Peeved

I know that I need to update my anti-virus to stay secure and I understand that it is a critical component of my computer security but I can tell you that it is really pissing me off at the moment.

It seems like every time I turn on my PC and at least once during the day I get this message to update my signatures. By default you don’t usually get these messages as it all happens in the background but because it was happened so often I changed the default to prompt me so I could keep track of what as going on.

So when I booted up this morning I get another update message like so:

As I said initially, I know this is necessary and I’m not picking on any vendor, since I all believe they have the same issues to some extent but it just goes to show how bad things must be out there on the Internet if I’m constantly getting these updates.

Now getting the updates is fine but the way that it bogs down my machine when it applies the updates is infuriating! It isn’t a short period of time while that happens either. It seems to be getting longer and longer. As you can see from the latest update, that’s 2.3MB to be downloaded and installed. What happens to the poor people on slower Internet connections?

It all goes back to my contention that we are losing the battle against the bad guys on the Internet. How many years has it been now and yet it seems that number of vulnerabilities, viruses, trojans, compromises, spam, etc is not only increasing but increasing exponentially. We are building our future on a platform that was never designed to incorporate security, it has simply been ‘tacked on’ later as an after thought. Given that PC’s are now in the hands of people with absolutely no idea about how to stay secure we are increasing our vulnerability everyday. We are creating a larger and large playground for the criminal underworld to flourish.

Articles like “1 in 3 Windows PCs vulnerable to worm attack” and “Downadup worm now infects 1 in 16 PCs says Panda security” further highlight the problems. This doesn’t help either:

The worm exploits a bug in the Windows Server service used in Windows 2000, XP, Vista, Server 2003 and Server 2008.
since it clearly highlights that no matter how much “security” is taken into account with software it is still created by humans (usually under commercial restrains) and can never be perfect. Don’t be under the illusion that vulnerabilities solely exist in Windows, they potentially exist in every piece of software every written. We hear more about their effect on Windows machines because they are most popular. Software developers do create and release patches but not very many people actually apply them, so we have the worst of both worlds.

I must admit that I think it is almost getting to the point where vulnerable machines need to be denied access to the Internet or automatically fixed. That again opens up a whole can or worms in regards to accessing people’s private machine and other software compatibility issues but I think we need to consider what is the greater evil here. If people don’t patch and protect their machines they make the eWorld so much more dangerous and less friendly for everyone.

We live in a strange world where on one hand you need a license to drive a car yet on the other you don’t need one to create another human life. Maybe it is something that is just going to be a fact of life forever now but I can tell you that at the moment it is really pissing me off!

BotNet video

Here’s an interesting video from the BBC Click program about BotNets. It shows how BotNets are used to send spam emails as well as Distributed Denial Of Server (DDOS) attacks.

Also on Click you’ll find “Cyber crime attack from the east” which gives you an idea of the business behind cyber crime.

It is interesting to consider that we are building our ‘new world order’ on technologies that were never designed with security in mind. Likewise, there are so many users out there who have no idea their machines are infected and being controlled by someone else. It is amazing to think that many vulnerabilities used by Botnets exploit bugs that have a patch or update available from the vendor. The problem is too many people are using computers connected to the Internet without understanding the basics. Given the world wide reach of the Internet this causes a huge problem when the power of these infected machines is harnessed into a BotNet.

Interestingly, the BBC seems to have gotten itself into some trouble about what actions it took while performing the demonstrations in its show as detailed in “BBC cyber crime probe backfires”. This relates to the fact that the BBC used user’s computers without their knowledge and also made modifications to their systems, even if it was to warn the use that their PC was infected. This again illustrates why cyber criminals are always going to win. When someone like the BBC does a expose on BotNets it runs the risk of running foul of authorities, yet users who haven’t maintained or secured their systems and connect them to the Internet face no ramifications! In many cases the only way that some people will know they are infected with a trojan acting as part of BotNet if is they are told. While we debate the ethics of alerting users, cyber criminals simply go about their business and infect more machines.

So, watch the video. Make sure you machine is patched and scanned for viruses and spyware. Then make sure you tell other people to do the same, because knowledge is really the only defence we have against BotNets.

Mobile security

Almost everyone these days has a mobile phone. A significant number know what a problem it is if you lose your mobile. Some of these people only now understand how expensive it can also be if someone gets hold of your mobile and starts placing calls to Tibet and Greenland. But consider this, with more and more of our personal information on our mobile devices what security do we have in place to protect that?

Do your emails get delivered to your mobile? Do you have other sensitive information on there (i.e. PIN numbers, passwords)? What about customer information? Stop and have a think about what information your mobile would divulge if it fell into someone else’s hands. Now think about how much damage that information could do both personally and commercially.

Worried? Well you should be. Even the bosses at Telstra get their mobiles stolen and like this story highlights it can represent a huge commercial risk. Not only to you personally but also your customers. If you have a mobile device that holds data that you want to remain private then make sure you secure it. Make sure you know how to prevent it falling into the wrong hands. Many devices these days have the ability to be remotely wiped if needed but also look at things like encryption to protect sensitive data.

As more and more data ends up on mobile devices that get smaller and smaller (read easier to steal), then they become just like the PC on your desk. Now, you wouldn’t want that to fall into the wrong hands would you? So maybe it’s time to look at how secure that little computer you carry around with you everywhere is!

MSRT

When you do a Microsoft Update every month (I hope you do!) then you’ll find that one of the items listed is the Malicious Software Removal Tool (MSRT for short) update. Now for months I’ve simply applied the update as a normal part of the process not even caring what it does.

So I did some research and found that Microsoft actually have a site dedicated to telling you what the MRST is all about. You’ll find it at:

http://www.microsoft.com/security/malwareremove/default.mspx

and as the site says

The Microsoft Windows Malicious Software Removal Tool checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software—including Blaster, Sasser, and Mydoom—and helps remove any infection found. When the detection and removal process is complete, the tool displays a report describing the outcome, including which, if any, malicious software was detected and removed.

Now, it is updated monthly to include checking for all the newest nasties. I’m not quite sure how it exactly works but it sits in the background monitoring for rogue software. If it detects any you are informed at the next login. It is my understanding that the tool actually does a scan once a month when it is updated. More technical information on the tool can be found at:

http://support.microsoft.com/?kbid=890830

You always gotta wonder what something like this is doing sight unseen in your machine. Is it running? Is it doing anything? Well, as it turns out you can run the tool from the command line. Simply press the Start button, select the Run command from the menu and type MRT and press enter. After a few welcome screens you are able to select from a number of scan options.

Select the scan desired and press Next.

When it’s all done you should hopefully see

Now the tool doesn’t replace anti virus/anti spyware software but it is worth ensuring that you update your system every month via Microsoft Update to ensure you get this handy free utility.

Change is bad

So I’ve been looking at IE8 which comes with Windows 7. Now all this is still in beta and may be subject to change but I can’t comprehend why Microsoft has done the following.

To run Windows Update in IE7 in you went Tools | Windows update like so:

But now in IE8 Windows Update doesn’t live under the Tools menu

It live under the safety menu

I’ll tell you one thing, it is changes like these that really confuse and annoy the average user. It may make sense to the programmers in Redmond but to your average IE user it doesn’t. You would also think that to encourage people to run Windows Update you’d leave the option to do so in the same location, but no.

Sure, it may be a small thing but it makes it just that little bit harder and more frustrating for users. That is going to translate into reduced product acceptance and greater frustration, not to mention the extra support. I can just hear the support calls now – “Are you running IE8 or IE7. Ok, is Windows Update under the Tools menu? No? Oh well that means ….”

It really doesn’t make things easier in my books!

Too hard

I’ve been reading the news about the latest worm that has now infected 8.9 million machines. Now if you believe the reports:

“From an estimated 2.4 million infected machines to over 8.9 million during the last four days. That’s just amazing.” – CRN Australia

“It is the most serious large scale worm outbreak we have seen in recent years because of how widespread it is” – CNN

Now how can that be? IT companies spend so much of their time reinforcing to clients that they need to update their machines. Many have already put in place automated patching tools and still the number of infections rises faster than ever before. How can this be? The vulnerability was patched last October by Microsoft yet it goes to show how few systems out there are being patched regularly.

Many would point the finger at home users who rarely update their machines. I must say that I agree with that assessment because most of the students I ask in my IT courses never update their machines. This attitude makes us all vulnerable. Is it their fault for not patching or someone else’s for making it too hard?

Doesn’t it strike anyone else that things are not getting better they appear to be getting worse? For all the banging on IT people do about security each new worm outbreak happens faster every time. How can people have confidence in our connected world if so many machines can be compromised so quickly? Sure, maybe these report are over blown and maybe the infection does do that much ‘damage’ but don’t you get the feeling it is only a matter of time?

Clearly, keeping systems up to date is simply too hard for the vast majority of users. Clearly, the message about IT security is not getting through. Clearly, many people have no idea that their machines have been compromised. Clearly we need to do something. Clearly it seems, everything we have tried so far hasn’t worked! Any ideas?

I thought I had updated

A few days ago, like many IT people worldwide, I received a distressed call from a friend about the recent Microsoft Internet Explorer issue that they had seen all over the media. What did they need to do? I told them that they had to run a Microsoft Update from their browser. Having never done this (first bad sign) I had to given them an idea of what needed to be done. They were much calmer now knowing what make then safe. After not hearing again from them after a few day I assumed all was fine.

I was actually visiting this same friend today so I thought I’d just take a look at their system to ensure that it had been updated. I was amazed to find that the machine was not up to date at all and in fact was still vulnerable. After starting the update process I quizzed my friend as to why they hadn’t updated. Their reply was “I thought I had”.

So what happened? In theory Microsoft Update is only for Microsoft to inform the user about patches that need to be applied to the system. That is UNLESS they haven’t installed Service Pack 3 for Windows XP! If that hasn’t been installed you’ll see a screen like this:

The top option, and the one most likely to be picked by unsuspecting users like my friend, is to install Windows XP Service Pack 3 and no other updates. So what happened is my friend pushed the top button, not reading the actual instructions on the page, as non-computer people do, and merely installed Windows XP Service Pack 3 on their machine and nothing else.

Was their machine still vulnerable? Yes. Were they likely to run another update? Nope. Chalk up another win for the bad guys. This time in my books it really is an own goal on Microsoft’s part. Sure Windows XP Service Pack 3 is important but it isn’t a critical update. Being the first choice on the screen it is what most users (who aren’t computer people) are going to select in their quest to be “safe” given all the hysteria. Microsoft updates should be for critical updates only and if you are going to put a message about a Service Pack make it the second choice. Microsoft, please remember, most people have no idea about technology.

Perhaps I should have told my friend to keep running Microsoft Update until there were no more updates. Perhaps they should have read the update screen more carefully. Maybe, maybe, maybe. Yet it only takes one maybe for an attacker to compromise a system. Once they get control, your only real option is to reformat and reload, today’s malware is just too sophisticated for any cleaning tool to deal with 100% effectively. To guarantee that your system is clean after an infection the only option is a complete reload. Who wants to do that? No-one but the odds are stacked in an attackers favour. Why? You need to defend your system against EVERY threat in Windows, Office, iTunes, Acrobat and piece of software you have installed on your machine. Not just Windows, the lot. An attacker only needs to exploit ONE SUCCESSFULLY and they can have control. So who’s got the better odds? It certainly isn’t you!

It further illustrates to me the divide between those that develop IT systems and those that use them. The void between the level developers believe users are and where they actually are is immense and getting bigger everyday. Wasn’t technology supposed to get easier? The reality is that is only getting easier for attackers to compromise systems. What does that say for a system we put so much faith in these days. Our common technology is built on very shaky ground, very shaky indeed.