Pender's Blog

Blog archive

We're Getting Security All Wrong

Well, who knew? All those Windows Update patches and operating system fixes haven't been all that useful after all. Applications are where the real security risk is. It's apps, I tell ya! Apps are what the hoodlums are lookin' to rub out! Why, I oughta...

Sorry, we slipped into '30s gangster mode for a second there. But speaking of bad guys, apparently they're not attacking the OS (read: Windows) the way they used to. More and more, they're going after desktop apps, which tend to remain largely unprotected in enterprises.

Or so says the SANS Institute, anyway, in a new report. By the way, literally translated, "sans" institute in French would mean "without" institute. But this new report is not without (see how we did that there?) some pretty interesting observations. Check out this bit from the New York Times blog entry (linked above) on the Without Institute's report:

"[O]n the rise are quiet attacks on desktop programs, such as Microsoft's Office, Adobe's Flash Player and Acrobat programs, Java applications, and Apple's QuickTime program. Attacks on these programs currently account for about 10 percent of attack volume, up from zero three or four years ago. And they are likely to be far more successful, since more than 90 percent of corporate computers are using old, unsecure versions of these programs."

Partners, do we smell opportunity here? It might be time to go bursting through your clients' doors and ask them how often they're updating the security of their desktop apps -- and whether they need any help doing it, for a small fee, of course. IT folks, sheesh...this can't be particularly good news. Sure, Microsoft's updates and general improvements in Windows security have made locking down the OS easier, but now hackers are going after a much broader range of software. That stinks. Really, it does.

But if apps are going to be the new security battleground, that's where ISVs, partners and IT pros will need to fight. Of course, it's hard to say that the consequences of these app attacks are or will be, but it's better not to find out. In any case, the battle to keep the bad guys at bay has become a much broader war.

How secure are your desktop applications? Have you had problems with apps being hacked? Share at [email protected].

Posted by Lee Pender on September 16, 2009 at 11:55 AM


Featured

  • Orgs Now Getting the New Outlook for Windows

    The new Outlook for Windows 11 app is now at the "general availability" release stage for personal users, but it's also "enterprise ready."

  • Four New Microsoft Surface Devices Unveiled at Event

    Four new Surface devices for businesses were announced during Microsoft's fall hardware event.

  • Cisco To Buy Splunk for $28B

    Cisco announced it is acquiring security and IT solutions provider Splunk for about "$28 billion in equity value."

  • Copilot for Windows 11 Available September 26

    Microsoft Also announced new Copilot features coming to Bing, Edge and Microsoft 365.