Archive for October, 2009

An update on the status of the Conficker botnet, courtesy of ShadowServer and the Conficker Working Group, via Dark Reading, shows the botnet currently at 5.5 Million compromised (by the A & B variants) machines, mostly in Brazil, China andVietnam.

As I’ve posited before, these are un-patched systems running unlicensed copies of Windows.  From the Dark Reading article: “Microsoft, meanwhile, says of all of the attacks exploiting the MS08-067 vulnerability, Conficker accounts for more than 3 million threat reports versus about a half million for all other vulnerabilities exploiting the bug…”.

To mitigate against the inevitable future use of the Conficker botnet, perhaps Microsoft could provide a one-time system scour and patch available only to IP addresses from the afore-mentioned countries.

How best to compel licensed users to apply patches when released?  This tricky issue is problematic for business users who require patch testing prior to production deployment, although patch testing is vastly more robust than it used to be, hence less likely to disturb production systems by creating a new incident to respond to.

It’s the SOHO and SMB users who need help.  What to do, what to do?  Forcing automatic system OS and applications patching on the second Tuesday each month, even if Automatic Updates is turned off might work, but is that degree of invasive action necessary, required, and prudent?

Aye, there’s the rub…

More user education, without fostering FUD, like those smarmy Apple ads.  In addition to the ‘I’m a PC‘ Microsoft ads, how about also promoting safe computing by having the actors say something about regular patching, like “I’m a PC AND I always use Automatic Updates, just because I like being sure“.

It couldn’t hurt!  😉


Read Full Post »