We're Getting Security All Wrong
Well, who knew? All those Windows Update patches and operating system fixes haven't been all that useful after all. Applications are where the real security risk is. It's apps, I tell ya! Apps are what the hoodlums are lookin' to rub out! Why, I oughta...
Sorry, we slipped into '30s gangster mode for a second there. But speaking of bad guys, apparently they're not attacking the OS (read: Windows) the way they used to. More and more, they're going after desktop apps, which tend to remain largely unprotected in enterprises.
Or so says the SANS Institute, anyway, in a new report. By the way, literally translated, "sans" institute in French would mean "without" institute. But this new report is not without (see how we did that there?) some pretty interesting observations. Check out this bit from the New York Times blog entry (linked above) on the Without Institute's report:
"[O]n the rise are quiet attacks on desktop programs, such as Microsoft's Office, Adobe's Flash Player and Acrobat programs, Java applications, and Apple's QuickTime program. Attacks on these programs currently account for about 10 percent of attack volume, up from zero three or four years ago. And they are likely to be far more successful, since more than 90 percent of corporate computers are using old, unsecure versions of these programs."
Partners, do we smell opportunity here? It might be time to go bursting through your clients' doors and ask them how often they're updating the security of their desktop apps -- and whether they need any help doing it, for a small fee, of course. IT folks, sheesh...this can't be particularly good news. Sure, Microsoft's updates and general improvements in Windows security have made locking down the OS easier, but now hackers are going after a much broader range of software. That stinks. Really, it does.
But if apps are going to be the new security battleground, that's where ISVs, partners and IT pros will need to fight. Of course, it's hard to say that the consequences of these app attacks are or will be, but it's better not to find out. In any case, the battle to keep the bad guys at bay has become a much broader war.
How secure are your desktop applications? Have you had problems with apps being hacked? Share at firstname.lastname@example.org.
Posted by Lee Pender on 09/16/2009 at 1:22 PM