Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Patch And Review Essential Aspects of IT Security

Idappcom : 22 January, 2011  (Technical Article)
Idappcom comments on PC security issues relating to third party applications and reccommends continuous review and patch process
Commenting on the latest annual Secunia security vulnerability report, Idappcom says that blaming third-party apps for security problems on PCs is the incorrect way of approaching the perennial problem of the way software applications interact with each other.



According to Anthony Haywood, CTO with the data traffic analysis and security specialist, the problem of inter-application security issues has been around ever since the Windows API was first seen way back in 1985.



"A lot has changed in the last 26 years, not least the number of function calls which the WinAPI now supports, having increased massively since the original 450 seen in Windows 1.0," he said.



"Against this backdrop, it's interesting to see our colleagues at Secunia reporting that vulnerabilities in third-party products are the weakest link in software installations. More than anything, this confirms something our researchers have noted for some time, namely that software patches and updates need to be installed on a very timely basis, and allied to a highly effective range of IT security software at all times," he added.



Haywood went on to say that the report, which also predicts that network vulnerabilities will continue to be a problem in the year ahead, does an excellent job in detailing the issues that a good IT security manager and his/her team needs to address.



It all comes down to due diligence and risk analysis, a series of processes that needs to be updated and reviewed on a continual basis, rather than treating it as an annual `tick and check' project to be carried out like a stocktaking exercise, he explained.



Having said that, the Idappcom CTO noted that the report's conclusions - which include the fact that there often is a delay between flaws being exploited and the IT team in an organisation `getting around' to patching the flaw on a remediated basis - need to be addressed.



And it's for this reason that Haywood recommends that organisations look to automated patching software, which can now be sourced on a freeware basis for several operating systems.



"It's interesting to note that Secunia has developed its own auto-update application - PSI 2.0 - which is free of charge and is actually a reduced feature version of the pay-for edition," he said.



"The good news is that the message about the requirement for timely patches appears - at last - to be getting through to the software vendor community, especially Adobe, which now has an auto-update mechanism for Acrobat, Flash and Reader, developed apparently after lobbying from users," he added.



"When allied to a competent security advisory service like our own, IT security managers can rest easy in their beds, sure in the fact that their IT resources are as well defended as it is possible to be with the resources that are now available."
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo