New Cyber Threat Study Delivers Surprising Results
According to the data collected by SANS, the biggest threats out there right now don't stem from exploited operating systems, but rather the vulnerabilities of applications and the server-based software that powers the Internet. For all of its faults, Windows isn't the problem. By the same token, Apple isn't the solution. Most attacks on today's computers focus on vulnerabilities in Web browsers, Flash, Acrobat Reader, Microsoft Office. Alternatively, they go right to the source and weasel their way onto legitimate sites.
The vast majority of security holes in Microsoft's operating systems are fixed within days of their discovery. On the other hand, the report states, "vulnerabilities found in applications receive less attention and get patched on a much slower timeline." Often vulnerabilities remain unpatched for at least 30 days, and some applications, like Flash, have zero-day exploits unplugged since as early as 2007.
Often, if they're not hijacking applications, hackers use Web server technologies like SQL, FTP, and PHP to embed malicious code directly in trusted Web sites. Hackers can then use the code to steal sensitive data directly from the site, or to search your PC for other vulnerabilities and potentially turn it into part of a botnet. Surprisingly, the United States is not only the biggest target of such attacks, but -- more often than not -- the source.
It seems like the biggest flaws on home PCs lie with Flash, Acrobat Reader, Java, QuickTime, and Microsoft Office. It's important to make sure these applications and plug-ins are all updated to their latest versions and that older versions are uninstalled. This trend may be a sign of a time when, at least in matters pertaining to security, the choice between OS X and Windows makes little difference. [From: SANS, via Business Week]