Author Archives: Jerry Gartner

Why so many Microsoft vulnerabilities?

Posted on January 16th, 2012 | 1 Comment

Microsoft BugsMany wonder why Microsoft products have so many vulnerabilities while other operating systems experience relatively low incidents of similar issues. Issues ranging from malware and viruses to problems caused by Microsoft issued patches. The answer is three-fold.

Market Share

Black Hats, (that’s the bad guys who write these nasty programs that we all try to avoid getting), want the largest exposure that they can get. It’s only natural to pick on the guy with, by far, the largest market share of software running in the world: Microsoft. Many of these malware programs target systems with the intent of some sort of financial gain. The “browser hi-jacker”, for instance, redirects all internet search queries to sites that pay the site owner every time someone clicks on a link. The more people that they infect, the more money they can make. There is also the DDoS attack. Often, this type of attack is used to extort money or to otherwise damage the victim of the attack financially. In a nutshell, this is how it works: malware or viruses containing “IRC Bots”, (or something similar), infect thousands, or even tens of thousands of machines. IRC Bots, once installed, allow a “master” to control all infected machines remotely. Once a target is picked for a DDoS attack, the master instructs all of the machines to flood the victims servers, or a specific server, depending on target details, with requests that essentially shut the server down by overwhelming it with traffic. If the victim is an online banking site, none of the real customers would be able to get through. If it is a server used by a sales or marketing department, sales and marketing staff would find the site inaccessible during the attack. This can work on mail servers, business critical database servers, you name it. As you can see, this can cause a major disruption for a business. This attack is most effective when many many machines are part of the incoming flood. For maximum effect, the natural choice of machines to infect would again be Microsoft products. The FBI recently announced that millions computers in the USA may be part of these botnets.
Continue reading 

→ 1 Comment

Posted in Featured, Security

Tagged

The Best Way to Send Email to Multiple Recipients

Posted on January 1st, 2012 | 1 Comment

Because worms and viruses are often spread through email, Gartner Technology recommends multiple recipients not be placed in the ‘To:’ or ‘Cc:’ fields when emailing several people. When you place multiple recipients in the ‘To:’ or ‘Cc:’ field, all of the recipients receive the email addresses of all other recipients - as does anyone else that your message is forwarded to.

Typically, email based viruses and worms spread by scanning all files on the infected computer for email addresses. The virus then sends itself to all of the addresses that it finds. When we place multiple recipients in the ‘To:’ or ‘Cc:’ fields all of the recipients gain a larger profile to potential virus or worm exposure. Additionally, other malicious programs, including those that generate spam use a similar technique. Once an address is in a spam database, the amount of junk email that we receive in our inboxes can increase exponentially.

A good alternative to placing multiple recipients in the ‘To:’ field is to place your own email address in the ‘To:’ field and then place the multiple recipient addresses in the ‘Bcc:’ field. This Blind carbon copies (Bcc) the email to all of the people that you want to reach without exposing their email addresses to anyone else. This approach has several benefits:

  • You get the email yourself so you can confirm that it went out
  • You reduce potential exposure to viruses, worms, and other malware
  • Some anti-spam algorithms mark multiple recipients in the ‘To’ and ‘Cc:’ fields as spam and therefore some of your intended readers may never see the message
  • You keep confidential the identities of those recipients in your distribution list.

Setting up a mailing list also has similar benefits, additionally allowing for easier organization and administration of the list. Check your email software’s help for information on BCC and mailing lists. It’s easier than you think!

→ 1 Comment

Posted in Featured, Security

Tagged ,