Archive for Downsizer For an ethical approach to consumption
|
mihto
|
Upgrading programmes: am I paranoid?I work in a company with ca 1100 computers in a network. We have IT people who make sure that we are well protected against virus and other threats.
Or so they let us believe.
I'm rather security concious and I make sure that my home computer is upgraded regularly. A programme from secunia.com keeps me on the straight and narrow.
Over the last two weeks the police network, several hospital networks and othe public networks have been taken down by intruders.
I sent off a mail to our IT people asking if I was allowed to download the secunia programme, also asking who was responsible for the security of each computer. He said go ahead and use the programme, but why would I? We have a good virus programme, ne?
When running secunia PSI I was told that 6 programmes were at risk and unpatched, Windows XP servicepack 3 included.
My boss had a fit when I told him about my thoughts. If he could have put me in a sack and dropped into the fjord he would have done so. Still, he sent a request to his bosses, asking if this really was a security problem, or if one of his employees was on the brink of a mental breakdown.
Well, am I? Or are non-upgraded programmes not a security problem? People I talk to seem to think so.
Any comments, or should I make an appointment with a psychiatrist?
|
happytechie
|
I work at a company with 300,000 employees and we are still on SP2 with IE 6 with a good set of proxy servers, net access controlled by a whitelist of allowed sites and a well secured gateway it's fine. It depends on how good your IT team are.
|
jema
|
It is a tricky area, prone to scaremongering by people selling security software.
Threats come in various guises.
Attacks that are totally external and which a firewall will normally block, at a corporate level the machines should all be behind a firewall even if you don't have one on the PC. Even the home user is probably behind a router that acts as a firewall and you will probably find a PC based firewall more of a pain than gain, as it has nothing to do unless you are infested and something is trying to get out.
Unpatched programs are a problem if those programs can access infected material. e.g. if you have an old version of say "word" that is vulnerable to an infected jpg file and you load that file in "word". You have to question how often that it likely to occur? e.g. someone sending you a picture that probably fails to display as it is malformed and you choose to open it anyway with a vulnerable program.
The major problem with vulnerabilities is your browser and email programs. If simply viewing a site or email can infect you, then that is really really bad.
So are the "service packs" important, well absolutely, not because they actually will do much to protect you unless they are patching Internet explorer or outlook, but the mere fact they might be, and that keeping the operating system patched is surely the lynch pin of a corporate security policy, does indicate that your company has a big problem.
The fact remains though that no amount of patching and security programs will protect the systems from the user. Any user opening rogue downloads via email or the net will get infected regardless of the security software that might be running. The detection rate of security software is actually hopelessly poor.
|
vegplot
|
I echo both the above.
|
Barefoot Andrew
|
Me too. Good comments from Jema.
A.
|
|