Receive Daily Updates

Enter your email address:

Tuesday, July 5, 2011

When and When Not to Worry About Security Holes

When and When Not to Worry About Security Holes

Annoyed by all the computerese that litters security stories? Here's your guide.

One of the best things you can do to help keep your PC and your private data safe is to stay abreast of the latest security alerts. But security news stories often contain techie jargon that can make your eyes glaze over faster than a congressional session on C-SPAN.

To help you determine whether a particular alert is worthy of Chicken Little or is truly dangerous, here are translations for some of the most common threat terms.

Drive-by download: A big one. If a program or operating system bug allows drive-by contamination, your PC can become infected with malware if you simply view a malicious Web site. You don't have to download anything or click any links on the poisoned page.

User interaction required: You might think that you'd have to download a file or open an attachment to get hit by an attack described in this way. But experts often apply the term to simply clicking a link that will deliver you to a page containing a drive-by download.

Zero-day: Potentially major, but not always. This term most commonly refers to a flaw (and perhaps an attack exploiting it) that surfaces before a fix is available. If the attack is ongoing (see "in the wild"), watch out. But many alerts or stories play up zero-day flaws that aren't being hit and may never be; see the next entry.

Proof-of-concept: A flaw or attack that researchers have discovered but that bad guys have yet to exploit. If the alert says something like "proof-of-concept code has been released," crooks are very likely to create a real attack with that sample. But many evil-sounding proof-of-concept attacks never get weaponized.

In the wild: The opposite of proof-of-concept. When an exploit or malware is in the wild, digital desperados are actively using it. If the term is being used to describe attacks against a software flaw, make sure that you have installed the application's latest patches.

Remote code execution: This kind of flaw allows an attacker to run any command on the victim's computer--such as installing remote-control software that can effectively take over a PC. Holes of this type are dangerous, so take notice when you hear of one.

Denial of service: Not so bad. This term usually describes an attack that can crash a vulnerable program or computer (thereby denying you its service) but can't install malware. Occasionally, however, crooks figure out how to transform a denial-of-service flaw into a concerted attack that allows remote code execution.

Of course, your best bet is to apply security patches as they're released, whether to fix a proof-of-concept denial-of-service flaw (yawn) or to address an urgent zero-day drive-by download threat.

AUTHOR - Erik Larkin, PC World

ARTICLE SOURCE .

0 Visitor Reactions & Comments: