Internet threats grow

Discussion in 'other security issues & news' started by the mul, Sep 23, 2004.

Thread Status:
Not open for further replies.
  1. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    The latest six-month report on Internet threats shows a staggering breadth and complexity. Symantec Corp.'s Internet Security Threat Report (http://enterprisesecurity.symantec.com) for the period ended June 30 makes the following observations:

    - Vulnerabilities, the exploitable holes in software applications, are being discovered at a rate of 48 a week. Seventy per cent are considered easy to exploit.

    - The number of days between the discovery of a vulnerability and the release of a virus attacking it fell to 5.8.

    - Microsoft Windows applications remain a target with 4,496 new Windows viruses and worms released during the first six months of 2004, 4.5 times more than in 2003.

    - The number of computers infected by robots, or bots, rose from less than 2,000 to more than 30,000.

    - The decreased time between discovery of a vulnerability and exploit release means an attacker controlling a bot network can scan the network and take advantage of the exploit on any unpatched systems.

    - More than 40 per cent of Fortune 100 companies controlled IP addresses from which worm-related attacks were propagated.

    - Sixteen per cent of attacks on e-commerce organizations are considered a targeted attack on them.

    - Thirty-nine per cent, or 479, of disclosed vulnerabilities were associated with Web application technologies, meaning an attacker targets a system by penetrating one end-user's computer.

    - Internet attacks are becoming increasingly international. Although the U.S. is still the largest source of attacks, it's down to 37 from 58 per cent.

    - The first malicious worm for mobile devices, Cabir, was developed.

    - Linux vulnerabilities have been discovered and used in proof-of-concept exploits.

    - Phishing -- the use of spam, e-mail or pop-up messages to deceive recipients into disclosing credit card numbers, bank account information, social insurance number, passwords or other sensitive information -- is estimated to have cost U.S. banks and credit card issuers $1.2 billion US. More than 1.78 million people have been victimized by this technique.

    - Junk or unsolicited e-mail, (spam) made up more than 60 per cent of all e-mail traffic.

    The number, breadth and complexity of threats is expected to expand with two areas highlighted in the report.

    Client-side vulnerabilities target the computer systems of individual users rather than servers of an organization through web browsers, e-mail clients, P2P networks, IM clients and media players.

    These vulnerabilities are becoming increasingly attractive to attackers because it's considered easier to exploit one vulnerable workstation than to penetrate the organization from outside its perimeter defences.

    Many home, small office and mobile computer users rely on firewall or router devices to guard against direct, unprotected exposure to the Internet. These devices themselves are increasingly being targeted.

    To combat Internet risk, organizations must ensure they regularly assess their IT assets and environment, constantly monitor for threats and diligently apply patches and upgrades.

    The mul
     
  2. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Hi the mul
    is there anything more an internet user can do besides having an updated av and spyware progs and a firewall installed?I've just done alot of tests on my computer at shields up and it said it was completly stealthed and very secure.so can i believe that and worry no more.just curious
    rita
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Rita, What you have sounds good but I would add a few other things probably the most important of which would be Security patches for both Windows and for Office applications + a heavy dose of common sense.

    I would also recommend a low level protection such as Process Guard

    Remember though there is no such thing as 100% security whilst you are connected to the Internet.

    Cheers. Pilli
     
  4. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I suppose rita there is no end of security that u can add to protect your system, but as long as your well protected with a good av and firewall and also spyware protection this is a good start, but the best security is [you] and where u surf, I dare say u practice safe surfing and this is a big help in keeping your system safe.
    I know many people who surf kazza and such sites and are just asking for trouble, but as long as your careful and all programmes are fully up to date u should be fine and shields up is a good start to test your system.
    As u see from my set up I am pretty well protected, but there is always ways of improving as people will tell u.
    I personally only really spend my time on wilders and a few other security sites, so I feel quite safe, but nothing is 100% as u know and u can only do your best to protect your system to the best of your ability.

    Your friend

    THE MUL ;)
     
  5. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    hi Pilla
    i always install all the security patches from windows update.i am notified when one is ready,recently i heard or read one, that having update turned on was a bad idea.what is your opinion on this?I have checked alert and tell me before installing.i also try to use common sense but with limited knowledge this is sometimes hard,i mean knowing what to do in some cases.I have really learned alot from this forum by asking questions(sometimes stupid ones) but i knew nothing about security before coming here.I just got online and didnt even know about even the most basic things,about protecting my computer.Well until about a month or so ago i didnt even know what a firewall was :oops: I am learning every day and i owe it all to this site-thats why i so appreciate it and all the nice people like yourself so willing to take time and help someone like me
    thank you
    Rita
     
  6. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Yes,I'm beginning to understand alot of security depends on me.i think i'm developing better surfing habits at least i hope so.I spend most of my online time right here on the forum and reading email etc.Is downloading animations safe?I do that alot but try to be careful in doing so.thanks for replying
    Rita
     
  7. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I personally dont have automatic updates turned on, as I like to see what Is installed on my system, as in the past, I have installed updates that are not needed for my system, in other words that are not critical updates.
    The choice of course is up to the induvidual and I choose not to have It enabled, but the setup of your updates is ok, as u can still decide what u want to install, but the problem is knowing whether u need that certain update or not and this is where your good friends at wilders can help as we are all one big family here to help u and us all.

    THE MUL
     
  8. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Yeah,i know knowing is the key thing and i'm grateful to have all of you to call on for help!which i do quite often :D thank you
    rita
     
  9. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    I'm with you, mul -- frankly I don't see much difference in principle between auto-updates for Win and the way most trojans work. I'd just as soon know what I'm installing and ideally be able to "oversee" the process myself.

    Alas, with SP2 you now have to have autoupdates enabled just to access Win Updates. But at least there's still the option (which I religiously use) of getting notifications only, and deciding for myself what I want downloaded.
     
  10. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    thats the option i have although sometimes i probaly wont know or understand some of them but thats when i'll ask (someone who knows here at wilders)alot more than i do.
    rita
     
  11. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Mike,

    I can get to the winupdate page without auto updates being on. XP home.
     
  12. the mul

    the mul Registered Member

    Joined:
    Jul 31, 2003
    Posts:
    1,703
    Location:
    scotland
    I just thought I would say that I dont have automatic updates enabled and I have service pack 2 installed and windows update site works just fine for me.


    THE MUL
     
  13. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Post SP2: In order to access WU or the Catalog site, can be done with AU shut down thru the Control Panel, but the AU Service has to be enabled.

    If either one of you guys - Mul or ronjer - can access WU with the Service disabled, please let me know how. This is one of those v5 WU Update PIA's.

    Regards - Charles
     
  14. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Window Updates off.
     

    Attached Files:

  15. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have xp sp2 and my auto updates are turned off and I have no trouble going to the windows update site and updating.
     
  16. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Hi Ronjer,

    Is the XP Service "Automatic Updates" running? Go into the Services page. What you're showing me is that the Control Panel setting is turned off.

    Regards - Charles
     
  17. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    It is on automatic in services. Off in the security center.
     
  18. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    same here ;)
     
  19. zcv

    zcv Registered Member

    Joined:
    Dec 11, 2002
    Posts:
    355
    Thanks ronjer, too bad, I was hoping you found a way around it.

    So, in order to access WU, a service has to be turned on, used or not, and WUAUCLT.EXE - the update agent - starts up at bootup, again, used or not. BTW, WUAUCLT.EXE hangs around only for about 5 - 10 minutes after bootup, then disappears.

    Regards - Charles
     
  20. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    I noticed that also. I tried the beta version of v5 and tried to get all that stuff off my machine.

    We're doomed! :D
     
  21. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    No it could be worse you could be stuck with Linux :doubt:
     
  22. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,728
    Location:
    Texas
    Looks good on paper. It is full of exploits too.

    secunia
     
Loading...
Thread Status:
Not open for further replies.