|
|
Security Risks from unpatched media players...Are you at Risk?
Are you facing security risks, not from flaws in Windows itself but from unpatched media players?
If you are running versions of Flash, Java, and QuickTime that are unpatched you could be at risk
Tests have shown which applications are the most likely to be installed but unpatched on users' PCs.
In the following list, number 1 represents the unpatched application that was found on the greatest number of users' machines, with higher numbers representing fewer machines:
1. Adobe Flash Player 9.x
2. Sun Java JRE 1.6.x/6.x
3. Macromedia Flash Player 6.x
4. Macromedia Flash Player 8.x
5. Macromedia Flash Player 7.x
6. Apple QuickTime 7.x
7. Macromedia Flash Player 5.x
8. Mozilla Firefox 2.0.x
9. Macromedia Flash Player 4.x
10. Adobe Reader 7.x
These applications are media players, browser plug-ins that play media files, or a browser itself (i.e., Firefox). All of these programs can be attacked across the Internet for example, if you play an infected Flash video you find on a Web site or that you received via e-mail. Consequently, using an older version of these program poses a real security risk.
All of the applications mentioned above support automatic updating. They also allow you to choose to update them manually which some users prefer. If you prefer to update manually, update them on your regulary scheduled malware scan schedule.
Now your probably wondering, how can I tell if my software is out-of-date? Good question, and here is a program to tell you just that
You can use Software Inspector at Secunia.com.....its free
This online utility requires Java to run, so you should use the Java update procedure below to make sure you have the latest version of Java before proceeding.
To update Sun Java:
Step 1. In the Control Panel, launch the Java applet. You can also right-click the Java icon in the Taskbar tray and choose Open Control Panel.
Step 2. Click the Update tab. Use the controls there to customize the update notification. Click OK.
If you prefer to update Java manually, uncheck the box for automatic updating. Then return to this dialog box periodically and click Update Now at the bottom of the Update tab.
Now, Test your software with Software Inspector
The scan will find software (including the operating system) with known security flaws for which patches exist. The on-screen report lists your updated apps (with a green checkmark) and nonupdated apps (with a red X). If you have multiple copies of a single application installed, the report will list each version. Click the "+" icon to the left of each item for more information, including the specific path to each file.
Software Inspector does not flag applications for which no update exists. Unfortunately, you may still have applications with security holes that aren't mentioned in the report. In addition, the program can't detect any workarounds you may have put in place to avoid security problems with existing applications.
If the scan finds multiple versions of software, sometimes older versions represent a security risk to your system. But in some cases (such as Java), you may need an older version to keep other application software running properly.
Before doing anything, make a backup of your system, or at least create a restore point using System Restore.
Secunia's Software Inspector is especially valuable for those of us who prefer to use manual updating, rather than letting programs check and download patches automatically. The scan not only tells you what updates to look for, but it checks all your software in a single step without having to use each application's update feature one at a time.
You may forget to use Software Inspector periodically, so to automate that chore, click the reminder service link on the Software Inspector page. This will send you an e-mail notification every time a new update or version is available.
It's frustrating to know that, even when Windows is fully patched, our application software can represent an even greater vulnerability. To reduce your risk, consider running Software Inspector once a month, just after you've installed the Windows patches that Microsoft typically releases on Patch Tuesday (the 2nd Tuesday of the month).
__________________ |
|
发表于 2008-11-19 15:43:04