LOS ANGELES, CA. (April 17, 2007)
Recent newsmaker stories regarding Microsoft Windows security highlighted the recurring theme that there are “care and
feeding” issues related to using computers in the dynamic, connected world of the Internet. Just days ago this month,
computer users of home PCs, businesses, and mobile laptop users were affected. In this case, the issue was an animated
cursor (typically, an “.ANI” file) exploit, which abused a Windows feature, and therefore created the issue.
The impact potential was high; if attacked, most recent versions of Windows (2000, XP, 2003, Vista) permitted the bug
to engage “Remote Code Installation and Execution” without the user’s knowledge. Under the right conditions, simply
viewing a baited web page could set into motion the steps to infect the host PC with progressively damaging malfunctioning
software (malware). The malware could take many forms, in a stealth-like fashion, with users unable to detect anything
unusual, which makes this particular infection damaging to Internet coupled PCs. At worst, potentially your PC could
automatically join a network of remotely controlled “zombie” computers, ready to perform additional malicious tasks to
the connected world under remote direction. PCs left powered on for long periods unattended or in “screen saver” mode
could do lots of downstream damage, switching to a more subdued, “light-impact” mode when the unsuspecting user returned
to the PC.
This particular exploit was notable, in that a variant was apparently identified and patched in 2005, with a second
form of the exploit surfacing in December 2006. Further, the typical practice of using firewalls, anti-spyware, and
anti-virus applications would not have prevented infection, leaving many users with a false sense of security, so to
speak. Reportedly, the exploit could happen whether you used Firefox or something other than Internet Explorer 7 under
Windows Vista (in protected mode) to browse the web (though Vista was not totally immune).
The good news- there have been several patch updates from Microsoft to correct this condition on the windows update
website. This real-life technology drama may illuminate a thought in your own situation. Is now maybe a good time to
review my own procedure for ensuring a secured and sound computing environment in my company? Could be; Array Systems
suggests the following basic operational components be included in a security review:
Anti-Virus
Make sure you have recent versions and current definition (signature) updates. There are license fees/renewals with
most products, which should be maintained or checked.
Anti-Spyware
Similar to Anti-Virus in function- ensure updates and versions are current for this tool to be effective. This can
be part of a suite of defense products, all with the intent of providing added protection.
Microsoft Update
A free Microsoft web service that provides direct and concise access to software updates for Microsoft products
(Windows, Office, etc.) You can set manual or automated updates, but you should understand the ramifications of
each method.
Firewall
Hardware firewall devices are preferred, as some software based firewall/Internet security products can be ineffective
for certain environments.
Gateway/Content Filter
Hardware and software based devices which can provide active protection between internal users and the Internet,
and also manage wireless, PDA/mobile users, remote access, etc.
In addition, there are behavioral (human factors) components that should be part of the security review, which do not
involve hardware or software. For example, antivirus experts have noted that perhaps 35-40% of virus definition/signatures
are unavailable on average, due to delays in developing remedies or in detecting new malware exploits. Therefore, the
habits and interaction patterns of users become a vital part of a security protection strategy, which might include:
Email
Don’t open attachments, or click on hyperlinks unless you are sure of the content. This is similar for web links
embedded in email messages, and is independent of whether full-client applications or web-based browsers are used.
Consider when to use email, or revise company policy to standardize its use.
Web browsing
Stay away from unknown websites. Websites are now the most common source of PC infection. (Even the official NFL
SuperBowl website got infected most recently). Spear phishing is particularly harmful in that it targets truly authentic
looking, legitimate websites, using well written grammar and customer data, to lure the user viewing the website into
infection.
Passwords
Maintain established complexity and change frequencies suitable for your environment. Like
keys to locks, passwords are the primary mechanisms for controlling access to networked computers.
Remote access
Consider the method and management of outside access to company infrastructure. Who
is permitted, how, and using what devices may be a part of the design.
Data management
Similar to remote access, consider the data involved. Allow only authenticated access
to critical information, and actively manage where and how information is used if on portable devices or outside systems.
Is internal business data stored permanently on portable devices? Are portable devices/laptops protected?
Security issues related to Windows fall under many names (beyond malware), which specifically equate to hardware,
software, network and user components too numerous (and specialized) to adequately address in this article. Terms
such as IDS (intrusion detection), port attacks, Phishing/Spear phishing, Root kits, Social Engineering, Spam, Spyware,
Trojans, Virus, etc. are but a brief sample list of keywords found on popular web searches. Each has deeper meaning
and implications that can fill entire articles in themselves. Awareness, understanding, acceptance, and change start
the steps toward action in the highly interconnected world of present day secured computing. The fluid, interactive
nature of the Internet will require a progressive response to maintain a trouble-free web experience.
