Pender's Blog

Blog archive

We're Getting Security All Wrong

Well, who knew? All those Windows Update patches and operating system fixes haven't been all that useful after all. Applications are where the real security risk is. It's apps, I tell ya! Apps are what the hoodlums are lookin' to rub out! Why, I oughta...

Sorry, we slipped into '30s gangster mode for a second there. But speaking of bad guys, apparently they're not attacking the OS (read: Windows) the way they used to. More and more, they're going after desktop apps, which tend to remain largely unprotected in enterprises.

Or so says the SANS Institute, anyway, in a new report. By the way, literally translated, "sans" institute in French would mean "without" institute. But this new report is not without (see how we did that there?) some pretty interesting observations. Check out this bit from the New York Times blog entry (linked above) on the Without Institute's report:

"[O]n the rise are quiet attacks on desktop programs, such as Microsoft's Office, Adobe's Flash Player and Acrobat programs, Java applications, and Apple's QuickTime program. Attacks on these programs currently account for about 10 percent of attack volume, up from zero three or four years ago. And they are likely to be far more successful, since more than 90 percent of corporate computers are using old, unsecure versions of these programs."

Partners, do we smell opportunity here? It might be time to go bursting through your clients' doors and ask them how often they're updating the security of their desktop apps -- and whether they need any help doing it, for a small fee, of course. IT folks, sheesh...this can't be particularly good news. Sure, Microsoft's updates and general improvements in Windows security have made locking down the OS easier, but now hackers are going after a much broader range of software. That stinks. Really, it does.

But if apps are going to be the new security battleground, that's where ISVs, partners and IT pros will need to fight. Of course, it's hard to say that the consequences of these app attacks are or will be, but it's better not to find out. In any case, the battle to keep the bad guys at bay has become a much broader war.

How secure are your desktop applications? Have you had problems with apps being hacked? Share at lpender@rcpmag.com.

Posted by Lee Pender on 09/16/2009 at 1:22 PM


Featured

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

  • Microsoft Offers 1 Year of Free Windows 7 Extended Security Updates to E5 Licensees

    Microsoft is offering one year of free support under its Extended Security Updates program to Windows 7 users if their organizations have E5 licensing.

  • SQL Server 2019 Licensing: How Much Does It Cost and What's Included?

    Microsoft has clarified the more confusing elements of SQL Server licensing and extended major benefits to customers. The catch is that Software Assurance is required to take advantage of them.

  • What Happens When You Use a Virtual Reality Headset in Space?

    And now for something (almost) completely different, Brien sees how well a HoloLens-like headset weathers the unique conditions of a zero gravity flight.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.