Lessons
of Conficker: closing the Windows on more malware
by
Alan Zisman (c) 2009 First published in
Business
in Vancouver April 21-27, 2009; issue 1017
High Tech Office column
As I write, it’s a couple of days past the Conficker
worm’s April
Fool’s non-event. It was given lots of media attention in the days
leading up to April 1 even though it rated hardly any attention earlier
in the year when it infested an estimated 10 million to 12 million
systems.
These sorts of media firestorms are unfortunate. They
drum up fear
and hysteria before the fact and, after, when worst-case scenarios
don’t occur, they leave many people with an unwarranted sense of
invulnerability about real computer-security issues.
Many of those more than 10 million users are still
infected with
Conficker and security experts are still unclear about what will happen
should it be triggered. Moreover, there remain other viruses and worms
causing real damage under the radar of mass media attention.
A Windows patch issued by Microsoft back in October
2008 is all that
is needed to render a system immune to Conficker. Along with keeping
Windows up to date, however, users wanting to stay secure also need to
keep their applications and media and browser add-ins patched –
vulnerabilities in applications like Word, Excel, PowerPoint and
Acrobat (and its free Reader), as well as add-ins like Flash are being
increasingly targeted.
Faced with a barrage of update notices, however, it’s
too easy to get in the habit of ignoring them.
Worth checking out: Secunia online software inspector
(www.secunia.com) – a free, no-installation scan of your computer
(Windows only), reporting on missing security patches for Windows and
70 common programs and add-ins. The resulting report links to patches
needed to bring your system up to date.
The company also offers a free installable personal
software
inspector for home users and a corporate (and non-free) version. Both
check for far more programs than the online version.
Also left out of most media hype about Conficker prior
to April 1:
not all computers are equally vulnerable to Conficker and the like.
Most malware attacking personal computers remains targeted at Windows
users. There are alternatives to Windows, and they are increasingly
capable and attractive.
Most users are aware of Apple’s Macintosh platform as
a result of
the company’s effective “I’m a Mac/I’m a PC” television ad campaign. To
“be a Mac” requires buying a new computer. The other alternative –
running some flavour of Linux – can be done on your existing hardware.
“Being a PC” doesn’t have to mean running Windows.
I’ve been following the progress of Linux for a while.
In 1995,
(issue 305; August 29-September 4), I noted that it “has been quietly
moving from hobbyists to ‘serious’ business use.”
While many network servers are now powered by this
free open-source
operating system, it’s been slower to gain much popularity as a desktop
system. For a long time, users wanting to install Linux had to deal
with complex installations, lack of support for common hardware –
especially for laptops – and an assumption that users would be
comfortable typing complex commands to get their system up and running.
Installing applications could be a challenge.
Linux, with a variety of distributions aimed at
desktop users, has
come a long way. A popular distribution like Ubuntu probably supports a
wider range of hardware than, say, Windows Vista. Installation is
straightforward and (as with other Linux distributions) includes a set
of applications like the OpenOffice office suite and much more.
While the user interface isn’t identical to Windows or
the Mac, if
you’re used to working with either of those you’ll have no trouble
getting used to working in Ubuntu or its other Linux cousins (it’s like
switching from a Ford to a Toyota). Applications are easily added using
built-in tools to connect to guaranteed safe “repositories.”
Last week, I wrote about my new Dell Mini 9 netbook. I
removed
Windows XP from it, replacing it with Ubuntu Linux. I don’t miss
Windows – or Windows security issues – one bit. •