Gartner Blog Network

Google, IE, China and Zero Day Attacks: Three Lessons

by Neil MacDonald  |  January 18, 2010  |  6 Comments

We’ve got a team of analysts working on a broader event research note that will be published shortly. What I wanted to discuss here is “so what do I do if my organization is using IE?”. Longer term, there are three key takeaways from the recent events:

Lesson #1 – Run more users as standard user. I’ve said it here and here and most recently here again. This has got to be a top priority initiative in 2010. Use the migration to Windows 7 as a catalyst if this is planned for this year.

Lesson #2 – Get off of IE6 ASAP. I don’t care if this is to Firefox, Chrome, Safari, Opera, IE7 or IE8. Get off of IE6 in 2010. Use the migration to Windows 7 as a catalyst if needed for budget and resources if this planned in 2010.

Lesson #3 – Use defense-in-depth at the endpoint. If you are planning on Windows 7, make sure some of the defense-in-depth capabilities if the OS are turned on in your master image. Technologies and techniques like Address Stack Layout Randomization (ASLR) and extending data execution prevention (DEP) into the browser are discussed in detail in this research note. Note that DEP applies to XP SP2, SP3 if used with IE8 as well. Other clients using third-party host-based intrusion prevention solutions like Cisco Security Agent or McAfee HIPS have additional protection

What to do short term? Back to the compromise at Google. Reports indicate that Microsoft has confirmed an IE vulnerability was involved in the Google attacks. Microsoft’s Security Advisory provides more information about the vulnerability here.

What can you do now if you are worried about IE6 until the patch is released by Microsoft? In addition to Microsoft’s guidance in the advisory, there are several alternatives we discuss with clients, but one option is to run IE6 from a terminal services or hosted virtual desktop (VDI) session where the session is restored back to a known good state after each use.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: application-security  endpoint-protection-platform  microsoft-security  

Tags: best-practices  beyond-anti-virus  defense-in-depth  endpoint-protection-platform  microsoft  microsoft-security  security-no-brainer  windows  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Thoughts on Google, IE, China and Zero Day Attacks: Three Lessons

  1. Laura Maio says:

    Hi Neil,
    Great post, and I’ll watch for the broader research note. In your Lesson # 3 you mention CSA and McAfee, don’t forget Trend Micro Deep Security. This advanced HIPS also adds integrity monitoring and log inpection to increase the protection for servers and critical desktops.
    All the best!

  2. Neil MacDonald says:

    Laura – yes, this was not intended be an exhaustive list. There are a large number of network- and host-based IPS vendors that we cover at Gartner (in addition to what the EPP vendors are doing as a part of their converged offerings). Trend acquired Third Brigade and has an offering here.

  3. Social comments and analytics for this post…

    This post was mentioned on Twitter by postsgoogle: Google, IE, China and Zero Day Attacks: Three Lessons: We’ve got a team of analysts working on a broader event res…

  4. […]  So, is the Cabinet Office right to claim that the MoD is safe to carrying on using IE6?  At least they’re right to draw a distinction between the level of protection achieved through “defence in depth” and what’s available to the average home user.  David Lacey, in his recent book “Managing the Human Factor in Information Security”,  points out that  baseline security measures, a collection of standard  proven security controls, is the fastest most reliable (and often cheapest) means for improving security.  He compares it with the “trajectory of accident opportunity” described by James Reason in his book “Human Error”.  His premise is that multiple, simultaneous failures or compromises would be needed to Allow an attack to be pressed home.  Gartner’s Neil MacDonald says that there are 3 lessons to be drawn from the attack on Google: […]

  5. […] – we’ve been advising Gartner clients to do this since 2006 and I provided this advice and more here and here after the IE/Google/China attacks. You don’t have to wait on a Windows 7 upgrade to do […]

  6. […] exposure to malware by running more users as standard user. I’ve talked about this issue here, here and […]

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.