Under the Desktop: Wishing for a Secure New Year
With New Year's Day just a couple of weeks away, there's still time to add an item or two to the resolution list of every content-creation professional. At the top of your list should be an increased concern and action to prevent the spread of computer security vulnerabilities (viruses and worms).
Over the past year, I've grown increasingly disturbed by a curious lack of interest in computer security among creative professionals. I simply don't understand it.
One example: A short while ago I was contacted by someone who had received an infected file from a content professional. Okay, so who hasn't at one time or another?
Now, this message could have been an occurrence of a worm that checks your address book or contact history file and then sends out fake e-mails. But no, this was a graphic file that the designer meant to send. It was infected. And he didn't know it.
Checking with the sender, I discovered that while he had purchased antivirus software for his PC, he never bothered to update it. In addition, he hadn't run the regular basic security patches available from Microsoft for his Windows software.
For the most part, his response was that he was much too busy to be bothered with the lengthy downloads and the installation process needed for these updates. Of course, with each patch delayed, the greater the download time that would be required to bring his system up-to-date. What once would have been a short delay kept growing until it would take many many hours to correctly install the updates.
"Who does want to bother installing these patches? It's utterly unproductive," said security author Larry Seltzer, the editor of eWEEK.com's Security Center. "And I don't blame people for resisting them, but everyone's been warned by now."
According to Seltzer, there are a number of issues relating to security and worms. First, is the worry that your intellectual property could be stolen, or the property of your clients. Although this possibility is fairly remote, he agreed.
On the other hand, he said, there are a lot of "idiot vandals out there who like to bust into people's machines." These crackers want to use your computer to serve files or send out spam and other malicious practices. This is often referred to as a "proxy."
Seltzer warned that these attacks may sound a bit far fetched to most people. "But you don't want it to happen to you. Insecurity happens to ordinary people. Assuming that you will be the one to fly under the radar is risky."
That Insecure Feeling
Now, that content creator I referred to isn't the exception. I've talked with a number of content creators who've copped a what-me-worry? attitude when it comes to security. Or, would it be better to say that, in their negligence, they are avoiding their responsibility to the entire community of computer users?
This designer's action, or inaction, is partly responsible for keeping the cycle of Internet attacks in motion. Each person who uses Internet resources (in other words, everyone) must be responsible for making sure his or her system is patched properly and running the latest antivirus software, even if that means installing a patch every day or two.
At the same time, all Internet users -- even content creators -- need to be running some form of active protection against attack and the spread of malicious software. This means installing and maintaining a firewall.
Sometimes, it's difficult to tell the correct course of action. For example, virus writers can make it tough by spreading fake announcements (see Figure 1).
Figure 1: This HTML e-mail pretended to be a Microsoft security bulletin but was really from a virus attacker. Ouch. Microsoft offers some tips on how to tell the difference on its Security & Privacy site.
In addition, some people would like to think that it's someone else's business, like Microsoft. They would point to its recent announcement of an Antivirus Reward Program, with a $5 million kitty. While it's nice to think that this bounty may bring some virus and worm author to justice, it's really only a small part (or really no part) of the solution.
The answer to the problem of security belongs to each us, not with some outside agency or company. What is required is for all computer users to heed the warnings and act appropriately.
Mac Users Included
In the past, content creators running Classic Macintosh systems have mostly been able to ignore the increased threats surrounding security. Mac viruses and worms are mostly non-existent and it has been a long while since a serious vulnerability has presented itself. The most troublesome problems have been some cross-platform bugs from Microsoft applications.
However, this situation changed with the introduction of Mac OS X. The applications and services underlying Mac OS X are based on Unix and are just as vulnerable to malicious attacks as any other Unix or Linux machine. Some industry observers have taken great glee in this fact.
Still, the climate of attacks remains much less on the Mac platform and Mac OS X comes with a robust firewall built in. In the Windows world, when a vulnerability is uncovered, many crackers around the world move to take advantage of the security hole. This happens on every few days.
However, unlike their Unix-savvy counterparts, many OS X owners have grown used to the low security awareness required with the Classic Mac platform. Many users are complacent and haven't adjusted their thinking to the realities of the new operating system.
Apple offers a convenient update service for OS X through its Software Update application (see Figure 2). I suggest that all Mac users set the program to check for updates daily.
Figure 2: You can check for updates on a daily, weekly or monthly basis in Software Update as well as download the updates in the background. Daily is best, even if it means a restart as will be the case here.
I admit the security situation can be discouraging, whatever the platform. Still content creation professionals must make an effort to increase their awareness of security and incorporate this into their workflow.
As the medieval sage Ibn Gabirol stated: "I have tasted everything, and found nothing as bitter as begging." For your sake and mine, just add computer security to your New Year's resolutions.
Read more by David Morgenstern
Liked This? Read These!
For several weeks, Adobe has known about problems in Adobe Reader and Acrobat that can crash the apps and even allow an attacker to take control of your computer. In Security Bulletin APSB10-15,... Read More
Yahoo! Inc. (Nasdaq:YHOO), a leading global Internet company, and Symantec Corporation (Nasdaq:SYMC), the leading security software company, are partnering to offer Internet security services to... Read More
Adobe found itself in hot water last week when it announced its plan to help users overcome a security flaw in key Creative Suite 5.5 applications. The solution? Upgrade to CS6. The applications... Read More