In-Depth

In Brief

Microsoft, Solaris vulnerabilities; top spyware threats; IPS use rising

• By Mathew Schwartz
• 12/08/2004

Microsoft Patches Frame Vulnerability

A month after publicly disclosing an IFRAME vulnerability in Internet Explorer, Microsoft released a patch. With attack code already in the wild, security information provider Secunia continues to rate the vulnerability as “extremely critical.”

The vulnerability could allow an attacker to remotely execute code on a user’s PC. Microsoft released an update. Affected Software includes Windows NT 4.0, Windows 2000, and Windows XP SP1, and could affect some installations of Windows 98 , 98 SE, and Millennium.

- - -

Solaris Netscape Vulnerability

Sun Microsystems recommends Sun Solaris users running Netscape 7 upgrade immediately, since the software includes libpng routines with a PNG image vulnerability.

Secunia rates the vulnerability as “highly critical.”

Netscape 7—which can note only browse the Internet, but also edit Web pages, check e-mail and news, and act as an IRC chat client—was part of Sun’s Solaris 9 Update 3, and later updates, and was also available via the Sun Download Center for Solaris 7, 8 and 9, as part of the SUNWnsb package.

The vulnerability could leave the browser open to attack. The vulnerable libpng routines, for example, “may allow an unprivileged user to execute arbitrary code with the privileges of a local user,” says Sun. “This condition can be exploited when the local user has loaded a PNG-format image file supplied by an untrusted user and views a malicious Web site or views an e-mail message containing a malformed PNG image with that application.”

- - -

The Top 5 Spyware Threats

The Computer Associates (CA) Security Advisory Team released its list of the top-five spyware threats. The team incorporates researchers from PestPatrol, the anti-spyware software company CA acquired earlier this year.

The top five spyware threats, in order, are Kazaa, Ezula, Adopt.Hotbar.com, GameSpy Arcade, and Download Accelerator Plus. Meanwhile the most rapidly spreading threats are Gator—also known as GAIN and Claria—and Grokster.

The advisory singles out Kazaa, a peer-to-peer (P2P) file-sharing application, since it comes bundled with a variety of spyware and adware. As CA’s researchers note, P2P applications themselves can also be a nuisance, consuming dramatic amounts of network resources and storage.

Today P2P use is widespread. The Kazaa Web site claims users have downloaded over 214 million copies of its Kazaa Media Desktop, including over 3.2 million copies just in one recent week.

- - -

IPS Use Continues to Rise

According to a new report from In-Stat/MDR, use of intrusion detection and prevention systems (IDS and IPS) continues to increase dramatically, and the market will grow from $541 million in 2003 to $1.4 billion in 2008. “Most of the revenue growth will be through hardware-based network IPS appliances,” says the firm, with the devices’ increased functionality, companies’ business-liability concerns, and a desire for increased network performance driving buyers.

IPS devices watch the network, blocking attempted attacks before they exploit their target. Latest-generation IPS can also intelligently sniff packets, dropping those suspected of containing malware or staging a denial-of-service attack.

According to In-Stat/MDR, “Eighty percent of organizations now use IPS products inline with blocking protection.” One in five organizations also deploy them at “critical segments within the network”—adding extra protection for critical network or data repositories. The research firm notes how “in addition to standalone appliances, basic IDS/IPS functionality is increasingly integrated into firewalls and multifunction security appliances.”

The technology is also appearing in infrastructure devices, helping secure the network itself. Don’t, however, expect one approach to win over another, at least not yet. Given the increasing ways IDS and IPS is being deployed, In-Stat/MDR predicts “the network security market will be in flux for quite some time.”