- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Page 2 of 2
The Washington D.C. office of the U.S. Marshals Service has approximately 400 people.
The statistics, posted online, are based on detections made by Housecall, Trend Micro's online scanner.
The U.S. Marshals Service runs Trend Micro’s OfficeScan, an anti-malware software that installs on desktops, laptops and mobile devices.
The agency, however, runs the 5.0 version, which is more than three years old. Trend Micro says protection against Neeris has been in OfficeScan since version 8. The current version is 10.
"[Their version] is a vastly out-of-date, end-of-life product," said Sweeny.
In addition, Sweeny said the U.S. Marshals Service maintenance contract was up-to-date, meaning the agency had paid for upgrades to the software but had failed to install them.
Problems with security on government networks are not new.
An updated Government Accountability Office report issued this week said agencies have made progress in implementing information security requirements but that significant weaknesses persist. The report found 23 of 24 major federal agencies had weaknesses in their agency-wide information security programs. Those agencies included the DOJ.
While the Neeris worm has been around since 2005, a new version was discovered just last month that used the same vulnerability targeted by Conficker. The new version spreads via the Windows "autorun" command.
A patch to close the critically-rated vulnerability that Neeris and Conficker exploit was issued in October by Microsoft.
Still, security researchers reported this week that Conficker was still infecting 50,000 PCs per day.
Earlier versions of Neeris exploited a vulnerability patched by Microsoft in August 2006.
Follow John on Twitter.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (21)
microsoft liabilityBy Anonymous on May 22, 2009, 2:45 pmShouldn't MS have some liability for this. If the lock on my house failed and thieves got in, wouldn't I sue the lock manufacturer? Does anyone sell insurance...
Reply | Read entire comment
Are you serious? If I'm anBy JimC on May 22, 2009, 11:22 amAre you serious? If I'm an IT professional that chooses not to update or patch my software with free updates and patches, I'm pretty sure the problems that result...
Reply | Read entire comment
Perimeterization security is failing us and the value of the conBy Anonymous on May 22, 2009, 2:55 pmPerimeterization security is failing us and the value of the content compromised is well beyond ssn and credit cards. It's past time to consider Content-Centric...
Reply | Read entire comment
RE: Microsoft LiabilityBy Anonymous on May 22, 2009, 2:56 pmIf you don't put gas in your car or change the oil, does the manufacturer of your car bear any responsibility? The MS patches have been out for 3 years and they...
Reply | Read entire comment
Trend not helping their customersBy Anonymous on May 22, 2009, 3:08 pmThey were quick to take their money, however, couldn't help the customer deploy it. Where's the Integrator in this story?
Reply | Read entire comment
IT's faultBy Anon on May 22, 2009, 3:28 pmI can't believe people are actually blaming it on the service when they're not taking proper basic common-sense security tasks as simple as having all of your anti-whatever...
Reply | Read entire comment
View all comments