Auto-Update Good or Bad
In this paper I would like to bring light to an area of security that most people do not think about or maybe have blind trust in this aspect of security. What I am talking about is software with Auto Update functions.Most of us think about windows when you hear the term "auto-update" but there are a lot of different kinds of software that has auto-updates and some times it is enabled without your knowledge. Now auto-updates features can be very helpful to non technical users and when it comes to windows or other OS's it is very important to have your auto updates on. The problems with auto-updates starts when the software makers use auto-update functions to push updates in an unsecured manor. I have herd reports from many sources (one was from www.sploitcast.com) that some games are using peer based networks for updates, kind of like a torrent with the update files coming from other clients computers. This issue here is that if someone with malicious intent decided to inject malicious code into the update they could build a very large bot-net or just about any other kind of exploit to a large group of computers. Let's now look at how this kind of attack could happen. Let's say I was to download a copy of game-x and go onto an online gaming community.I would need to get updates from the game server to play the game online and this is where the auto update issues can start to happen. There are a lot of game makers now that push updates to your games without you knowing and a lot of them use peer networks to push the updates. Sometimes these companies use servers that belong to third parties that they have limited control over. So the problem that comes up is who is monitoring what is pushed out to the clients and is the process of updating secure. If someone was able to figure out how the update process worked in the peer to peer schema and wanted to infect other users with malicious code would there be a way to identify it and how would you stop this.
Now one way to stop this kind of attack would be to have the vendors code digitally singed so that any other code would not be accepted (this is how some of the game companies do there updates). Now you might thing "I have a firewall so this dose not affect me" but if your computer makes the connections directly a sever that routes your connections to the other clients then you now have an established session to that computer and the firewall now trusts this connection till it is ended. Once the session is open it is a link from them to you with out your firewall getting involved (this statement applies to NAT firewalls and any other firewall that allows established connects). One way to see what's going on is to run "Netstat" from your windows command line. This will show you the established connections to your computer and also show you the ports and protocols being used. Another way to see what is happening is to run a protocol sniffer like Ethereal/WireShark and look at the packet traffic to see what your computer is doing. You will be surprise about what a lot of your different programs send back to the vendors server and most of the time you have agreed to this release of your personal information by clicking the agree button when you installed the software. The safest thing to do is not use programs that do not need and if you feel you need to use a cretin game or application make sure it is not a warez copy as a lot of warez software is loaded with Trojans (& it is steeling). I feel it's just a matter of time before the gaming community see a attach similar to this one and when it happens we are at the mercy of the vendors and anti-virus companies to make a fix. Hopefully with newer versions of windows(Vista) we will see better security but when you think about it the true responsibility of computer security is the owner of the computer. We need to make sure we all educate our less technical friends,family, and users.
By Brian Wilson anti-hacker.info
To read this article in Arabic click HERE لقراءة هذه المقالة بالعربية أنقرهنا
0 comments:
Post a Comment