I was looking at the latest issue of the SANS @Risk newsletter and it mentioned something that we need to keep in mind. I know that it's not something that I do regularly but I really need to do.
The four most critical vulnerabilities this week touch just about everyAll of us have software on our systems that requires us to manually check for updates. This brings up several questions that we must answer.
Windows user: Internet Explorer, Outlook Express, Word, even Kodak Image
The Kodak threat highlights a useful, but unpleasant fact. Microsoft
patched this product because it was distributed with Windows, but most
of the other products you add to your computer are not patched
automatically. Many vendors expect you to check with their web site to
learn about flaws that need patching. The criminals know that - hence
the new wave of attacks against applications.
- What software is on our systems? Do you know?
Make a list of all the applications that are on your system.
- How often do you check for updates manually?
Bookmark the support page for each and check it regularly. Set a calendar reminder to ping you monthly.
- Do you use all the applications on your system?
Uninstall all apps that you don't need or use.
- Where did you get your software from?
Shareware/Freeware are great, but make sure you know and can really trust the source. The bad guys are putting our free software that looks really cool but packs a punch when it comes to owning your system.
- Did it come preinstalled on your system?
Lots of the software that comes preinstalled on your system are trial versions that only work at partial functionality or expire after a period of time. If you are not going to pay the license fee to make it a full version then uninstall it. Even dormant software can be exploited.