KEEP THIRD-PARTY PRODUCTS UP-TO-DATE
The other day, I saw a startling statement in a column by Roger Grimes on the InfoWorld Web site – “If computer malware were biological, the world would be in the worst pandemic in history!” Can you imagine that – a pandemic! The article further stated that just in 2009, 25 million distinct malware programs were identified – more than all the malware created since the birth of the computer age – talk about an exponential explosion! I guess recessions tend to bring out the “best” (sic) in people – after all, didn’t the mob scene burst upon this world during the Great Depression? As I have stated before, today’s malware is the product of professional and organized work and in many situations it is slick and sophisticated. Case in point – we have heard of cloud computing; any idea which is the largest cloud computing environment around? Hint – it is not Microsoft, Google or Amazon. If you guessed the Conficker botnet, you guessed right. According to Grimes, this cloud-based network has an estimated over 4.6 million computers infected and attached to it. In fact, some anti-malware vendors project that more than 48 percent of the world’s computers are infected with some form of malware.
So, how does almost half the universe of computers become infected – without our becoming aware of it? Surely our efforts to keep our computer operating systems patched and up-to-date while keeping our anti-malware software current are adequate. Well, yes and no. Our efforts are certainly a step in the right direction and have prevented many 1990s type attacks, however, during the last 10 years, this arena has evolved and malware has found its way on to our machines simply by our visiting corrupted Web pages (hitch-hiking malware) because vulnerabilities on our computers are exploited. Vulnerabilities? How do we still have vulnerabilities when we have kept our machines’ operating system patched and up-to-date? To answer this, one must recognize that we run many other software products on our computers in addition to the operating system. Microsoft Office, Adobe Reader, Media Players and a host of other third-party products. Are we keeping all these other products up-to-date? If not, then we are opening ourselves up to an attack. In fact, according to Danish Security Firm, Secunia, vulnerabilities in third-party software “accounted for a bulk” of the vulnerabilities uncovered during the first half of 2010. Unfortunately, the situation is exacerbated by the fact that many vendors of these products do not offer an automated mechanism for patching and updating the software. Secunia makes available a free tool called the Personal Software Inspector (PSI) for scanning the PC and generating a list of vulnerabilities based on a database of vulnerabilities maintained by the firm. Secunia’s findings are corroborated by similar findings by anti-malware vendors McAfee and Symantec. One third-party product that tends to be called out more often than others is Adobe’s Acrobat Reader – the most widely used product for viewing PDF (Portable Document Format) files. Coincidentally, Adobe issued a critical vulnerability patch for its Acrobat Reader on Aug. 16 – have you applied it yet?
On the different but highly contentious subject of Net Neutrality, there have been significant doings in the past few weeks. First, there was the misdirected effort by the FCC to belatedly rein in the Internet behemoths before they struck a deal to selectively throttle our Internet access and then following the collapse of these “closed door” talks about the “openness” of the Internet (there is irony here), the juggernauts of Internet – Verizon and Google – inking a deal to bypass neutrality on the wireless part of the Internet. It sounds like the battle lines have been drawn and consumer backlash and/or congressional action will be necessary to make matters right again.
Speaking of Congressional action, have you heard of the bipartisan Lieberman-Collins-Carper bill making its way through the Senate? This bill is an attempt by our lawmakers to protect our cyberspace infrastructure as a national asset and aims to make it easier for the administration to respond to cyber-attacks that threaten our national security. However, the bill is meeting opposition from both liberal and conservative groups since it does not appear to be spelling out many specifics and leaving a lot to interpretation. For instance, could the administration interpret an anti-administration movement in a section of the country as a matter of national security and block the Internet in that part of the country? This is not clear. The reason I bring this up here is because the concept of prohibiting selective blocking of traffic on the Internet is what Net Neutrality is all about and it applies to all parties that control the infrastructure and the associated services – whether they be governmental agencies or private businesses. Obviously, this debate has only just started and there is much to be hammered out to ensure that all of our Internet freedoms are duly protected.
Arun Marballi has worked in the Information Technology arena for more than 20 years with extensive experience in software development, process design and network/workstation management. For comments, questions, tips or suggestions, e-mail [email protected].