Hallo du,
BE IN DER KNOW!

35,000 Ransomware-Infektionen pro Monat und Sie immer noch glauben, Sie sind geschützt?

Melden Sie sich für:

  • Warnungen
  • Nachrichten
  • frei, wie zu entfernen Führer

der neuesten Online-Bedrohungen - direkt in Ihren Posteingang:


Gerätesicherheit, Sicherheitslücken, und Windows

update-System-Health-stforum

Persönliche Sicherheit beginnt in der Regel mit dem Gerät. Je mehr unsicheres Geräte sind da draußen, desto besser ist der Mechanismus hinter Datenschutzverletzungen und Malware-Infektionen. So, wenn Sie möchten, um sicher zu sein und Ton, beginnen Sie mit Ihrem Gerät.

Device Security and Operating Systems

Microsoft’s operating system has quite the user market share. Maybe that’s one of the reasons Windows gets in the way of cyberattacks that often. Or maybe the intensity of successful attacks on Windows is due to running an outdated version of the OS?

To answer these or other questions or just for the sake of the analysis, Duo Security examined more than two million devices, more than half of which were running on some version of Windows.

duo-102016-1

Researchers then discovered that 65 percent of the Windows devices were running on Windows 7, which is susceptible to more than 600 security vulnerabilities.

This is not the worst part. Tens of thousands of machines are still using Windows XP. Windows XP was released in 2001. This fact alone means multiple attack scenarios literally made available by hundreds of vulnerabilities. Many of those flaws are of critical character.

There are many reasons why a company would prefer an older OS over a newly released one

The most obvious reason is the cost and time needed to update each computer and software in an organization. In einigen Fällen, the software the company is running may not correspond to later operating systems and environments, als erklärt by Ajay Arora, CEO of Vera.

verbunden: Industries verbringen werden $101.6 Milliarden in 2020 für Security Solutions

The expert also believes that if companies continue to choose Windows 7 over later Windows versions, they need to consider security software that covers the lacking features like default disk encryption. "It comes down to, spending the money to address the underlying issue of using an operating system with weaker security, spending money to update the operating systems, or spending the money to secure the thing you are trying to protect in the first place; the data itself,” Arora says.

The biggest problem nonetheless is the continuous disclosure of new vulnerabilities. Erst vor kurzem, Google’s Threat Analysis Group disclosed a set of zero-day flaws in Adobe Flash and Microsoft Windows kernel. This set of flaws has already been exploited in the wild against the Chrome browser.

Adobe were able to quickly update Flash against the CVE-2016-7855

Leider, the Windows kernel bug is still unpatched. In a post from October 31st, Neel Mehta and Billy Leonard from the Threat Analysis Group say that:

Nach 7 Tage, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released. This vulnerability is particularly serious because we know it is being actively exploited.

The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.

What Are Some Good Security Tips?

Duo security researchers advise the following, and we agree:

  • Use modern browser platforms that are more secure or go for browsers that are updated more frequently and automatically;
  • Never underestimate the power of security updates and emergency patches;
  • Consider using device encryption, passwords and fingerprint ID;
  • Consider using a two-factor authentication solution to protect systems and data;
  • Disable Java and prevent Flash from running automatically on corporate devices;
  • This practice should go for user-owned devices through endpoint access policies and controls.

Milena Dimitrova

Ein Schriftsteller inspiriert, auf die Privatsphäre der Nutzer und Schadsoftware konzentriert. Genießt «Mr.. Robot "und Ängste" 1984 ".

Mehr Beiträge - Webseite

Auf Facebook teilen Teilen
Loading ...
Empfehlen über Twitter Tweet
Loading ...
Share on Google Plus Teilen
Loading ...
Share on Linkedin Teilen
Loading ...
Empfehlen über Digg Teilen
Teilen auf Reddit Teilen
Loading ...
Empfehlen über Stumbleupon Teilen
Loading ...
Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.