| After another security hole recently surfaced in | | | | operate up-to-date anti-virus protection.) |
| Microsoft's Windows operating system, the software | | | | Whenever Microsoft publishes a security update, |
| giant released a patch this past Friday to plug the | | | | especially for a highly publicized and obviously |
| possibly devastating "back door" which allows hackers | | | | widespread security breach, thousands of people will |
| to potentially seize control of any pc running Windows. | | | | not immediately download the update. |
| The latest threat, "Download.Ject," infiltrates computers | | | | In fact, tens-of-thousands of users will not download |
| after users surfing with Microsoft's "Internet Explorer" | | | | these security updates for days, weeks, even months |
| web browser visit websites infected with the virus. | | | | (if ever). |
| This newest security patch covers Windows XP, | | | | So let me ask what seems like a very elementary |
| 2000, and Windows Server 2003. | | | | question: By publishing security updates that point out |
| Several factors make this latest development more | | | | very obvious flaws in their system, doesn't Microsoft |
| disturbing than past discoveries of security problems | | | | also point the way to exactly where the holes exist? |
| with Internet Explorer, currently the most dominant web | | | | Let me put it another way. |
| browser on the market. | | | | Doesn't this rate the same as discovering that the local |
| First, it demonstrates very clearly that criminals | | | | bank vault won't lock and then announcing the details |
| discovered they can use the power of viruses to very | | | | on the front page of the paper along with the dates |
| profitably steal important bank, personal, and credit | | | | and times no bank guard will be on duty? |
| data from people on a large scale. | | | | After all, if tens-of-thousands of users won't |
| Second, it took Microsoft what many would consider a | | | | immediately get the Microsoft Security Patch, don't |
| very long time to come up with a patch for this | | | | those patches show hackers exactly which holes get |
| problem. | | | | plugged (and which, logically, must already be open |
| Before a fix appeared, Microsoft told everyone who | | | | without the patch)? |
| uses Internet Explorer to stick their finger in the dyke | | | | It doesn't take a hacker with more than a basic set of |
| by putting their web browser security settings on high, | | | | skills to recognize where and what holes got fixed and |
| rendering it impossible to view or use features on | | | | then reverse-engineer how they can get into |
| many websites and web-based services. | | | | computers that don't get updated. |
| Third, expect this to happen again as new holes open | | | | Now, do I have a concrete, 100% bullet-proof answer |
| in the future when Microsoft makes Windows more | | | | to this problem? Unfortunately, I don't have more than |
| complicated, adds layers of code, and generally makes | | | | a common- sense answer... |
| the operating system more complex. | | | | At this point, your best defense rates staying current |
| This may sound like business as usual, however, I think | | | | on the latest threats and how to defend against them. |
| this story actually points to a much deeper problem, | | | | Keep your anti-virus software current, your firewall up, |
| one for which I'm not sure a simple solution exists. | | | | and your Windows software updated with the latest |
| Though free and reasonably reliable, many people do | | | | security patches. |
| not automatically update their Windows operating | | | | Though not a perfect solution, at least you'll have a |
| system through the update service on Microsoft's | | | | fighting chance to prevent, or at least minimize, any |
| website. (I won't even get into how many people don't | | | | possible threats. |