Symantec has been in the news recently for saying Microsoft’s Windows Update can be used to update malware. Specifically, for using BITS (Background Intelligent Transfer Service) to update itself.
Some took the headline view when they posted about the story and gave the impression that Windows Update was vulnerable. It makes good headlines to say Windows Update can be exploited. Plus Symantec has been complaining about Microsoft getting into the security software business.
Windows Update itself isn’t vulnerable. The trojan has to get on the PC in some other way, such as email. Then, once it’s on the PC it modifies BITS. Since BITS is on every Windows XP SP2 and Vista PC it’s a known target so it’s a good selection to attack. But any application which is allowed through the firewall could be exploited in the same way.
It’s not a reason to stop using Windows Update. The patches are needed to keep the exploits from getting on the PC in the first place. Once an piece of malware is on the PC it’s difficult to keep it from changing any system resources it has access to. Hopefully Microsoft will come up with a way to make Windows Update more secure despite this and they should do all they can since it’s part of the operating system. But keeping malware off the PC in the first place is the main problem. Once malware is on the PC is the biggest concern really that BITS can then be exploited so the malware can update itself?
Symantec: Hackers Can Bypass Firewall With Windows Update
Symantec has been in the news recently for saying Microsoft’s Windows Update can be used to update malware. Specifically, for using BITS (Background Intelligent Transfer Service) to update itself.
Some took the headline view when they posted about the story and gave the impression that Windows Update was vulnerable. It makes good headlines to say Windows Update can be exploited. Plus Symantec has been complaining about Microsoft getting into the security software business.
Windows Update itself isn’t vulnerable. The trojan has to get on the PC in some other way, such as email. Then, once it’s on the PC it modifies BITS. Since BITS is on every Windows XP SP2 and Vista PC it’s a known target so it’s a good selection to attack. But any application which is allowed through the firewall could be exploited in the same way.
It’s not a reason to stop using Windows Update. The patches are needed to keep the exploits from getting on the PC in the first place. Once an piece of malware is on the PC it’s difficult to keep it from changing any system resources it has access to. Hopefully Microsoft will come up with a way to make Windows Update more secure despite this and they should do all they can since it’s part of the operating system. But keeping malware off the PC in the first place is the main problem. Once malware is on the PC is the biggest concern really that BITS can then be exploited so the malware can update itself?
Related Posts: