

25. Vnunet.com, http://www.vnunet.com/articles/print/2126635, 19/02/2007

26. Nomasfraude.com, http://www.nomasfraude.com/com/did_you_know/datos/, 19/02/2007

27. CNN, http://money.cnn.com/2003/11/05/technology/microsoftbounty/index.htm?cnn=yes, 19/02/2007

28. PC World, http://www.pcworld.com/article/id,114999-page,1/article.html, 19/02/2007

29. ZDNet.co.uk, http://news.zdnet.co.uk/itmanagement/0,1000000308,39172719,00.htm, 19/02/2007

30. http://www.oic.org/z/EGS/AVCO/ACLACEC1.htm, 19/02/2007

31. Wilet Rein LLP, http://www.wileyrein.com/publication.cfm?publication_id=12478, 19/02/2007

32. GCN, http://www.gcn.com/online/vol1_no1/25237-1.html, 19/02/2007

33. The Standard, http://www.thestandard.com/internetnews/001318.php, 19/02/2007

34. CRM, http://searchcrm.techtarget.com/sDefinition/0,290660,sid11_gci948840,00.html, 19/02/2007

35. Lancaster University, http://www.lancs.ac.uk/iss/rules/cmisuse.htm, 19/02/2007

36. Kilroys Solicitors, http://www.kilroys.ie/news_ebusiness_archive.html#cybercrime, 19/02/2007

37. Honeynet, http://www.honeynet.ie/articles/PDF2004/2004.02.BlackhatPsychology.pdf, 19/02/2007

38. SeekingAlpha, http://software.seekingalpha.com/article/26524, 20/02/2007

39. Wikipedia, http://en.wikipedia.org/wiki/McAfee, 20/02/2007

40. Wikipedia, http://en.wikipedia.org/wiki/Symantec, 20/02/2007

41. Symantec, http://investor.symantec.com/phoenix.zhtml?c=89422&p=irol-fundSnapshot2, 20/02/2007

42. SeekingAlpha, http://seekingalpha.com/article/25006, 20/02/2007

43. ZDNet.co.uk, http://www.zdnet.com.au/news/security/soa/First_mobile_phone_virus_nears_2nd_birthday/0,130061744,139257470,00.htm, 20/02/2007

44. Wikipedia, http://en.wikipedia.org/wiki/Demilitarized_zone_(computing), 22/02/07

VN:F [1.8.8_1072]
Rating: 0.0/10 (0 votes cast)
VN:F [1.8.8_1072]
Rating: 0 (from 0 votes)