Here's what happens when security watchdogs ignore their own advice

Germany's federal IT security agency regularly releases guidelines aimed at helping users keep their PCs safe. To show what happens when good security policies are ignored, the federal agency let two differently configured systems be attacked and documented the results.

The BSI (Bundesamt für Sicherheit in der Informationstechnik), the German government's office for information security, regularly publishes guidelines on the secure use of IT among businesses and consumers. According to the government agency, Windows users should keep their systems up to date, use more than one browser and avoid Java as much as possible.

It's all very sensible stuff, but the agency has this week showed what happens when it ignores its own advice – publishing a study comparing how systems that follows its advice, and those that don't, can stand up to security threats.

According to the study, the agency tested two different Windows 7-based systems. Both OSes were up to date with the latest available patches and also used Microsoft's free antivirus product, Security Essentials. One system used Google Chrome 21 , Adobe Reader X, Libre Office and a standard user account. The other one had IE9 installed alongside an older versions of Adobe Reader (version 9.4) and Libre Office (version 3.4.3). The system also had a year-old version of Java Runtime (version 6, update 26), along with an older version of Adobe Flash and an administrator account.

After the set-up, both systems were pointed to a hundred different websites, each of which tried to infect the system with a drive-by attack. According to the agency, the test system that followed the BSI guidelines did not suffer an infection, but four websites were able to download files to the system.

On the second, less secure system, a total of 49 attacks were successful. 36 websites were able to exploit security flaws and infect the Windows machine. Another ten attacks were able to exploit vulnerabilities in the system, but the MSE antivirus blocked an infection taking place. Three drive-by exploits were able to download data to the system, but unable to infect it as a result.

The government agency then compared those results to an older installation of Windows XP. There, a total of 88 attacks were able to exploit and infect the targeted computer.

When it comes to the security equivalent of eating your greens, the BSI's study shows that even with a few simple updates and modest outlay, users can dramatically cut their exposure to malware infection.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All