Windows desktop is now a hot target for hackers

Windows patches increasingly target client-side vulnerabilities. Can administrators educate end users enough to curb some of the damage they cause?

Expect desktops to become more of a target than servers for hackers as historically trusted formats like jpg files become vehicles for identity theft and a greater focus of organized crime.

Of the 53 security bulletins released by Microsoft in 2005, 29 of them were for client-side vulnerabilities. Of the 29 client-side bulletins, seven of those were fixed through Internet Explorer patches. Operating system patches, Windows Media Player patches or patches for Microsoft Office fixed the other 22 issues.

Related links

Patching on borrowed time

Exploit code quickly follows latest Windows patches

Security experts say the reason for targeting desktops now is because of improved security on servers, which makes it more difficult for hackers to "push" an exploit down on a system or to invade a network. Instead, exploits now wait to be "pulled in" by unwary users visiting the wrong site or clicking a contaminated e-mail.

"It used to be a dumb terminal and a smart inner core. There wasn't anything interesting at all in the end point," said Tim Keanini, chief technology officer with nCircle Network Security Inc., a San Francisco network security company.

Now it is easier for someone with malicious intent to have the victim pull in a virus, worm or other exploit, Keanini said, noting that if you look at what is selling on the black market now, "it is identity theft. And it is easier to get that from a PC."

Back to the classroom

Windows administrators may need to work harder to educate users about what currrently may pose a threat.

"For client-side issues, in almost all cases, the attacker would need to persuade a user to visit a malicious Web page or open a malicious file in order for the exploit to occur," observed Eric Schultze, chief security architect at Shavlik Technologies, in Roseville, Minn.

In each of the patch cases, user interaction is required in order for the client machine to be infected, Schultze said. So, educating the end user seems like the obvious answer to preventing damage or a security breech.

But Windows managers know that this is easier said than done. "It's a nightmare," said Keanini. "End users are trusting. When someone sends something that looks like it is from an associate, they open it."

Neel Mehta, the lead researcher with Internet Security System Inc.'s X-Force team in Atlanta, said putting the word out to end users is even more difficult lately because historically trusted formats have now become targets.

Last month, one Microsoft patch addressed a flaw in DirectShow, a program used to display video files. Jpg files and other complicated picture formats are now common vehicles for abuse, but end users still have confidence in them, said Mehta.

"It is very challenging for the Windows admin to educate all users about the dangers of using these formats, "Mehta said. "For an exploit to occur, it can be as simple as the end user visiting the wrong site."

This article originally appeared on SearchWin2000.com.

Dig deeper on Lotus Notes Domino Antivirus Software and Virus Protection

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.uk

Close