A recent Microsoft patch MS10-015, which requires a reboot to complete the install, is reported to be causing a number of Microsoft servers and workstations to fail to reboot at all; the reboot ends with the infamous “Blue Screen of Death” and renders the system unusable.

Putting aside for a moment that this patch fixes a security hole Microsoft has known about for seventeen years, we think this incident highlights the need for a multi-layered approach to security in the first instance.

Microsoft is claiming that a number of systems experiencing the Blue Screen of Death are doing so because the systems were already compromised. So, right away, that tells you that even applying patches quickly isn’t enough to keep systems safe.

Further, the risk with applying patches immediately when they are released is that you will bork your system. It doesn’t happen often, but when you consider how expensive downtime really is, even once every few years is very expensive. (As I write this post, I see that Microsoft has pulled the patch to avoid borking additional systems.)

Solid network perimeter protection has been a staple of our best practices for years. Smaller clients sometimes balk initially at spending hundreds of dollars for an enterprise-grade firewall, but these devices represent cheap insurance at worst and in many cases generate a positive return on investment.

End-user education and “safe-browsing” policies are also required to avoid security breaches. Malware these days (as we have blogged previously) is increasingly sophisticated and insidious. Firewalls and anti-virus/malware software will always be a few steps behind.

So, when you have good perimeter protection and careful, educated end-users, you have the luxury of time in which to evaluate new patches as they are issued. The benefits are you stay safer all the time, and reduce the risk of borking your production systems.

If you need help with your company’s patch management and security posture, please give us a call at (207) 772-5678.

Hope that helps,
Mark
CIO

The anti-virus software companies have raised the bar by bundling more protections into their traditional anti-virus products, in many cases releasing them as new products: Symantec Endpoint Protection for example has replaced Symantec Anti-Virus Corporate Edition. And although you can still buy products labeled as “anti-virus” from the majors, sales of these limited-use products have declined considerably of late.

As these new protection products have become more complex, sophisticated and bloated, their performance impact on older PCs has become more noticeable. Bargain PCs purchased as recently as two years ago can be too slow to be used efficiently with these full-suite protection products installed. Furthermore, the protection products are by nature always playing “catch-up” with the bad guys, so we have seen some companies forgo desktop protection software altogether in favor of strong network perimeter protection combined with policies limiting Internet access and prohibiting employees from bringing in cdroms, USB drives, outside laptops etc. into the office. (The more powerful servers still have protection software installed however.)

That’s one way to do it, but many companies can’t manage the politics associated with limiting or preventing employees from browsing the Internet. And some companies, like ad agencies and web developers, can’t really be restricted at all.

Further, we have seen a lot of malware that these protection products simply can’t protect against, because the malware looks and acts like legitimate software.

Switching to a Mac or a Linux PC can help, but these devices can become “carriers” for malware, bringing a whole host of new challenges. And most security pundits believe that as Macs and Linux PCs become more popular, it will only be a matter of time before malware for these machines starts appearing as well.

So if these big protection products can’t save us from ourselves reliably, what can be done?

Well, here is our list of the top four ways you can protect yourself.

1. Slow Down! We have seen malware come in via email looking like Hallmark e-cards, IRS W-2 form updates, PayPal and bank account alerts, etc. If a friend’s PC gets an infection, you will get an email from your friend, and the web link or attachment that looks so enticing (if not workplace safe) will be your downfall. So, before you click on anything, take a moment to scan it with your own brainpower and a skeptical eye.

2. Be Careful Where You Stick Your Browser. The San Fransisco bath house analogy notwithstanding, the majority of malware infections these days are installed via a web link. Staying away from those web sites you know you shouldn’t be frequenting anyway is a good start, but keep in mind that malware writers are very clever. They do things like buy ads on legitimate web sites to distribute their wares, so just because you are on cnn.com doesn’t mean you can click anywhere safely 100% of the time. When you get a popup or other prompt to take an action you weren’t expecting, apply Rule #1 and slow down before doing anything.

3. Be Proactive and Scan Your PC. Whether you use malware protection software or not, periodically being proactive and running scans on your PC at least once a month is a good thing. We like Malware Bytes a lot, but our favorite tool de jour is Combo Fix, available as of this writing here. Be careful when you search for these tools; the malware folks have bought look-alike domains and lots of Google AdWords! We have seen several folks with a minor infection wind up with a totally borked workstation because the web link they thought was malware removal software from the good guys was actually more malware from the bad guys. Remember Rules #1 and #2?

4. Keep Your PC Patched. The majority of patches coming out of Microsoft are security, not bug fixes. Making sure your PC is regularly updated is key. If you are running non-Microsoft products, like Adobe Acrobat Reader, Apple’s Quicktime, etc. you want to be sure those products are kept up to date as well. Acrobat products this week are being blasted in the trade press because the Javascript code in the product has been a valuable attack vector for malware developers. Adobe can’t or won’t “fix” this because the same Javascript code is used for filling in PDF forms, and Adobe doesn’t want to hinder that functionality.

So be safe out there! And if you have questions or get yourself in trouble, we are here to help. Don’t send us an infected email though, just give us a call at (207) 772-5678.

All the best,
Mark
CIO