Source Of The Problem - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
11:25 AM
Connect Directly

Source Of The Problem

Hackers are looking beyond the operating system to gain access to computers, and they're increasingly targeting Web browsers, E-mail clients, and other applications and client software. Vulnerabilities have been discovered recently in Apple Computer's iTunes, RealNetworks' RealPlayer, Microsoft's Internet Explorer, Mozilla Foundation's Firefox, various Oracle applications, and enterprise data-backup software from Computer Associates and Veritas.

According to InformationWeek Research's U.S. Information Security Survey 2005, operating systems remain the primary point of attack, cited by 43% of survey respondents. But other sources provided holes aplenty, including E-mail attachments (35%), known applications (22%), and unknown applications (10%).

"What you have now is all these different threats against the desktop, like the Web browsers, which are much harder to protect against," says Johannes Ullrich, chief technology officer of the Internet Storm Center, a volunteer cybersecurity organization focused on threat detection and analysis.

Businesses need to respond by giving apps the same kind of attention they've given the attack-prone Windows operating system. That means raising user awareness and limiting access to certain applications, although that's admittedly difficult in business environments.

David Gernert, IT security officer for Capital BlueCross, has been tracking application-level threats. "We've been keeping an eye on that because as we offer more and more services electronically to our members, providers, and so forth, the potential for problems increases," he says.

The changing nature of security threats is driving interest in technology that goes beyond the protection provided by PC firewalls and antivirus software. That includes products for intrusion prevention, network-access control, identity and access management, and vulnerability management. Gartner analyst Neil MacDonald advises putting the emphasis on best-in-class patch-management capabilities for all types of software.

More stories on InformationWeek Research's
U.S. Information Security Survey 2005

  • The Threats Get Nastier

  • Sidebar: A New Type Of Worm

  • Report: U.S. Information Security 2005

  • Tool: Compare Your Security Practices

  • Behind The Numbers: Security Conforms To Regulatory Compliance

  • We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    Comment  | 
    Print  | 
    More Insights
    InformationWeek Is Getting an Upgrade!

    Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

    Remote Work Tops SF, NYC for Most High-Paying Job Openings
    Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
    Blockchain Gets Real Across Industries
    Lisa Morgan, Freelance Writer,  7/22/2021
    Seeking a Competitive Edge vs. Chasing Savings in the Cloud
    Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
    White Papers
    Register for InformationWeek Newsletters
    Current Issue
    Monitoring Critical Cloud Workloads Report
    In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
    Flash Poll