A report from SANS concludes that security professionals may not be paying attention to some of the biggest threats out there today. Not terribly long ago the Windows operating system was the attack target of the bad guys. There were tons of exploitable vulnerabilities and they were heavily exploited. Since that time Microsoft has put a strong emphasis on security and significantly reduces the number of exploitable vulnerabilities in their operating systems. This does not make the bad guys stop trying though. The bad guys changed their focus from Windows to third party applications.
Programs like iTunes, QuickTime, AOL SuperBuddy, Adobe Acrobat, Adobe Flash, Yahoo Messenger, and many other non-Microsoft products can be attacked as effectively as attacking the operating system itself. The report goes on to say that security professionals are not patching these other programs as quickly as they patch the operating system and that leaves their networks more vulnerable and vulnerable longer than they should be.
This is not only a problem for security professionals. This is a significant problem for home users as well. Many attacks that end up infecting home PCs would be completely ineffective if the PC had been properly updated.
Unfortunately many programs do not prompt you to be updated. Adobe is improving, but they are still not competently handling the problems in keeping their software up to date. If you use Internet Explorer and you use Firefox, or another browser, you must update flash for both browsers by visiting adobe.com from each browser. For Firefox you need to download and then run the Flash installer.
I mentioned it before, but it is worth saying again, Secunia offers a free scanner for home use that will let you know what programs are on your computer and need to be updated. You can download the Secunia Personal Software Inspector from http://secunia.com/vulnerability_scanning/personal/.
If you are a home user I would recommend that you run the scanner at least once a month and make sure you update the programs that are out of date. It is a great idea to run the scanner again after you update to ensure the update worked.
Your online experience will be far more secure if you keep all of the programs on your computer up to date.
Randy Abrams
Director of Technical Education