Do You Trust Your Updates?

Trust is a big concern. Who would you trust to give you parenting advice? Who would you trust for financial guidance? More and more we should be very careful about who we trust for cybersecurity guidance. How you do validate guidance and more importantly the resolution to a security vulnerability, to ensure you get the right information and an update comes from a trusted source?

Meltdown and Spectre

Meltdown and Spectre vulnerabilities have caused a stir at a global level. Coming off of events like WannaCry and NotPetya in 2017, the sensitivity to these hardware-level processor vulnerabilities is heightened, but there is a lot of confusion—and that confusion has led to some exploitable scenarios. The exploit does NOT take advantage of the Meltdown and Spectre vulnerabilities, but rather the confusion about what needs to be updated to resolve them.

A site in Germany was set up claiming to be the German Federal Office for Information Security. This site provided guidance on how to resolve the Meltdown and Spectre vulnerabilities. It also provided downloads of updates to resolve the vulnerabilities. The site was even SSL-enabled, lending it some additional credibility.

It turns out the updates the site provided were loaded with the Smoke Loader malware, which enables the downloading of additional malware once it gets onto a system. The site was taken down, but this was not the first of such scams and certainly won’t be the last. This brings us back to trust.

Companies should make sure they are receiving updates from credible sources. Utilizing a trusted vendor like Ivanti for patch and firmware updates provides significant validation around the binaries you receive and is part of the value of our solutions.

How to Protect Yourself

For home users, it becomes a bit more difficult. You should only install software updates directly from the vendor (i.e., Microsoft, Apple, Adobe, etc.).  Using auto updates for apps is highly recommended. For hardware, you should try and use auto-update services from your OEM vendor (i.e., Dell, Lenovo, HP, etc.) to ensure they are authentic as well.  There are a lot of “free” drive update sites out there. The “free” here is far from actually being free. These updates are usually loaded with adware and other performance-impacting side loads that you really don’t want. It’s hard to find alternatives, but one I have used is IObit Driver Booster.  You can opt out of the McAfee addition to their install and use their intuitive tool to update the device drivers.

One thing I always suggest is adopt a healthy case of paranoia. If it says “free,” question it.  If it is not direct from the vendor, is it from a trusted source and how has it been validated? Ivanti ensures that any update we support is validated as being from a trusted source, and as it is downloaded and distributed there are validations of that update to ensure it is still valid. 

ransomware attack

Chris Goettl

Chris Goettl has over 15 years of experience in IT Management. He spent several years working in IT before joining Shavlik in 2004. Chris started in the Shavlik support team, supported OEM partners integrating Shavlik SDK's, worked in Sales as a Systems Engineer, and is now the Product Manager for the Shavlik Protect product line.