Here's what happens when security watchdogs ignore their own advice

Summary:Germany's federal IT security agency regularly releases guidelines aimed at helping users keep their PCs safe. To show what happens when good security policies are ignored, the federal agency let two differently configured systems be attacked and documented the results.

The BSI (Bundesamt für Sicherheit in der Informationstechnik), the German government's office for information security, regularly publishes guidelines on the secure use of IT among businesses and consumers. According to the government agency, Windows users should keep their systems up to date, use more than one browser and avoid Java as much as possible.

It's all very sensible stuff, but the agency has this week showed what happens when it ignores its own advice – publishing a study comparing how systems that follows its advice, and those that don't, can stand up to security threats.

According to the study, the agency tested two different Windows 7-based systems. Both OSes were up to date with the latest available patches and also used Microsoft's free antivirus product, Security Essentials. One system used Google Chrome 21 , Adobe Reader X, Libre Office 3.6.0.4 and a standard user account. The other one had IE9 installed alongside an older versions of Adobe Reader (version 9.4) and Libre Office (version 3.4.3). The system also had a year-old version of Java Runtime (version 6, update 26), along with an older version of Adobe Flash and an administrator account.

After the set-up, both systems were pointed to a hundred different websites, each of which tried to infect the system with a drive-by attack. According to the agency, the test system that followed the BSI guidelines did not suffer an infection, but four websites were able to download files to the system.

On the second, less secure system, a total of 49 attacks were successful. 36 websites were able to exploit security flaws and infect the Windows machine. Another ten attacks were able to exploit vulnerabilities in the system, but the MSE antivirus blocked an infection taking place. Three drive-by exploits were able to download data to the system, but unable to infect it as a result.

The government agency then compared those results to an older installation of Windows XP. There, a total of 88 attacks were able to exploit and infect the targeted computer.

When it comes to the security equivalent of eating your greens, the BSI's study shows that even with a few simple updates and modest outlay, users can dramatically cut their exposure to malware infection.

Topics: Security, EU, Microsoft

About

Moritz is an IT-journalist with more than eight years of experience as an author under his belt. His passion for computers began long before that and new trends like Arduinos and rapid prototyping fascinate him more than ever. So far he has worked with German publications like PC-Welt, ComputerWoche or GameStar, as well as sites like Sear... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.