8th annual e-Crime & Cybersecurity Congress, London, March 2010
Vulnerabilities affecting a typical end-point pose a real threat to end-user hosts. Today, users and businesses still perceive the operating system and Microsoft products to be the primary attack vector, largely ignoring third-party programs. From an attacker’s perspective, targeting third-party programs proves to be a rewarding path and will probably remain so for an extended period of time. The lack of effective update mechanisms expose end-users to significant risks as vulnerable software tends to “survive” for a long time before being updated - thereby leaving the user exposed for prolonged periods of time and providing criminals extended opportunity to exploit these vulnerabilities.
End-users and businesses need to become more aware of the dangers of third-party software and effective patching should be prioritised as high as perimeter defence, according to the evolving threat landscape. Unified and automated patching mechanisms, such as the free Secunia Personal Software Inspector (PSI), make handling vulnerabilities easier for end-users by automatically scanning systems for insecure programs, then downloading and installing the required security patches all in one go.