Security Corner

Feb 28 2008   1:30AM GMT

If You’re Not Patched, You’re a Target!

Ken Harthun Ken Harthun Profile: Ken Harthun

OK. So you’ve installed a NAT router, you’ve changed the default login and passsword, and you’ve used an unguessable password. You’ve done everything right so far. However, you still may be vulnerable; in fact, you probably are, even if you keep your operating system patched. In a Lockergnome posting last year, I wrote:

To say nothing of Microsoft Windows, there are few, if any, application software packages that are free of security vulnerabilities. The SANS Institute publishes its Top 20 Internet Security Attack Targets on a regular basis and Secunia currently lists 14,043 pieces of software and operating systems with vulnerabilities.

Not surprising, Secunia reports that as of this date, the above number has increase by more than 3,300:

Our database currently includes 17,406 pieces of software and operating systems.

It probably won’t surprise you that Microsoft leads the list, but that is by no means the only source of security vulnerabilities out there. The truth is, if you’re on the ‘Net and running any unpatched software, you’re a target; I can look at my firewall logs and identify what vulnerabilities are being targeted on my machine. Many of these holes have long since been patched and there’s no excuse for your not having patched them.

So much for the bad news. The good news is that most reputable software companies, when informed of a vulnerability by security researchers, promptly issue a software patch to fix it. These are widely available to the public for free download or through update features built into the software packages. Windows and other software packages allow you to enable automatic updates (which you should do).

I give you Security Maxim #5: A vital part of PC security is keeping up with software patches for ALL of the software on your system, not just the operating system. Where it is available, use the software’s automatic updates feature.

The Geek

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Wrobinson
    You should provide additional context to Microsoft 'leading the list' such as the fact that it is the largest software company in the world ad produces in excess of 500+ products and services, so comparing it to companies without as signifant an attack surface is really not presenting a fair argument. To make such a comparison, one would have to do so product by product -- such as SQL Server to Oracle for example.
    5,625 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: