Saturday, April 09, 2005
I was afraid of this. Watch for fake Windows updates.
The old quote is
I'm a security consultant. I look at things and ask "what could go wrong?".
Bazillions of people visit the Windows Update web site and trust it to change system files on their computer. It was only a matter of time until bad guys made it a target.
The actual Microsoft web site is just fine, don't worry, but always go there yourself and don't trust anyone else to take you there.
Long ago, spam went around that pretended to be from Microsoft with a "security update" attached. Microsoft does not send people programs in attachments. The spam that went around recently, which I'm sure will attract copycats, is more subtle. It pretends to be from Microsoft and gives you a link to follow to get the "security update". The link looks like it goes to Microsoft but doesn't.
What is safe, until the next refinement by the bad guys, is to do your updating by clicking the Start button and choosing Windows Update. Also, be suspicious of updates that don't happen on the second Tuesday of the month. The rare emergencies when Microsoft releases an unscheduled security update will be mentioned in the press.
|
Some people look at things as they are and ask "Why?". I look at things as they might be and ask "Why not?".
I'm a security consultant. I look at things and ask "what could go wrong?".
Bazillions of people visit the Windows Update web site and trust it to change system files on their computer. It was only a matter of time until bad guys made it a target.
The actual Microsoft web site is just fine, don't worry, but always go there yourself and don't trust anyone else to take you there.
Long ago, spam went around that pretended to be from Microsoft with a "security update" attached. Microsoft does not send people programs in attachments. The spam that went around recently, which I'm sure will attract copycats, is more subtle. It pretends to be from Microsoft and gives you a link to follow to get the "security update". The link looks like it goes to Microsoft but doesn't.
What is safe, until the next refinement by the bad guys, is to do your updating by clicking the Start button and choosing Windows Update. Also, be suspicious of updates that don't happen on the second Tuesday of the month. The rare emergencies when Microsoft releases an unscheduled security update will be mentioned in the press.
# posted by Frederick @ 6:55 AM Email to a friend:
Haloscan: they provide trackback