TCS - Stay Alert with Security Alerts

Stay Alert with Security Alerts

by Ira Wilsker
Golden Triangle PC Club
From the October 2003 issue of the I/O Port Newsletter

Just after a recent edition of the Examiner went to press, I received a critical security alert from Microsoft. This alert, “MS03-039: Security Update for Windows”, warned about a potentially dangerous security hole in many current Microsoft products, and the availability of a patch to secure that hole. As has happened a number of times in the past, it is likely that some evil doer will launch a new virus or worm that can take advantage of the millions of unpatched machines. Despite the fact that Microsoft heavily publicized the release of this patch, and other previous critical alerts, not every effected Windows user keeps his operating system up-to-date. A perfect example of this was the July 16 announcement and release of the “DCOM” patch; users who downloaded and installed the patch were effectively immune from that attack of the Blaster worm, and its cousins. Still, today, there are likely millions of unpatched computers infected with Blaster, and vulnerable to many other viruses and worms that will happily take advantage of that unnecessary vulnerability. Now, as I type this, over a month after the appearance of Blaster, and two months after the release of the patch which would have stopped it, I am still getting calls and emails from users whose computers are infected with the worm. As has been stated several times in this column in the past, it is imperative that Windows users periodically go to windowsupdate.microsoft.com and check for critical updates. Even though many users utilize the integral Windows update function built into many operating systems, it is still necessary to manually check for updates on a regular and frequent basis. Microsoft offers a free email service that will notify subscribers of updates as soon as they become available. A link to the “Microsoft Security Update” email notification, as well as other security and virus alerts, is available on the Microsoft security website at www.microsoft.com/security.

As we have also seen, viruses and worms can appear and spread endemically in a matter of minutes. There have been published estimates that Blaster, Sobig-F, and other recent malware infected millions of computers during their first hours in circulation. Many users, in blissful ignorance, do not update their antivirus software as frequently as necessary, leaving themselves exceptionally vulnerable to the rapid spread of newly appearing viruses and worms. In addition to the need to update antivirus software on at least a daily basis, if not more frequently, users need to be informed as new threats appear. Most of the antivirus software publishers offer a free email alert service with information on newly appearing viruses and worms. In my experience, it is often the smaller, less known companies that are the first to alert about new threats. Panda Antivirus, a Spanish company with US offices, offers both a free “Virus Alert” service, and a daily threat bulletin, “Oxygen3”. These free subscriptions are available on their website at www.pandasoftware.com. Trend Micro, publisher of the popular “Housecall” free online virus scan, has a free alert and “Weekly Virus Report” available on its site, www.trend.com under the “Security Info” tab on its page. Sophos, another excellent but small antivirus publisher, offers an email notification about the latest virus threats and computing emergencies on it site, www.sophos.com, under the heading “Free Virus Info”. The Moscow based Kaspersky Labs, a well respected publisher of antivirus software, spam killing software, and other security products offers a pair of free email alerts for viruses, and other threats. Signup for the Kaspersky alerts is on its site at www.kaspersky.com/subscribenow.html. McAfee, the popular antivirus, firewall, and security software publisher, has a free alert service, “McAfee Dispatch” available at dispatch.mcafee.com. Industry leader, Symantec (Norton), has a newsletter service available at securityresponse.symantec.com/avcenter/newsletter.html. This Symantec newsletter “SARC-L” includes virus outbreak warnings, and notifications of special releases of its virus definitions.

Many of the online specialty publications offer free news alerts via email. CNET, which started life as a 30 minute geek-centric cable TV show, is now one of the most respected online computer news and information sources. A variety of security and non-security related newsletters are available from CNET at nl.com.com. Since many of these newsletters are published on a daily basis, they often contain very current information about relevant threats. PCWORLD, a real pulp magazine, also offers several free daily newsletters via email from its site at www.pcworld.com/news. I subscribe to the PCWORLD “Daily Computer News”, published six days a week, and use it as a source of current and reliable information.

There are many other fine newsletter and alert services available. Referring to the cliché “Knowledge is Power”, being informed of potential threats in a timely fashion, and reacting appropriately, is an effective way of minimizing the impact of new threats. I subscribe to all of the resources listed above, and am not inundated with useless information, but provided with much useful information. Having subscriptions to these services is not necessarily redundant, because there is typically one that is hours ahead of the others, but unfortunately there is no one resource that is consistently the first with critical information and warnings.

I like being informed, and not living in blissful ignorance; you can be informed too.



For more information on the Tulsa Computer Society click here



Tulsa Computer Society 10/01/2003
Don Singleton, President