New Cyber Threat Study Delivers Surprising Results
According to the data collected by SANS, the biggest threats out there right now don't stem from exploited operating systems, but rather the vulnerabilities of applications and the server-based software that powers the Internet. For all of its faults, Windows isn't the problem. By the same token, Apple isn't the solution. Most attacks on today's computers focus on vulnerabilities in Web browsers, Flash, Acrobat Reader, Microsoft Office. Alternatively, they go right to the source and weasel their way onto legitimate sites.
The vast majority of security holes in Microsoft's operating systems are fixed within days of their discovery. On the other hand, the report states, "vulnerabilities found in applications receive less attention and get patched on a much slower timeline." Often vulnerabilities remain unpatched for at least 30 days, and some applications, like Flash, have zero-day exploits unplugged since as early as 2007.
Often, if they're not hijacking applications, hackers use Web server technologies like SQL, FTP, and PHP to embed malicious code directly in trusted Web sites. Hackers can then use the code to steal sensitive data directly from the site, or to search your PC for other vulnerabilities and potentially turn it into part of a botnet. Surprisingly, the United States is not only the biggest target of such attacks, but -- more often than not -- the source.
It seems like the biggest flaws on home PCs lie with Flash, Acrobat Reader, Java, QuickTime, and Microsoft Office. It's important to make sure these applications and plug-ins are all updated to their latest versions and that older versions are uninstalled. This trend may be a sign of a time when, at least in matters pertaining to security, the choice between OS X and Windows makes little difference. [From: SANS, via Business Week]
_thumbnail.jpg "Vintage Keyboards")
Reader Comments (Page 1 of 1)
Dario said 9:14AM on 9-17-2009
1) use Linux in your pc
2) use open source program
3) hate adobe and it's closed, bugged, unsafe program
Reply
moonsinger333 said 10:50AM on 9-17-2009
This is really scary. Thank you for sharing.
Reply
Drunkus Rex said 1:25PM on 9-17-2009
Just a couple things:
* Windows continues to be the primary target, even with Flash, PDF, and Quicktime. I find the Quicktime claims to be dubious, I think that's just Flash compatibility again. Apple should probably drop Flash in QT.
* Most of these sploits are, again, still trojans via unpoliced ads on trusted sites. They're not 'injected' or hacked in, they're from legit adsites that sold adspace to crackers. That's the big story here, still.
* Despite the fact that Adobe is distancing themselves from Apple due to offshoring / retirement of their Mac folks, they still don't have their act together on the Windows side.
Proof: Jobs snubbing of Flash on the iPhone, even he knows it's a junky POS, in return Adobe snubbing CS3 support on Snow Leopard even tho there are few problems. Adobe didn't have to say anything via their blogging douchebags; but they did.
Adobe and Apple are moving away from each other.. and despite the fact that they should have more resources freed up for Windows they still suck. Badly.
All I can say as an IT admin who has to dirty himself with Windows is 'use Flashblock' *and* use NoScript on Firefox.
Reply