If you think that once you have your Internet Security
application in place in your machine and fully updated with the latest malware
definitions, you can be pretty sure that you’re safe, think again! In the
past few days systems at major television stations and large corporations alike
were hit and brought to their knees by a worm — and it could have been
prevented! There’s a lesson here for all of us.
The harbingers of doom talk of the "zero day" threat; do you
know what that is? Is it something you need to worry about? Let’s
take a look.
Think about Windows for a moment. It seems that a lot more
threats are found that affect Windows than other operating systems. Why is
that? It seems that way because there are a lot more copies of Windows out
there than other operating systems (OSs), with a lot more people trying to break
them, and a lot more people trying to protect them. There are those who
will claim that this OS or that is safer than Windows, but a balanced, well
informed look at the real world will tell you that there is no such thing as a
"safe" OS, and that in the end no one is really any "safer" than any other.
There are things, however, that can mitigate the risk.
OK! So now we can assume that our system is threatened.
What’s the threat?
There is a true cat and mouse game being played out in the world
of Internet connected computers On the one side there are people trying to
provide information and services on "server" computers and lots more people
using that information and those services on "client" computers; on the other
side there are those people who have not been able to use their talents for any
constructive purpose and have been reduced to attempting to break down that
which others build.
As people use their computers they will occasionally come across
something that doesn’t quite work as it should. In doing so there is the
possibility that they uncover a flaw that could be exploited by a person with
unsound intent. They have just identified a threat. There are many
who, when they discover such a threat, report it to one or another security
center. These security centers verify the threat and report it to the
software developer who then creates a modification to their code to remove the
danger. There are also people actively looking for these threats, some
trying to identify them before the bad guys do, others are the bad guys.
The nature of the game is for the good guys to try to identify
the threat and create the code correction, known as a patch, and get it out to
all affected computers before the bad guys can identify it and exploit it.
And the race is getting closer and closer.
Of course, the release of a patch also lets the bad guys know
exactly where to look for a hole they can exploit. They will then
rush to create and release an exploit before people apply the patch. The
zero day threat is where a hole is identified and an exploit created and
released before the security centers and software developers can create and
release a patch.
Exploits are often in the form of viruses and worms.
Viruses are pieces of malicious code the replicate themselves and insert
themselves into files and emails to spread themselves around, while worms are
pieces of code that can move themselves around, burrowing, as it were, through
the Internet like a worm burrows through earth. As these exploits appear,
the anti-virus folks create the means to identify and stop the virus or worm.
These are then distributed as "virus definition updates" or "virus signature
updates" or a similar name. Other exploits are hacks that allow an
intruder to get into a computer and take control of it.
Patches are released to prevent the exploit from having an
affect on a computer, virus definition updates are released to identify and
destroy the exploit when it does get in, but before it can do any damage.
To protect your system it is clearly a requirement that your
anti-virus, or Internet security, software and definitions be kept up to date at
all times. It is also equally important that you obtain and install OS and
software patches as soon as they are available. Personally, I leave my
computer on all the time, and check for new updates every night. My
Internet security software makes this very easy as it includes an automatic
update feature, as do all the well known brands of this type of software.
My computer is running Windows XP and Microsoft has made their patch release
mechanism as painless as possible. The latest version of Windows Update
checks for update for all the Microsoft software I have installed, including
Windows itself and the Office. It then downloads and installs those
updates automatically, in the night (about two hours after the time I set for
Internet security updates) and if needed, reboots the computer.
On August 9th Microsoft released a patch for a vulnerability in
Windows 2000. Two days later all the systems I mentioned at the beginning
of this piece, still unpatched, were brought down.
I strongly encourage you to use your automated update features,
keep your security software up to date and keep those patches working for you.