The independent test lab AV_Test announced yesterday that it counted its 50millionth virus – according AV_Test, that’s 55,000 new viruses each day. An interesting thing is that while most companies’ invest in securing their PCs and servers, cyber criminals have been focusing more on vulnerable third party applications. When cyber criminals noticed that companies and software vendors such as Microsoft have tightened up workstation and operating system, they turned to third party applications such as email and PDFs, for example. According to Symantec, 40 out of 5 vulnerabilities that were exploited by hackers where in the third party applications.
IN 2009, the number of vulnerability disclosures for document readers and multimedia applications rose by 50 percent. The main point here is that while companies stress the importance of plugging security loopholes in their sever systems by applying security patches and so on – unfortunately, they’ve been leaving many third-party applications running unpatched. According to Secunia, 98 percent of Windows machines have at least one unpatched application running on them.
According to SANS, the nonprofit security research and training organization, Adobe reader, QuickTime, Adobe Flash and Microsoft Office are some of the commonly used avenues used by infectious viruses when you connect to the internet. Infected websites use these same channels to attach your computers. Even when you don’t download any documents from an infected website, merely accessing that site will comprise the client side software such as the ones I described earlier.
Antivirus software, of course will be any company’s first lien of defense against these client-side vulnerabilities. In addition, companies must focus on a tight schedule of comprehensive patching and configuration management for all third-party applications, just as they do for their operating system and server software, In addition, a tight leash on what applications employees may install on company servers will also cut don won your vulnerabilities.