11:25 AM
Connect Directly

Source Of The Problem

Hackers are looking beyond the operating system to gain access to computers, and they're increasingly targeting Web browsers, E-mail clients, and other applications and client software. Vulnerabilities have been discovered recently in Apple Computer's iTunes, RealNetworks' RealPlayer, Microsoft's Internet Explorer, Mozilla Foundation's Firefox, various Oracle applications, and enterprise data-backup software from Computer Associates and Veritas.

According to InformationWeek Research's U.S. Information Security Survey 2005, operating systems remain the primary point of attack, cited by 43% of survey respondents. But other sources provided holes aplenty, including E-mail attachments (35%), known applications (22%), and unknown applications (10%).

"What you have now is all these different threats against the desktop, like the Web browsers, which are much harder to protect against," says Johannes Ullrich, chief technology officer of the Internet Storm Center, a volunteer cybersecurity organization focused on threat detection and analysis.

Businesses need to respond by giving apps the same kind of attention they've given the attack-prone Windows operating system. That means raising user awareness and limiting access to certain applications, although that's admittedly difficult in business environments.

David Gernert, IT security officer for Capital BlueCross, has been tracking application-level threats. "We've been keeping an eye on that because as we offer more and more services electronically to our members, providers, and so forth, the potential for problems increases," he says.

The changing nature of security threats is driving interest in technology that goes beyond the protection provided by PC firewalls and antivirus software. That includes products for intrusion prevention, network-access control, identity and access management, and vulnerability management. Gartner analyst Neil MacDonald advises putting the emphasis on best-in-class patch-management capabilities for all types of software.

More stories on InformationWeek Research's
U.S. Information Security Survey 2005

  • The Threats Get Nastier

  • Sidebar: A New Type Of Worm

  • Report: U.S. Information Security 2005

  • Tool: Compare Your Security Practices

  • Behind The Numbers: Security Conforms To Regulatory Compliance

  • We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
    Comment  | 
    Email This  | 
    Print  | 
    More Insights
    Copyright © 2021 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service