PC World - A study unveiled at the Black Hat Briefings conference in Las Vegas last week paints a grim picture of network security problems.
Among the study's surprising results: Some kinds of computer security vulnerabilities--especially ones with an aggressive "exploit" (something that takes advantage of the vulnerability, such as a worm or virus)--may plague computer networks indefinitely.
"I wanted to understand how prevalent critical vulnerabilities are," said Gerhard Eschelbeck, chief technology officer of security software provider Qualys Inc. and author of the study. His first-of-its-kind research is the result of 18 months of constantly probing his customers' networks for common security problems.
The study, along with guidelines proposed by the Organization for Internet Safety (OIS) on how to report buggy and insecure software dominated the first day of the conference.
Perpetual vulnerabilities
Thought Slammer was over? Not according to Eschelbeck's study.
In his research, the security hole that allows entry to the Microsoft SQL Slammer worm, which first appeared in January of this year (and for which a patch was available as of July 2002), was detected more than 30 times in the first week of February, then sharply declined over the following six weeks to just five detections the week of March 22nd. That sounds like good news, but since attention to the worm waned, Slammer's hole has made a comeback, with 22 vulnerable PCs detected the week of June 28. (The research did not indicate whether the scanned computers had become infected or otherwise fell victim to the security problems, only that they were in peril.)
For the Code Red worm, the rise is less dramatic, but detectable. From the end of April through the end of June, Eschelbeck's research detected a slight rise in the average number of Code Red-vulnerable computers among the networks he scanned. Code Red first made an appearance in June 2001.
Eschelbeck theorized that IT departments are partly to blame for the resurgence of some old security problems. Computer support staff store "images" of hard drives with pertinent data, drivers, and software configurations, so they can quickly restore a laptop or desktop to the company's defaults. But often the IT department doesn't update those images to include the latest patches to the operating system or the applications. When a computer hard drive has the old image reinstalled, all the old problems come with it.
In addition, a number of home computer users didn't apply recommended security patches to their systems, so their vulnerabilities--detectable by Eschelbeck's software--remain a threat to the rest of the networked world.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
