Mr. Gates wants you to forget your passwords!Are you getting a little tired of hearing smug security practitioners harping on about strong passwords, minimum numbers of characters, uppercase and lowercase, etc.? Well, if you are one of those people that have a hard time with passwords, good news may be just around the corner. In the second half of this year, Microsoft is planning to simplify the process of logging into corporate Windows networks. SecurID for Microsoft Windows is designed to replace static passwords with strong, two-factor authentication. And what is that, you ask? Rather than prompting users to enter a username and password, users will be prompted for their own secret PIN followed by a pass number generated by an RSA SecurID token. For the uninitiated, SecurID tokens generate a random, one-time password every minute, which is in turn synchronised with a server running RSA ACE/Server software. Microsoft and RSA claim that the login process with this new system is the same whether the user is working online or offline, remotely or inside a corporate network. RSA have apparently designed a form of synchronisation technology that lets the system work offline, but exactly how this works is yet to be detailed. Like any new 'new technology', it's probably worth waiting until this has been in the marketplace for a good six months to one year before even thinking of reaching for the bargepole. Whilst on upcoming software, Microsoft recently announced that Windows XP Service Pack 2 (currently in beta release) will include an enhanced version of the Windows Firewall that will be (finally) switched on by default. Taking the lead from existing PC-based firewalls like ZoneAlarm, when a program attempts to use the Internet for the first time, a pop-up will advise the user and give them the choice to allow or block the application's Internet access. Also included in the service pack is "Windows Security Centre", letting the user know whether or not firewall and anti-virus software is actually operating. Now that's a step in the right direction. 2004 continues to be a real headline-grabber for Windows-based worms. Following the confusion caused by MyDoom, variants of the Netsky worm have been causing more stress for IT Managers. Though not nearly as hostile as MyDoom, Netsky has infected countless systems, including computers within some major organisations. One variant, Netsky-b, is delivered in executable attachments in incoming e-mails. After the recipient opens the infected attachment, the code copies itself to the computer and re-sends itself to all email addresses found on the hard drive of the contaminated PC (Sound familiar? - Yawn). The worm can enter systems using seemingly harmless extensions such as .txt, .doc or .rtf. These attempts at disguising itself appear before actual file type extensions such as .pif, .scr, .exe or sometimes .zip. Some subject lines that the worm uses include "hi," "information" and "stolen". Netsky also attempts to make various registry-key changes, including changes capable of disabling the Mydoom.a and Mydoom.b bugs, if they are already present on the victim's computer. The good news is that if you're using Windows versions from Windows 95 and earlier, you will be safe from Netsky. If you are a user of online file-sharing software, the bad news is that it has been known to spread via networks such as KaZaA. A bogus error message reading "The file could not be opened!" is a good sign of an infected PC. Microsoft recently announced long-term plans to build in worm-killing functionality called "behaviour blocking". Bill Gates says that the software will be able to identify anomalous behaviour by the operating system or applications. Using last year's Blaster worm as an example, he said the technology would notice that Windows' RPC service had begun downloading malicious code, and would intervene to actually prevent it. "The system will truly know what actions are allowed by applications and operating systems," said Gates. Alan Phillips, 7Safe Information Security |