Tuesday, January 6, 2009

Software Vulnerabilities Exposed

A recent study lists Firefox, EMC VMWare, Citrix, iTunes and 8 other popular software titles as the most vulnerable applications currently in use. In order to merit this dubious distinction, the softare must various criteria, including:
  • Must run on Windows
  • Well-known to the general computing public
  • Generally regarded as non-malicious by most computer departments
  • Had at least one reported security flaw during 2008
  • Requires the end user to maintain the security - as opposed to central application administration.
This necessarily narrows the list -- somewhat unnaturally -- since most of the Microsoft products in popular use can be regulated via a centralized application management tool, such as SMS or WSUS. The study is focused on a corporate audience, as the publishing enterprise - Bit9 - sells a software management tool that addresses the problems that enabled these titles to make the list. So the results need to be taken with generous skepticism.

Nevertheless, the list makes for interesting reading, as it includes some of the recognizable names in consumer and corporate technology.

2008's Popular Applications with Critical Vulnerabilities

  • Mozilla Firefox
  • Adobe Flash & Acrobat
  • EMC VMware Player,Workstation and other products
  • Sun Java Runtime Environment (JRE)
  • Apple QuickTime, Safari & iTunes
  • Symantec
  • Trend Micro
  • Citrix Products
  • Aurigma, Lycos
  • Skype
  • Yahoo! Assistant
  • Microsoft Windows Live (MSN) Messenger
From a corporate perspective, there are fairly easy ways to protect agains the reported vulnerabilities, even without a tool like Bit9 is peddling. A sensible corporate policy regarding these applications, coupled with a thoughtful desktop image will take of the bulk of the risk.

Download the study from Bit9: The Most Vulnerable Applications—2008 Report

No comments:

Post a Comment