Does This Software Smell Funny To You?

In any discussion of the vulnerability of your computer to malware, the discussion is often centered around the cutting edge of the battles between new threats and new versions of browsers and software to combat them. But the dirty little secret we don't discuss much is: Most software is older than dirt. Does software need a fresh sale date? Security researchers are beginning to think so.

In a newly published paper, Stefan Frei and Martin May of the Computer Engineering and Networks Laboratory at ETH Zurich, Thomas Dubendorfer of Google Switzerland, and Gunter Ollmann of IBM (NYSE: IBM) Internet Security Systems make this recommendation because they found that 637 million (45.2%) out of 1.4 billion Internet users worldwide are at risk from their failure to use the latest, most secure version of their chosen Internet browsers.

"Given the state of the software industry and the growing threat of exploitable vulnerabilities within all applications (not just Web browsers), we believe that the establishment of a 'best before' date for all new software releases could prove an invaluable means to educating the user to patch or 'refresh' their software applications," the paper says. "The same 'best before' date information could also be leveraged by Internet businesses to help evaluate or mitigate the risk of customers who are using out of date software and are consequently at a higher risk of having been compromised."

Web browser vulnerabilities are becoming the fault of choice for malware baddies, and it's sobering to read that as few as 47.6 percent of Internet Explorer users are using the most current, patched version. That's an invitation to disaster. Firefox 2 was considered the most secure browser mostly because it had the best percentage of users who kept it up-to-date, 83.3 percent. It's not just browsers that are out-of date though; things like Flash and Quicktime are often on users' computers in ancient iterations. Update people! It's all free stuff, after all.
Tags:  Software, HIS, FTW, funny, AR, DOE

blog comments powered by Disqus