If You Get A Malware Infection Who’s Fault Is It Really?

imageThe security industry, especially security analysts, and for that matter, computer users at large, love to dump on Microsoft when they get a malware infection. If only Microsoft got their act together, the theory goes, and hardened Windows more appropriately, we wouldn’t have to deal with this nonsense.

But, what if it isn’t entirely Microsoft’s fault? What if it’s really a shared responsibility split between Microsoft, third party software developers, and the user?

From time to time, I’m accused of being “too frank”; usually on those occasions when diplomacy needs to put put aside, so that realities can be dealt with. For example, I’ve left myself open to criticism, in some quarters, by stating on more than one occasion –

It has been my experience, that when a malware infection occurs, it’s generally safe to say, the user is, more often than not, responsible for their own misfortune.

Computer users, by and large, are lackadaisical in securing their computers against threats to their Internet safety and security.

Strong statements I’ll admit, but if you consider the following, which I have repeated over and over, you’ll understand why I feel comfortable making this statement.

Not all users make use of Microsoft’s Windows Update so that they are current with operating system critical updates, and security fixes. More to the point, few users have given consideration to the vulnerabilities that exist in third party productivity applications and utilities.

Unless you monitor your system for insecure and unpatched software installations, you have left a huge gap in your defenses – it’s just plain common sense.

The just released Secunia Half Year Report – 2010, shows “an alarming development in 3rd party program vulnerabilities, representing an increasing threat to both users and business, which, however, continues to be greatly ignored”, supports my view that security is a shared responsible, and blaming Microsoft simply ignores the reality.

The report goes on to conclude, “users and businesses still perceive the operating system and Microsoft products to be the primary attack vector, largely ignoring 3rd party programs, and finding the actions to secure these too complex and time-consuming. Ultimately this leads to incomplete patch levels of the 3rd party programs, representing rewarding and effective targets for criminals.”

Key highlights of the Secunia Half Year Report 2010:

Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.

A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year.

In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010, to 760.

During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached.

A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010.

The full report (PDF), is available here.

Each week, I receive the Qualys Vulnerability Report, and I never fail to be astonished by the huge number of application vulnerabilities listed in this report. I’ve always felt, that the software industry should thank their “lucky stars”, that this report is not particularly well known outside the professional IT security community. It’s that scary.

There is a solution to this quandary however – the Secunia Personal Software Inspector (PSI).

PSI constantly monitors your system for insecure software installations, notifies you when an insecure application is installed, and even provides you with detailed instructions for updating the application when available.

image

ZD Net, one of my favorite web sites has stated “Secunia Personal Software Inspector, quite possibly the most useful and important free application you can have running on your Windows machine”. In my view, this is not an overstatement.

Installing this small free application will definitely assist you in identifying possible security leaks; give it a try.

image

Quick facts:

The Secunia PSI is free for private use.

Downloaded over 800,000 times

Allows you to secure your PC – Patch your applications – Be proactive

Scans for Insecure and End-of-Life applications

Verifies that all Microsoft patches are applied

Tracks your patch-performance week by week

Direct and easy access to security patches.

Detects more than 300,000 unique application versions

Provides a detailed report of missing security related updates

Provides a tabbed report which indicates programs that are no longer supported – programs with all known patches – insecure programs, etc.

Provides a Toolbox offering a set of links which helps you assess a problem and how you can resolve it.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Download at: Secunia

Bonus: Do it in the Cloud – The Secunia Online Software Inspector, (OSI), is a fast way to scan your PC for the most common programs and vulnerabilities; checking if your PC has a minimum security baseline against known patched vulnerabilities.

System Requirements: Windows 2000, XP 32/64bit, Vista 32/64bit, and Win 7 32/64bit.

Link: Secunia Online Software Inspector

As an added bonus for users, Secunia provides a forum where PSI users can discuss patching, product updates, exploits, the PSI, and anything else security-related.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

Advertisements

23 Comments

Filed under Anti-Malware Tools, Cloud Computing Applications, cybercrime, Don't Get Hacked, downloads, Free Security Programs, Freeware, Internet Safety, Reports, Software, Spyware - Adware Protection, System Security, Utilities, Windows 7, Windows Tips and Tools, Windows Vista, Windows XP

23 responses to “If You Get A Malware Infection Who’s Fault Is It Really?

  1. greg

    Bill
    I’ve been using Secunia for quite awhile now. I was surprised to find as many vulnerabilities as I did.I hope your readers heed your warnings.Right now I have a perfect score ,I’ll see how long that lasts. . Keep up the good work.
    Greg

  2. John

    Hi Bill,

    This is one app that I can say that I’ve been using right from the very beginning, as you say it is one of the best free apps out there.

    Cheers
    John

  3. Liam O' Moulain

    Bill,

    I couldn’t believe the number of vulnerable applications this found when I installed it.

    Thanks.

    Liam

    • Hey Liam,

      I think many people are taken aback when they see the results of the first scan. I’m glad to hear you decided to install this app.

      Bill

  4. Mal

    Hey Bill,

    Agree with everything said above. Been using Secunia for ages now. Quick and easy to use, informative, and they also have a great online forum with great moderators who respond quickly to questions too. I wouldn’t be without it.

    Cheers

    • No surprise there Mal – you’re another smart fellow!

      I found the forum pretty interesting as well. Good to know the moderators are quick with a response – shows real professionalism. Glad you brought that up.

      Best,

      Bill

  5. I agree totally Bill. Staying on top of third party apps is just as important as updating Windows.
    Mark

  6. Pingback: Articles » Blog Archive » Generic host process 32 – The small prediction of a great problem

  7. Pingback: Tweets that mention If You Get A Malware Infection Who’s Fault Is It Really? « Bill Mullins' Weblog – Tech Thoughts -- Topsy.com

  8. Hi Bill

    I think I’ve mentioned previously that I rely on Secunia PSI and FileHippo to keep applications up to date on my own PCs as well as those I support remotely. I can also attest to the high quality of the Secunia forums.

    All the best,
    Dave K

  9. Pingback: Free Qualys BrowserCheck – Spot Plug-in Security Flaws In Your Browser « Bill Mullins' Weblog – Tech Thoughts

  10. Ranjan

    Hey Bill,
    Have been using it since i switched to 7. And the fact that it has got a quality support– their forum and i must say, it’s one of those rare forums where your issue is dealt so nicely and with a rockinkg speed by ‘professional’ moderators..
    And since i’m also using Filehippo update checker, keeping ourselves on top of apps has never been that easy…
    Regards

    • Hey Ranjan,

      I’m really liking what I’m hearing about their forum “it’s one of those rare forums where your issue is dealt so nicely and with a rocking speed by ‘professional’ moderators.”

      Thanks for this.

      Best,

      Bill

  11. Mister Reiner

    As much as I hate to say this, it is Microsoft’s fault.

    The operating system was never meant to be secure against hackers. It was only meant to keep honest people honest. There are a lot of design flaws that make Windows insecure and until Microsoft works with the hardware manufactures to make the underlying technology more secure, it will never be secure.

    The best we can do for now, is to rely on good folks like Bill to keep us informed on what we can do to protect ourselves. Thanks for all your efforts Bill. You are doing the computing community a great service.

    • Hey Mister Reiner,

      That’s kind of like blaming the builder when your house gets burglarized after you went out and left the windows open, it seems to me. Now that that’s out of the way – thank’s for the kind words. 🙂

      Note to readers: Mr. Reiner’s site is one of my daily reads, and I highly recommend that you drop by. As well, checkout Mr. Reiner’s book – OWNED: Why hacking continues to be a problem. Which provides readers with a different perspective on computer security and hacking, by intermixing both subjects and explaining how and why hackers are able break into secured networks and computers. This book is for anyone using a computer; not just computer security professionals.

      Go to

      At Amazon.comAt Barnes&Noble.comAt Smashwords.comAt Sony’s Reader StoreOn the iPad (iBooks)

      Bill

  12. Pingback: Geek Squeaks’ of the Week (#69) « What's On My PC

  13. Pingback: services

  14. Bill, I think what you say regarding malware infection is often correct. I have spoken with many friends who do not realize the benefits of scanning their computer regularly and using software to increase their computer’s productivity. Some admit to continuously postponing the Windows update. I have not used the PSI before, but will downloading it affect the speed of my computer?

    • Well TuneUP, it seems your friends and my friends, have something in common. 🙂

      I don’t think you’ll notice any system slowdown – I certainly haven’t seen it. Nor, have i heard any reports that would indicate that this is a problem.

      Good to see you drop in.

      Bill