JD @ myITforum.com

McAfee reports 700% increase in Rootkits

McAfee published the first of a series of whitepapers on rootkits. The following is an excerpt from their website.

"Comparing the first quarter of 2006 to that of 2005, we have witnessed an increase by 700% of the number of rootkits submitted to McAfee AVERT Labs. Our numbers further show that rootkits are getting more sophisticated and that rootkits have moved from Trojans into malware and Potentially Unwanted Programs. Follow the "Learn More" link for a copy of the paper."

Learn More

Microsoft Security Updates 11APR06

McAfee.com Updated

Let The Microsoft Bashing Begin..

Let The Microsoft Bashing Begin...

I say that, because I fear that it is coming. I suspect that we will start to see a flurry of articles blasting Microsoft on next Tuesday's Updates for Internet Explorer. Anytime there is change, there are folks that will cry bloody murder, and forget that change is inevitable, and that the attention should be focused on dealing with the change. Microsoft is changing active X capabilities in Internet Explorer. A good write-up of the changes and the reasons prompting the change can be found on Microsoft's Security Response Center Blog. 

I hope to see articles explaining how to deal with the changes, rather than blasting Microsoft, but I know the latter is the most probable outcome. I have already seen emails by vendors that are using very strong language suggesting that customers do not apply Microsoft patches. One vendor stated "THIS COULD ADVERSELY AFFECT ANY APPLICATION FROM ANY VENDOR".

So what can you do?

Here is what Microsoft Recommends for Enterprise Customers:

o       Test the ActiveX change that we shipped on February 28^th.

o       Deploy the cumulative IE security update when it ships.

o       If you have concerns about application compatibility with the ActiveX change, then deploy the compatibility patch to temporarily revert back to the old behavior for Active X.  I STRONGLY advise that you NOT use this patch if you can avoid it, but if you do use the patch, as soon as you fix your application, remove the patch so that you can be sure that your applications work with the new ActiveX functionality.

o       Know that starting in June we really will not be supporting the old ActiveX behavior.

It is of my opinion, that testing should be the priority here, and that you should alert application owners within your organization, to utilize the patch that Microsoft made available to developers on MSDN on February 9, 2006. This includes applications created by vendors as well as any applications created internally. If you have a team that normally tests patch(s) for compatibility, they may want to solicit the help of all application owners as this change could affect a wide variety of applications.