Sign In
Register
Help
Hello,
I am new to the forum but I trust hopefully somebody can help.
I had an exam in college that asked the following question:
A person sends a worm to an unprotected computer, this is an example of....
A) Threat
B) Exploit
C) Vulnerability
D) Threat Agent
I picked Threat and was marked wrong. They said the answer was
Exploit. I was able to successfully argue that it was a threat by stating
that until the worm is executed, it is a threat and would then exploit
the system only if it was successful. Now their argument was by
definition, the internet is a threat and it is up to the user to
protect. Therefore, the worm is designed by nature to be an exploit.
But if we look into that theory, then the internet would become a
threat agent. Whereas a way to deliver all of the above.
Question is....
Am I right with my theory?
Thanks
Bdh734
Page 1 of 1
Security and Theories
MultiQuote
#2
coastie65 
- Moderator
-
- Group: Moderators
- Posts: 10,334
- Joined: 02-April 07
- Location:Richmond Va.
Posted 19 November 2008 - 02:12 PM
Hi and welcome to the forum. Your theory seems sound in my opinion. I agree that the internet would be the threat agent , as the worm is the threat and the internet is the agent or instrument by which the threat is delivered. The exploit comes into play once the threat has been activated. The only analogy I can think of is, If you have a dam with a weakness, but hasn't yet leaked, that is a threat. Once the water has started flowing through the weakness, then it has exploited the weakness in the dam and is now causing damage. I'm glad you were able to sucessfully argue that, as I think you were right. coastie65
#3
mcbarker
- Expert
-
- Group: Members
- Posts: 1,078
- Joined: 10-August 06
- Location:Connecticut, USA
Posted 19 November 2008 - 11:44 PM
Personally, I would have picked "Exploit", since the computer was unprotected, and the person sending the worm was exploiting this lack of security. The worm would have had almost a 100% chance of being effective.
The act of sending the worm to the unprotected computer was more than a threat. Since the computer was unprotected, the worm would certainly be effective, so the act was beyond being a threat. If the word "unprotected" hadn't been in the question, I would have agreed with your argument that "Threat" was a correct answer.
The lack of security in the computer is the "vulnerability", not the act of sending it to the computer, so this one doesn't even come close to being right.
"Threat Agent" would be the worm, a component of the question, which doesn't satisfy all of the conditions of the question, so it's also wrong.
Just my humble opinion... :)
The act of sending the worm to the unprotected computer was more than a threat. Since the computer was unprotected, the worm would certainly be effective, so the act was beyond being a threat. If the word "unprotected" hadn't been in the question, I would have agreed with your argument that "Threat" was a correct answer.
The lack of security in the computer is the "vulnerability", not the act of sending it to the computer, so this one doesn't even come close to being right.
"Threat Agent" would be the worm, a component of the question, which doesn't satisfy all of the conditions of the question, so it's also wrong.
Just my humble opinion... :)
#4
bdh734
- Newbie
-
- Group: Members
- Posts: 2
- Joined: 19-November 08
Posted 20 November 2008 - 06:13 AM
Hello and thanks for the reply.
Let us take this further. Does the person sending the worm know that the computer he/she is sending this to is even unprotected? The question does not say. I can only go by what the question says and can not read anything into it. As I said before, a worm is designed in nature to exploit. If not, then why write the worm. If I start reading stuff into the question, then I say..."What if the computer was a Linux Box" and the computer that sent it was a M$ box. Then we could say that none apply. B-)
Even though they "gave" me the question, they are still vivd that it is an Exploit.
For a worm to sit on my computer is a threat, the act of execution is an exploit.
Let us take this further. Does the person sending the worm know that the computer he/she is sending this to is even unprotected? The question does not say. I can only go by what the question says and can not read anything into it. As I said before, a worm is designed in nature to exploit. If not, then why write the worm. If I start reading stuff into the question, then I say..."What if the computer was a Linux Box" and the computer that sent it was a M$ box. Then we could say that none apply. B-)
Even though they "gave" me the question, they are still vivd that it is an Exploit.
For a worm to sit on my computer is a threat, the act of execution is an exploit.
#5
coastie65
- Moderator
-
- Group: Moderators
- Posts: 10,334
- Joined: 02-April 07
- Location:Richmond Va.
Posted 20 November 2008 - 07:00 AM
No. All they can do is design something that will exploit any known or perceived weaknesses in the security. When "My Doom" came out, there was absolutely no protection for that and it had the Security software people scrambling to come up with something to not only remove it but to protect the system. Essentially, they don't know how how far it will go when they put it out there, as it is a crapshoot. coastie
#6
mcbarker
- Expert
-
- Group: Members
- Posts: 1,078
- Joined: 10-August 06
- Location:Connecticut, USA
Posted 20 November 2008 - 11:54 AM
Hi bdh
That the sender of the worm didn't know that the system in question was vulnerable is irrelevant. The key word in the question is "unprotected", so, no matter which "unprotected" system this worm was sent to, it would exploit that system's vulnerability. However, if the same worm were sent to another system which did have adequate protection, the worm would merely be a threat to that system. The difference is subtle, but relevant.
The word "unprotected" negates the need to read anything into the question, which is quite specific, and a little tricky if answered quickly without much thought.
Also, taking it further and injecting Linux into the equation doesn't change the outcome of the question. Even Linux boxes can be hacked. I have to agree with your professor on this one.
:)
That the sender of the worm didn't know that the system in question was vulnerable is irrelevant. The key word in the question is "unprotected", so, no matter which "unprotected" system this worm was sent to, it would exploit that system's vulnerability. However, if the same worm were sent to another system which did have adequate protection, the worm would merely be a threat to that system. The difference is subtle, but relevant.
The word "unprotected" negates the need to read anything into the question, which is quite specific, and a little tricky if answered quickly without much thought.
Also, taking it further and injecting Linux into the equation doesn't change the outcome of the question. Even Linux boxes can be hacked. I have to agree with your professor on this one.
:)
Page 1 of 1
