by Nichiai
No, not the futuristic hand-held weapon in “Star Wars,”but a here-and-now menace, and a taste of things to come.
So what was this all about? And, perhaps more importantly, what can you do to protect yourself against similar attacks in the future?
The Blaster evolution in brief
❖ A vulnerability was discovered in the DCOM RPC of Windows 2000 and XP.
❖ The race began for Microsoft to provide a patch and for “others” to attack the vulnerability.
❖ Microsoft released a patch.
❖ The MS Blaster worm reared its head, exploiting the vulnerability using TCP port 135.
❖ Lots of people didn’t apply the patch in time and were subject to the joys of infection.
With a lot of security vulnerabilities, Microsoft develops and releases a patch rapidly. However, busy system administrators and uniformed home users often don’t get around to applying the patch in time. This was the case with the MS Blaster worm.
Microsoft is considering several ways to tighten its security in the wake of worms such as MS Blaster, one potential measure being to make patches compulsory for users. The next consumer-focused version of Windows due out in late 2004 automatically install patches on a PC. Also, in an attempt to tighten up security for the operating systems already in use, future service packs may also make patches mandatory.
Interestingly, anyone with a tightly configured firewall should have managed to avoid the Blaster worm. Most home users got “blasted” because Microsoft networking was enabled on their PCs – normally something that should only be activated in a secure Local Area Network environment, and which is used for file sharing among users. Windows XP also has a very simple firewall capability that is not enabled by default but, when activated, provides a basic level of protection.
For serious home or small office Internet users wanting protection against such threats in the future, a good way to step up security is to install a SOHO firewall device, such as the WatchGuard Firebox S6 (see photo). A well-configured firewall will deny externally originating data or access from outside, unless it is set up in the firewall configuration.
R.R.P. in Japan for the Firebox S6 is ¥98,000 but Nichiai will offer a good deal to Weekender readers (for further details please feel free to contact Isao Groves at [email protected]). Forgive the Nichiai plug…you might like to know where to get good English-language security advice!
A firewall device has many advantages over PC-based software solutions. For example, your PC’s resources are not tied up protecting itself, detracting from performance. In addition, a firewall device is designed specifically to provide protection – you don’t use a spoon with a sharp edge to peel a potato – you use a potato peeler.
The second contender
Hot on the heels of MS Blaster in the race to disrupt our computing lives was Nachi, a worm actually designed to combat the negative effects of the MS Blaster worm – it had auto-patching functionality. Did it help? Quite the contrary: it caused havoc by overloading connection resources trying to auto-patch lots of infected computers.
As if two wasn’t enough
The next installment in the series of technical nuisances, the latest variation of the Sobig virus (known as Sobig.F/w32.Sobig.F), made a good attempt at keeping our systems down. This virus had a very high distribution rate. One PC we worked on had more than 32 instances of it on Aug. 25!
The outlook
Security experts tell us that MS Blaster, Nachi and Sobig.F are just a taste of things to come. How much of this is hype, and how much is truth?
Unfortunately there seems to be an increase in the frequency of such threats, if only because the hackers of today are more organized. The time it takes for an exploit to be developed, be it a virus, worm or something else, once a vulnerability is discovered, is rapidly decreasing. The challenge now goes out to software manufacturers to stay one step ahead in terms of security.
That’s all fine, but what should I do?
Unfortunately, as of yet, there are no guarantees. At best, anti-virus and firewall solutions reduce the risk of downtime-your PC not working, or worse, being damaged. Is it worth the cost of the insurance? We say yes. Also, as with most things, it pays to stay informed. The following is a list of Web sites you can check for good information if you hear of a worm or virus:
Useful Web sites for anti-virus information
❖ www.symantec.com
❖ www.pandasecurity.com
❖ www.mcafee.com
❖ www.trendmicro.com
Useful Web sites for Internet security information
For the home user
Remember: it makes sense to apply appropriate patches as they become available.
For the bigger guys (corporate)
To increase your security coverage, consider using an Intrusion Detection System (IDS). ISS has excellent offerings and is recognized as the market leader in this field. For further information check out their Web site (listed above) or contact Isao Groves at [email protected].
