- Nokia's new N97 vs. the iPhone
- 10 Microsoft research projects
- Hard to get justice in MySpace case
- Smartphone smackdown: Storm vs. iPhone
- Apple removes antivirus support page
The Windows animation bug (ANI) caused widespread concern because exploits against it became widely available before Microsoft could release a patch. But like other zero-day threats before it, there are measures companies can take to at least try to mitigate the risk from unpatched vulnerabilities, security experts said.
The measures are not a sure bet. And in the end, patching a flaw is still the most reliable way of protecting against exploits seeking to take advantage of it, they said. But deploying multiple layers of defenses is vital to dealing with threats for which no immediate fix is available.
Among them are the following:
Restrict e-mail attachments
One of the ways hackers hope to exploit the ANI flaw -- which Microsoft patched earlier Tuesday -- is by trying to get users to click on malicious attachments in spammed e-mails. One way of dealing with this sort of an attack vector is by having strict policies in place for filtering out e-mail attachments.
Security experts have for a long time now advised companies to filter out gif, JPEG, WMV and pretty much most attachment types they don't need from inbound and outbound e-mails. When deciding which attachments to allow and which to deny, it's a mistake to assume that only certain attachment types are maliciously used, said Russ Cooper, senior information security analyst with Cybertrust Inc.
"Don't go on the basis of whether something is benign or not," Cooper said. After all, both gif and JPEG attachments were once considered benign until hackers started hiding malicious code in them. "Instead, look at what you need for your business," he said.
If there is a business need for accepting e-mails with attachments -- from a business partner, for example -- see if there's a way to restrict them to just that business partner. Or if you need to exchange zip files, for instance, consider the possibility of renaming the extension to something that just your company and your business partner knows -- and permit only attachments with that extension into your network, Cooper said. "Then you can put gif, JPEG and even animated cursors if you have a need for them into those attachments," he said. "If you say 'I only want to allow these attachments and nothing else,' you have eliminated every zero-day" threat via e-mail attachments, he said.
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comment