Tuesday, August 16, 2005

Yet Another Worm Attacks Windows

To nobody's surprise, another Internet worm has struck the Windows 2000 and Windows XP operating systems. This variant exploits a security hole in Windows Plug and Play technology causing repetitive system shutdown and reboot sequences. (CNN: Worm strikes down Windows 2000 systems). Microsoft is offering a patch to close the new exposure, and states that only older versions of XP are vulnerable.

The Windows operating systems have long been plagued with security exposures - a trend that continues through the Windows XP line. Similar exposures exist in the Microsoft Office suite where numerous viruses have exploited holes in Internet Explorer and Microsoft Outlook. While Microsoft is quick to release a patch to close the hole - and is often proactive in releasing a patch before a discovered vulnerability is exploited - the question still remains as to the overall security of the Windows operating environment.

A large part of the problem also falls on the apprehension and prosecution of those that write destructive software. Locating the originator of a virus is extremely difficult and the trail often leads to third-world countries with no extradition to the US. Prosecution of the scum that write this software has been largely ineffective.

Given the proliferation of wireless home networks and the relative lack of technical skill on the part of the average user, the situation is bound to get worse. While Microsoft provides a networking wizard to create a home network, no such wizard exists to either automatically enable a relatively secure wireless configuration or to properly educate the novice in what simple steps to take when securing their home LAN. Infiltration of a home network is much easier than most people realize.

As an example, if you're reading this and using a wireless home network, ask yourself four simple questions:
  1. Is your workgroup name still MSHOME? If it is, change it!
  2. Are you using at least WEP 128-bit encryption? If you are not, you should be using that as the bare minimum. It's not the most secure, but it's the method supported by almost all wireless cards and at least protects you against your next door neighbor with a laptop.
  3. Are you broadcasting your SSID? If you are, disable it! No sense making it easier for that next door neighbor!
  4. Are you using MAC Address filtering on your router? If not, enable it. This will at least allow you to control what specific boxes connect to your network.

None of this is foolproof, of course, and there are still more steps you should take. You should be running a firewall, for instance. You should make sure all of your ports are closed. You should make sure file and print sharing are disabled, at least to the outside world. Now, if someone really wants to get into your network, they will. Of course, if someone really wants to break into your house they will. That doesn't mean you leave your door wide open at night, though, right?

On the other hand, you can always hope Microsoft closes all the security holes in all of their software.


1 comment :

Alan Fraser said...

As a Mac user, it's a little sad to see Windows people getting hacked over and over and over but it's also somewhat like seeing the people in the Mississippi flood plain who constantly get flooded out of their homes. What did they expect.