Keep it simple, stupid
Posted on 16 May 2005 at 10:58
Davey Winder looks at cutting the spam reaching his BlackBerry, while thinking about laptop legs and compromising situations
I highlight these particular figures because they suggest that security needs to be taken more seriously to prevent confidential data from being compromised. Indeed, last year I happened to visit the Symantec threat labs in Santa Monica, California, and was told that its 'infection benchmark' time for a sterile PC connected to the Internet without any anti-virus and firewall protection is now just ten minutes. It is not as if I was given privileged information here: although this ten-minute time bomb may shock some, it is fairly common knowledge that unless you take a proactive role in defending your data from attack then it will be compromised sooner. This means not only ensuring that anti-virus, firewall and spyware solutions are up to date, but also that your system OS and application software are. The Java exploit I mentioned earlier was patched and sorted within days by Sun Microsystems, yet I suspect I will be finding non-patched machines that have been infected as a direct result for years to come.
If proof were needed, beyond the state of the computers I come across at prospective client sites across the country when carrying out initial security sweeps, Symantec reports that 'old news' exploits are still causing most problems. There is Slammer (or the Microsoft SQL Server Resolution Service Stack Overflow Attack if we are being formal), still used by 22 per cent of all attackers in the period, and the TCP SYN Flood Denial-of-Service launched by 12 per cent. Yet both are easy enough to close down, so why aren't we doing so? Because the attackers aren't as slow to respond as the attacked: the report reveals that the time between some new vulnerability being disclosed and code being released to exploit it is now just 6.4 days. With some 1,403 new vulnerabilities during that six months, up by 13 per cent, this is a statistic we should all worry about.
At the risk of being greeted by cries of 'now he's spreading the Firefox FUD' (which I most certainly am not), when I say 'all' I mean 'all'. In the last half of 2004, there were 13 new vulnerabilities affecting IE, compared to just six for Opera and - sorry folks - 21 for the Mozilla family. And if you want even more to worry about, the report predicts an increase in both the number and severity of mobile device attacks. It is known that Bluetooth vulnerabilities are being actively researched by those who would do us harm, and smartphone-driven worms will likely not remain the stuff of science-fiction for much longer. Expect to see an increase in client-side attacks that use worms to propagate, along with threats that are hidden inside audio and image content files. As Symantec says, 'this is worrisome because image files are ubiquitous, almost universally trusted, and an integral part of modern day computing.'
Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site
From around the web
advertisement
- Why virtualisation hasn't slowed the growth of data
- How to make Google AdWords work for your business
- The curse of sloppily written software
- Paying for your crimes with Bitcoin
- Behind the scenes: tech support for Formula 1
- The security risk of fat fingers
- Why Windows Phone 7 isn't quite ready for business
- When will Microsoft stop fiddling with Windows 8?
- Flash down the pan?
- Metro Style apps vs desktop applications
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- VeriSign slammed for security breach cover-up
- SAP willing to share HANA with Oracle
- Why using a tablet could harm your health
- New RIM boss: no need for drastic change
- RIM founders fall on their swords
- Slow economy helps boost Red Hat revenue by 23%
- Google+ pages get multiple admins
- One in five companies lack card industry compliance
- Oil industry warns hacking attacks could kill
- British workers fear email monitoring
advertisement

