Posted by: Ken Harthun
14 Golden Rules of Computer Security, Security, Security practice
OK. So you’ve installed a NAT router, you’ve changed the default login and passsword, and you’ve used an unguessable password. You’ve done everything right so far; however, you still may be vulnerable–in fact, you probably are, even if you keep your operating system patched. In a 2007 Lockergnome posting, I wrote:
“To say nothing of Microsoft Windows, there are few, if any, application software packages that are free of security vulnerabilities. The SANS Institute publishes its Top 20 Internet Security Attack Targets on a regular basis and Secunia currently lists 14,043 pieces of software and operating systems with vulnerabilities.”
Not surprising, Secunia reports that as of November 27, 2009 , the above number has increase by almost 13,300:
“Our database currently includes 27,298 pieces of software and operating systems.”
It probably won’t surprise you that Microsoft leads the list, but that is by no means the only source of security vulnerabilities out there. The truth is, if you’re on the ‘Net and running any unpatched software, you’re a target; I can look at my firewall logs and identify what vulnerabilities are being targeted on my machine. Many of these holes have long since been patched and there’s no excuse for your not having patched them.
So much for the bad news. The good news is that most reputable software companies, when informed of a vulnerability by security researchers, promptly issue a software patch to fix it. These are widely available to the public for free download or through update features built into the software packages. Windows and other software packages allow you to enable automatic updates (which you should do).
Golden Rule #5: A vital part of PC security is keeping up with software patches for ALL of the software on your system, not just the operating system. Where it is available, use the software’s automatic updates feature.