Ten Ways to Dodge CyberBullets, Part 2

This is the second in a series and is an update to our top 10 things that people can do to protect themselves against malicious activity we provided to our clients two years ago.

2. Catch the patch batch

Keep applications and operating system components up to date with automated updates and patches, and by regularly reviewing the vendors’ product update sections on their web sites.

This point is particularly relevant right now, given the continuing volumes of Conficker that we’re continuing to see. Win32/Conficker is a network worm that propagates by exploiting a vulnerability in the Windows operating system (MS08-67). The vulnerability is present in the RPC subsystem and can be exploited remotely by an attacker. The attacker can perform his attack without valid user credentials it’s important for end users to ensure that their systems are updated with the Microsoft patch, which has been available since the end of October, so as to avoid other threats using the same vulnerability. Information on the vulnerability itself is available at: http://www.microsoft.com/technet/security/Bulletin/ms08-067.mspx.

It’s important to note that it’s possible to avoid most Conficker infection risks generically by practicing “safe hex”. Keep up to date with system patches, disable AutoRun and don’t use unsecured shared folders. In view of all the publicity Conficker has received, and its extensive use of a vulnerability that’s been remediable for so many months, we’d expect Conficker infections to be in decline by now if people were taking these commonsense precautions, but clearly it isn’t happening. Sometimes it seems that the whole world assumes that the only vendor that suffers from vulnerabilities in its operating system and other software is Microsoft. To see how misleading claims like this can be, check out the weekly “Consensus Security Vulnerability Alert” published by SANS (see http://portal.sans.org), which summarizes some of the most important vulnerabilities and exploits identified in the preceding week. Even during a week that includes “Patch Tuesday,” you’ll typically find that problems are flagged with a frightening number of applications from other vendors. Certainly, any system administrator should consider making use of this resource.

At the moment, vulnerabilities in applications are a serious threat (arguably more so than operating system vulnerabilities). Third-party applications are expected to continue to bear the brunt of vulnerability attacks for a good while yet, as security improvements in operating systems will continue to drive vulnerability research to applications like Safari, iTunes, Adobe Flash, Adobe Reader, many IM clients and other applications.

Unfortunately, users are far less savvy about patching third-party applications than they are about patching the operating system. However, this vector will also decline in impact as application vendors learn to tighten their quality control and patching methodologies. Part of this will be driven by adoption of Windows 7. Computers originally sold with Windows XP, with a few exceptions (such as newer netbooks), are beginning to age and will be replaced with PCs that have Windows 7.


About SCB Enterprises
System Solutions and Integration

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: