written by Chris Griesemer

Vulnerabilities are threats or holes in software allowing a person of low ethical values (or hacker), the ability to gain access to your computer, your personal information or, even your customers personal information.

Recently, Kaspersky released their latest IT Threat Evolution report (website at the bottom of this article). Kaspersky is one of the leaders in anti-virus and security software.

Microsoft and Patches
The most interesting finding that stood out is how Microsoft products did not make the list. Could it be that Microsoft has finally figured out how to make a secure product? I don’t want to give Microsoft too much credit but they do a very good job of releasing patches to fix vulnerabilities as they find them.

Since Microsoft has become more secure, hackers have decided to change their strategy. Instead of trying to find holes in Microsoft’s Operating Systems, they have chosen to attack third party software like Java, Adobe and Apple. The top two vulnerabilities in Kaspersky’s report were Java related. Five of the top ten vulnerabilities targeted Adobe and two attacked Apple (QuickTime and iTunes).

What does all of this mean? Hackers have figured out that although these third party applications release patches, most of the users don’t apply them. How many times have you seen that bubble at the bottom right hand corner display it is time for an Adobe update? “Click Here” it says. And usually it is right when I am doing something important so I close that annoying bubble and continue doing what I was doing.

Third Party Software
Why does Microsoft get patched and third party applications have such a huge target on their back? The difference is Microsoft has developed automation tools to help download and install these patches at convenient times for the users. Third party updates are always based on when the user wants to apply them. When I do vulnerability scans for clients the three applications I most often see needing to be patched are Java, Adobe and Apple.

So how do we keep third party software patched? In my experience, the two most popular 3rd party patching tools are GFI Languard (www.gfi.com) and Shavlek (www.shavlik.com). These applications have the ability to download the latest patches and then push them out to all computers. It takes the responsibility of patching off of the user and places it on one person, typically the IT manager.

If you still have questions about 3rd party patching, please don’t hesitate to call. And if you really want to see what is happening with your network, give us a call and discuss a vulnerability scan.

written by Chris Griesemer

Link to Kapersky’s report: http://www.securelist.com/en/analysis/204792250/IT_Threat_Evolution_Q3_2012