Infecting Windows, Linux & Mac in one go
Still love bashing on Windows as you believe it is an insecure operating system? Hold on a second! Just recently, a vulnerability has been published for Java 7.
It affects Windows/Linux PCs and Macs, Internet Explorer, Safari and Firefox. In fact, it affects all computers that have enabled the Java 7 plug-in in their browser (Java 6 and earlier is not affected). Once you visit a malicious website (and there are plenty already out in the wild), your computer is infected… That's "Game Over" for you.
And this is not the first time. For a while now, attackers have not been targeting the operating system itself, but rather aiming at vulnerabilities inherent in e.g. your Acrobat Reader, Adobe Flash or Java programmes. All these are standard plug-ins added into your favourite web browser which make your web-surfing comfortable (or impossible when you un-install them). A single compromised web-site, however, is sufficient to probe your browser’s plug-ins for vulnerabilities, and eventually infect your PC. You are not even safe if you are using Mozilla’s Firefox or Google’s Chrome instead of Internet Explorer: if you neglect to update your Acrobat Reader, Adobe Flash or Java, your PC or Mac will become infected. Full stop. Even worse, these plug-ins are also a standard part of your browser on Linux PCs or Macs - and so the vulnerabilities and the risk of infection might become a part of them too!
Remember that, at CERN, every infected PC must be reinstalled from scratch! Thus, do yourself a favour. Take care of all installed software and apply patches in a timely manner:
- If you run a centrally or locally managed Windows computer, give that small orange blinking “CMF” icon in the taskbar a chance in the evening to apply all the pending patches. Also, let it initiate a reboot at the end!
- If you have a personal computer with your own Windows operating system, check for “Windows Update” in the programme listing of the Start button. Switch to the recommended “automatic” updating method!
- On Linux distributions, make sure that you regularly run “yum update”. Or even better, enable automatic updates. Don’t forget to reboot your computer when a new kernel is installed,in order to properly apply kernel patches!
- For Apple Macs, use the software update mechanism which is accessible under the Apple menu.
Also, ensure that you also regularly update your Acrobat Reader, Adobe Flash, Java and all the others. Usually, they notify you when you should do so. If your application is supported centrally by CERN’s IT Department, they will take care of it. However, if this is a programme you have downloaded and installed from the Internet it is up to you to ensure it is up-to-date and patched… If you are in doubt (and run a Windows system), you can install and run this fine programme from Secunia which checks your computer for outdated software.
For further information, please check our recommendations or contact the Computer Security Team.