Automatic software distribution, a popular method of
installing new PC software across a corporate network, could put
businesses at risk from old security threats.
The technique of automatic software distribution relies on a user
rolling out preconfigured software, which may contain unpatched
code.
IT directors may believe they have seen the last of Blaster, but it
is far too easy for one unpatched PC to allow the virus to wreak
havoc again. In spite of using electronic software distribution
technology, Paul Simmonds, global information security director at
chemicals firm ICI, said some new PCs were still being infected.
"Old worms and viruses are hard to kill," he said.
Simmonds said ICI experienced small flare-ups when new PCs were
installed on the network. Although the automated software
distribution tool from IBM installed in the system was designed to
download security patches automatically when a new PC booted,
Simmonds said that in the case of Blaster, new machines were being
infected before the patch had been applied. To overcome this
problem, ICI reconfigured its global network to block
Blaster.
Strict control of a PC roll-out programme is essential. Simmonds
said, "IT staff sometimes install PCs without completely following
the instructions." Patching newly built PCs is an obvious first
step, but users should also pay attention to the software
distribution itself.
Gerhard Eschelbeck, chief technology officer at network security
company Qualsys, said, "It is critical that software distributions
are well maintained and updated when new vulnerabilities are
uncovered. Otherwise, new systems are being built with old flaws
and security vulnerabilities will persist."
Eschelbeck said that, to improve the process, every system should
be audited for security flaws and configuration and installation
errors before it is brought online and on a continuous basis
thereafter.
Richard Brain, technical director at independent security
specialist Procheckup, said users should update their standard PC
configurations every six to 12 months to take new patches into
account.
Brain said users should keep an eye on network bandwidth to see
whether machines have become infected. "It is quite common for
users to complain the network is running slow, when, in fact, their
machine has been infected," he said.
The issue of old worms being resurrected is not limited to new PCs
receiving unpatched software through automated distribution.
Simmonds said IT chiefs need to be aware of staff coming back to
work after a holiday or maternity leave. He said IT staff could
easily miss updating a PC that had been switched off for any length
of time.
Unauthorised installation of software was another area of risk
according to Simmonds. Users in offices around the world could
easily install a boxed (unpatched) copy of Windows onto a corporate
PC.