Patchworking

By Vince Barnes

If you think that once you have your Internet Security application in place in your machine and fully updated with the latest malware definitions, you can be pretty sure that you're safe, think again!  In the past few days systems at major television stations and large corporations alike were hit and brought to their knees by a worm -- and it could have been prevented!  There's a lesson here for all of us.

The harbingers of doom talk of the "zero day" threat; do you know what that is?  Is it something you need to worry about?  Let's take a look.

Think about Windows for a moment.  It seems that a lot more threats are found that affect Windows than other operating systems.  Why is that?  It seems that way because there are a lot more copies of Windows out there than other operating systems (OSs), with a lot more people trying to break them, and a lot more people trying to protect them.  There are those who will claim that this OS or that is safer than Windows, but a balanced, well informed look at the real world will tell you that there is no such thing as a "safe" OS, and that in the end no one is really any "safer" than any other.  There are things, however, that can mitigate the risk.

OK! So now we can assume that our system is threatened.  What's the threat?

There is a true cat and mouse game being played out in the world of Internet connected computers  On the one side there are people trying to provide information and services on "server" computers and lots more people using that information and those services on "client" computers; on the other side there are those people who have not been able to use their talents for any constructive purpose and have been reduced to attempting to break down that which others build.

As people use their computers they will occasionally come across something that doesn't quite work as it should.  In doing so there is the possibility that they uncover a flaw that could be exploited by a person with unsound intent.  They have just identified a threat.  There are many who, when they discover such a threat, report it to one or another security center.  These security centers verify the threat and report it to the software developer who then creates a modification to their code to remove the danger.  There are also people actively looking for these threats, some trying to identify them before the bad guys do, others are the bad guys.

The nature of the game is for the good guys to try to identify the threat and create the code correction, known as a patch, and get it out to all affected computers before the bad guys can identify it and exploit it.  And the race is getting closer and closer.

Of course, the release of a patch also lets the bad guys know exactly where to look for a hole they can exploit.   They will then rush to create and release an exploit before people apply the patch.  The zero day threat is where a hole is identified and an exploit created and released before the security centers and software developers can create and release a patch.

Exploits are often in the form of viruses and worms.  Viruses are pieces of malicious code the replicate themselves and insert themselves into files and emails to spread themselves around, while worms are pieces of code that can move themselves around, burrowing, as it were, through the Internet like a worm burrows through earth.  As these exploits appear, the anti-virus folks create the means to identify and stop the virus or worm.  These are then distributed as "virus definition updates" or "virus signature updates" or a similar name.  Other exploits are hacks that allow an intruder to get into a computer and take control of it.

Patches are released to prevent the exploit from having an affect on a computer, virus definition updates are released to identify and destroy the exploit when it does get in, but before it can do any damage.

To protect your system it is clearly a requirement that your anti-virus, or Internet security, software and definitions be kept up to date at all times.  It is also equally important that you obtain and install OS and software patches as soon as they are available.  Personally, I leave my computer on all the time, and check for new updates every night.  My Internet security software makes this very easy as it includes an automatic update feature, as do all the well known brands of this type of software.  My computer is running Windows XP and Microsoft has made their patch release mechanism as painless as possible.  The latest version of Windows Update checks for update for all the Microsoft software I have installed, including Windows itself and the Office.  It then downloads and installs those updates automatically, in the night (about two hours after the time I set for Internet security updates) and if needed, reboots the computer.

On August 9th Microsoft released a patch for a vulnerability in Windows 2000.  Two days later all the systems I mentioned at the beginning of this piece, still unpatched, were brought down.

I strongly encourage you to use your automated update features, keep your security software up to date and keep those patches working for you.

 



Make a Comment

Loading Comments...

  • Web Development Newsletter Signup

    Invalid email
    You have successfuly registered to our newsletter.
  •  
  •  
  •  
Thanks for your registration, follow us on our social networks to keep up-to-date