Rus Articles Journal

What is program bookmarks? Degree of danger and ways of identification

At the moment information is one of the most important values of human society. Information cost considerably surpasses the cost of information systems of its processing and storage. In this regard there is a problem of security of computer systems from information leakage on channels of unauthorized access.

The most convenient, from the point of view of the violator, way of implementation of unauthorized access to information in computer systems is the method of algorithmic and program bookmarks.

An algorithmic bookmark is a deliberate hidden distortion of part of algorithm of the program therefore emergence in a program component of the functions which are not provided by the specification and carried out under certain conditions courses of computing process is possible.

A program bookmark is the functional objects brought in the software which under certain conditions (entrance data) initiate performance of the functions which are not described in documentation allowing to carry out unauthorized impacts on information (State standard specification P 51275 - 99).

Presence of program bookmarks at information systems represents serious potential danger. A typical example of a program bookmark - the destroying software “Trojan Horse“.

Introduction and functioning of a program bookmark in the computer has latent character. Its work can be very versatile, everything depends on the imagination of the programmer writing program “bug“. A program bookmark often carries out a role of an interceptor of passwords or a traffic, serves as the conductor to some viruses. Bookmarks often significantly modify data in information system, up to its destruction.

Program bookmarks are not found standard means of anti-virus control. It is possible to reveal a program bookmark by means of the special test programs available in the specialized companies which are engaged in certification and standardization of the software.

There are qualitative methods of identification of program bookmarks. They are based on supervision over the processes happening in system. Presence of a program bookmark at information system is surely reflected in parameters of the program environment.

Changes in functioning which can be observed during the work of a program bookmark in system can be the following:

1) decline in the performance of the computing system;

2) partial or full blocking of work of system;

3) imitation of physical (hardware) failures of work of computing means and peripheral devices;

4) readdressing of messages;

5) round programmatically - hardware of cryptographic transformation of information;

6) ensuring access in system from unauthorized devices.

Whether it is possible “to insure“ the computer from penetration of program bookmarks? Absolute protection of information system against influence of program bookmarks does not exist.

Introduction of a program bookmark on program Wednesday can incidentally happen: through a network, from the removable carrier and other ways. A program bookmark can be introduced on Wednesday initially, at a software design stage. The bookmarks introduced at a stage of development of the software are not found in general.

However it is possible to reduce risk of penetration of program bookmarks into system. For this purpose it is necessary to establish only the certified software, to forbid automatic updating and installation of files. dll of an unknown origin.

A basic way of protection against penetration of program bookmarks into the computer is installation of monitors of the processes happening in system, scanners at the heart of which instead of the signature analysis mechanisms of semantics and heuristics are used.