Thursday, April 21, 2005
Questions to ask about a security risk
Do you ever get the feeling that everything gives you cancer? Newspaper headlines are good at telling you that things are dangerous but they suck at telling you how dangerous.
Do you ever get the feeling that computer security threats are showing up every day? It's the exact same problem. You're more in danger from some things than from others. I see dozens of security vulnerability reports every day and try to pass along only the most dangerous ones that affect the most people.
If you run a computer you have to assess risks and decide what's worth protecting against. You can leave that decision to Microsoft and rely on their updates to fix the most important things. You can run away from the Internet altogether, like some of my relatives -- but then you miss a fantastic wealth of resources. You can trust everybody, in which case your computer will be wrecked quickly. You can get a custom-made risk assessment for your specific needs from an expensive consultant. Or you can ask yourself a few simple questions.
Does this even affect my environment?
Let's start with an example. Microsoft has a bug in which previewing a file might take over your computer. But the report says it affects Windows 2000. If you run XP, you may be able to ignore that bug report (unless more news comes out).
Is this problem "local" or "remote"?
Want to turn a room full of security people into a passionate argument? Ask them to define the difference between a "local" attack and a "remote" one. It's close enough to say that you want to know whether a stranger on the Internet can attack your computer. The previewing vulnerability is more local than remote. The mischief only happens when you do something on your computer, even if the nasty file did come from a stranger on the Internet
Will my existing precautions prevent harm from this new threat?
If you only download files from trustworthy sources then the previewing vulnerability shouldn't affect you.
Is there a workaround?
In other words, can you make a change that will prevent harm until an official security patch comes out? In this case, yes. Security firm Watchguard quoted the discoverer of the problem as saying you can go to Tools/Folder Options and choose "Use Windows Classic Folders"
So there you are. Unless you collect photographs from the web you're at low risk and if you do you can still protect yourself.
The previewing vulnerability is an example of the kind of thing I normally don't write about, but it made a good example of how to do a risk assessment.
|
Do you ever get the feeling that computer security threats are showing up every day? It's the exact same problem. You're more in danger from some things than from others. I see dozens of security vulnerability reports every day and try to pass along only the most dangerous ones that affect the most people.
If you run a computer you have to assess risks and decide what's worth protecting against. You can leave that decision to Microsoft and rely on their updates to fix the most important things. You can run away from the Internet altogether, like some of my relatives -- but then you miss a fantastic wealth of resources. You can trust everybody, in which case your computer will be wrecked quickly. You can get a custom-made risk assessment for your specific needs from an expensive consultant. Or you can ask yourself a few simple questions.
Does this even affect my environment?
Let's start with an example. Microsoft has a bug in which previewing a file might take over your computer. But the report says it affects Windows 2000. If you run XP, you may be able to ignore that bug report (unless more news comes out).
Is this problem "local" or "remote"?
Want to turn a room full of security people into a passionate argument? Ask them to define the difference between a "local" attack and a "remote" one. It's close enough to say that you want to know whether a stranger on the Internet can attack your computer. The previewing vulnerability is more local than remote. The mischief only happens when you do something on your computer, even if the nasty file did come from a stranger on the Internet
Will my existing precautions prevent harm from this new threat?
If you only download files from trustworthy sources then the previewing vulnerability shouldn't affect you.
Is there a workaround?
In other words, can you make a change that will prevent harm until an official security patch comes out? In this case, yes. Security firm Watchguard quoted the discoverer of the problem as saying you can go to Tools/Folder Options and choose "Use Windows Classic Folders"
So there you are. Unless you collect photographs from the web you're at low risk and if you do you can still protect yourself.
The previewing vulnerability is an example of the kind of thing I normally don't write about, but it made a good example of how to do a risk assessment.
# posted by Frederick @ 8:13 PM Email to a friend:
Haloscan: they provide trackback