Most people owning a PC are familiar with Microsoft’s patching process – it’s easy and it’s there. For a lot of them, it also gives the impression that Microsoft’s products are chock-full of flaws. But, according to Stefan Frei, Research Analyst Director with Secunia, it’s not the vulnerabilities in Microsoft’s products we should worry about, but those in third-party software. 55 percent of the end-point users have more than 66 programs from more than 22 vendors installed on their systems. Of the top 50 software used, 26 are developed by Microsoft, and the remaining 24 by 14 other vendors.
I remember Vista having so many problems due to 3rd party graphics drivers, and certain anti-virus vendors.
It’s much better now, but still we have the Adobe situation (Flash, PDF being the biggest exploit targets).
Yeah, who would have thought PDF and Acrobat Readed is a good format/program:
http://www.youtube.com/watch?v=54XYqsf4JEY
The spec is huge and much to complicated and the code base old and very large.
Edited 2011-01-13 00:46 UTC
OTOH, I had major problems with the NIC-driver from Microsoft with my Windows Server 2008. Using an older (in date) but newer (in version numbering… wtf?) driver from a 3rd party (Realtek) solved the problems with repeated random-like BSODs.
It would be a lot easier if Windows had a proper software updating API (like what you see in its main competitors). It’d be nice if one could open “Programs and Features” (or “Add/Remove programs” for older Windows) and simply click “Search for Updates” (similar to searching for updates to FF-extensions) and then click “Update All”. It would give Windows the benefit of installing packages individually while still allowing for centralized and easy software package management.
I’ve been running Secunia PSI 2 in compliment with MSE for a while now. Secunia does work great and version 2 is a major evolution in UI and other features like an automatic update option to try and patch your vulnerable unpatched applications.
Sometimes however there is no patches for some of your software or the application has reached end of life while still being insecure. Secunia lists those.
This tie in to the feature(s) I hope either Secunia or MSE would add, sanboxing and/or varying degree of network rights priviledges for those applications.
Other options is to go for a standalone program like sandboxee or upgrade to Windows 7 ultimate with applocker (I really think this feauture should have came standard with all Win 7 and not just for Windows Ultimate) or the cheaper option just go for a premium anti virus security package with this bell and whistles.
Before I ran MSE and Secunia I used to use Kaspersky Internet security with Sanboxing and network rights management (I’m sure some other AV’s probably have this too) and I miss that a bit. I’m still hoping though MSE or Secunia would eventually add this features though.
No shit.
In other news: CPUs are responsible for most software processing.
I even heard that there are third-party viruses.
Yeah but I bet they don’t integrate as well with Windows as Redmond’s own malware.
That covers the bulk of it, Stefan Frei is doing a disservice by making it sound like it is a wider problem.
http://krebsonsecurity.com/2011/01/exploit-packs-run-on-java-juice/
You can add anything ActiveX.
Errr… If I got it right, their point is that if, say, Adobe Reader is able to get root access and do nasty things when presented a malicious PDF, it’s Adobe Reader which is guilty, right ?
If software can break through the OS’s sandboxing facilities as soon as there’s a buffer overflow vulnerability in it, and if malware can have access to some data and functionality beyond the realm of competence of the exploited software, then in my opinion there’s something horribly wrong with the OS, and patching the buffer overflow vulnerability is just hiding the core problem.
Namely : why the hell is untrusted user software left able to do so much ?
Edited 2011-01-13 12:28 UTC