4.1 Threat exposure

The operating system of a computer is exposed to many exploit vectors. Essentially, almost every means to bring in data can potentially be a threat. This subsection takes a look at these exposures.

• Removable media. This is a classic way to infect a computer. However, the threat can only be realized when a user executes an infected program or accesses an infected file. Although it has never been tried or reported, a potential threat is to malform the file system of the removable media, and trick an operating system to execute malicious code.
• CD/DVD. Although a CD or DVD falls into the category of removable media, they have a special place. This is because CDs and DVDs may include an “autorun” file. This file causes a program to run automatically as soon as a disk is inserted and recognized. This means that a user does not need to actually do anything for a potentially dangerous program to run. Even audio CDs are not exempted from this type of threat.
• Network. This is, by far, the most popular method to attack a computer. This is because the attack can be launched from a distance, and it does not require any distribution of physical media. There is not enough time to discuss all the threats distributed by the internet in an entire class!