Sunday, May 04, 2014

Sci-tech watch, 17: Are there now 250,000 new computer viruses per day? (A James Lyne TED Talk on handling today's cybercrime, viruses etc . . . with a warning on why the nearly 25% of PCs in the world still using it should move on from Windows XP. )

In following up on the Heartbleed Internet Explorer security scare (cf. here, updated with the patch), I ran across an article and TED talk by James Lyne,"Global Head of Security Research for Sophos, one of the worlds largest security companies." The video is sobering:



And yes, it shows how hacking is now a marketplace with applications and all the trimmings, including adverts and even tech support. Yes, tech support for malicious code and cyber attacks. Oh, yes -- fake anti virus scare you into downloading the virus software, too. (You will love the part on giving you a list of fake infections to be fixed.)

Lyne also cautions in the article:
Microsoft Windows XP is no longer supported which means you don’t receive patches for security problems (or any other problems) that may impact your system. Unfortunately it is estimated that nearly 1/4 of PCs worldwide are still using the platform (though hopefully dropping off quickly) . . . . 

Let me make it plain and simple for anyone still on XP. Microsoft of course has commercial and product motives for wanting you to move on to Windows 7 or 8, but from a security perspective they just aren’t wrong. Windows 8 is an operating system with in excess of 10 years of architectural and security enhancements over XP. The number of vulnerabilities in applications may not be reducing (and the quality of code sometimes can be staggering) but I speak from first hand experience when I say that turning such a fault in to a useful, working exploit to attack a system is significantly harder on Windows 8.1 than on Windows XP . If you haven’t planned your migration already you should do so now and for enterprises and SMEs make sure you think beyond the desktops and laptops – do you have printers or ‘embedded devices’ which vendors need to update or replace too?
So, use the XP operating system  only under warning. And' don't count on its security. (Though, with those numbers it is likely that third parties will probably issue unofficial patches etc. But that is different from Microsoft doing so.)

I suggest as well, keep an eye out on the trend to diversify operating systems, e.g. I have recently seen all-in-one desktop "super-tablets" on Amazon that use the Android operating system. Which, being LINUX-based, effectively a version of UNIX, is inherently quite secure.

But in truth, as the wife of a hacker mentioned in the TED talk demonstrated, no computer system is more secure than its user. (And no, it's not just emails about being widows of Bank Presidents that we need to be concerned about, e.g. think twice about what you put up online in social media. For instance pictures you upload may give the GPS co-ordinates of where you are to within about two cricket pitches [~ 50 yards] distance . . .  -- as the TED talk brings out. Yes, take time to watch.) 

Sobering and eye-opening.  END