Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-33185 | SRG-OS-000194-MOS-000105 | SV-43583r1_rule | Medium |
Description |
---|
A common tactic of malware is to identify the type of malicious code protection software running on the system and deactivate it, which enables subsequent attacks. If malicious code protection is itself protected, then it will prevent a non-privileged user or malicious software from disabling the protection mechanism. Ensuring that any security feature is protected against bypass, tampering, or disablement is best met by a mandatory access control mechanism in the mobile OS. |
STIG | Date |
---|---|
Mobile Operating System Security Requirements Guide | 2013-07-03 |
Check Text ( C-41446r1_chk ) |
---|
Review the system documentation to determine if the malicious code protection capabilities are adequate. In particular, the protection mechanisms must load during the boot process and must not be able to be disabled. Reboot a device and verify the protection mechanisms are active after the boot cycle. Attempt to kill the protection process if it is identifiable. If the reviewer can disable the malicious code protection capabilities, this is a finding. |
Fix Text (F-37086r1_fix) |
---|
Configure the malicious code protection capability so it cannot be circumvented. |