Grayware - Vulnerability To Malware

Vulnerability To Malware

In this context, as throughout, it should be borne in mind that the “system” under attack may be of various types, e.g. a single computer and operating system, a network or an application.

Various factors make a system more vulnerable to malware:

• Homogeneity: e.g. when all computers in a network run the same operating system; upon exploiting one, one can exploit them all.
• Weight of numbers: simply because the vast majority of existing malware is written to attack Windows systems, then Windows systems are more vulnerable to succumbing to malware attacks (regardless of the security strengths or weaknesses of Windows itself).

• Security defects: malware exploits security defects in the design of the operating system, in applications (such as browsers), or in (old versions of) browser plugins such as Flash Player or Java. Sometimes even installing new versions of such plugins does not automatically uninstall old versions. Security advisories from such companies announce security-related updates.
• Unconfirmed code: code from a floppy disk, CD-ROM or USB device may be executed without the user’s permission.
• Over-privileged users: some systems allow all users to modify their internal structures. This was the standard operating procedure for early microcomputer and home computer systems, where there was no distinction between an Administrator or root, and a regular user of the system.
• Over-privileged code: some systems allow code executed by a user to access all rights of that user. Also standard operating procedure for early microcomputer and home computer systems.