Most software application tools available today are full of security holes!
760 Identified Security Vulnerabilities On Your Computer
We will learn among other things, how to patch these holes. There are at least 760 identified security vulnerabilities in the software packages you are using today, including: Firefox, iTunes and Flash Player. Because of these security issues, the most popular programs become the most dangerous for obvious reasons, like being most visible and therefore becoming targets for a hostile cyber attack through email viruses or attacking websites. To seal the “holes”, you must either have a very long time and the “know how” or new tools on board.
Was Microsoft, Apple, Adobe or Mozilla At Fault?
When dealing with IT security, a company named Acros made a name for itself by continuously discovering DLL gaps in our everyday software applications. In many cases, it is not immediately known whether the “gaps” appear first in Windows, or utility programs. We know for sure, however that it affects many known programs like iTunes, Firefox, Photoshop, VLC Media Player, and even the big tycoons such as Office, PowerPoint, Microsoft – and dozens of others. However, the “gap” itself is not a new phenomenon.
Many years ago, (in the internet years) the NSA (National Security Agency) warned that the LoadLibrary function, responsible for the search in Windows DLL files is without the exact specification of the path, which meant it could be vulnerable. This, of course was a great opportunity to cyber criminals.
This vulnerability surprised many developers, although the Redmond giant has long been presented in detail through the MSDN (Microsoft Developer Network) – the portal for developers – how Windows loads the DLL files. It is amazing that the “gap” is also revealed in other Microsoft products. Safety Department spokesman of the company, Thomas Baumgärtner, admitted: – “No one guessed that this feature could be crucial in terms of safety”.
The consequences are geometrically more painful by the massive usage. This fact is confirmed by Secunia, a company that collects data on known software vulnerabilities. It enumerated that for an average PC, which installed about 50 popular programs in 2010, about 760 new vulnerabilities were present – almost twice more than in 2009 per user. We will see if this trend continues, at the end of 2011.
I hope, we will all wake up to the fact that we have leaky computer systems, vulnerable to attacks. It especially applies if you are a blogger running your site or sites as a business. You will have to take care of this problem on your own to keep your computer and your business safe.
Common sense is important, but it plays a significantly smaller role in protecting your computing world from email viruses or malware encountered by surfing the net, because most hostile activities are undetectable by humans and so, the aid of good tools is unavoidable.
Windows – A Lesser Evil
Microsoft’s operating systems were regarded as the cause of all problems for a long time. The prevalent opinion is that they contain too many loose ends. Although today on a regular basis more and more new leaks emerge in Windows, for years however their number increased only slightly. This also applies to Microsoft programs such as Internet Explorer, Office and Excel. Although due to their popularity they are still likely targets for attacks, cyber criminals are mainly focused right now on software from Adobe, Mozilla, Apple and Google.
It is safe to assume that almost all of us are clients of at least one of their products. During the first half of 2010, in the 50 most popular programs, the Secunia company recorded almost as many errors as in the whole year of 2009. Where has all this come from?
First, many users are unaware of how important these applications are in our security. High popularity of these programs – such as Adobe Reader and Adobe Flash Player – installed on 90% of computers are making them ideal targets for hackers.
Secondly, all users must install the same updates from application vendors. This makes it easier for hackers to infect our computers. So, it is not Microsoft which is the biggest culprit, but other software companies.
Email Security Tools – Computer Antivirus Software = Long Lasting Solution?
The big concern is that any solution to this problem will not last long. Today, you can effectively protect your computing environments by using software tools like: BitDefender – internationally leading computer antivirus software, Mailwasher – one of the best email security programs focusing on scanning your email on a remote email server, and Personal Software Inspector panels.
Most freeware or shareware programs do not install security updates automatically. Automated update is a crucial feature in any software, so the computer virus definitions are ready for the most recent versions of email virus or attacking websites or any other ways hackers will think of, for a malware to latch on.
It will take days, weeks and sometimes longer, before the security holes are patched, antivirus protection is by this time the only method of defense. Guest profile should be used on your computer, when detecting unusual software behavior. If you work without administrator privileges, almost 90% of critical vulnerabilities are completely ineffective. For this reason, we recommend that you work every day on the account with limited privileges.
Did Our Software Become Too Complex?
Why do we have to struggle with “gaps” in our applications? Could the developers not write them more carefully or test them better? Unfortunately, it is not that simple – each program is made up of millions of lines of code, which must support numerous user actions, and simultaneously interact with the operating system. “There is no tool that would be able to find all the errors and gaps in a script”- said Jonathan Nightingale, head of the developers of Firefox. – To minimize the numbers of “bugs” in the code, Mozilla for example, implements a multiple stage quality control procedures.
It includes analysis of the source code, automated tests, and tests conducted by internal and external security experts who test pre-released versions of their software. Luckily for the end-user, programmers are also getting help with security issues from unlikely sources like, a company called “Rent-A-Hacker” that employs hackers to use their skills without criminal intent as well as organizations such as CERT, Tipping Point DV Labs or Acros. Google offers even money for identifying faults in security (about $ 3,200 per error), and similarly, Mozilla (3,000 dollars), which since 2004 under the Bug Bounty program awards already paid to almost 100 people.
Experts analyze the software itself, but the information about discovered vulnerabilities doesn’t go to the public until several weeks or even months later. Previously only the software creators were informed so they could give their developers enough time to remove defects and if at the end of the agreed time period the patch was not fixed, the vulnerability was made public, along with technical full disclosure. Later – usually in as little as a few hours, first attacks would come from the Internet, exploiting faulty programs mostly through faulty websites or email viruses. They would take over your computer first, then smuggle malware.
Even more dangerous are the zero-day vulnerabilities (zero-day), which hackers are discovering themselves, without the knowledge of the software manufacturers. Consequently the latter actually has a “zero days” to seal the application before the first attack – hence the name, such as zero-day flaw discovered in Adobe Flash Player would make the potential victims out of more than 90% of users.
The only protection against such an attack provides a good security suite, which blocks the dangerous and invasive software.
I hope you find this information useful!