I’ve noticed that there’s been a lot of buzz about Windows bracing for a worm attack sometime soon. This one seems like a big one, even the Department of Homeland Security put out a call for all Windows customers to apply this patch. This was the first time the department had computer users to apply a security patch, which has raised some eyebrows over whether it’s just a “scare tactic” to boost approval ratings or not. Regardless of the raised eyebrows and paranoid computer junkies in the tin foil hats, it’s better to be safe than sorry.

There have already been attempts to exploit this vulnerability as a “zero day” attack. Apparently, the exploit affects all versions of the Windows operating system after Windows 2000, a buffer overrun could open up a remote code execution opportunity that could result in a system takeover.

At least one security firm, eEye, is providing a free vulnerability scan to test whether you are at risk or not. So, if you’re running Windows, I would suggest you take advantage of this scan, it’s not like it costs anything.

The US Computer Emergency Readiness Team is working with Microsoft to reduce the problems brought on by this vulnerability and has issued an alert through its National Cyber Alert System and informed federal Chief Information Officers and Chief Information Security Officers. Government agencies have been required to report to the Department of Homeland Security on their patching status as well.

The US Computer Emergency Readiness Team suggests that users have an anti-virus program installed and kept up-to-date and a firewall is deployed and activated. They also recommend that users refrain from opening emails and attachments from unknown sources and warned against opening attachments from trusted sources as well.

Just in case you missed the link at the top, here they are again, plus a few extras.
MS06-040 patch
Retina MS06-040 NetApi32 Scanner from eEye
Zone Alarm free personal firewall by ZoneLabs
AVG Free antivirus by Grisoft
There are plenty more out there that you can find as well, but these are probably the two biggest free products.

Don’t feel more secure just because you paid for your antivirus either, virus creators usually test their viruses against the big name brands, like Trend Micro, McAfee, and Symantec. So the big names are ineffective roughly 80% of the time.

In any case, keep a firewall running, keep your anti-virus up-to-date, and make sure you stay away from any attachment you aren’t expecting. There’s always the option of moving to a Mac, Linux, or, if you’re really paranoid, you could switch to OpenBSD who boasts only one remote hole in the default installation in more than 8 years.

If you liked that, try...

1. Popular Free Windows Antivirus Program Goes Pay-To-Play
2. RSS Feeding Possible Security Hole
3. AVG Removes Critical Windows File
4. AVG Remains Free
5. Microsoft Forcing IE7 Update

No Comments »

No comments yet.

Leave a comment