SECURITY WATCH: Blasting Away
- 21 August, 2003 11:52
I suppose it was only a matter of time before the virus writers delivered such a significant virus as Blaster. Once again the worm exploits a vulnerability in Microsoft Windows operating systems. Like all successful worms, this one uses a number of different tactics to infect the machine. In fact, the only time that the specific vulnerability is exploited is during the initial infection. Once the target machine has been infected, the methods used for transmission and detection of new targets are perfectly reasonable.
It is with alarming and increasing regularity that the news media picks up on significant vulnerability exploitations of the Windows operating system, however despite the impression given, every commercial operating system suffers from numerous vulnerabilities. The Cert advisory centre (www.cert.org) issues security advisories and has many advisories for any network connected operating system, Microsoft is not the only “bad boy” here.
However, Microsoft has been a good corporate citizen in this case. They released a fix for the specific vulnerability back in mid July, they offer free patches and free patch deployment software as part of their operating system, have released free add-ons for Microsoft Systems Management Server to cover patch management, and opened the door to a number of third-party vendors (BigFix, Shavlik and St Bernard among others) to deliver additional and more feature rich patch management software.
It’s unfortunate if a home user gets infected by something like Blaster. A look at my ADSL connection was showing 15 attempts per second by the virus attacking my system; however my Network Address Translation router and Microsoft Network connection firewall in Windows XP adequately protected my systems from Blaster. Additionally, I keep pretty current in my patch level so wasn’t vulnerable anyway.
However unfortunate this is for a home user, it can be terminal for a corporation. Blaster has affected organisations such as Motor Vehicle Registries, the Federal Reserve, a number of banking institutions, and many government departments worldwide. Yet the solution is glaringly obvious…
If Microsoft or any vendor alerts the wider community to vulnerabilities in their software by releasing a patch, it is only a matter of time (in this case one month), until some piece of software will be written to exploit that vulnerability. In fact, vendor honesty seems to be a part of the problem, creating a vicious circle.
Last Saturday, every copy of the virus still running is programmed to perform a distributed denial of service attack on the Microsoft Windows Update Web site, which will mean people trying to download the fix will be unable to.
Unless security departments realise that the issue of a patch to fix a vulnerability is tantamount to prophecy, organisations will continue to be affected by such incidents. At times like this, blaming the vendor holds scant satisfaction, and they seem to have done the right thing.
Nick Beaugeard has been an IT consultant for the last 12 years, focusing on delivering enterprisewide systems management solutions to large global organizations across four continents. Beaugeard is a principal of the Bellerephon group, an Australian company targeted at delivering end to end systems management solutions to large organisations. He can be reached via e-mail at email@example.com.