Pender's Blog by Lee Pender, RCPU Editor

Blog archive

We're Getting Security All Wrong

Well, who knew? All those Windows Update patches and operating system fixes haven't been all that useful after all. Applications are where the real security risk is. It's apps, I tell ya! Apps are what the hoodlums are lookin' to rub out! Why, I oughta...

Sorry, we slipped into '30s gangster mode for a second there. But speaking of bad guys, apparently they're not attacking the OS (read: Windows) the way they used to. More and more, they're going after desktop apps, which tend to remain largely unprotected in enterprises.

Or so says the SANS Institute, anyway, in a new report. By the way, literally translated, "sans" institute in French would mean "without" institute. But this new report is not without (see how we did that there?) some pretty interesting observations. Check out this bit from the New York Times blog entry (linked above) on the Without Institute's report:

"[O]n the rise are quiet attacks on desktop programs, such as Microsoft's Office, Adobe's Flash Player and Acrobat programs, Java applications, and Apple's QuickTime program. Attacks on these programs currently account for about 10 percent of attack volume, up from zero three or four years ago. And they are likely to be far more successful, since more than 90 percent of corporate computers are using old, unsecure versions of these programs."

Partners, do we smell opportunity here? It might be time to go bursting through your clients' doors and ask them how often they're updating the security of their desktop apps -- and whether they need any help doing it, for a small fee, of course. IT folks, sheesh...this can't be particularly good news. Sure, Microsoft's updates and general improvements in Windows security have made locking down the OS easier, but now hackers are going after a much broader range of software. That stinks. Really, it does.

But if apps are going to be the new security battleground, that's where ISVs, partners and IT pros will need to fight. Of course, it's hard to say that the consequences of these app attacks are or will be, but it's better not to find out. In any case, the battle to keep the bad guys at bay has become a much broader war.

How secure are your desktop applications? Have you had problems with apps being hacked? Share at [email protected].

Posted by Lee Pender on September 16, 2009


Featured

  • Windows 365 Cloud Apps Now Available for Public Preview

    Microsoft announced this week that Windows 365 Cloud Apps are now available for public preview. This aims to allow IT administrators to stream individual Windows applications from the cloud, removing the need to assign Cloud PCs to every user.

  • Report: Security Initiatives Can't Keep Pace with Cloud, AI Boom

    The increasingly fast adoption of hybrid, multicloud, and AI systems is easily outgrowing existing security measures, according to a recent global survey by the Cloud Security Alliance (CSA) and exposure management firm Tenable.

  • World Map Image

    Microsoft Taps Nebius in $17B AI Infrastructure Deal To Alleviate Cloud Strain

    Microsoft has signed a five-year, $17.4 billion agreement with Amsterdam-based Nebius Group to expand its AI computing capabilities through third-party GPU infrastructure.

  • Microsoft Brings Copilot AI Into Viva Engage

    Microsoft 365 Copilot in Viva Engage is now generally available, extending Copilot's AI-powered assistant capabilities deeper into the Viva platform.

Most   Popular