I am not as concerned with the browsers, since those numbers are not too bad. There is more awareness of browser security than other applications. Firefox has a built in update feature. Even people who don't have Microsoft updates automatically installed on their computer are likely to be aware of "Patch Tuesday". This explains why Secunia reports that the patch level for Microsoft products are relatively high.
It is other applications where I have a concern, particularly when Secunia reports
"But looking at media players such as Quicktime and WinAMP, then the figures are more worrying, as 26.96% of all WinAMP 5 installations miss important security updates and 33,14% of all Quicktime 7 installations are outdated."Consider the effect of 33.14% of Quicktime 7 outdated in conjunction with the report by Joris Evers, Cybercrooks add QuickTime, WinZip flaws to arsenal providing a warning by Symantec that security holes in QuickTime and WinZip are being exploited by sites appearing to be trusted financial institutions. Instead, they are using the vulnerabilities to attempt to silently install keystroke-logging software.
{Snip}
"This constitutes a significant problem because many of those applications, like WinAMP and Quicktime, are readily used whenever users encounter media files of various kinds. Most people wouldn't hesitate to open an .mpg, .jpg, .mov, or .mp3 file from any source if it seems the least bit interesting and relevant. It's easy to embed a movie in your homepage, for example, and all it takes is one unpatched Quicktime vulnerability and a provocative video title to compromise a lot of visitors."
"Symantec discovered the attacks when one of the PCs that it uses as bait was breached earlier this week.What can you do to avoid such exploits? First, of course, make sure you use the phishing filter in your browser. Visit Microsoft Updates to ensure you have all the latest security updates. Then, head on over to Secunia to check for other out of date software on your computer. There is a link is on the left side-bar. Go ahead, check it out."This compromise was especially interesting, because the site made use of a QuickTime vulnerability discovered in January 2007 and a WinZip vulnerability discovered in November 2006," Symantec said. "Before our analysis, it was not known that these issues were being exploited in the wild."
QuickTime is Apple's widely used media player software, WinZip is a popular tool for compressing and decompressing files."
No comments:
Post a Comment
Neither spam nor comments containing vulgarities will be approved.