Patch and review remains key for business IT security
1 min read
Constant patch and review processes remain essential to defend any company's IT resources against cyber security attacks – and there's just no way around that.
So says Idappcom, which warns that blaming third-party apps for security problems on PCs is not the incorrect way to approach the perennial problem of how software applications interact with each other.
Commenting on the latest annual Secunia security vulnerability report, Anthony Haywood, CTO of the data traffic analysis and security specialist, says that the problem of inter-application security issues has been around ever since the Windows API was first seen way back in 1985.
"A lot has changed in the last 26 years, not least the number of function calls that the WinAPI now supports, having increased massively since the original 450 seen in Windows 1.0," he says.
"Against this backdrop, it's interesting to see our colleagues at Secunia reporting that vulnerabilities in third-party products are the weakest link in software installations. This confirms something our researchers have noted for some time – namely that software patches and updates need to be installed on a very timely basis, and allied to an effective range of IT security software at all times," he adds.
Haywood goes on to say that the report, which also predicts that network vulnerabilities will continue to be a problem in the year ahead, does an excellent job in detailing the issues that a good IT security manager and his or her team needs to address.
It all comes down to due diligence and risk analysis, he says, and recommends that organisations look to automated patching software, which can now be sourced on a freeware basis for several operating systems.
"It's interesting to note that Secunia has developed its own auto-update application [PSI 2.0] which is free of charge and is actually a reduced feature version of the pay-for edition," he says.
"The good news is that the message about the requirement for timely patches appears, at last, to be getting through to the software vendor community, especially Adobe, which now has an auto-update mechanism for Acrobat, Flash and Reader, developed apparently after lobbying from users," he adds.
