After another security hole recently surfaced in Microsoft's Windows operating system, the software giant released a patch this past Friday to plug the possibly devastating "back door" which allows hackers to potentially seize control of any pc running Windows. The latest threat, "Download.Ject," infiltrates computers after users surfing with Microsoft's "Internet Explorer" web browser visit websites infected with the virus. This newest security patch covers Windows XP, 2000, and Windows Server 2003. Several factors make this latest development more disturbing than past discoveries of security problems with Internet Explorer, currently the most dominant web browser on the market. First, it demonstrates very clearly that criminals discovered they can use the power of viruses to very profitably steal important bank, personal, and credit data from people on a large scale. Second, it took Microsoft what many would consider a very long time to come up with a patch for this problem. Before a fix appeared, Microsoft told everyone who uses Internet Explorer to stick their finger in the dyke by putting their web browser security settings on high, rendering it impossible to view or use features on many websites and web-based services. Third, expect this to happen again as new holes open in the future when Microsoft makes Windows more complicated, adds layers of code, and generally makes the operating system more complex. This may sound like business as usual, however, I think this story actually points to a much deeper problem, one for which I'm not sure a simple solution exists. Though free and reasonably reliable, many people do not automatically update their Windows operating system through the update service on Microsoft's website. (I won't even get into how many people don't operate up-to-date anti-virus protection.) Whenever Microsoft publishes a security update, especially for a highly publicized and obviously widespread security breach, thousands of people will not immediately download the update. In fact, tens-of-thousands of users will not download these security updates for days, weeks, even months (if ever). So let me ask what seems like a very elementary question: By publishing security updates that point out very obvious flaws in their system, doesn't Microsoft also point the way to exactly where the holes exist? Let me put it another way. Doesn't this rate the same as discovering that the local bank vault won't lock and then announcing the details on the front page of the paper along with the dates and times no bank guard will be on duty? After all, if tens-of-thousands of users won't immediately get the Microsoft Security Patch, don't those patches show hackers exactly which holes get plugged (and which, logically, must already be open without the patch)? It doesn't take a hacker with more than a basic set of skills to recognize where and what holes got fixed and then reverse-engineer how they can get into computers that don't get updated. Now, do I have a concrete, 100% bullet-proof answer to this problem? Unfortunately, I don't have more than a common- sense answer... At this point, your best defense rates staying current on the latest threats and how to defend against them. Keep your anti-virus software current, your firewall up, and your Windows software updated with the latest security patches. Though not a perfect solution, at least you'll have a fighting chance to prevent, or at least minimize, any possible threats. For more information from Microsoft's website, go here http://www.ebookfire.com/download-ject.html |
