Microsoft's biggest Patch Tuesday ever is October 12th, and if you don't pay attention, you just might get hacked.
For the last seven years, Microsoft has issued its security fixes on the second Tuesday of every month - i.e., Patch Tuesday. This day is an important one for Microsoft users, as the software is often criticized for being buggy and insecure. In the latest patch, Microsoft is fixing 49 vulnerabilities, including four critical, 10 important and two moderate fixes.
But here is the problem: The day after Patch Tuesday is known in the hacker community as "Hack Wednesday."
Here's why. As soon as Microsoft releases its patches, hackers scramble to reverse engineer them. Huh? That's right - although Microsoft has already found the problems and fixed them, the patches still have to be downloaded by you - the user. Until you do, the Microsoft security update is essentially a treasure map for hackers. These online criminals know that a lot of users don't bother to install their updates right away - so for these people, the security fixes actually work against them.
Bottom line: If you're not one of those proactive consumers who pays close attention to security news and is diligent about installing the latest Microsoft patches (and then waiting for your computer to restart), come Wednesday, you're going find yourself a big fat target for hackers.
In a way, poor Microsoft is damned if they do, damned if they don't. The same goes for the users of its products. So what should we do?
- UPDATE Immediately. As soon as Microsoft releases its patches, you have to accept and install them. I know it's a bit of a pain, because you may have to restart your computer, but it is definitely worth it.
- Buy good RELIABLE anti-virus. I realize that in bad economic times, we all want to pinch our pennies. But anti-virus is too important to skimp on. You need to spend a little cash to get yourself good, solid anti-virus - not the ultra-cheap or freeware kind. Real anti-virus that has firewall capabilities, strong analytics and updates automatically. I say "reliable" as there are far too many fakes out there. Ensure that this is a reputed global brand and not a fake anti-virus that will in itself be the "hack."
- Stop using Internet Explorer ... unless you have a very good reason to do so. Switch to another browser like Firefox, Chrome or Opera.
- Don't do stupid things - like open suspicious emails, or, worse, click on the hyperlinks or download the attachments included in suspicious emails.
- Stop having faith in tiny URLs. Social networks are a growing attack vector for hackers - and tiny URLs, which conceal the true destination of the link, are a great asset for these guys.
It probably seems like a lot of work just to protect your computer, doesn't it? That's because it is - we're at the peak of the trend right now. And the steps I listed above won't protect you from everything - it will just improve your security. This problem is only going to get worse over the next few months and years, until the industry is finally able to get serious about "cloud computing" and more progressive anti-virus protection, both of which will take the computer user out of the security equation.
So fear not, computer users - help is on the way. And here's how:
- The Cloud, Baby: In the coming years, get ready for the biggest paradigm shift in computer history - at least since Steve Wozniak and Steve Jobs invented the personal computer in the mid-1970s. Because in a short matter of time computing will move en masse to "the cloud" - i.e., software will be provided and housed on the Internet, instead of on each person's computer. This means that companies like Apple, Microsoft, Google et al will be solely responsible for implementing security for their software - all you'll have to do is trust them.
- A Prophylactic for Your Browser: The IT security industry is also looking at innovative tools like Web "filters" - a prophylactic for your Internet browsing experience that will come between you and the infection. This is a re-thinking of the current anti-virus model: you get infected, anti-virus cures you.
- Hard-Coded Computers: Think of this as a vaccine for your computer or other networked device. Computer scientists are researching ways to hard-code these devices to make them more resistant to infections - particularly of the "zombie-computer," i.e. botnet, variety. In fact, analysts believe that Intel's recent purchase of McAfee for8 billion was to enable the company to make safer, more secure computer chips.
- Crowdsourcing Anti-Virus: McAfee and Norton know when a computer virus like ZeuS is on the rampage - but how about a smaller attack that targets a group on a social network, or maybe the company you work at? Symantec is developing an anti-virus application that utilizes crowdsourcing to help it catch under-the-radar threats.
So help is on the way. But, in the meantime, make sure you add an Outlook calendar alert for Patch Tuesday each month. And if you're reading this on a Mac, don't feel superior. Apple patches are increasingly necessary too.
For more info, go to Microsoft's security page or Apple's security page.
http://pelontorjunta.suntuubi.com/fi/Blogi/#haittaohjelmat
First of all, the best, and default, setting for current users is to have Windows automatically download AND install updates automatically. Most end users haven't had to separately accept the updates for years.
Second, nobody has to buy a commercial antivirus anymore, Microsoft Security Essentials is free, and better yet gets updated right along with all of the other software updates so there is only one unified update.
The bit about Internet Explorer is also a myth from several versions ago. IE is just as good as the others in the current versions. The browser with the most documented vulnerabilities is Safari. Use the browser whose style and UI fit your tastes and keep it updated. Here IE might have a bit of advantage since it gets updated right along with everything else.
The thing that most needs to be emphasized is that the biggest threat to your security is human gullibility. Most of the 'innovation' in hackerdom lately hasn't been in the attacks themselves but in new and creative ways to fool people into installing them. Of the viruses I have had to clean from people's computers lately the most common is one that pretends to warn you that it has found a virus and to click on a button to fix it. Know what your AV messages look like and kill any fake AV warnings.
I suspect we're the chaff in the computer security game, and all of this security talk, for us, is really about separating ourselves from the real targets.
And, if the article above gets it right about "Hack Wednesday," then it would follow that it also separates the men from the boys in hacking. That is, a good criminal network probably doesn't wait for or care about any security patch on Tuesday. Instead, I would imagine they do whatever they do as they do it.
Um Microsoft provides an enterprise class antivirus and antimalware solution for free for home users and small businesses with less than 10 computers. No one home users should BUY or SUBSCRIBE antivirus anymore unless you have a good reason. This is one of the least intrusive, easy to use solutions out there.
I'm a former Microsoft employee.
Open source systems like Linux can call on literally millions of coders all over the planet to deal with vulnerabilities (any nefarious contributor would be discovered very quickly and locked out of the community). This concept, which runs antithetical to traditional corporate thinking, has been a resounding success now for almost 20 years. Linux which started among a few geeks now has grown dramatically and while still tiny compared to M$ is growing faster, particularly in the laptop/netbook market and most especially in the hand-held device market.
http://www.ubuntulinux.org/desktop/get-ubuntu/download
I've been using GNU/Linux operating systems and software for about 17 years. Comparatively, any other OS is little more than an annoying tinker-toy.
Here's a better solution: Use your brain!
So the hackers have a virus that your computer isn't protected against! Oh no! How will they deliver this virus to you if you don't update? UPS?
If you don't go somewhere that will give you a virus, you won't get a virus! It's THAT easy!
My brother-in-law is a perfect example of this type of ignorance. He continues to blame other people for his failure and lack of understanding of owning a computer. So I told him to buy a Mac and he can't stand Apple. Mac's are stupid, he says. Guess what? That's right! He finally bought a Mac after I refused to fix his PC issues because of his ignorance.
Going to legit website site that runs an unpatched MS OS in their backend can potentially infect vistors who come the site.
You are right that many illicit sites have malware, but modern browsers tend to protect from this I. Many cases, but that is not enough because the success rate is not even close to 100%. A good free AV, like Microsoft Security Essentials, plus a modern browser with a patched OS provides the best protection from Remote execution and XSS attacks.
Former MSFT employee.
I have two computers: a stand-alone PC running XP which is not connected to the Internet, and the fine MacBook I'm typing this on. I don't worry about viruses. I purchased my system from a competent supplier, not MicroC**p Corp.
The apps I must run on a Windows platform, I can run without dealing with viruses, upgrades or patches to the defective products that so many of you are tolerating. AutoDesk has not produced a Mac version of my drawing app, for example, so I run their software on an isolated workstation.
As for this Cloud concept . . . in your dreams, sir. I am a professional engineer, and the content of what I design will never be uploaded into a Cloud, at risk to be altered without my knowledge or consent. PE's who must stamp their drawings have enough trouble controlling the content of their work product as it is, without adding this incredible new degree of risk. There are legal ramifications which are not trivial.
They are pushing cloud because they can bill services like utilities on a monthly basis. More long term money to be made.
With its built in securities no virus protection is required.
I can go to known hacker web sites (just for fun) and know I can't be hacked.
Except for playing high end games Linux can do just about everything Windows and Mac can and the look and free of it is far superior (I feel).
It's free and it just works.
Ummmm - can I have some of what you are smoking? Anything can be hacked - even UNIX. Your statements are uninformed and dangerous to people who believe you have a clue.