Get our Latest Finds
Subscribe to our RSS feed or enter your email address below to get the feed delivered to you by email:
Follow Gizmo
Using this Site
Top Rated
Gizmo's Freeware is Recruiting
We are currently looking for people with skills and/or interest in the following areas:
- Anonymous Surfing Service
- Mobile Apps contributors
- Mac Section contributors
If this sounds like you then click here for more details
A Timely Reminder to Ensure Your PC is Fully Patched
You may have seen a news report this week about how cybercriminals managed to steal a total of around $1m from thousands of accounts held by customers of a UK-based bank. If you didn't, the full gory details are in a White Paper published by M86 Security, which you can read at http://www.m86security.com/documents/pdfs/security_labs/cybercriminals_target_online_banking.pdf.
The people behind this attack were a highly organised gang, and they used some of the latest technology to pull off the crime. This included presenting customers with fake web pages in order to hide the fact that the Trojan installed on the user's PC had made an additional withdrawal.
The crime was carried out by a hacking tool called the Eleonore Exploit Kit. As the name suggests, an Exploit Kit is a program which exploits known weaknesses in a computer. And in the case of the attack against the unnamed bank, all of those weaknesses had already been patched. In some cases, as early as 2007.
Worryingly, hardly any of the well-known antivirus products managed to detect the attack, or the presence of the Eleonore trojans. And that's why I make no excuse for bringing you a bit of timely advice, and a useful download link, which isn't exactly a Hot Find but which is well worth taking note of.
However good your antivirus software, or your firewall, the best way to protect your PC is to ensure that all software patches are installed. Not just Windows patches from Microsoft, but all application updates too.
So, your task for today. First, make sure that your PC is configured to download and install all Windows updates. You can do this from the control panel. Second, head over to http://www.microsoft.com/downloads/details.aspx?FamilyID=b1e76bbe-71df-41e8-8b52-c871d012ba78&displaylang=en and download the Microsoft Baseline Security Analyzer, which will tell you if there are any important patches missing from your PC. Third, check all of the Adobe programs that you're running, and ensure that all patches and updates for them have been downloaded and installed. Finally, if you've got Java (not Javascript) installed, make sure you're running the latest version. It was bugs in old versions of Adobe Reader and the Java software that allowed the bank attack to succeed.
- Article type:
Printer-friendly version
Comments
Mr. Schifreen and I have butted-heads a time or two around here, but he could not be more correct in his article/posting here. There is also great wisdom in the posting (#55885) by "balaji ramanathan" here; and there's certainly something to be said for what "eikelein" wrote in post #55892.
However, the poster "SilenceIsGolden" is just WAY off in posting #55873... as are those who agree with it... ...
[Edit: lengthy discussion removed, please make full use of Forum.]
... ...
Anyone who says otherwise is just wrong; and their wishing won't change that.
___________________________________
Gregg L. DesElms
Napa, California USA
gregg at greggdeselms dot com
Please, please save the extra long posts for our forums. We have asked numerous times for this to be the case. These comment sections are not the place for such lengthy dialogue.
..or monologue, either.
I agree with SilenceIsGolden: it pays to be careful when it comes to patching. MS patches have screwed up PCs in my care more than once - the big patch Tuesdays are especially suspect. I wait a few days, then check the web to see if anyone reports issues.
On the other hand, Adobe Reader and Flash Player and Java updates have never caused serious problems so I install them right away.
Secunia is worth a mention in this context, a free tool that checks which of your apps are not patched or up to the latest version. It even offers to do most of the patching for you.
Every time someone suggests patching all systems as and when patches are available, somebody will always point out the one instance from months or years back when a patch went bad and made some computers unbootable. Overall, I consider the risk of a bad patch miniscule compared to the risk of picking up something bad off the internet because I waited for the patch to be fully tested out. In this day and age of always on internet connections with DSL and cable, criminals are constantly probing for vulnerabilities in internet-connected computers. Every day spent figuring out whether to get a patch is a day that the criminals can use to infect a few more computers for their nefarious purposes.
Well said :).
If you're an average user, you should certainly have auto updates switched on.
But if you know what you're doing, you should def wait a few days after MS releases a patch until the beta-testers/early-adopters report that it won't kill your installation.
Oh, how I "like" those "Everybody, run patch everything, and right away!" recommendations ... If you do that, don't be surprised if your PC won't start anymore or suddenly shows weird behavior.
I'm not saying, you shouldn't keep up to date. But, please, invest a bit of brain -- if, for example, you do set your Windows to just patch everything, you very often end up with an unusable computer. And, sometimes, even though the patch that screwed up everything wasn't critical, you might not be able to roll it back AND you have to wait, until M$ comes up with a patch for the patch.
As a rule, M$ "patches" everything, even software that's not ON your PC, simply because they assume everybody has all of their software, right? I get, for example, constant reminders that I should update things like Outlook, even though I specifically kicked that piece of lovely software off my PC and plugged the holes behind it.
Other software, by the way, might change in a way that you suddenly GET spyware with a new version.
It's always a good idea to turn on your brain before turning on the PC - and stay away from that auto-update function, no matter where!
Of course, it's your choice. But when you weigh up all the risks, it's generally better to patch. At least, that's what I advise.
@r.schifreen:
I totally support your opinion FOR THE AVERAGE JOE USER that does not know a bit from a byte.
I support about 400-500 average home users every year; in their own words most are "computer illiterate". They just don't have the know how to evaluate a patch.
And, frankly, last time I saw a computer in DLL-Hell was sometime BEFORE the release of XP SP2! And that was 2004!
What I do advise strongly though is on XP to install only updates that are offered after the "Express" button has been clicked, on Vista/7 only to install all important and recommended updates.
I have made quite some money because someone with XP clicked Custom and the driver(s) from MS wrecked the computer because Dell had a "special" version of an otherwise well known graphics chip on their mobo.
My motto: Update Baby, Update! So far all is well.
Post new comment