Many people have problems with their computers, and I am no exception. A few days ago, my electrical engineer told me that when he left, he would turn off his computer no matter how soon he left.
His computer was equipped with anti-virus software and firewalls, but when he came home he shut them down, and he was attacked by some people.
This incident has caused me to think deeply, although this is only a general problem, but it may make things worse.
Consider the recent Zotob storm: The first variant of the worm appeared less than one weeks after people discovered the bug and released patches.
At that time it was not difficult to find a computer that had not been patched, nor was it difficult to find a new computer on the Internet that could be attacked in less than a week after the discovery of the vulnerability.
In fact, the most common safety advice is: When you don't use a computer, turn it off! The rationale for this theory is that reducing your computer's time on the internet can reduce the likelihood of attack.
But it's also a loss on the other hand, which means it also reduces the time you can update your computer. It also inspired me to write a column that told users to keep their computers open at all times.
A better solution would be a special form of communication through which Windows can enter before the network stack is fully enabled. A "white list" (whitelist) address that requires strict confidentiality to define a unique web address. With this address, the computer will be able to communicate with some very common user interface elements unless you forcibly remove it from the whitelist.
The most obvious entry in this "whitelist" can be said to be the different Microsoft upgrade sites. It may be an SUS server or some other related server in an enterprise installation. An OEM service can also place its own update site and any bundled security software into these entries, such as the LiveUpdate of the Simon Iron Guest.
Once in this mode, there is a list of updates that appear in front of the user and ask him or her if they want to download and apply the updates. Or you can customize a policy to automatically install these updates, and then exit this mode.
I think a personal firewall is a good choice to implement this strategy. Some popular firewalls can be upgraded to provide this protection.
If I'm not mistaken, Windows XP SP 2 loads Windows Firewall or any other Third-party firewall before starting the network stack.
So, firewall software dealers (including Microsoft) can implement this strategy, but I would like to be able to develop some criteria to customize the "whitelist" and other attributes of this pattern.
After a period of inactivity, it is easy to understand when you re-enter this pattern. This way, if a user leaves his system overnight, the only thing that can happen is the software update.
Of course, this may affect the recovery of e-mail on this computer and the operation of some peer-to-peer services, the solution to this problem is to give the decision to the user, the user to grasp the custom "white list" of "degree."
As I see it, the white list pattern does not point to a major vulnerability, it is just a low probability edge event. Edge events like this can happen even if they are strictly guarded, and are simply bad luck. I think this model will make up for the current deficiencies, and be able to fully enhance the security of the system, but also to let users know their security measures and their system is the latest.
The original author Larry Seltzer, editor of the eWEEK Security Center, has been working on editorial writing in the computer industry since 1983.