Tuesday, May 23, 2006

Rootkits wreck havoc. Or do they?

The AusCert annual computer crime survey has some very alarming statistics: One in five corporate networks and twice as many public sector systems are infected with rootkits.

That's a serious statement. A rootkit is a set of files that hides itself deep in the system and is very difficult to find, they are often installed by spyware or hackers to take control of a system without the user knowing. One of these on your system means you have been bad infected with a virus, spyware or something much worse.

Personally, I don't believe a word of it. Given most corporate networks have some degree of security, if 20% of them were infected we'd be seeing 50% of home systems likewise affected. Tens of thousands of Australian computers would be pumping out spam, attacking the Pentagon and being a generally nuisance.

I suspect the replies to the survey have been misinterpreted. Many system administrators might have said "yes, we've had a virus infection" because they found a few java.byte trojans in a contractor's Mozilla cache. Either way, it's a silly and hysterical statement which the media thankfully hasn't picked up.

Mind you, I might use it in our market to scare up some work.

Only joking. Maybe.

Beating the Microsoft Word bug

Microsoft have warned of a serious bug in Word 2003 that is being exploited by a Trojan horse. Apparently one large US organisation has been targeted by it. Microsoft recommend only opening word attachments in Word Viewer.

This might be an opportunity to switch to sending attachments in PDF format. This is a far more secure and compact way of sending attachments. The free CutePDF is one of our favourites or you can buy a commercial product like Adobe Acrobat or PDF Factory.

Another alternative is to switch to Open Office or another office substitute. While the alternatives are good, they are not always compatible with all the features in MS Office. This is particularly true if you use the tracking features in Word.

If you need to exchange Word documents for editing, we'd recommend setting up a Restricted User account on your computer and doing your work in that account. Naturally you should have a firewall and an up-to-date antivirus. Being careful about who sends what is also important.

To date, it appears this exploit only works in Word 2003. Unfortunately we have no further details of the exploit or how to work around it. For the meantime you should be very careful about what you open.