We Are the Weakest Link
 

A Web Exclusive from Windows IT Pro
January 23, 2007
Paul Thurrott
Windows IT Pro Perspectives
InstantDoc #94952
Windows IT Pro

While a debate over the reality of global warming is neither appropriate for this newsletter nor particularly interesting, I'm intrigued and disheartened to discover this week that our fascination with the climate has finally invaded the IT space. US readers are probably familiar with the fact that while the northeastern part of the country has experienced unseasonably warm weather this winter, Colorado has had record snowfalls and the cold in California is so harsh that crops have been devastated. Meanwhile, Europe has had its fair share of strange weather as well. After a warmer-than-usual December, severe winds cancelled thousands of flights around the continent and caused power outages just before last weekend.

What does this have to do with your job, you ask? Well, in the latest bit of unwanted social engineering experimentation, hackers are taking advantage of our natural curiosity about weather disasters to spread a virus. Logically named "Storm Worm" (but more officially titled Small.damTROJAN), this virus has already infected tens of thousands of PCs worldwide, according to security experts at F-Secure. Once on your PC, Storm Worm then forwards copies of itself to contacts in your email application. Standard fare, yes, but newer variants are also using "kernel-mode rootkit techniques" to hide their activities.

A few years ago, I suffered from a rare rootkit-style attack while testing the effectiveness of Microsoft's then-beta Windows XP Service Pack 2 (SP2)-based firewall. (Turns out it was pretty effective; I got whacked while the firewall was off.) So I'm familiar with how painful these attacks can be. I had to completely reinstall the OS to get my PC back. Today, there are better methods for discovering and counteracting such attacks, and F-Secure says its software can remove any of the Storm Worm-based variants that have appeared so far.

But what this is all leading to is the simple fact that the best technology in the world is often easily circumvented by our child-like innocence when it comes to PC security. It astonishes me that good old-fashioned email-based spam can still compromise this many PCs. It's like we haven't learned a thing in the past decade.

If you're into technology at all, you're probably familiar with the widely held notion that Microsoft's wizard-like, hand-holding software is often considered intrusive, especially by those who think they know better. But security software needs to protect people from themselves as well as protect your PC from more easily definable electronic attacks. When I think about the security advances in a product such as Windows Vista, I imagine customers turning off User Account Protection (UAP), for example, to reduce the annoyance of occasional pop-up dialog boxes that are designed to make you think about what you're doing. Again, it's like we've learned nothing.

Just as we shouldn't have to suffer from a massive data loss to institute a regular backup policy, we shouldn't let our networks be hacked before we start taking security seriously. In the guise of being proactive, let's ignore emails about the weather, global warming, or whatever, especially when they come from an unknown source. And for crying out loud, please leave UAP running when you migrate to Vista.