Business-like, isn't he?



Business in Vancouver logo

    Virus makers train sights on older applications

    by  Alan Zisman (c) 2008 First published in Business in Vancouver March 11-17, 2008; issue 959

    High Tech Office column

    For years, the techno-hip digerati have derided Windows as a security sinkhole. There’s an urban myth that an unpatched, unprotected Windows system exposed to the Internet would be infected within seven seconds. And certainly, large numbers of Windows system have been infected with viruses, infested with spyware, and clustered into botnets without their owners’ knowledge, thereby spreading spam and malware to other computers.

    And for years, Microsoft has been struggling to make Windows a harder nut to crack.

    While scoffers may disagree, to a large extent they’ve succeeded. Windows now includes a bare-bones firewall and optional anti-spyware software. Internet Explorer warns users before installing potentially risky software. Windows users are strongly encouraged to have “critical updates” downloaded and installed automatically, and most do. Vista goes a step further: the same user account control feature that nags users too frequently also ensures that software won’t be stealth-installed.

    One sign that the Windows operating system has toughened up is that malware authors are looking elsewhere for ways to work their evil.

    No, not to Mac or Linux systems. These remain more difficult targets than Windows.

    Instead, applications have increasingly become targeted. While Windows often has the latest security patches installed, users are still often running older, unpatched versions of applications. And even though some applications are set to automatically check for updates, it’s too easy to ignore the notice that updates are available.

    Nearly all of us have Adobe Reader (or Acrobat) installed to read PDF files. Early in February, Adobe patched a security hole in which malicious banner ads had been used to pass on an infected PDF document, which installed the Zonebac Trojan, turning off antivirus software, altering search results and more. Adobe’s Acrobat 8.12 Acrobat ended this vulnerability for users of the current version but not for users still using Acrobat or Adobe Reader versions 7 or earlier, though the company is promising a fix for version 7 users.

    Apple’s Quicktime is almost as widely used as Adobe Acrobat. It’s installed both on its own and as a component of the iTunes software used with iPods and iPhones. Apple has been forced to repeatedly update Quicktime as a variety of security holes have surfaced – 34 times in 2007 alone. Only a week after Quicktime’s 7.4.1 was released February 6, details were posted of yet another potential flaw. This was in a Quicktime-based ActiveX control, meaning that only Windows Internet Explorer users are potentially at risk. Security company Symantec warned that typically, Quicktime vulnerabilities are quick to be “actively exploited.”

    Another ActiveX vulnerability recently surfaced in a plug-in popular with members of the Facebook and MySpace social networking websites. As a result, the U.S. Computer Emergency Readiness Team (US-CERT) is recommending that Internet Explorer users disable all ActiveX controls.

    While Microsoft’s low-end Works application suite isn’t as widely used, it is often pre-installed on budget systems sold to home and small-business users. A potentially dangerous flaw in that program’s software to convert Works WPS-format word processor files to RTF format also popped up in February.

    Don’t use Works? You should still worry. Microsoft Office 2003 uses the same flawed code to convert Works files.

    Applications are not the only security risks. Networked printers, scanners, and copiers are sophisticated computers in their own right.

    They come complete with CPU, RAM, and hard drives and sometimes even run their own mini web servers. As such, they’re potentially vulnerable to attacks, perhaps stealing stored documents or even network passwords. Recognizing this, Xerox has started releasing security patches for their product line.
    And while keeping Windows, your applications, and now even your printers up to date is an important step toward security, F-Secure is warning of at least one bogus Microsoft update site. Clicking on that site’s update button downloads a Trojan-installing file. •

Alan Zisman is a Vancouver educator, writer, and computer specialist. He can be reached at E-mail Alan
Search WWW Search