Posted by: Ken Harthun
insecure, Internet Explorer, Patch management, Security, Security practice
“It was the best of times, it was the worst of times; it was the age of wisdom, it was the age of foolishness; it was the epoch of belief, it was the epoch of incredulity; it was the season of Light, it was the season of Darkness; it was the spring of hope, it was the winter of despair; we had everything before us, we had nothing before us; we were all going directly to Heaven, we were all going the other way.”
Dickens couldn’t have done a better job of describing the Internet today. Let me illustrate.
PC 1 – User profile: Uses pay-for-download sites to build music library; avoids risque sites; instantly spots “My Dear Friend” emails and deletes them; calls friends to ask them if they sent an email link and never clicks when not sure; knows that PayPal, the IRS and their bank never requests their password in an email; closes popups and scans for malware if one shows up. PC profile: Plugged into NAT router that has SPI firewall built in; security suite up to date; Windows firewall enabled; automatic updates enabled; uses alternative browser.
PC 2 – User profile: Loves to surf the web looking for free music downloads; occasionally surfs “soft” porn sites; has sympathy for the poor Nigerian gal who just lost her father and needs help to move USD 20,000,000 into a safe bank account in the US; clicks links in email; thinks phishing is a fun thing that people do; recently received warning that PC was infected and bought “repair” service via scareware popup. PC profile: Plugged directly into broadband router; AV software bundled with new PC expired months ago, not renewed. Windows firewall disabled by malware; automatic updates disabled; uses IE 6.
Need I say more?