Choosing Your OS is NOT a Security Control

Just a quick note on the recent Google announcement about dumping Windows for desktops in favor of Linux and Mac OS X. As you can see from the linked article, there is a lot of hype about this move in the press.

Unfortunately, dumping Windows as a risk reducer is just plain silly. It’s not which OS your users use, but how safely they use it. If a user is going to make the same “bad computing hygiene” choices, they are going to get p0wned, regardless of their OS. Malware, Trojans and a variety of attacks exist for most every, if not every, platform. Many similar brower-based attacks exist across Windows, Linux and OS X. These are the attack patterns of today, not the Slammer and Code Red worm attack patterns of days gone by.

I fail to see how changing OS will have any serious impact on organizational risk. Perhaps it will decrease, a very small amount, the costs associated with old-school spyware and worms, but this, in my opinion is likely to be a decreasing return. Over time, attackers are getting better at cross platform exploitation and users are likely to quickly feel a false sense of security from their OS choice and make even more bad decisions. Combine these, and then multiply the costs of additional support calls to the help desk as users get comfortable and have configuration issues in the enterprise, and it seems to me to be a losing gambit.

Time will tell, but I think this was a pretty silly move and one that should be studied carefully before being mirrored by other firms.

Critical Windows Update

Today Microsoft is rolling out an unscheduled update. This vulnerability is critical and there are reports that it has been exploited by malware for the last few weeks. The most vulnerable systems are Windows 2000, Windows XP and Windows 2003. On these systems it is possible exploit the system without authentication. On Windows Vista and Windows Server 2008, the exploit requires authentiation to run, it would likely also lead to a Denial of Service condition due to the use of DEP and ASLR in these versions of Windows.

This is the first vulnerability that can be easily wormable in the past few years. It is very important that this update be tested and rolled out by your organization as soon as possible to prevent exploitation. The Security Bulletin can be found here.

A Great Windows Maintenance Find for FREE

A few days ago I stumbled onto a pretty decent Windows maintenance tool I wanted to share. It is called Advanced WindowsCare Personal and is available from snapfiles.com here.

Overall, this is a pretty great tool. It is very easy to use and does a lot of tuning and preventative maintenance for Windows systems – especially home and end-user systems that might not have a corporate IT person to take care of them. It does a good bit of clean up around the system, helps to protect it against spyware and some malware. While not a full anti-malware solution, it does make some basic registry changes to help prevent installation of the most common spyware and other bad stuff.

It did a very nice job of helping me tune a Windows system that I was messing with and in running basic management functions and maintenance tasks. I am not sure I would upgrade to the “Pro” version, but for a free utility, this one is pretty good.

If you still have Windows systems to manage, especially for family members and the like, this may be worth the time to install for them and spend 15 minutes teaching them to use it. Likely, they can repair most of their own problems using the tool, instead of calling you over to Aunt Millie’s for tech support. 😉

Microsoft Security Advanced Bulletin

According to the latest Microsoft security advanced bulletin, January 8th will give us 1 new Critical and 1 new Important security updates. Both affect a large cross section of Windows Operating systems. Additionally a new version of the Microsoft Windows Malicious Software Removal Tool and 7 non-security updates will also be released. For full details see: http://www.microsoft.com/technet/security/bulletin/ms08-jan.mspx