Three lessons have been learned from Operation Aurora a week on from when the first effects were felt.
Gartner's Neil MacDonald claimed that in the longer term, there are three key things to learn from the recent events: run more users as standard user, get off IE6 as soon as possible and use defence-in-depth at the endpoint.
MacDonald stated that the first point ‘has got to be a top priority initiative in 2010' and that IT managers should use the migration to Windows 7 as a catalyst if this is planned for this year.
Echoing points made by Microsoft yesterday, MacDonald said that he did not care if the move was to Firefox, Chrome, Safari, Opera, IE7 or IE8 – getting off IE6 in 2010 should be a priority.
On the final point, he said: “If you are planning on Windows 7, make sure some of the defence-in-depth capabilities of the OS are turned on in your master image. Technologies and techniques like address stack layout randomisation (ASLR) and extending data execution prevention (DEP) into the browser are discussed in detail in this research note.
“Note that DEP applies to XP SP2, SP3 if used with IE8 as well. Other clients using third-party host-based intrusion prevention solutions like Cisco Security Agent or McAfee HIPS have additional protection.”