Internet Security Warnings

Juha-Matti Laurio writes "Internet Storm Center's Diary reported today: Due to a number of very well working Windows exploits for this weeks patch set, and the zero-day Veritas exploit, we decided to turn the Infocon to yellow. The following Internet Threat Level meters are at level 2/4 because of Windows Plug and Play vulnerability's several exploit codes too: Symantec ThreatCon as a part of global DeepSight Threat Management System saying Increased alertness and Internet Security Systems X-Force with Increased vigilance at AlertCon."

Re:It hate to say it...

[ciroknight]

Eh, just wait for Vista.

Oh, but of course that's a troll, so I've gotta say something constructive.. Microsoft's been doing a lot better with security now that everyone on earth is making a buck off of "securing" Windows. As more and more security-related technologies such as antivirus, firewall and antispyware make their way into Windows, however, lots of these companies will die or be bought by MS, and they'll be held a lot more responsible for security, and thus, when Vista rolls around, security is likely to be absymal again. Maybe it'll be just what's needed for a huge evacuation from the MS dependency...

Here's for hoping..

Yellow is pretty rare..

[Dynamoo]

A Yellow alert at the ISC is pretty rare, and it has been several months at least since the last one. Generally even a worm outbreak such as Blaster only elevates the threat level to Yellow. Orange is even rarer.. I think that maybe has happened just a couple of times with Code Red and Slammer. There has never been a Red alert level.

In other words.. the alert level tends to stay stubbornly at green unless there is a real issue - the ISC is usually extremely conservative about threat assessments. If they've raised the alert level as a precaution then it's definitely time to take notice.

As for me.. I check the ISC at least once every day to see what emergent threat are out there. There are also a number of tools you can use such as a small Windows app that can help to inform you when the threat level changes.

It's worth having these tools - when Sasser came out I'm pretty sure they saved my backside.. because in that case the short amount of time between the vulnerability being announced and the worm coming out was so short that many organisations hadn't even started patching. Thanks to the ISC we managed to get almost everything secured in a day, so when the inevitable rogue laptop user physically brought a worm infected machine into the office, then we managed to contain the outbreak effectively.

Re:It hate to say it...

[tomhudson]

Maybe it'll be just what's needed for a huge evacuation from the MS dependency...

My "threat meter" isn't even plugged in - but then again, I'm not running Windows.

What are the chances of Microsoft making a secure anti-virus or a secure anything? Remember their last "security push?" 1 month of "emphasis on security" isn't a magic wand to fix 20 years of code; nor will it change the underlying corporate culture. It was all for the media. And they ate it up, being too lazy (or too addicted to free meals - see the story on groklaw about that) to bother telling the truth. http://www.groklaw.net/article.php?story=200508121 9304040 or, for those too lazy to click, Microsoft is offering free pizza:

Speaking of FUD, I have a copy of the email Microsoft sent out to journalists inviting them to lunch.

Here's a snip:

Why spend 10 bucks on a burger at Moscone when you can have a slice on Microsoft? Come join the Microsoft Embedded group at Moscone Pizza (across the street from the Moscone Center) on Tuesday, August 9 from 1pm - 4pm for lunch and discussion on the Windows Embedded operating systems. Product managers Mike Hall and Dan Javnozon will be available to provide demos of Windows Embedded developer tools and answer questions about Microsoft's strengths in the embedded space.

For instance, did you know... .

- Microsoft embraces shared source, and makes more than 2.5 million lines of source code broadly available to customers, partners, developers, governments, academicians and other interested individuals. In fact, more than 275,000 developers have downloaded Windows CE Shared Source

- Microsoft offers a shared success model that translates to low up-front investments for device makers, in addition to faster time-to-market. The Windowsembedded motto? "We don't make money until you do."

- Windows Embedded designs, on average, get to market 43% faster, on average, than embedded Linux designs - 14.3 months with embedded Linux vs.. 8.1 months with embedded Windows; 14.2 engineers with embedded Linux vs.. 7.9 engineers with embedded Windows (Embedded Market Forecasters, November 2003)

- Windows Embedded designs, on average, cost 75% less to bring to market than embedded Linux designs. (Embedded Market Forecasters, November 2003)

I'll be in touch to gauge your interest in setting up a one-on-one briefing with Mike or Dan during the lunch.

A little nauseating, don't you think (love the carrot -- a one-on-one -- which is hard for journalists to turn down), to set up camp across the street and trash talk Linux at LinuxWorld?

Burns also mentions that the Microsoft Linux Lab session was well attended. I believe that falls into the category of keep your friends close, but your enemies closer. If I had been there, I'd have attended that session too, even though I would prefer that Microsoft never be given a platform at any FOSS conference, personally. Shared source is not Open Source even, and it for sure isn't Free Software, and don't ever kid yourself about it. It's Brand X, and there is no reason to settle for so little.

Anyone guillible enough to believe there really is such a thing as a free lunch deserves what they get.

American paranoia at its best

[HishamMuhammad]

Isn't "color-coded threat levels" an excessively paranoid way to describe what we've always known as outdated, buggy software? This kind of representation paints a very fake picture -- as if those "threats" are a given and that all we can do is "try to protect ourselves", when in fact what we're dealing with is simply the result of flawed operating system design. These threats are only symptoms, not the root of the problem. I wonder who benefits from making people focus on the former instead of the latter.

Too many comic book / bad movie buzzwords....

[shri]

I'm sorry, but if I have to take stuff seriously, can someone put it in plan simple english without these threatening big brother buzzwords?

"Internet Storm Center"
"turn the Infocon to yellow"
"Internet Threat Level meters"
"Symantec ThreatCon"
"DeepSight Threat Management System"
"Internet Security Systems X-Force"
"AlertCon"

Sounds like a bad CIA / X-Men / Matrix rip off movie.

Re:How does this affect my PowerBook?

[buro9]

Erm, it DOES affect your powerbook.

IIRC we're all plugged into the same internet. A potentially mid to high level set of Windows exploits raises the *Internet* Storm Center's alert level to yellow.

This should tell you something. Ideally it should tell you that when X million Windows boxes are exploited, that there will be a noticeable degradation of quality or service on the internet. That the resultant poor quality traffic and noise created by a large scale (poorly written) worm will degrade the connection your PowerBook is enjoying.

Don't ever forget that we're all in the same boat, and it does little good to sit at the stern and laugh at the suckers at the bow as they dip gently under the water for the Nth time.

Damn, I posted, and I had mod points to burn too.