There's no safe place on the web, reports former hacker
Marc Maiffret, who shared some interesting insights recently
with CNET.com regarding Internet security.
Nearly a decade after he exposed the vulnerability used by
the Code Red worm, Maiffret gave Microsoft's security model
high marks.
"Now, when you look at Microsoft today, they do more to
secure their software than anyone," he said. "They're not
perfect; there's room for improvement. But they are
definitely doing more than anybody else in the industry, I
would say."
In general, platforms like Apple and Windows Mobile have been
less-often attacked because their market share is relatively
small and hackers like to go after the big fish, said
Maiffret, now a security expert.
But there's nothing that makes those platforms inherently
more secure than the Windows operating system, he said, and
in fact, that could be a problem for Mac users.
"We've only seen a scratching of the surface as far as Apple
vulnerabilities because nobody cares to find them," Maiffret
said. "The Apple community is pretty ignorant to the risks
that are out there."
IBM Distinguished Engineer Jeff Crume agrees.
"I know there are lots of people that think that because they
use a Mac, they don't have to worry about security," he said.
"As the saying goes, 'There's nothing more dangerous than
presumed security.'"
Maiffret also pointed out other risks including Web-based
applications such as Facebook and (surprising to me) Adobe.
People don't regularly update security patches for Adobe and
other desktop applications as they do for Microsoft software,
he said, leaving them vulnerable every time they open a PDF.
By the way, to protect your system against PDFs carrying
malicious code, the geeks at the blog ghacks.net suggest the
following process: Open Adobe Reader or Acrobat and click on
"Edit," then "Preferences."
Select "Trust Manager" from the categories menu on the left
and uncheck the box that reads "Allow opening of non-PDF file
attachments with external applications."
Bookmark/Search this post with:
A name, residential address, and (preferably residential) telephone number is required from readers who comment on ODT Online. These details will not be visible to site visitors.