Firm Claims Success In Plugging Windows Metafile Holes

The president of a small IT shop that supports patch management for about 10 companies says his firm was able to protect dozens of computers at those companies it remotely monitors from the latest Windows Metafile outbreak days before Microsoft Corp. delivered the security patch on Jan. 5.

Eric Livingston is president at Private Client Technologies Inc., a five year-old company that manages IT hardware and software at small and medium size businesses. On average these businesses run about 50 computers. "The exploit took advantage of a perfectly accepted way for a WMF to register a function that Windows would call to allow it to do custom handling," Livingston said Tuesday. "Anti-virus programs didn't catch it because as far as the program was concerned it was doing a perfectly valid function."

Private Client Technologies last month signed on to assist them deliver network security to clients with Everdream Corp., which provides on-demand desktop management services for about 140,000 desktops at 250 companies worldwide. It operates under a software-as-a-service model to monitor customers' systems and deploy patches and software upgrades, and track assets.

Scott Crawford, senior analyst at Enterprise Management Associates, calls Everdream's offering a "service-as-a-service," and believes it's unique to small and medium size enterprises. "The unique part is offering a service that goes beyond patching to offer analyzing security risks like the WMF vulnerability and putting out remediation until patching is made available," he said.

Everdream created a "workaround" to help customers until Microsoft released the security patch. The Windows Metafile that created a huge security hole by allowing hackers to infect computers using programs maliciously inserted into what seems a harmless image files was first discovered last week. But the possibility for attacks escalated when hackers published the source code used to exploit it.Unlike most attacks, which require victims to download or execute a suspect file, the recent hole makes it possible for users to infect their computers with spyware or a virus simply by viewing a Web page, e-mail or instant message that contains a contaminated image.

Microsoft identified the Windows Metafile vulnerability on Dec. 28. Within 24 hours, Everdream said it began pushing a "package" to customers with a "workaround solution" that disabled the function in the operating systems until Microsoft could distribute a patch.

The fix was created by Everdream's Vulnerability Assessment Team (VAT). "We have about 80,000 desktops that count on us for patch protection," said Dave Dalton, vice president of marketing at Everdream. "The patch from Microsoft was not available until Jan. 5, and that's a long time for any company's corporate network, holiday or not, to be exposed."

Today's mobile workforce further complicates matters, adding to the already arduous demands placed upon IT staff. Businesses increasingly embrace on-demand desktop management services that alleviate IT's burden of managing PCs, while allowing them to focus on more strategic initiatives that have a direct impact on their bottom line.

Once the flaw is identified, Everdream determines whether it could turn off the application in the operating system that executes the flaw. "That's what we did, so if you went to a Web site that was compromised you wouldn't execute any code," said Chris Westall, vice president of product management at Everdream. "We turned off the feature in the Windows operating system by working around the flaw."0