|
After another security hole
recently surfaced in Microsoft's Windows operating system,
the software giant released a patch this past Friday to
plug the possibly devastating "back door" which
allows hackers to potentially seize control of any pc
running Windows.
The latest threat,
"Download.Ject," infiltrates computers after
users surfing with Microsoft's "Internet
Explorer" web browser visit websites infected with
the virus.
This newest security patch
covers Windows XP, 2000, and Windows Server 2003.
Several factors make this
latest development more disturbing than past discoveries
of security problems with Internet Explorer, currently the
most dominant web browser on the market.
First, it demonstrates very
clearly that criminals discovered they can use the power
of viruses to very profitably steal important bank,
personal, and credit data from people on a large scale.
Second, it took Microsoft
what many would consider a very long time to come up with
a patch for this problem.
Before a fix appeared,
Microsoft told everyone who uses Internet Explorer to
stick their finger in the dyke by putting their web
browser security settings on high, rendering it impossible
to view or use features on many websites and web-based
services.
Third, expect this to
happen again as new holes open in the future when
Microsoft makes Windows more complicated, adds layers of
code, and generally makes the operating system more
complex.
This may sound like
business as usual, however, I think this story actually
points to a much deeper problem, one for which I'm not
sure a simple solution exists.
Though free and reasonably
reliable, many people do not automatically update their
Windows operating system through the update service on
Microsoft's website. (I won't even get into how many
people don't operate up-to-date anti-virus protection.)
Whenever Microsoft
publishes a security update, especially for a highly
publicized and obviously widespread security breach,
thousands of people will not immediately download the
update.
In fact, tens-of-thousands
of users will not download these security updates for
days, weeks, even months (if ever).
So let me ask what seems
like a very elementary question: By publishing security
updates that point out very obvious flaws in their system,
doesn't Microsoft also point the way to exactly where the
holes exist?
Let me put it another way.
Doesn't this rate the same
as discovering that the local bank vault won't lock and
then announcing the details on the front page of the paper
along with the dates and times no bank guard will be on
duty?
After all, if
tens-of-thousands of users won't immediately get the
Microsoft Security Patch, don't those patches show hackers
exactly which holes get plugged (and which, logically,
must already be open without the patch)?
It doesn't take a hacker
with more than a basic set of skills to recognize where
and what holes got fixed and then reverse-engineer how
they can get into computers that don't get updated.
Now, do I have a concrete,
100% bullet-proof answer to this problem? Unfortunately, I
don't have more than a common- sense answer...
At this point, your best
defense rates staying current on the latest threats and
how to defend against them.
Keep your anti-virus
software current, your firewall up, and your Windows
software updated with the latest security patches.
Though not a perfect
solution, at least you'll have a fighting chance to
prevent, or at least minimize, any possible threats.
For more information from
Microsoft's website, go here http://www.ebookfire.com/download-ject.html
|
About
The Author
Jim
Edwards is a syndicated newspaper
columnist and the co-author of an amazing
new ebook that will teach you how to use
free articles to quickly drive thousands
of targeted visitors to your website or
affiliate links... http://www.TurnWordsIntoTraffic.com
© Jim
Edwards - All Rights reserved
http://www.thenetreporter.com |
|
|
