Sign Up: Free Daily Tech E-letter  
Technology Home
Washtech
Tech Policy
Government IT
Markets
Columnists
Personal Tech
Special Reports
Jobs

Advertisement

Don't Pass on the Patches

Advertisement



_____Recent E-letters_____
Sasser Has Some Nasty Friends (washingtonpost.com, May 12, 2004)
Stopping the 'Sasser' Worm (washingtonpost.com, May 5, 2004)
Maryland Bill Could Make Spammers Crabby (washingtonpost.com, Apr 26, 2004)
Archive
E-Mail This Article
Print This Article
Permission to Republish
Monday, April 19, 2004; 8:54 AM

Microsoft Corp. released a bumper crop of software patches last week to strengthen its products against online attack.

The company released 20 patches in three large bundles, half of which plug holes that, if left untreated, give hackers easy access to your computer.

This is not an idle warning. Hackers work overtime to exploit every vulnerability that Microsoft publicizes, and the time between Microsoft's announcements and the first tools to take advantage of them continues to shrink.

The majority of computer users, meanwhile, don't work hard enough to protect themselves. A patch comes out and gets reported in the media, but many users either don't hear about it or don't download and install it.

That's like playing Russian roulette. In the worst cases, thousands of people fail to patch their systems, and hackers unleash worms and viruses that run rampant through the Internet and make important computer systems go haywire.

Consider the following warning about last week's patches for the Windows operating system, courtesy of the SANS Institute in Bethesda, Md: "We can predict with high confidence that rapidly spreading and potentially damaging malware [Programs designed to exploit known software flaws] will appear in the next few days or weeks."

One of the most serious flaws Microsoft identified last week was similar to one exploited with great success by the "Blaster" worm that emerged last summer to infect hundreds of thousands of PCs just three weeks after Microsoft released a patch to fix the problem.

Another patch released last week mends a security flaw that attackers and Internet worms already are using to seed vulnerable computers with tools that can spy on victims and steal their personal and financial information.

Patches are available for Windows NT 4.0, Windows 98 and newer releases, including Windows Me and XP. If you do not already have Microsoft's Windows Update program configured to download and install security patches as they become available, visit windowsupdate.microsoft.com to let the Web site scan your computer and install updates.

Downloading the latest set of patches from Microsoft is only one step users must take to protect their systems. Computer security experts continue to stress a multi-pronged approach to safe computing that includes these basic steps:

* Use antivirus software and keep it up to date. The $20 it costs to renew an antivirus subscription is small change compared to a computer irrevocably damaged by a worm or virus.

* Install and configure firewall software. Windows XP and new versions of the operating system come equipped with a decent firewall that can keep you protected from most Internet attacks -- but only if it is turned on. For instructions on how to enable Windows's Internet Connection Firewall, check out this page.

Alternatively, consider downloading and/or buying a more robust firewall that can not only keep attackers from finding your PC online, but also keep "spyware" and other invasive programs from using your Internet connection to phone home.

More cybersecurity tips are online here.

-- Brian Krebs, washingtonpost.com Staff Writer


TechNews.com Home

© 2004 Washingtonpost.Newsweek Interactive

Company Postings: Quick Quotes | Tech Almanac
About TechNews.com | Advertising | Contact TechNews.com | Privacy
My Profile | Rights & Permissions | Subscribe to print edition | Syndication