ESecurityGuy
USER: Visitor
PRINT PAGE
Home > Free Security Articles > Resource Articles > Default Software Installs February 5, 2012


Free Newsletter
Free Security Articles
Free Security Software
Free Security Tools

Security News

Feedback Form

Site Map


Username

Password

Click here to register.

Article

Installing Software is a Risky Business

Beware! That software you have just installed on your computer is probably not secure -- not secure at all. Most Microsoft, Linux and UNIX software used by businesses does not have adequate security features, and the small amount of software that does have some security features doesn't have it enabled after its been installed.

Microsoft seems to be a big target for security problems. They've had a special hard-core security initiative for over a year, and have released a new version of their Windows software with "enhanced security." We're talking about Microsoft's Windows 2003 Small Business Server. It does come with a build-in firewall and many claims about its enhanced security stance.. However that firewall is not properly configured as shipped. According to Windows Magazine the "firewall" exposes dozens of services on the server to external attack.

Even once an expert has properly configured and enabled this Microsoft supplied firewall it still won't do the job -- it doesn't have many of the features considered essential by computer network security professionals. Features such as logging capability are missing, services such as IIS, which should be optional, are enabled and are open to attack on dozens of ports themselves. The lack of logging makes it impossible to determine when attacks are underway, what types of attacks have occurred and impossible to do any type of forensic investigations. The dozens of open ports make the server highly vulnerable to attack. Truly amazing.

Software Must Be Reconfigured After Installation

Most commonly used software does not have appropriate security restraints when installed. This includes:

What To Do

  • Read all security warnings concerning software you are installing
  • Immediately upgrade or patch any installed software
  • Perform regular automated and manual security audits of all computers
  • Perform a security audit of any machine which has recently had software installed
  • Change all passwords for all accounts created by installed software
  • Restrict all software's access to the local network, or the Internet, to an as-absolutely-needed basis

The bottom-line? Don't trust newly installed software -- even firewall software. Often a false sense of security is much more dangerous than knowing that you are exposed.



Free Computer Security Newsletter
Your email address:

Your name:

Listen to Craig on ClearChannel radio every Saturday from 6 to 9am on WGIR, WGIP and WGIN. Visit WGIR

© Copyright 2003- 2007 DGKL, Inc. PRINT PAGE