According to Bruce Schneier in the September issue of his newsletter Crypto-Gram The NSA and the British counterpart the GCHQ are engaged in a worldwide port scanning operation in order to find vulnerable computers that can be recruited and turned into an ORB, or Operational Relay Box. Basically our government is creating large “standing armies” of botnets that can be used to attack our “enemies,” real, imaginary, or otherwise.
The issue for business or personal computer users is this: if you are running a computer system that has one of the following shortcomings, you are probably available for conscription into this cyber-army.
- You are running a computer that uses Windows XP, Windows 2000, or earlier Windows operating systems. These unsupported older Windows systems are no longer being patched by Windows Update for security vulnerabilities.
- Windows Server 2003 is scheduled for end of support next year on July 14, 2015. This system too will become an available target. The solution is to upgrade to a newer server OS.
- Not running Windows Updates. If you are one of the people who insists that Windows Update causes problems and therefore you don’t keep your Windows systems properly patched, you are actually creating vulnerabilities that open you to attack.
- No security software. Ditto if you have decided to run your computers without a decent security software solution because they make you computer run too slow. If that has been your experience, try a product from someone other than Norton/Symantec or McAfee. Our recommendation is AVG Internet Security, but there are other products out their that do their job without providing unnecessary drag on system resources.
- I have security software, but do not run updates or scheduled scans. I have seen this often enough to know it is common. Some security products install with schedule scans turned off by default, or with only a weekly “quick” scan enabled. Ideally, you should be taking security updates automatically, and running daily quick scans and a weekly full scan. Anything less leaves room for a hijack to occur, and once they are in your system, it is trivial to disable your security suite.
If you are thinking that the patriotic thing to do is let the government recruit your computer, please remember that if the government can get in, so can the legion of cyber-criminals that are a large on the Internet these days. All these folks want to do is steal your money, one way or another. Cybersecurity has never been more important than it is now, and today is a good day to start on a program to tighten security in your organization.Share