From:         Patrick Douglas Crispen 
Subject:      Tourbus - 24 July 04 - Exploits and Patch Management

TODAY'S TOURBUS TOPIC: HAPPY BIRTHDAY / SEVERE WEATHER

The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
Copyright © Bob Rankin and Patrick Crispen - All rights reserved

TODAY'S TOURBUS TOPIC: Home Computer Security, Part One Exploits and Patch Management

Howdy, y'all, and greetings once again from deep behind the orange curtain in beautiful Irvine, California, the 14th century home of the papacy.

TOURBUS is made possible by the kind support of our sponsors. Please take a moment to visit today's sponsors and thank them for keeping our little bus of Internet happiness on the road week after week.

July has been a particularly bad month for Microsoft Internet Explorer. Hardly a day has gone by without someone frantically proclaiming that you need to stop using Internet Explorer immediately and switch to an alternative web browser like Mozilla or Opera.

I'm not convinced.

Yes, Mozilla Firebadger [or whatever it's being called this week] is a great browser, as is Opera... and Safari... and... In fact, I'm using Mozilla as we speak, although I must admit that I used the Firesomething extension [at http://tinyurl.com/27s28 ] to rename the program "Mozilla Thundersquirrel."

But I'm still not convinced everyone should stop using Internet Explorer. Some people, like me, actually like Internet Explorer. As Fred Langa wrote in his most recent newsletter,

...I do use IE as my main browser. With proper care and feeding (keeping up with security updates, using antivirus and anti- spyware tools, etc.) IE is fine to use.

Fred hit the nail on the head. While Internet Explorer certainly has its share of problems, most of those problems are mitigated through some simple home computer security practices. The real problem here isn't [necessarily] that Internet Explorer is "broken," rather it is that most home computer users haven't the foggiest idea what security practices they need to follow to protect their home computers from outside attack.

So let's change that. Over the next several weeks I am going to show you, step-by-step, how to protect your computer from most types of assaults. We'll talk about patch management, firewalls, antivirus programs, antispyware programs, and whole bunch more. And finally, at the end of all of this, we'll look at other web browsers. The choice of whether or not to keep using Internet Explorer will be completely up to you. But even if you decide to keep using Internet Explorer, your computer is going to be considerably more safe than it is right now.

So, on with the show...

Home Computer Security: Part One Exploits and Patch Management

Until the machines rise up and become Governor of the state of California, software bugs and glitches caused by simple human error will be the norm. Our friends at Wikipedia estimate that Windows XP contains over 40 million lines of source code. Could YOU write that many lines of code and not make a mistake?

Unfortunately, human error in software coding leads to some rather nasty consequences. For example, crackers can write an exploit to take advantage of software bugs or glitches in order to circumvent your computer's security, often without your knowledge.

The truth of the matter is that computer security isn't just a PC-only problem or a Mac-only problem. EVERY operating system and EVERY software application has vulnerabilities, especially when you connect your computer to the Internet. Crackers--people who compromise the security of a computer without your permission--can use these vulnerabilities and your Internet connection to

  • Read or even delete every file on your computer;
  • Infect your computer with a virus;
  • Use your computer to attack another computer; or
  • Do a whole bunch of other nasty things.
  • But there are some simple ways to keep most of the crackers at bay.

    Symptoms of an exploit

    How can you tell if your computer has been exploited? Well, some common symptoms are

  • Your computer spontaneously reboots
  • A lot of stuff on your computer no longer works--for example,
  • try as you might you can't keep your antivirus from automatically disabling

  • Your computer slows to a permanent crawl
  • Your network connection light is blinking so much that you fall
  • to the ground in a seizure

  • You notice new, unknown user accounts on your system
  • You start getting a lot of application and service errors
  • You suddenly run out of disk space
  • Federal agents break down your front door and confiscate your
  • computer

  • Your computer suddenly wants to play "global thermonuclear
  • war"

    Just because your computer has one or more of these symptoms doesn't necessarily mean it has been exploited, though. If your computer suddenly reboots during a thunderstorm, or your network activity light goes supernova while you are illegally downloading the latest album by The Roots, the problem isn't an exploit. It's you.

    Repairing the damage

    If your computer HAS been exploited, or if you fear it's been exploited but aren't quite sure, you need to

    1. Identify the exploit

    2. Close the hole

    3. Fix the damage

    To identify the exploit:

    1. Update your antivirus definitions and scan your entire hard drive. Hopefully your antivirus will be able to figure out what's wrong. If not,

    .2 Update your antispyware definitions and scan your entire hard drive. We'll talk more about antispyware in an upcoming Tourbus post.

    3. Write down the symptoms and search Google, Apple, or the Microsoft Knowledge Base for possible causes and cures. With several hundred million PCs and at least 3 or 4 Macs out there [I'm KIDDING!], chances are you aren't the only person out there having this problem.

    To close the hole, download and apply the appropriate patch from the manufacturer's web site. We'll talk more about that in a bit.

    As for repairing the damage caused by an exploit, this could be as simple as deleting or replacing corrupt data or as complicated as a deep-level format of your hard drive. The path you have to follow to repair your computer depends on the exploit. And, in many cases, you may need to take your computer into the shop to completely repair all of the damage.

    Closing the holes

    Obviously, the BEST way to repair the damage caused by an exploit is to close the holes before they are exploited.

    Fortunately, when a vulnerability is found in your operating system or software applications, the manufacturer of the operating system or software application [eventually/hopefully] releases something called a "patch." A patch is simply a software update meant to fix problems, bugs, or the usability of a previous version of an application. [Source: Wikipedia] Download and install the patch and your computer is [hopefully] no longer susceptible to that particular vulnerability.

    Why are patches so important? When a new patch is released, an unintended consequence is that the bulletin announcing the patch also announces the vulnerability to crackers. Crackers count on the fact that you won't get the patch--your computer will continue to be vulnerable. And the time between bulletin and exploit is shrinking.

    Last January's Slammer worm took advantage of a software vulnerability Microsoft had patched back in July of 2002, 184 days earlier. Last August's Blaster worm used a vulnerability Microsoft had patched 26 days earlier. And April's Sasser worm used a vulnerability Microsoft had patched 17 days earlier.

    Notice a trend? The time between bulletin and exploit is shrinking!

    Creating a patch list

    You can't completely protect your computer from all exploits but you can keep many of them at bay by practicing simple patch management.

    Where do you start? Make a simple, estimated time sheet showing the programs you use each week and how much time you use each program. List EVERYTHING--email client(s), web browsers, chat programs, everything! Don't forget to include your operating system and antivirus which [hopefully] are always running. In fact, you should add those to the top of your list

    Sort your list by hours of use.

    That's your patch list, in order.

    How to patch Windows

    The first thing on your patch list should be your operating system. How do you patch Windows? When Microsoft finds a security hole in Windows or Internet Explorer, they [usually] release a patch called a "Critical Update." Getting these updates couldn't be simpler.

    In Internet Explorer, go to Tools > Windows Update. Click on Scan for updates. Then download and install only the Critical Updates and Service packs.

    That's it. Just make sure to keep running Windows Update until you are told that no more updates are available

    By the way, to see a complete catalog of all Microsoft Critical Updates for Windows 9X and NT, you can also go to http://v4.windowsupdate.microsoft.com/catalog

    How to patch the Apple OS

    I haven't forgotten the Mac users. Apple has its own built-in operating system update tool called "Software Update" Just go to Apple menu > Software Update.

    To get Apple's updates immediately:

    1. Choose System Preferences from the Apple menu.

    2. Choose Software Update from the View menu.

    3. Click Update Now.

    4. In the Software Update window, select the items you want to install, then click Install.

    An important note

    *MANUALLY* run Windows Update or Apple Software Update at least once a week. Your computer should, by default, be set up to automatically connect to Microsoft or Apple over the Internet and check for updates on a regular schedule. That's cool, but also run the update manually just to be safe.

    To patch Microsoft Office

    To patch Microsoft Word, PowerPoint, Excel, Access, Outlook, FrontPage, etc., just hop on over to http://officeupdate.microsoft.com/ and click on "Check for Updates." Have your Office installation CD-ROM nearby in case the update needs to "sniff" the disk.

    Mac users can find patches for the Mac version of Office at http://www.microsoft.com/mac/downloads.aspx

    Patching other programs through "Check for Updates"

    To patch other programs just open the program you want to patch and, under the Help menu, look for "Check for Updates," "Updates," "Check for Upgrade," or something similar. If you're lucky, this will automatically check for and install any software patches you are missing for that program. If you're semi-lucky, this will take you to a web site where you can download the necessary patches. You can then double-click on the downloaded patches to install them.

    Manually patching your software

    If a program's Help menu doesn't have a built-in update feature, choose About [the name of the program] in the Help menu and write down the exact version number of the program. Usually it's an integer and a combination of decimals [like 7.0.1]

    Then go to the software manufacturer's web site and look for "Downloads," "Upgrades," "Support," or something similar. Compare your software's version number to the version number available online. If the decimals of the online version number are larger than yours, download and install the appropriate patch. If the integer [the whole number to the left of the first decimal point] is larger, you'll need to buy a new version of the program.

    Once you've [regularly] patched your operating system and programs you're in the clear, right? Not exactly. You're certainly better protected from exploits than most people, but there's still more you need to do.

    The Internet Tourbus - U.S. Library of Congress ISSN #1094-2239
    Copyright © Bob Rankin and Patrick Crispen - All rights reserved

    And that's what we're going to talk about next week and in the weeks to come.

               .~~~.  ))
     (\__/)  .'     )  ))       Patrick Douglas Crispen
     /o o  \/     .~
    {o_,    \    {              crispen@netsquirrel.com
      / ,  , )    \            http://www.netsquirrel.com/ 
      `~  -' \    } ))    AOL Instant Messenger: Squirrel2K
     _(    (   )_.'
    ---..{____}                  Warning: squirrels.
    

    TOURBUS
    HOME PAGE
    LINUX
    TUTORIAL
    TOURBUS
    ARCHIVES
    Exploits and Patch Management, viruses, hoaxes, urban legends, search engines, cookies, cool sites
    TOURBUS Site Search