- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
The Windows animation bug (ANI) caused widespread concern because exploits against it became widely available before Microsoft could release a patch. But like other zero-day threats before it, there are measures companies can take to at least try to mitigate the risk from unpatched vulnerabilities, security experts said.
The measures are not a sure bet. And in the end, patching a flaw is still the most reliable way of protecting against exploits seeking to take advantage of it, they said. But deploying multiple layers of defenses is vital to dealing with threats for which no immediate fix is available.
Among them are the following:
Restrict e-mail attachments
One of the ways hackers hope to exploit the ANI flaw -- which Microsoft patched earlier Tuesday -- is by trying to get users to click on malicious attachments in spammed e-mails. One way of dealing with this sort of an attack vector is by having strict policies in place for filtering out e-mail attachments.
Security experts have for a long time now advised companies to filter out gif, JPEG, WMV and pretty much most attachment types they don't need from inbound and outbound e-mails. When deciding which attachments to allow and which to deny, it's a mistake to assume that only certain attachment types are maliciously used, said Russ Cooper, senior information security analyst with Cybertrust Inc.
"Don't go on the basis of whether something is benign or not," Cooper said. After all, both gif and JPEG attachments were once considered benign until hackers started hiding malicious code in them. "Instead, look at what you need for your business," he said.
If there is a business need for accepting e-mails with attachments -- from a business partner, for example -- see if there's a way to restrict them to just that business partner. Or if you need to exchange zip files, for instance, consider the possibility of renaming the extension to something that just your company and your business partner knows -- and permit only attachments with that extension into your network, Cooper said. "Then you can put gif, JPEG and even animated cursors if you have a need for them into those attachments," he said. "If you say 'I only want to allow these attachments and nothing else,' you have eliminated every zero-day" threat via e-mail attachments, he said.
Disable HTML e-mail
Hackers and other bad guys like HTML e-mail because it allows them to more easily hide and deliver attack code to a desktop. For instance, several of Microsoft's e-mail clients, including Outlook Express and Windows Mail for Vista, are vulnerable to attacks that insert a malicious ANI file in an HTML message. Disabling HTML can help mitigate this risk, Cooper said. By doing so, you are also blunting a lot of the phishing attacks that attempt to get users to click on URL links to malicious sites, he said.
Keep an eye on the LAN
Consider tools that don't rely on virus signatures alone to detect infected systems. Instead, implement a way to quickly detect a compromised system by any anomalous behavior it might exhibit, said Lloyd Hession, chief security officer at BT Radianz, a New York-based company that offers telecommunications services to the financial industry.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment