Friday, 1 May 2009

When NOT to use Microsoft Windows

This is an IT Administrators biggest nightmare.

Conficker worm hits hospital devices

Around March 24, researchers monitoring the worm noticed that an imaging machine used to review high-resolution images was reaching out over the Internet to get instructions -- presumably from the programmers who created Conficker.

The researchers dug deeper and discovered that more than 300 similar devices at hospitals around the world had been compromised. The manufacturer of the devices told them none of the machines were supposed to be connected to the Internet _ and yet they were. And because the machines were running an unpatched version of Microsoft's operating system used in embedded devices they were vulnerable.

There are so many devices that come with Microsoft Windows as the built in operating system. Half the time the IT Department doesn't even know about it, because no one considers them a computer. Some manger somewhere will buy the equipment, have the vendor install it, and then BOOM it gets infected with a virus.

Even when we are aware, our hands are often tied. Because the equipment is so finicky, we aren't allowed to patch the OS to mitigate holes or we void the warranty of the equipment. The vendor promises they'll do it, but they never do.

But there's other things that can be done. MS Windows, (in contrast to popular belief) can be secured in such a way that even if it has a vulnerability in its code, a virus still can't exploit it.

Take conficker. A very simple way to prevent its spread is to disable the Server service. (If you have Windows installed on your computer, you can check it yourself, find your My Computer icon. right click, select Manage. Find Services and Applications, then Services. Scroll down to the Server service. By default it will be running.)

The description of the Server service is this: Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.

Sounds really confusing, but its really simple. The server service allows a computer to share files or printers hosted on it with other computers.

When does a MRI machine need to share a printer, or serve up files to other Windows computers? I'll tell you when. Absolutely never. By default, if the vendor knew what they were doing, all of the Windows services that are on by default would have been evaluated, and if not necessary, disabled. Number one service to turn off? The Server service. Right there you've closed 90% of Windows system vulnerabilities. (Incidentally, if you have a laptop or a desktop running Windows 2000, XP or Vista, and you don't share files with other computers in your house, you should disable the server service too. You don't need it, trust me).

I have yet to see a system where the vendor does this. They just install Windows in its default form, and leave it that way. In my honest opinion? These devices should be using Linux as the host OS, not Windows. But even so, the vendor needs to secure their solutions.

People are so quick to pin the blame on Microsoft. But usually, the fault lies with either the vendor or the user in many cases.

I can understand a home user getting it wrong, but a company that sells these things needs to be more responsible. Nortel, I'm looking at you.

No comments: