Growing evidence suggests that a rootkit infection was *one* of the culprits behind last week’s Blue Screen of Death incident that caused countless Windows PCs to lock down after installing several Microsoft security patches. While many follow-up articles have focused on the malware infection that caused the problem, including Robert Westervelt’s SearchSecurity.com article, “Windows blue screen may be result of rootkit infection,” from an endpoint security standpoint, most seem to be missing the point. And that point is even though malware may be causing this problem, rushed patching is a process that can always cause problems.
As I mentioned in last week’s entry, “Latest Microsoft patch illustrates the dilemma and dangers of fire drill patching,” relying on antivirus defenses to protect endpoints ties organizations to fire drill software patching. Reactive software application patching will never provide the level of protection today’s companies need to adequately protect their networks against harmful malware. As Mr. Westervelt goes on to write:
Rootkits are fairly common. They are installed by attackers who first gain access to the machine by exploiting a vulnerability. Once inside, the rootkit is deployed giving the attacker the ability to mask intrusion and gain root or privileged access to the computer. It can also be a package of spyware programs that monitor traffic and record keystrokes. Antivirus vendors typically have trouble detecting rootkits.
What these recent stories point out is that malware infections on these devices only highlights the fact that existing desktop security isn’t working properly. Why else are these companies regularly patching? The desktop security paradigm of antivirus and patching simply isn’t working.
Unfortunately, what we’re seeing is that patching itself is also causing problems with their systems. Organizations are better off focusing on ways to effectively stop Web-malware and malicious code from deploying in the first place than aimlessly reacting to cyber criminals exploiting the known and unknown vulnerabilities within their network. Playing catch up with more patches is not only a losing proposition for IT security professionals, it seems to be compounding the problem.
“What these recent stories point out is that malware infections on these devices only highlights the fact that existing desktop security isn’t working properly. Why else are these companies regularly patching? The desktop security paradigm of antivirus and patching simply isn’t working.”
Agreed. This should be obvious to experts and novices in computer-ese. We’ve all experienced the constant cycle and recycle of endless viral malware attacks “fixed” only temporarily by patches and upgrades. That’s be no true fix at all, has been a real headache for us, is frustrating to say the least, yet has become the status quo because that’s how we thought it was done. I want to see your product on our home computers and small office PC’s, and are looking forward to ditching the old paradigm for the new paradigm of application whitelisting when it becomes available for retail consumers.