Growing evidence suggests that a rootkit infection was *one* of the culprits behind last week’s Blue Screen of Death incident that caused countless Windows PCs to lock down after installing several Microsoft security patches. While many follow-up articles have focused on the malware infection that caused the problem, including Robert Westervelt’s SearchSecurity.com article, “Windows blue screen may be result of rootkit infection,” from an endpoint security standpoint, most seem to be missing the point. And that point is even though malware may be causing this problem, rushed patching is a process that can always cause problems. Continue reading this post…
Latest Microsoft patch illustrates the dilemma and dangers of fire drill patching
This week I kicked off our Planet Antivirus challenge with a blog entry highlighting the top 5 failures of antivirus. My fifth point highlighted the fact that relying on antivirus resulted in a reliance on fire drill patching as a result:
Relying on antivirus ties companies to fire drill software patching — The side effect of relying on antivirus to protect endpoints is that companies are now tied to reactive software application patching as well. Because we can’t trust our antivirus software to protect the endpoint, we also must remain constantly aware and vigilant about identifying and fixing vulnerabilities in our applications on the endpoint. The resulting combination of rushed patches and signatures is a significant drain on the human resources of an organization.
It’s rare that such a post has supporting evidence appear just days after it is published, but this week, that is exactly what happened. It was reported this week that a Windows XP security update resulted in the notorious Blue Screen of Death (BSOD), locking up many users’ Windows XP PCs. In the article, “Windows patch cripples XP with blue screen, users claim,” hundreds of Windows users expressed their frustrations on the company’s support forum throughout the week. Continue reading this post…
The top 5 failures of antivirus
I truly believe that 2010 is a turning point in endpoint security. The old antivirus model has reached the end of its practical usefulness and the disadvantages of an approach with a foundation of blacklisting far outweigh its benefits. Operation Aurora and the attacks against major online brands perfectly illustrates the failure of our old paradigm to protect endpoints.
Later this week, we are launching a fun (and funny) awareness campaign, called Planet Antivirus, highlighting the weaknesses of antivirus and focusing on the need to completely rethink our approach to how we defend endpoints. Today I am kicking this campaign off by highlighting the top five failures of antivirus technology: Continue reading this post…
Top Endpoint Security Stories for November 2009
November was a busy month for security stories. The month kicked off with more stories of massive security patches from both Microsoft and Apple leaving me to wonder when the patching madness will ever end. Windows 7 was found to have a flaw that allows denial of service attacks. Internet Explorer v7 (IE7) even made it into the news with the latest vulnerability, but I question efforts to patch an aging application, why not just upgrade or use Firefox? If they aren’t willing to upgrade, do people really think they will patch IE7?
Without further delay, here are the stories that caught my eye in November: Continue reading this post…
Microsoft prepares for biggest patch Tuesday Ever – Endpoint security has never been worse
Tomorrow Microsoft will release an operating system patch that represents the largest number of system fixes in Microsoft history. PCWorld gave the details in a post updated yesterday:
Microsoft says it will deliver its largest-ever number of security updates on Tuesday to fix flaws in every version of Windows, as well as Internet Explorer (IE), Office, SQL Server, important developer tools and the enterprise-grade Forefront Security client software. Continue reading this post…