As anti-malware technology has improved, programmers who create malware have changed their tactics. The internet remains the most likely attack vector for these annoying and destructive programs. While firewalls and anti-virus programs provide a formidable defense, they can be bypassed via your web browser and its associated programs.
Internet Explorer 8 & 9, for all their faults, are Microsoft’s most secure browsers to date. Therefore, malware programmers have taken to attacking add-ins such as Adobe Reader, Adobe Flash and Oracle Java. Adobe’s and Oracle’s products are probably best known for their constant update reminders. They exist for a reason, and are important.
Reader and Flash enable website publishers to standardize document distribution and animated pictures across a variety of web browsers and computer platforms. Java plays a similar role in allowing web pages to interact with a user. Unfortunately, Adobe and Oracle were caught flat-footed when malware programmers began to focus on exploiting their products.
In the past a user had to click on a bad web link, or download and run an infected file in order to place his computer at risk. A new form of “drive-by” attack has become possible by using security flaws in Reader, Flash and Java. A user can now simply go to a legitimate website containing a compromised element that uses one of the previously listed programs and infection becomes automatic.
At present, the best defense against these sort of attacks is to keep your operating system, virus scanners and web-facing software up to date. While it is inconvenient to install software updates from various publishers on a near weekly basis, the alternative is to risk costly downtime to remove a virus.
As of this writing, Adobe Reader is at version 10, Adobe Flash is at version 11 and Oracle Java is at version 6, update 30. Look for and remove older versions of these programs manually before downloading the latest updates. Once installed they will update themselves automatically going forward.
Pick a time such as lunch or end-of-day to look for the update icons from the programs mentioned above and allow them to proceed. A few minutes of waiting for installations and system restarts will be repaid with longer periods of uptime.
Here are links to the official sites for Adobe and Java:
R.O. Anderson Engineering offers various IT services, including anti-spyware, anti-malware, remote support and monitoring of client’s computers using ESET and LabTech software packages. Go to http://www.roanderson.com/solutions/information-technology-solutions/ for more information.