Source Of The Problem - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications
News
8/26/2005
11:25 AM
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Source Of The Problem

Hackers are looking beyond the operating system to gain access to computers, and they're increasingly targeting Web browsers, E-mail clients, and other applications and client software. Vulnerabilities have been discovered recently in Apple Computer's iTunes, RealNetworks' RealPlayer, Microsoft's Internet Explorer, Mozilla Foundation's Firefox, various Oracle applications, and enterprise data-backup software from Computer Associates and Veritas.

According to InformationWeek Research's U.S. Information Security Survey 2005, operating systems remain the primary point of attack, cited by 43% of survey respondents. But other sources provided holes aplenty, including E-mail attachments (35%), known applications (22%), and unknown applications (10%).

"What you have now is all these different threats against the desktop, like the Web browsers, which are much harder to protect against," says Johannes Ullrich, chief technology officer of the Internet Storm Center, a volunteer cybersecurity organization focused on threat detection and analysis.

Businesses need to respond by giving apps the same kind of attention they've given the attack-prone Windows operating system. That means raising user awareness and limiting access to certain applications, although that's admittedly difficult in business environments.

David Gernert, IT security officer for Capital BlueCross, has been tracking application-level threats. "We've been keeping an eye on that because as we offer more and more services electronically to our members, providers, and so forth, the potential for problems increases," he says.

The changing nature of security threats is driving interest in technology that goes beyond the protection provided by PC firewalls and antivirus software. That includes products for intrusion prevention, network-access control, identity and access management, and vulnerability management. Gartner analyst Neil MacDonald advises putting the emphasis on best-in-class patch-management capabilities for all types of software.
























More stories on InformationWeek Research's
U.S. Information Security Survey 2005


  • The Threats Get Nastier

  • Sidebar: A New Type Of Worm

  • Report: U.S. Information Security 2005

  • Tool: Compare Your Security Practices

  • Behind The Numbers: Security Conforms To Regulatory Compliance
























  • We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    Comment  | 
    Print  | 
    More Insights
    InformationWeek Is Getting an Upgrade!

    Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

    Commentary
    Why IT Leaders Should Make Cloud Training a Top Priority
    John Edwards, Technology Journalist & Author,  4/14/2021
    Slideshows
    10 Things Your Artificial Intelligence Initiative Needs to Succeed
    Lisa Morgan, Freelance Writer,  4/20/2021
    Commentary
    Lessons I've Learned From My Career in Technology
    Guest Commentary, Guest Commentary,  5/4/2021
    White Papers
    Register for InformationWeek Newsletters
    Video
    Current Issue
    Planning Your Digital Transformation Roadmap
    Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
    Slideshows
    Flash Poll