skip to main |
skip to sidebar
I'm going to step aside from my normal patching discussions and talk about what happens when you do get attacked with malware that exploits a vulnerability. When a nasty program exploits an unpatched vulnerability, there are always mitigating factors that can help limit the impact. One of the big ones is that the exploit usually runs in the security context of the account which it attacks/is run against. Security vendor BeyondTrust looked at the 154 Microsoft vulnerabilities published in 2008. They found that 92% of all vulnerabilities had their impact mitigated or were rendered completely harmless when the user was running with no elevated privilege (normal user rights). Obviously this is a report from a security vendor selling software that helps manage user rights... but the breakdown for 2008 is striking, indicating that running as non-administrator at least mitigates:
- 94% of Microsoft Office vulnerabilities reported in 2008
- 89% of Internet Explorer vulnerabilities reported in 2008
- 53% of Microsoft Windows vulnerabilities reported in 2008
That makes sense when you realize that the first two categories are just applications. They're very specialized, widespread and extensible applications, hence the risk. Ultimately, however, they're running at the user's privilege level. Even though the OS itself is somewhat less protected-- many of the juicier exploits will run at the System context or elevate privileges-- 53% mitigation is still pretty good.
Here's my beef with Microsoft in this regard. We all know that running in the least level of privilege is the safest and these numbers add good ammunition to that argument. While Microsoft has made great strides in allowing the user to elevate their privilege on some actions in the "XP era" and later, getting the ability to universally change security context on the fly eludes them. *nix with sudo and the standard GUI security elevation method of OS X both have serious problems, but they're a lot closer to right. Windows 7 will certainly continue the slow progress in this area, but at some point Microsoft ought to do better.
I know this seems like a mundane task that most of us are admonished to do on a regular basis, but it really does need to be repeated: Blow your computers cases out once in a while, especially if they get dusty.
We all know that heat sinks and fans lose their effectiveness when dusty leading to potential overheating, but there's a worse possibility. I ran into a system last week that had dust bunnies in it-- nothing out of the ordinary, except that one of them had lodged itself into the video card's tiny fan. The user reported a blue screen indicating video driver failure. I was busy and asked him to reboot since this was a first time thing. He came back shortly after reporting that it happened again, and now the system couldn't POST. A single dust bunny had lodged in a tight fan, causing the fan to jam, burning out the motor. The video card (a Quadra, unfortunately) then overheated to the point of death. Odd stuff like this can absolutely happen, without showing general signs of overheating.
To be fair, the opposite is true. It's possible you might dislodge some conductive dust which might land in an inopportune spot, causing problems. That can typically be fixed pretty easily with a second cleaning. A burnt out video card, northbridge, etc. can be a lot more costly.
OK, I'll admit the blog has been quiet of late. 2+ weeks without an update is inexcusable, so I might as well give the excuse. I was finally able to get an early Christmas present of a new Xbox 360. There's a tremendous back-catalog I'm going through now. Combine that with a fervor to finish out the last few PS2 games before the platform quiesces in January and a few other fun projects on the side, I would be busy enough...
But alas, I've been sick twice in the last month and on top of that slammed at work. I'll try to do better in future. In more fun news, Core i7 has been overclocked to 5510 MHz!!
Posts
