In the war against malware the bad guys sure seem to be winning. Some might say for good reason too. Who of us hasn’t been bitten by a nasty bug costing us time and money to sometimes even our identity? It seems a never ending battle and while it is indeed ongoing there is one tool available to every Windows user in the world to help protect themselves against unwittingly hosting the next big threat. I’m talking about Windows Update.

Conficker

Remember earlier this year when the news threatened some new super-virus known as “Conficker” was set to cause major issues on April 1st? It’s not worth getting bent out of shape if you don’t. Most people didn’t even know about it which is, sadly, part of the problem to begin with: that the computer using public doesn’t pay enough attention to matters of security that affect them every day. At the risk of over-simplifying the matter many news agencies reported [correctly] that Conficker was set to receive a major update on the 1st, an update intended to make it significantly more fireproof and nearly impossible to stop. Emphasis on nearly. The unintended consequence of this reporting was a near-panic response from uninformed users who thought their computing world was at risk. Some were justified, most weren’t.

Users who paid attention knew that despite Conficker’s significant update on April 1st, there never really was an increase in the base threat to their security. Why? Because they knew that Microsoft had already fixed the problem BEFORE Conficker was even released. In truth, the authors of Conficker specifically waited for an exploitable hole in Windows to use as an attack vector because they knew the percentage of up-to-date systems across the globe pales in comparison to those that remain unpatched for extended periods of time. This pattern of hackers waiting for Microsoft to release a patch before they release their exploit has come to be known as “Exploit Wednesday”, a referring to the days following Microsoft’s “Patch Tuesday”.

A Google search on Conficker reveals links to both Microsoft’s knowledgebase article wherein one finds the details of the exploit as well as links to the Conficker Working Group’s timeline showing when the virus first appeared. If you compare the release date of the MS08-067 update (Oct 23rd, 2008) with the date Conficker first appeared (Nov 21st, 2008), it isn’t hard to miss the obvious:

Users who followed through with their Windows Updates when they should have were never at risk of infection from Conficker.

This is significant… epic in fact. While people were freaking out in March, security professionals knew they were safe because they did their updates when Microsoft released them nearly five months earlier. It was the world’s unpatched machines we were so worried about! To date, estimates of Conficker-infected machines range in the 10s of millions for an issue that was fixed before the virus was even released.

Windows Update

As Microsoft continues to improve the quality of their products they release regular security patches via Windows Update. These patches are released on the second Tuesday of every month, earning it the catchy title “Patch Tuesday”. There arises however, from time to time a situation where Microsoft releases a patch outside of this regular monthly schedule. These oft critical out of band updates may come at any time, usually in response to a serious threat.

Windows Update comes enabled by default on all new computers and checks daily for both scheduled and out-of-band updates. In fact, chances are the computer you’re sitting in front of right now has a notification in the bottom right corner of your screen telling you there are updates for your computer. All you need to do is click on it and follow the on-screen instructions. I can’t stress this enough, DO YOUR WINDOWS UPDATES!

At E-Z-TECH Computers Inc. we rarely see infected machines with the latest security patches. The ratio of updated to non-updated infected machines lay heavily in the latter and it never ceases to amaze us how often users choose to ignore Windows Updates and wonder afterward why they got infected. One would think that with all the personal information we store electronically (it’s always more than you think!!) that we’d be more concerned with keeping it safe.

So be smart! Learn from past experience or even better, from the experience of others and do your Windows Updates. Your security is your responsibility; no one can do it for you! My family has been doing updates faithfully for many years and that combined with good user habits has kept us virus free for many years. This is in spite of the fact that I don’t run an antivirus product and frequently handle viruses for study.

Sven Thomas
Network Specialist
E-Z-TECH Computers Inc.