Bit9 released its annual ranking of popular consumer applications with known security vulnerabilities. The list reveals ‘The Dirty Dozen’ - the most-used applications on Windows that are the most vulnerable to security flaws that could compromise systems and/or private data.
All of the programs considered a security risk in this listing are Windows-based, well-known, and not classified as malicious by IT organizations. However, these programs will have at least one critical vulnerability identified in 2008 or registered with a high security rating. These programs will also rely on end-users to upgrade software, not having the ability to run on centralized enterprise update tools.
In addition to requiring end-users to take responsibility for security updates, the list includes programs that often run outside control or knowledge of IT, resulting in compliance issues and breaches that could lead to heavy fines and losses. However, the list is a little biased, since it is not clear if they are more or less secure than the applications that can be centrally updated. For example, Internet Explorer can be centrally updated, but it is not necessarily more secure than Firefox, which tops the list of the 'Dirty Dozen'.
The 'Dirty Dozen', as ordered by number of vulnerabilities, are as follows:
There has been considerable evidence that requiring end users to make security decisions has led to security incidents, due to lack of knowledge and/or understanding, so in the enterprise setting a centralized approach to IT asset management has often been the norm. The problem with this approach is incorporating the applications that users want and need and figuring out how to manage those appropriately.
Via Internet News