| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 36845 | 2003-08-21 23:56:00 | Blaster: It Didn't Have to Happen | Babe Ruth (416) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 169404 | 2003-08-21 23:56:00 | Thought I should share this with you all in light of the latest worms/trojans/viruses etc . . . . . . article by Paul Robichaux - an excerpt from Windows & . Net Magazine, and a plug (no pun intended) from Microsoft TechNet . . . enjoy and be informed Cheers, Babe . Blaster: It Didn't Have to Happen For the past few months, I've been writing more hands-on pieces about Exchange Server features and gewgaws . But this week, I'm going back to the land of process and policy . Why? One word: Blaster . There's so much differing information surrounding Microsoft's security policy and the things that you should be doing to protect yourself that I feel duty-bound to add my 2 cents . First, let's talk about the patch . Microsoft released security bulletin 03-026 on July 16 . That means we all had about a month to install the patch before Blaster reared its ugly head . Blaster has the unique and annoying habit of infecting desktop systems as well as servers . Therefore, the people least likely to patch—your grandmother, for example—were at equal risk with patch-savvy administrators at major corporations . Unfortunately, despite Microsoft's educational efforts (for an example, check out TechNet's "5-Minute Security Advisor" columns at the URL below), most home users didn't take any of the steps that could have protected them . They didn't install the patch, they didn't turn on Automatic Update, and they didn't use a firewall . Of course, lots of companies were infected too for exactly the same reasons . I'll get back to these points in a minute . Second, let's talk about the patch gap . The time between the date that Microsoft released the patch closing the vulnerability that Blaster exploits and the date that Blaster was identified in the wild was much shorter than the 6-month gap between the patch that Microsoft issued for the vulnerability that Slammer exploited and that worm's release; in turn, the Slammer-patch gap was shorter than the Nimda- and CodeRed-patch gaps . Clearly, the time interval between identification of a new vulnerability and the release of code that exploits that vulnerability is shrinking . Fearless prediction: Sometime in the next 9 months, we'll see a "0-day" exploit that's released when (or perhaps before) the vulnerability becomes publicly known . At that point, people who haven't protected themselves are going to be in a world of trouble, especially if the attack does something destructive . Is patching alone sufficient? No; to borrow a term from my calculus classes in college, it's "necessary but not sufficient . " Microsoft's Jim Allchin sent out an internal email that encouraged Microsoft employees to help friends and family members secure their machines by following three simple steps . These same steps can be generalized to cover networks of any size . Step 1: Apply patches when they become available . Most users should use the Automatic Updates client, available with Windows Server 2003, Windows XP, and Windows 2000 Service Pack 3 (SP3) and later . Several large Microsoft customers reported stellar results after using Microsoft Systems Management Server (SMS) to patch multiple systems simultaneously-one company patched 96 percent of its machines overnight . (Of course, if the company had applied the patch when it came out instead of waiting, that kind of fire drill wouldn't have been necessary . ) Step 2: Use a firewall . Firewalls protect your network from unwanted inbound traffic, and they can prevent an infected machine from sending packets to other machines on your network . Recently, Microsoft announced that it was going to turn on the XP Internet Connection Firewall (ICF) by default . ICF is a solid, free solution, but others exist, including BlackIce and Norton Internet Security . It doesn't really matter which of these products you use, as long as you use one . Of course, those of you whose networks are protected by corporate firewalls aren't excused from ensuring that the laptops and home machines that connect to your network are protected by some type of firewall software . Step 3: Use antivirus software . Sometimes, despite our best efforts, bad code sneaks in . Using an effective desktop antivirus solution will help clean up the resulting mess . Antivirus software seems to be necessary in inverse proportion to users' sophistication . My theory is that less-sophisticated users are most likely to run unknown programs and to fail to apply necessary patches, both of which increase the risk of infection . These measures seem straightforward enough, but a fourth step is necessary: for IT professionals to take a little responsibility . Is your mom's computer secure? What about the one down in your kids' playroom? How about your nontechnical next-door neighbor's PC? The extra time that you and I take to help secure these systems can benefit all of us by helping to prevent widespread Internet attacks such as Blaster . Now (to paraphrase "The Untouchables")-lets get out there and do some good! (c) 2003 - Windows & . Net Magazine (http://www . winnetmag . com) Microsoft TechNet - 5 Minute Security Advisor ( . microsoft . com/technet/columns/security/5min" target="_blank">www . microsoft . com) |
Babe Ruth (416) | ||
| 169405 | 2003-08-22 01:26:00 | >>for IT professionals to take a little responsibility. Hmmm. Although it would very nice if IT professionals helped out Microsoft to reduce the impact of Internet attacks and visisted friends, neighbours etc. Microsoft are a business, they are responsible for supporting their customers. If they want me to help others, give me some incentive, like some of their billions of dollars. I will give Microsoft my bank account number if they want it :D |
Dolby Digital (160) | ||
| 169406 | 2003-08-22 02:08:00 | Thanks for that BR. I must admit that I am a tad slack in that department. I have my PC patched up but the parents one downstairs doesn't get quite the same amount of attention as mine does. It's also very true in regards to the antivirus issues. |
-=JM=- (16) | ||
| 169407 | 2003-08-22 02:13:00 | just to add to that i saw the other day that TVNZ computers had been infected. if i was them i would be fireing the IT dept. having said that there where several IT staff asking on a sicurity forum what this new code red thing was months after it had come out. even after all the tv/radiio coverage the IT dept still had ever heard about it let alone patched/fixed their servers. makes you wonder how joe blogg is ment to look after their pc if the PRO's can't even do it. i think we are lucky the blaster worm was more of a whitehat "wake me up" worm than a serious damageing worm. |
tweak'e (174) | ||
| 169408 | 2003-08-22 02:18:00 | > > > for IT professionals to take a little > responsibility . > Hmmm . Although it would very nice if IT professionals > helped out Microsoft to reduce the impact of Internet > attacks and visisted friends, neighbours etc . > Microsoft are a business, they are responsible for > supporting their customers . They do support their customers, by releasing these patches . What do you expect them to do? Track down all their customers and patch the computers for them? What other company does that? Mike . |
Mike (15) | ||
| 169409 | 2003-08-22 02:21:00 | I agree . It was a wake up call . I also forgot about my parents and friends (some who did get infected) . After installing, Firewall, Anti-Virus, Spyware Checkers and OS Updates, we need to show them how to keep them up to date or automate those that can be . |
KiwiTT (4082) | ||
| 169410 | 2003-08-22 05:31:00 | >>What do you expect them to do? Yes I expect them to send Bill to every owner of XP and patch it for them :D What I meant was they need to be proactive when a security hole is found and contact their customers as appropriate. Often you learn about these things via the media, not via some Microsoft contact. |
Dolby Digital (160) | ||
| 169411 | 2003-08-22 06:17:00 | Well we are all very fond of knocking the PC Company but when this blaster worm arrived they emailed my father-in-law, who bought a computer off them a couple of years ago, a newsletter about it with idiot-proof step-by-step instructions on what to do . They also provided links to a tool to remove it and another to get the patch . I say full marks to the PC Company for trying to protect its customers, even if my F-i-L still couldn't figure out what to do . Just as well he has Win ME . :p :D |
Susan B (19) | ||
| 169412 | 2003-08-22 06:23:00 | First off: this sort of thing should never happen. Second: I don't trust the latest version of anything, nor do I trust the latest patch. I will not be scared into downloading screeds of patches every five minutes. I want to know what I put on my PC, and why. If they updated firmware on cars, petrol pumps, DVDs, and 747s anywhere near this often I would be very nervous. I am not anti-Microsoft, I just know how good testing is and how reliable programmers are. Third: I think the media has made this sound a lot worse than it really is. (easy for me to say, I never got it). Impact has been pretty light, paranoia unreasonably high. Fourth: Most people at home aren't able to handle their own firewalls or antivirus software. How would they ever stand a chance with this? I've had more problems with people turning on the XP firewall as a result of this than actual Blaster problems. Five: People I know running Windows 98 have really enjoyed watching this play out. That's about it, I suppose. robo. |
robo (205) | ||
| 169413 | 2003-08-22 06:56:00 | My thoughts are similar to robo's. For me, unless the patch fixes something that is overtly wrong with my OS/program, I hold back. Instead I rely on anti-virus, a firewall and hiding behind a properly configured NAT router. I also tend not to use auto complete, save forms info or leave my email addys lying around although the latter is harder to achieve. I've had sp4 for win2k sitting in my computer since it became available, why, because just about every patch or SP has bugs of some description, eg, XP sp1. I adhere to the view that I'll let all the early adopters become my beta testers. I installed it the other day along with a bunch of other patches. No IT admin, with a decent number of machines to look after, and in their right mind, would beta test on their networks. The work involved in patching is too great to want to roll it all back plus having to deal with the heat from lost productivity. That they left their ports exposed is probably less forgivable. Cheers Murray P |
Murray P (44) | ||
| 1 2 | |||||