One new area where security companies expect attacks to develop is in instant messaging. There have already been some minor efforts at this, but Im not as sure that this will develop into a major problem. All traffic on the major IM networks flows through central servers, an obvious point to monitor for attacks, and security products have begun to monitor these channels. Still, its a tempting target for attackers, especially for those targeting kids. There have already been several worms that attack through IRC (Internet Relay Chat), but because this is not a centralized service, its a far easier target. The good news is, as eWEEK Labs predicts, that if youre conscientious and intelligent about it, you can protect yourself against all of this, or at least a very high percentage of it. In almost every case, IT departments had a minimum of several weeks between the release of a patch and the release of the exploit. (In fact, ironically its often the patch that drives the exploit, as attackers reverse-engineer the patch as a quick and dirty path to the exploit.) Even if they dont always keep up to date because its tedious and users resist it, IT personnel know that services at all levelsespecially the desktop itselfshould be locked down except where necessary. Now even Microsoft is learning this lesson.But like most improvements built only into new versions of Windows, these will take years to have a significant impact. Consider what happened with mail clients: In the wake of Melissa and ILOVEYOU, the two pioneering mail worms, Microsoft imposed severe lockdown restrictions in its mail clients, blocking API access to the address book without explicit user permission and stripping all executable attachments. For years now, the only users subject to the most successful mail worms are those running non-Microsoft clients and old, unpatched versions of Outlook and Outlook Express. I actually expect the worm problem to abate slowly over time as a higher and higher percentage of consumers move to new computers with newer mail clients; most business users have some protection at the gateway, even if they continue to run old, vulnerable mail clients. Next page: The War Against Spam
Over the past several years Microsoft has been dragged, kicking and screaming, into the lockdown paradigm, and this will develop further with Service Pack 2 of Windows XP and Service Pack 1 of Windows Server 2003, both of which were announced at the recent Microsoft Professional Developers Conference and should hit the streets in 2004. Despite a sincere effort to make Windows Server 2003 secure out of the box, it wasnt too long before the RPC buffer overflow bug and subsequent Blaster worm showed that even the 2003 version was too open. But the new service packs, if theyre everything Microsoft has indicated, could help a great deal. For the first time, new Windows computers in default configuration could be impervious to any attacks they are likely to meet.