Amid the often repeated advice about how to keep your computer and yourself safe from malware and criminals spreading it there are some real gold nuggets, as the German Federal Office for Information Security (BSI) has proved with a recent test.
The government agency has been advising users to keep their Windows and other software updated, to switch from Internet Explorer to Google Chrome, and to disable Java (if possible), and to prove that the advice is sound, they carried out a test involving visiting a hundred compromised websites hosting drive-by downloads with two different computers.
Both computer had fully updated Windows 7 installed on them, and were protected by Microsoft Security Essentials.
But while one had the latest version of Google Chrome, Adobe Reader, Libre Office, no Java-Runtime, the Adobe Flash Player plugin in Chrome and operates in a restricted user account, the other had been equipped with Internet Explorer 9, year-old versions of Adobe Reader, Libre Office, Adobe Flash Player and Java-Runtime, and ran under an administrator account.
Each of the two computers was used to visit a hundred randomly selected websites hosting the Blackhole exploit kit, Flash, Java and PDF exploits, redirects or download link to malware, and other malicious content, and the results were as follows:
The results of the testing confirmed previous BSI findings, namely that Blackhole is the most widely used exploit kit, and that some exploit toolkits use filters to detect the use of Chrome, in which case they don’t even attempt to exploit vulnerabilities.
They also proved that there many old and new security flaws are targeted, including the latest Java 7 zero-day vulnerability (CVE 2012-4681) discovered in August 2012.
It’s interesting to note that the researchers also visited the aforementioned links with an outdated Windows XP installation running under an administrator account, with no antivirus and with Internet Explorer 6 installed, and the machine was successfully infected 88 times. Two downloads were executed but there was no infection, and the attacks were unsuccessful only in ten of the cases.
Check out the report for more details about the exploited flaws – it is in German, but Google Translate does a pretty good job of turning it into English.