October 2009 has come and gone and brought many new security stories with it. Trojan horses, botnets, and phishing remain hot topics, but October was dominated by Microsoft when it comes to endpoint security.
- Windows 7 Security is Front and Center – On October 22nd Microsoft Windows 7 officially went on sale and much of the news is concerning it’s improved security. eWeek highlighted the new Windows 7 security features in a recent article. Among the changes highlighted is the new AppLocker capability. I will be writing much more about this feature in the coming weeks, but for this post suffice it to say that they have the right idea with extremely poor execution. AppLocker brings application whitelisting to Windows 7 with some glaring omissions. The first problem, of course, is it only works on Windows 7, and even then only on enterprise editions. Another key problem is the lack of central administration which is the key to successful migration to application whitelisting. As I said, I will be spending much more on this topic in the coming weeks.
- Windows 7 still vulnerable to 80% of viruses – Despite touting Microsoft’s new OS as being much more secure, IT Pro is reporting that Windows 7 is vulnerable to 8 out of 10 viruses that it was exposed to right out of the box without anti-virus. This test was conducted by AV vendor Sophos and included tests of the new User Account Control (UAC) feature and found that it only prevented 2 of the 10 new threats they tested. More than anything this showed Microsoft’s continued reliance on AV vendors to provide security and that is just more of the same problem we have today.
- Microsoft breaks record with largest patch Tuesday ever – Microsoft was cleaning up its zero day threats from September with a record breaking patch Tuesday. Microsoft issued 13 updates, with 8 of them deemed critical in October to fix the recently revealed vulnerabilities that impacted both legacy systems and the new Windows 7 OS.
- The result of the patching? Cleaning up bugs of course – Following it’s large month of patching Microsoft is now cleaning up the bugs with new updates. This is the classic problem with the current patching and signature reliant security paradigm. Patches come out too slow to prevent infections, malware is sophisticated enough to avoid blacklist antivirus solutions, and the patches that are released introduce bugs and potentially disrupt operations.
- President Obama declares October “National Cybersecurity Awareness Month” – Amidst all the security news, U.S. President Obama declared October National Cybersecurity Awareness Month and highlighted the problems created by rampant malware and scammer attacks. His campaign is primarily recognizing our IT infrastructure as a critical national resource and focusing on raising awareness on how individuals and businesses can combat this threat.
- Fake antivirus attacks demand ransom – As if ineffective antivirus weren’t bad enough, PC World is reporting that fake antivirus solutions are out there that will lock up computer files and demand payment to un-quarantine your personal files.
There were many other stories regarding new threats and exploitation of botnets, but the main news from our standpoint is that despite continued efforts to improve a broken system, the fundamental approach toward endpoint security remains flawed and urgently needs to be changed. Microsoft and others are recognizing that application whitelisting will play an increasingly central role in addressing security weaknesses and now the discussion can shift to how that role will most effectively be accomplished.