Written by Daniel Mundy | 10 November 2008

• Forefront Client Security
• ISA Server 2000
• ISA Server 2004
• McAfee
• Symantec
• Trend

 

• Virus & Spyware Cleanup Tips
• Stopping Brute Force Attacks to the FTP service in IIS
• Use a Technology Risk Checklist when doing security audits
• Writing an effective security policy
• mxlogic - hosted antivirus / antispam

Dumbed Down version of Web Page Security Risks

Thanks to Susan Bradley, I really liked her analogy:

As Steve Riley says, TCP/IP was built without security in mind. We make a handshake with a web server and it's like shaking hands with a stranger that has a head cold and has just wiped his node.

You don't really know what that web server has done before you connect to it. You don't know their security posture. Whether it just got owned by an attacker, or whether the banner ad in the top is malicious. Microsoft often says "don't surf to untrusted sites" - but really we shouldn't be trusting ANY site!

Any site does have the potential to send us a handshake and infect us with the Computer version of the common cold.

What to do? Just like in Cold and Flu season one can get a flu shot and prevent the worst of it, software patching is a monthly flu shot. Having anti-virus and anti-malware is vitamin C. Being aware of the web sites that have a potential for being hacked into to be made malicious is another (gambling, p_rn, gaming, etc).  Just like when you avoid people that have obvious colds, use services like www.opendns.com to filter out the potential for computer germs.  Running your computer without administrator rights is equivalent in my book to walking around with a mask and rubber gloves on when you shake hands with web sites.

But make no mistake, this isn't the security industry opening up more holes in our system, this is Microsoft ensuring that we just gotten another booster to our flu shot.