Lessons of Conficker: closing the Windows on more malware

by  Alan Zisman (c) 2009 First published in Business in Vancouver April 21-27, 2009; issue 1017

High Tech Office column

As I write, it’s a couple of days past the Conficker worm’s April Fool’s non-event. It was given lots of media attention in the days leading up to April 1 even though it rated hardly any attention earlier in the year when it infested an estimated 10 million to 12 million systems.

These sorts of media firestorms are unfortunate. They drum up fear and hysteria before the fact and, after, when worst-case scenarios don’t occur, they leave many people with an unwarranted sense of invulnerability about real computer-security issues.

Many of those more than 10 million users are still infected with Conficker and security experts are still unclear about what will happen should it be triggered. Moreover, there remain other viruses and worms causing real damage under the radar of mass media attention.

A Windows patch issued by Microsoft back in October 2008 is all that is needed to render a system immune to Conficker. Along with keeping Windows up to date, however, users wanting to stay secure also need to keep their applications and media and browser add-ins patched – vulnerabilities in applications like Word, Excel, PowerPoint and Acrobat (and its free Reader), as well as add-ins like Flash are being increasingly targeted.

Faced with a barrage of update notices, however, it’s too easy to get in the habit of ignoring them.

Worth checking out: Secunia online software inspector (www.secunia.com) – a free, no-installation scan of your computer (Windows only), reporting on missing security patches for Windows and 70 common programs and add-ins. The resulting report links to patches needed to bring your system up to date.

The company also offers a free installable personal software inspector for home users and a corporate (and non-free) version. Both check for far more programs than the online version.

Also left out of most media hype about Conficker prior to April 1: not all computers are equally vulnerable to Conficker and the like. Most malware attacking personal computers remains targeted at Windows users. There are alternatives to Windows, and they are increasingly capable and attractive.

Most users are aware of Apple’s Macintosh platform as a result of the company’s effective “I’m a Mac/I’m a PC” television ad campaign. To “be a Mac” requires buying a new computer. The other alternative – running some flavour of Linux – can be done on your existing hardware. “Being a PC” doesn’t have to mean running Windows.

I’ve been following the progress of Linux for a while. In 1995, (issue 305; August 29-September 4), I noted that it “has been quietly moving from hobbyists to ‘serious’ business use.”

While many network servers are now powered by this free open-source operating system, it’s been slower to gain much popularity as a desktop system. For a long time, users wanting to install Linux had to deal with complex installations, lack of support for common hardware – especially for laptops – and an assumption that users would be comfortable typing complex commands to get their system up and running. Installing applications could be a challenge.

Linux, with a variety of distributions aimed at desktop users, has come a long way. A popular distribution like Ubuntu probably supports a wider range of hardware than, say, Windows Vista. Installation is straightforward and (as with other Linux distributions) includes a set of applications like the OpenOffice office suite and much more.

While the user interface isn’t identical to Windows or the Mac, if you’re used to working with either of those you’ll have no trouble getting used to working in Ubuntu or its other Linux cousins (it’s like switching from a Ford to a Toyota). Applications are easily added using built-in tools to connect to guaranteed safe “repositories.”

Last week, I wrote about my new Dell Mini 9 netbook. I removed Windows XP from it, replacing it with Ubuntu Linux. I don’t miss Windows – or Windows security issues – one bit. •