I mentioned I was on a business trip, during our long road miles my co-worker and I listened to quite a few podcasts. One that was really interesting is the current episode of Security now, episode 91. (http://www.twit.tv/sn91).
In this episode Steve and Leo interview Marc Maiffret of eEye Digital Security (http://www.eeye.com/html/index.html) about the state of security both in the Enterprise and at home. In this episode Marc makes a starting yet fascinating assertion, namely that Microsoft Software is no longer the biggest vulnerability on the Windows platform. Instead, their research shows it’s other software that’s opening up vulnerabilities.
Part of the issue occurs because these vendors lack the concept of “Patch Tuesday” that MS has. Additionally, they tend to bundle their security fixes with other software updates. A user looks at a 47 meg update and goes “hmm, my app is running fine, don’t see a need to update” and misses all the security fixes.
Now, before some joker comes off with “run Linux it’s secure”, on a recent episode Steve talked about a Javascript exploit that can affect your router and effectively open it up. And yes, the exploit works on both Windows and Linux and it also runs under FireFox as well as IE. (Please note I’m not bashing Linux, I have it on a few of my boxes, I’m just realistic about its security abilities.)
The point I’m making here is to make sure to update ALL of your software. Like many I dutifully have my Microsoft updates run automatically each week, but have declined updates of other software thinking “nah, it’s working right now not gonna worry about it”. You can bet I won’t make that mistake again!
Arcane Code 