So what do people think of bit9's new report?

Solaris

Solaris

Solaris

Associate
Joined
31 Oct 2006
Posts
2,004
Some unknown company called bit9 have released a list of software that could be a security risk.

Problem is, I use nearly all of it.

What do you think? Load of rubbish?

Software on the list:

Mozilla Firefox
Adobe Flash & Acrobat
EMC VMware Player, Workstation and other products
Sun Java Runtime Environment (JRE)
Apple QuickTime, Safari & iTunes
Symantec
Trend Micro
Citrix Products
Aurigma, Lycos
Skype
Yahoo! Assistant
Microsoft Windows Live (MSN) Messenger

Register article: http://www.theregister.co.uk/2008/12/12/app_threat_list/

The report: http://www.bit9.com/files/Vulnerable_Apps_DEC_08.pdf
 
I think the Register sumed it up straight away "Daft list". Anything could be a possible security risk, but if you keep your computer updated, have AV installe and a firewall you're generally pretty safe these days.
 
Might be relevant to large businesses, but I don't think it should make the end user think twice. Their criteria for inclusion on the list:

1) Runs on Microsoft Windows.
2) Is well-known in the consumer space and frequently downloaded by individuals.
3) Is not classified as malicious by enterprise IT organizations or security vendors.
4) Contains at least one critical vulnerability that was:
a. first reported in January 2008 or after,
b. registered in the U.S.National Institute of Standards and Technology’s (NIST)
official vulnerability database at http://nvd.nist.gov, and
c. given a severity rating of high (between 7.0-10.0) on the Common
Vulnerability Scoring System (CVSS).
5) Relies on the end user, rather than a central administrator, to manually patch
or upgrade the software to eliminate the vulnerability, if such a patch exists.
6) The application cannot be automatically and centrally updated via free Enterprise
tools such as Microsoft SMS & WSUS.
Click to expand...

Which translates to:

1), 2) and 3): is popular but not dodgy
4): has had a serious security problem reported this year
5) and 6): can't be updated by a central administrator.

I'd say those three things apply to most of the software that we use! As long as you keep your software up to date, I don't see any reason to worry.
 
You must log in or register to reply here.
Back
Top Bottom