Backdoor Definition

A backdoor (usually written as a single word) is any hidden method for obtaining remote access to a computer or other system.

A backdoor typically works by allowing someone or something with knowledge of it to use a special password(s) and/or other actions to bypass the normal authentication (e.g., user name and password) procedure on a remote machine (i.e., a computer located elsewhere on the Internet or other network) to gain access to the all-powerful root (i.e., administrative) account. It is designed to remain hidden to casual, or even careful, inspection.

Backdoors can be planted into computers in any of several ways. (1) One is by inserting them into the source code of otherwise legitimate software, i.e., an operating systems or an application program. This can be done intentionally by the company that develops the software, by one or more employees of the company without knowledge of the management, or by outsiders who secretly gain access to the software while it is being developed or updated.

(2) A second is through the use of viruses, worms or other malware (i.e., malicious software) that are specifically developed for the purpose of planting backdoors. This malware can gain access to a computer in any of numerous ways, including through the opening of infected e-mail attachments, the downloading of files from the Internet, or merely visiting certain web sites.

(3) A third is by hiding them in an algorithm that is used in programs. An algorithm is a set of unambiguous rules that specify how to solve some problem or perform some task. Algorithms are fundamental to the operation of software, and a single infected algorithm could be used in a number of programs.

(4) A fourth is to modify a compiler so that it recognizes a short segment of code in source code during compilation that causes it to insert a backdoor in the compiled output. A compiler is a specialized computer program that converts source code into machine language so that its instructions can be understood by computers' central processing units (CPUs). This technique can make backdoors particularly difficult to detect because it eliminates the need to place them in the source code or to modify the code after compilation.

It can be very challenging for users to protect their computers from backdoors because of the ease (including the variety of ways) with which they can be inserted and the difficulty of detecting them once they have been inserted. One reason that backdoors can be so difficult to detect is that they can be extremely small, i.e., just a few lines of code in a program that may contain contain millions of lines of code. Moreover, they can be disguised to look like common minor software errors rather than special, malicious code.

One motive for creating backdoors is to covertly obtain information about other individuals, companies, government agencies, etc. Another is to take over computers temporarily in order to use them to secretly and efficiently perform harmful activities such as relaying spam (i.e., unwanted e-mail) and malware and creating denial-of-service (DoS) attacks.

Backdoors are also sometimes inserted by programmers for troubleshooting and for use as an administrative tool. However, this creates the risk of serious consequences for users should other people find out about them.

The most important thing that users can do to minimize the risk of acquiring backdoors is to use free software (also referred to as open source software) rather than commercial software and to carefully follow all the recommended security procedures for it1. This is because it is highly resistant to backdoors. One reason is that the free availability of the source code for free software on the Internet results in its frequent inspection for backdoors and other problems by large numbers of highly motivated programmers around the world.

In contrast, there can be strong incentives for companies developing commercial software to include backdoors in their operating systems and other programs. And even if such companies do not have a policy of inserting backdoors, it can be difficult for them to find backdoors that have been secretly inserted while their programs are under development by individual employees or outsiders. This is because their efforts (which are not always successful) to keep the source code secret restrict its inspection to only a relatively small number of people (i.e., employees who are programmers).

A closely related reason is that the main free operating systems (i.e., Linux and other Unix-like systems) have been built from the ground up with security in mind, rather than having attempts at security added on as an afterthought, as is the case with major commercial operating systems. This makes it much more difficult for computers running such systems to become compromised even if worms or other malware carrying backdoor code manage to break into them.

1Among them are (1) using the firewall which is usually included with Linux and other Unix-like operating systems and using it at the most restrictive practical settings, (2) avoiding routine use of the root account, (3) requiring the use of secure passwords, (4) disabling all unnecessary services and (5) providing appropriate physical security for computers, network components and other hardware.

Created January 9, 2006.
Copyright © 2006 The Linux Information Project. All Rights Reserved.