Pender's Blog

Blog archive

We're Getting Security All Wrong

Well, who knew? All those Windows Update patches and operating system fixes haven't been all that useful after all. Applications are where the real security risk is. It's apps, I tell ya! Apps are what the hoodlums are lookin' to rub out! Why, I oughta...

Sorry, we slipped into '30s gangster mode for a second there. But speaking of bad guys, apparently they're not attacking the OS (read: Windows) the way they used to. More and more, they're going after desktop apps, which tend to remain largely unprotected in enterprises.

Or so says the SANS Institute, anyway, in a new report. By the way, literally translated, "sans" institute in French would mean "without" institute. But this new report is not without (see how we did that there?) some pretty interesting observations. Check out this bit from the New York Times blog entry (linked above) on the Without Institute's report:

"[O]n the rise are quiet attacks on desktop programs, such as Microsoft's Office, Adobe's Flash Player and Acrobat programs, Java applications, and Apple's QuickTime program. Attacks on these programs currently account for about 10 percent of attack volume, up from zero three or four years ago. And they are likely to be far more successful, since more than 90 percent of corporate computers are using old, unsecure versions of these programs."

Partners, do we smell opportunity here? It might be time to go bursting through your clients' doors and ask them how often they're updating the security of their desktop apps -- and whether they need any help doing it, for a small fee, of course. IT folks, sheesh...this can't be particularly good news. Sure, Microsoft's updates and general improvements in Windows security have made locking down the OS easier, but now hackers are going after a much broader range of software. That stinks. Really, it does.

But if apps are going to be the new security battleground, that's where ISVs, partners and IT pros will need to fight. Of course, it's hard to say that the consequences of these app attacks are or will be, but it's better not to find out. In any case, the battle to keep the bad guys at bay has become a much broader war.

How secure are your desktop applications? Have you had problems with apps being hacked? Share at [email protected]

Posted by Lee Pender on 09/16/2009 at 1:22 PM


Featured

  • SameSite Cookie Changes Rolled Back Until Summer

    The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

  • Basic Authentication Extended to 2H 2021 for Exchange Online Users

    Microsoft is now planning to disable Basic Authentication use with its Exchange Online service sometime in the "second half of 2021," according to a Friday announcement.

  • Microsoft Offers Endpoint Configuration Manager Advice for Keeping Remote Clients Patched

    Microsoft this week offered advice for organizations using Microsoft Endpoint Configuration Manager with remote Windows systems that need to get patched, and it also announced Update 2002.

  • Azure Edge Zones Hit Preview

    Azure Edge Zones, a new edge computing technology from Microsoft designed to enable new scenarios for developers and partners, emerged as a preview release this week.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.