Technology Trends & Culture - September 5th, 2003
tokyoweekender_WatchGuard Firebox S6

by Nichiai

No, not the futuristic hand-held weapon in “Star Wars,”but a here-and-now menace, and a taste of things to come.

So what was this all about? And, perhaps more importantly, what can you do to protect yourself against similar attacks in the future?

The Blaster evolution in brief

❖ A vulnerability was dis­covered in the DCOM RPC of Windows 2000 and XP.
❖ The race began for Microsoft to provide a patch and for “others” to attack the vulnerability.
❖ Microsoft released a patch.
❖ The MS Blaster worm reared its head, exploiting the vulner­ability using TCP port 135.
❖ Lots of people didn’t apply the patch in time and were subject to the joys of infection.

With a lot of security vulner­abilities, Microsoft develops and releases a patch rapidly. However, busy system administrators and uniformed home users often don’t get around to applying the patch in time. This was the case with the MS Blaster worm.

Microsoft is considering several ways to tighten its secu­rity in the wake of worms such as MS Blaster, one potential measure being to make patches compulsory for users. The next consumer-focused version of Windows due out in late 2004 automatically install patches  on a PC. Also, in an attempt to tighten up security for the oper­ating systems already in use, future service packs may also make patches mandatory.

Interestingly, anyone with a tightly configured firewall should have managed to avoid the Blaster worm. Most home users got “blasted” because Microsoft networking was enabled on their PCs – normally something that should only be activated in a secure Local Area Network environment, and which is used for file sharing among users. Windows XP also has a very simple firewall capa­bility that is not enabled by default but, when activated, pro­vides a basic level of protection.

For serious home or small office Internet users wanting protection against such threats in the future, a good way to step up security is to install a SOHO firewall device, such as the WatchGuard Firebox S6 (see photo). A well-configured fire­wall will deny externally originating data or access from out­side, unless it is set up in the firewall configuration.

R.R.P. in Japan for the Firebox S6 is ¥98,000 but Nichiai will offer a good deal to Weekender readers (for further details please feel free to contact Isao Groves at isaog@nichiai.com). Forgive the Nichiai plug…you might like to know where to get good English-language security advice!

A firewall device has many advantages over PC-based soft­ware solutions. For example, your PC’s resources are not tied up protecting itself, detracting from performance. In addition, a firewall device is designed specifically to provide protec­tion – you don’t use a spoon with a sharp edge to peel a pota­to – you use a potato peeler.

The second contender

Hot on the heels of MS Blaster in the race to disrupt our computing lives was Nachi, a worm actually designed to combat the negative effects of the MS Blaster worm – it had auto-patching functionality. Did it help? Quite the contrary: it caused havoc by overloading connection resources trying to auto-patch lots of infected computers.

As if two wasn’t enough

The next installment in the series of technical nuisances, the latest variation of the Sobig virus (known as Sobig.F/w32.Sobig.F), made a good attempt at keeping our systems down. This virus had a very high distribution rate. One PC we worked on had more than 32 instances of it on Aug. 25!

The outlook

Security experts tell us that MS Blaster, Nachi and Sobig.F are just a taste of things to come. How much of this is hype, and how much is truth?

Unfortunately there seems to be an increase in the frequen­cy of such threats, if only because the hackers of today are more organized. The time it takes for an exploit to be devel­oped, be it a virus, worm or something else, once a vulnera­bility is discovered, is rapidly decreasing. The challenge now goes out to software manufac­turers to stay one step ahead in terms of security.

That’s all fine, but what should I do?

Unfortunately, as of yet, there are no guarantees. At best, anti-virus and firewall solutions reduce the risk of downtime-your PC not work­ing, or worse, being damaged. Is it worth the cost of the insur­ance? We say yes. Also, as with most things, it pays to stay informed. The following is a list of Web sites you can check for good information if you hear of a worm or virus:

Useful Web sites for anti-virus information

❖ www.symantec.com
❖ www.pandasecurity.com
❖ www.mcafee.com
❖ www.trendmicro.com

Useful Web sites for Internet security information

❖ www.iss.net
❖ www.cert.org

For the home user

Remember: it makes sense to apply appropriate patches as they become available.

For the bigger guys (corpo­rate)

To increase your security coverage, consider using an Intrusion Detection System (IDS). ISS has excellent offer­ings and is recognized as the market leader in this field. For further information check out their Web site (listed above) or contact Isao Groves at isaog@nichiai.com.