Security & Vulnerability: Essentials uncovered

Windows How safe?

• More than 95% viruses target Windows
• Most viruses target a well known location in the Windows Registry “HKLM\Software\Microsoft\Windows\Current Version\Run”
• Most Viruses today, just need an open TCP port
• Most virus attacks are followed by a new patch fix-up
• Since 95, the world has seen 7 major releases of Windows, all unsafe.
• TCP Ports not protected. Any virus could easily create its own SMTP server or use any available port
• Unprotected Address Book & Mail folders

Terrifying figures on virus attacks

• 66,114 viruses have been detected till March 13th, 2004 & 68,470 as on Dec. 3rd 2004
• Most of these viruses were created during the last 20 years, that means 9 new viruses attack every day
• Most of these viruses were created after Internet became popular
• Most viruses have things in common: send infected messages, modify particular sensitive sections of Windows Registry, exploit SMTP and Address Book
• The world sees at least 6 major virus attacks every year.
• The entire world suffers loss of millions of dollars, loss of time, loss of delay in projects & achievements and various other unpredictable losses
• The world spends millions of dollars on securing computers, network and data, on anti virus softwares, firewalls etc.
• Most users are aware today about email attachments and to not to open them, still viruses infect their computers
• Most users have an Antivirus installed when they get a computer and update virus definitions regularly
• Most users are not sure whether their computer is reliably safe
• 20% time of working hours is spent on getting information on viruses, virus definitions and on removal of viruses
• The frequency of virus attacks is increasing year by year
• Most users have to suffer unwanted mental stress due to such attacks and interruption in businesses, exams, projects and in crucial tasks

So far viruses seem to have been winning the battle over operating system and antivirus giants

Inappropriate protection technique

• Why virus definitions rather than application definitions?
• Antivirus within Operating System or Operating System within Antivirus?
• What first security or execution? Defence or attack?
• Windows registry how much protected?
• TCP Ports how much protected?
• SMTP Server most exploited. The most favourable to viruses and spam
• Fix up to SMTP and other TCP/IP Ports or another stupid, paid solution to spam and viruses?
• No privileged access to applications and executables, in contrast to user privileges?
• Movement of file among folders another threat? i.e. a virus copies itself from “temp” to system folder

continued...

Participate the debate on Open Media