Like Plugging a Black Hole (or... Patch That Thing!) E-mail

Well, at least the "black hole" in your computer. If you've followed Joe's other articles then you'll know what it means when I say that software "patching" is number four on the list of Joe's big five things you must do to have any hope for an adequately secured computer.Black Hole

Operating system and software vulnerabilities are THE BIG JACKPOT for hackers – because they can use them to get into your computer. Internet “bad guys” are constantly scanning the Internet with freely available tools, just looking for a weak system. Because the task of software patching is endless it does seem a bit like trying to plug a black hole, and I’m betting that when you bought your computer, it's likely no one warned you that it needed frequent security maintenance. It does.

You could compare a software vulnerability to a combination lock that one day the news is out that every one of millions sold was made with several undisclosed, universal combinations. The first one discovered happens to be 25-right, 5-left and 17-right. Yep, that combo will open every one of these locks ever made. Hopefully, the manufacturer will recall or fix all these locks!

Software is “supposed to be” written to be well-behaved with system hardware – CPU, memory and such. The security or "hardness" of software is directly related to the care with which it was written. Specifically, programmers write code in ways that result in how secure a software's code is or is NOT. It also doesn’t help that most modern software has hundreds of thousands or even millions of lines of code that needs to be examined for weaknesses.
Vulnerabilities occur when there is a flaw in software that can be exploited by pushing a chunk of specially crafted data through it. If successful, this results in an infection or worse, a hacker having remote control of the system.

An example of this, which cost more than a BILLION dollars to clean up was the SQL Slammer worm. This worm exploited a weakness in web servers that used Microsoft's SQL Server for their database. Infected servers would scan the Internet for other servers and push out the worm to it – infecting it if it had the vulnerability. Because of this software code weakness, the SQL Slammer worm was able to infect more than 200,000 systems in an extremely short period of time.

So what do you need to patch to stay secure? Pretty much everything:

  • Operating systems: Windows, Linux, Mac OS.
  • Device software: Video card, sound card, printers, etc.
  • Software: Microsoft Office and Adobe Acrobat are biggies, but patch everything!
  • Anti-Virus: Make sure you have the latest engine and signatures for your software.
  • Games, utilities, browser plug-ins.Pirate Eye Patch

A real pain, huh?

The good news is, is that almost all major software has an automatic update feature. This is almost as good as a car that changes its own oil! Set it, use it, but don’t forget it. Like routine maintenance for your car, check that your system is self-patching as it should, AND manually check for updates to other software on your system, that doesn’t self-update. Got software you don’t use anymore? Uninstall it! It just wastes system resources and is one more way your computer could get exploited. So to sum up...

  • Patch Windows.
  • Patch Mac OS X.
  • Patch Linux.
  • Patch hardware drivers.
  • Patch all your software.
  • Patch often.
  • Patch automatically.
  • Patch what’s left manually.

Keep plugging those holes and keep the bad guys out!

 

 

 

 

 
 
Copyright © 2009 Joe's Services. All Rights Reserved.