Source Of The ProblemSource Of The Problem

Hackers are looking beyond the operating system to gain access to computers, and they're increasingly targeting Web browsers, E-mail clients, and other applications and client software. -- Sidebar to: The Threats Get Nastier

Thomas Claburn, Editor at Large, Enterprise Mobility

August 26, 2005

4 Min Read
information logo in a gray background | information

Hackers are looking beyond the operating system to gain access to computers, and they're increasingly targeting Web browsers, E-mail clients, and other applications and client software. Vulnerabilities have been discovered recently in Apple Computer's iTunes, RealNetworks' RealPlayer, Microsoft's Internet Explorer, Mozilla Foundation's Firefox, various Oracle applications, and enterprise data-backup software from Computer Associates and Veritas.

According to information Research's U.S. Information Security Survey 2005, operating systems remain the primary point of attack, cited by 43% of survey respondents. But other sources provided holes aplenty, including E-mail attachments (35%), known applications (22%), and unknown applications (10%).

"What you have now is all these different threats against the desktop, like the Web browsers, which are much harder to protect against," says Johannes Ullrich, chief technology officer of the Internet Storm Center, a volunteer cybersecurity organization focused on threat detection and analysis.

Businesses need to respond by giving apps the same kind of attention they've given the attack-prone Windows operating system. That means raising user awareness and limiting access to certain applications, although that's admittedly difficult in business environments.

David Gernert, IT security officer for Capital BlueCross, has been tracking application-level threats. "We've been keeping an eye on that because as we offer more and more services electronically to our members, providers, and so forth, the potential for problems increases," he says.

The changing nature of security threats is driving interest in technology that goes beyond the protection provided by PC firewalls and antivirus software. That includes products for intrusion prevention, network-access control, identity and access management, and vulnerability management. Gartner analyst Neil MacDonald advises putting the emphasis on best-in-class patch-management capabilities for all types of software.

Read more about:

20052005

About the Author

Thomas Claburn

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, information, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

See more from Thomas Claburn
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports