Internet threats grow

The latest six-month report on Internet threats shows a staggering breadth and complexity. Symantec Corp.'s Internet Security Threat Report (http://enterprisesecurity.symantec.com) for the period ended June 30 makes the following observations:

- Vulnerabilities, the exploitable holes in software applications, are being discovered at a rate of 48 a week. Seventy per cent are considered easy to exploit.

- The number of days between the discovery of a vulnerability and the release of a virus attacking it fell to 5.8.

- Microsoft Windows applications remain a target with 4,496 new Windows viruses and worms released during the first six months of 2004, 4.5 times more than in 2003.

- The number of computers infected by robots, or bots, rose from less than 2,000 to more than 30,000.

- The decreased time between discovery of a vulnerability and exploit release means an attacker controlling a bot network can scan the network and take advantage of the exploit on any unpatched systems.

- More than 40 per cent of Fortune 100 companies controlled IP addresses from which worm-related attacks were propagated.

- Sixteen per cent of attacks on e-commerce organizations are considered a targeted attack on them.

- Thirty-nine per cent, or 479, of disclosed vulnerabilities were associated with Web application technologies, meaning an attacker targets a system by penetrating one end-user's computer.

- Internet attacks are becoming increasingly international. Although the U.S. is still the largest source of attacks, it's down to 37 from 58 per cent.

- The first malicious worm for mobile devices, Cabir, was developed.

- Linux vulnerabilities have been discovered and used in proof-of-concept exploits.

- Phishing -- the use of spam, e-mail or pop-up messages to deceive recipients into disclosing credit card numbers, bank account information, social insurance number, passwords or other sensitive information -- is estimated to have cost U.S. banks and credit card issuers $1.2 billion US. More than 1.78 million people have been victimized by this technique.

- Junk or unsolicited e-mail, (spam) made up more than 60 per cent of all e-mail traffic.

The number, breadth and complexity of threats is expected to expand with two areas highlighted in the report.

Client-side vulnerabilities target the computer systems of individual users rather than servers of an organization through web browsers, e-mail clients, P2P networks, IM clients and media players.

These vulnerabilities are becoming increasingly attractive to attackers because it's considered easier to exploit one vulnerable workstation than to penetrate the organization from outside its perimeter defences.

Many home, small office and mobile computer users rely on firewall or router devices to guard against direct, unprotected exposure to the Internet. These devices themselves are increasingly being targeted.

To combat Internet risk, organizations must ensure they regularly assess their IT assets and environment, constantly monitor for threats and diligently apply patches and upgrades.

The mul

 

Hi the mul
is there anything more an internet user can do besides having an updated av and spyware progs and a firewall installed?I've just done alot of tests on my computer at shields up and it said it was completly stealthed and very secure.so can i believe that and worry no more.just curious
rita

 

Rita, What you have sounds good but I would add a few other things probably the most important of which would be Security patches for both Windows and for Office applications + a heavy dose of common sense.

I would also recommend a low level protection such as Process Guard

Remember though there is no such thing as 100% security whilst you are connected to the Internet.

Cheers. Pilli

 

I suppose rita there is no end of security that u can add to protect your system, but as long as your well protected with a good av and firewall and also spyware protection this is a good start, but the best security is [you] and where u surf, I dare say u practice safe surfing and this is a big help in keeping your system safe.
I know many people who surf kazza and such sites and are just asking for trouble, but as long as your careful and all programmes are fully up to date u should be fine and shields up is a good start to test your system.
As u see from my set up I am pretty well protected, but there is always ways of improving as people will tell u.
I personally only really spend my time on wilders and a few other security sites, so I feel quite safe, but nothing is 100% as u know and u can only do your best to protect your system to the best of your ability.

Your friend

THE MUL

 

hi Pilla
i always install all the security patches from windows update.i am notified when one is ready,recently i heard or read one, that having update turned on was a bad idea.what is your opinion on this?I have checked alert and tell me before installing.i also try to use common sense but with limited knowledge this is sometimes hard,i mean knowing what to do in some cases.I have really learned alot from this forum by asking questions(sometimes stupid ones) but i knew nothing about security before coming here.I just got online and didnt even know about even the most basic things,about protecting my computer.Well until about a month or so ago i didnt even know what a firewall was I am learning every day and i owe it all to this site-thats why i so appreciate it and all the nice people like yourself so willing to take time and help someone like me
thank you
Rita

 

Yes,I'm beginning to understand alot of security depends on me.i think i'm developing better surfing habits at least i hope so.I spend most of my online time right here on the forum and reading email etc.Is downloading animations safe?I do that alot but try to be careful in doing so.thanks for replying
Rita

 

I personally dont have automatic updates turned on, as I like to see what Is installed on my system, as in the past, I have installed updates that are not needed for my system, in other words that are not critical updates.
The choice of course is up to the induvidual and I choose not to have It enabled, but the setup of your updates is ok, as u can still decide what u want to install, but the problem is knowing whether u need that certain update or not and this is where your good friends at wilders can help as we are all one big family here to help u and us all.

THE MUL

 

Yeah,i know knowing is the key thing and i'm grateful to have all of you to call on for help!which i do quite often thank you
rita

 

I'm with you, mul -- frankly I don't see much difference in principle between auto-updates for Win and the way most trojans work. I'd just as soon know what I'm installing and ideally be able to "oversee" the process myself.

Alas, with SP2 you now have to have autoupdates enabled just to access Win Updates. But at least there's still the option (which I religiously use) of getting notifications only, and deciding for myself what I want downloaded.

 

thats the option i have although sometimes i probaly wont know or understand some of them but thats when i'll ask (someone who knows here at wilders)alot more than i do.
rita

 

I just thought I would say that I dont have automatic updates enabled and I have service pack 2 installed and windows update site works just fine for me.


THE MUL

 

Post SP2: In order to access WU or the Catalog site, can be done with AU shut down thru the Control Panel, but the AU Service has to be enabled.

If either one of you guys - Mul or ronjer - can access WU with the Service disabled, please let me know how. This is one of those v5 WU Update PIA's.

Regards - Charles

 

I have xp sp2 and my auto updates are turned off and I have no trouble going to the windows update site and updating.

 

Hi Ronjer,

Is the XP Service "Automatic Updates" running? Go into the Services page. What you're showing me is that the Control Panel setting is turned off.

Regards - Charles

 

same here

 

Thanks ronjer, too bad, I was hoping you found a way around it.

So, in order to access WU, a service has to be turned on, used or not, and WUAUCLT.EXE - the update agent - starts up at bootup, again, used or not. BTW, WUAUCLT.EXE hangs around only for about 5 - 10 minutes after bootup, then disappears.

Regards - Charles

 

No it could be worse you could be stuck with Linux