Why it's important to defend against historical vulnerabilities

Recent malware on the International Space Station shows why it's crucial to maintain defences against vulnerabilities that are otherwise considered historical.
Page:

How do you justify maintaining a defence against historical vulnerabilities that should be well out of common circulation or not viable against a modern system?

An infected system on the International Space Station (ISS) has demonstrated the importance of maintaining such a posture just last week when it was infected with a worm that was more than a year old.

Somewhat surprisingly, it seems that there are a number of systems related to the ISS that do not have any antivirus protection, despite this not being the first time that computer malware has gone into orbit.

Because of a general lack of direct network connectivity between the ISS and the ground, it is suspected that an infected thumb drive or other infected system was introduced with new supplies or crew.

Suggested improvements include sending up an update disk with each resupply mission, allowing for updates to be applied to whichever antivirus solutions are being run in space, and to make sure that viable antimalware solutions are actually there in the first place.

Sometimes the past comes creeping up on you without a lot of warning, bringing back malware and distribution methods that have otherwise gone out of favour.

As USB thumb drives gained more widespread acceptance, the dreaded autorun-type viruses and worms made a bit of a resurgence, as the thumb drives rely upon autorun when they are initially connected to a system. Since they could be written to and copied from easier than optical media, as well as their ability to appear almost anywhere, it is more attractive than distributing infected CDs. With FAT as the primary filesystem not only on many thumb drives, but also on many digital cards, other FAT-related malware has also gained a new lease of life.

In other cases, it isn't so much the past creeping up as it is a historical design decision that has current security implications. Network infrastructure and protocol issues seem to be the threat du jour at the moment, with Kaminsky's DNS vulnerability disclosure, and now a BGP weakness disclosed at DefCon gaining a lot of attention.

If the security of the core setup of the Internet is being called into question then perhaps the next target should be the Tier 1 peering agreements which can be arbitrarily terminated by one side or another. In terms of the everyday use of the Internet, this is more disruptive than pretty much any of the other vulnerabilities being discussed (though the DNS vulnerability is being actively attacked).

Page:
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: bgp, DNS, international space station, malware
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/14/gimp/

GNU Image Manipulation Program (GIMP)

When you think Open Source software, you may think of half-baked programs too hard to use, or perhaps lacking power. Well, think again. This Open ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia