Fandom

The IT Law Wiki

Mobile code

32,196pages on
this wiki
Add New Page
Talk0 Share

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Definitions Edit

Mobile code is

software that is transmitted from a remote system to be executed on a local system, typically without the user's explicit instruction.[1]
software programs or parts of programs obtained from remote information systems, transmitted across a network, and executed on a local information system without explicit installation or execution by the recipient.[2]
[a] program (e.g., script, macro, or other portable instruction) that can be shipped unchanged to a heterogeneous collection of platforms and executed with identical semantics.[3]

Overview Edit

Mobile code has become a popular way of writing programs that can be used by many different operating systems and applications, such as Web browsers and e-mail clients. Although mobile code is typically benign, attackers have learned that malicious mobile code can be an effective way of attacking systems, as well as a good mechanism for transmitting viruses, worms, and Trojan horses to users' workstations.

Malicious mobile code Edit

Malicious mobile code

is software that is transmitted from a remote computer to be run on the local computer for malicious purposes, typically without the user’s explicit instruction or knowledge.[4]

Malicious mobile code differs significantly from viruses and worms in that it does not infect files or attempt to propagate itself. Instead of exploiting particular vulnerabilities, it often affects systems by taking advantage of the default privileges granted to mobile code. Popular languages for malicious mobile code include Java, ActiveX, JavaScript, and VBScript. One of the best-known examples of malicious mobile code is Nimda, which used JavaScript.

Security measures Edit

Applications such as Web browsers and e-mail clients can be configured to permit only the required forms of mobile code (e.g., JavaScript, ActiveX, Java) and to run mobile code only from particular locations (i.e., internal websites only). This can be effective at stopping some instances of malicious mobile code, but may also impact the functionality of benign websites. Web content filtering software can also be deployed to monitor Web-related network activity and block certain types of mobile code from untrusted locations.

References Edit

  1. See NIST Special Publication 800-28.
  2. NIST Special Publication 800-18, at 35.
  3. Framework for Improving Critical Infrastructure Cybersecurity, at 38.
  4. NIST Special Publication 800-69, at 3-22 n.45.

See also Edit

Also on Fandom

Random Wiki