Hackers Pose New Threat to Desktop Software
Hackers have changed their tactics and are exploiting flaws in popular software applications – including security programs — to break into the computers of consumers, government agencies, and businesses.What’s new about this, you might ask? The key word is “applications.” Until recently, hackers focused almost exclusively on computers’ operating systems – that is, their basic nervous-system software, with Windows being the obvious example.
See Also: 2024 Threat Hunting Report: Insights to Outsmart Modern Adversaries
But over the past five years, operating-system companies, especially Microsoft, have grown much more adept at quickly issuing “patches” once a security breach in their products was discovered. Moreover, the ubiquity of Internet access means these patches can be distributed automatically, often without the user even knowing his or her software has been strengthened. Result: More secure operating system software.
Opportunity KnocksIf history teaches us anything, it is that hackers are opportunistic. And guess what? While the Microsofts of the world have been making operating systems harder to hack, vendors of application software – everything from databases to security products – have failed to keep pace with automatic patching.
Cyber-attackers have watched this trend and are exploiting it, experts say: today, your anti-virus or firewall software is as likely to be hacked as your Windows.
Indeed, vulnerabilities in software from many of the most trusted names in security have been found – companies including Symantec, Trend Micro, and McAfee.
Analysts say these vendors and others must now rapidly improve their speed and distribution when it comes to patching their own software. For computer users, this is just another possible avenue of attack. However, the new-found vulnerabilities don’t change the best practices for protecting your PC: purchase security software from a reputable vendor, update it frequently – and pay attention to warnings that the software needs to be patched.
© National Security Institute, Inc. – Content excerpted from NSI’s SECURITYsense—a monthly information security awareness service for educating your end users. This copyrighted article is the property of the National Security Institute and may not be reproduced or redistributed in any form without license agreement. For more information on the SECURITYsense program and to view FREE samples, visit http://nsi.org/SECURITYsense2.html .