Technology news and Jobs 
Information Technology News Secunia finds unpatched applications, but should we worry?
Information Technology News Secunia finds unpatched applications, but should we worry? | Secunia finds unpatched applications, but should we worry? |
|
| by Stephen Withers | |
| Monday, 21 May 2007 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
Applications checked include Internet Explorer, Firefox, Opera, MSN/Windows Live Messenger, Yahoo Messenger, QuickTime, iTunes, Windows Media Player, Winamp, Real(One) Player, Flash Player, (Acrobat) Reader, Outlook Express, Thunderbird, Eudora, Skype, and WinZip. In most cases, multiple versions are covered. Notable absences include Microsoft Office and OpenOffice.org. The 28 percent figure masks substantial variation. Only five percent of Firefox 2 and IE7 installations checked weren't up to date, compared with 10 percent for IE6 and 12 percent for Opera. But according to Jakob Balle, Secunia's IT development manager, 27 percent of the copies of Winamp 5 and 33 percent of QuickTime 7 remained unpatched. The problem is that media files are generally regarded as being safe to open, but a number of vulnerabilities have been found that can be exploited with malformed movie, image or sound files. As Secunia officials noted "It's easy to embed a movie in [a web page]... and all it takes is one unpatched QuickTime vulnerability and a provocative video title to compromise a lot of visitors." These figures are worrying, especially as people using the Secunia Software Inspector are demonstrating a concern for security. Balle suggests Microsoft products are fairly well patched because of broad awareness of Patch Tuesday. We would expect the provision for automatic downloading of updates in XP SP2 and Vista would also contribute. But QuickTime includes an automatic check for updates, so why were nearly one-third of installations checked by Secunia's service unpatched? One possibility is that the automatic check had been disabled. Another, more likely explanation is that QuickTime only checks for updates when it is used, and many of the unpatched copies detected were sitting dormant on the computers scanned. That's still a risk, as a malicious media file could be downloaded and played before the user was alerted to a protective update, but it also suggests that common media types are being opened by applications other than QuickTime Player. Unpatched software is always a risk, as you can never be sure when and in what circumstances it will be used, but we suspect a good proportion of the software found by Secunia's scans isn't kept up to date simply because it isn't regularly used.{moscomment} |
Tags
| < Next story in category | Previous story in the category > |
|---|
