11/02/2007, 2:50pm, EDT
Friday, November 2nd
QuickTime among most vulnerable Windows apps
According to security vendor Bit9, QuickTime is among the most security flaw-ridden Windows applications. Apple's media player ranks second on the list of programs that are difficult for an IT department to patch and/or "represent unexpected and unquantified vulnerabilities in an enterprise IT environment." Another Apple product, iTunes, appears at number 6. Meanwhile, according to a ZDNet report, Yahoo's standalone IM client, Yahoo Messenger, is number one on the list. Microsoft has only one entry on the list: Windows Live MSN Messenger at #4.
Bit9 explained why Microsoft's products, though subject to a number of flaws, do not factor highly in the list: "The reason most Microsoft software doesn’t make the list is because by now most companies have a pretty good process in place for identifying, patching, and fixing vulnerable Microsoft software. The same cannot be said for apps like Firefox, iTunes, and other packages."
Apple's generally stellar security reputation has been under fire lately. A new trojan horse designed specifically for Mac OS X systems has been discovered on several pornography websites that can hijack Web traffic, according to security firm Intego. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue.
In addition, Mac OS X Leopard is not fundamentally better for security than Tiger, several security experts suggest. Thomas Ptacek of Matasano Security writes that Leopard's new security features, though an improvement, still leave unnecessary gaps open. Library Randomization is meant to solve problems such as buffer overflow attacks, by preventing hackers from knowing where to place a code in memory; the equivalent of this in Windows Vista is Address Space Load Randomization.
Filed under: Apple
, 
, 13
, 
, 
, 
, 
, 
Top
subscribe to comments
for this article
translates to: "we're not counting MS software because people are pretty used to the fact that it's full of holes and they have to devote a significant amount of time and effort to constantly patching it."
or, "we can't afford to piss off Microsoft so we're peddling this FUD."
what a joke.
what does that mean???
by that definition, of course MS doesn't make the list. MS software is expected to be vulnerable, with great quantities of security holes.
idiots.
But because they're well known threats, they get cut out of the list?
what does that mean???
It means exactly what it says. The point of the article/release was to document the unknown/unexpected, not the known. As they say, MS is a known quantity. IT departments know all about it, MS knows all about it, everybody knows all about it. And whether you like it or not, MS has a much better framework for dealing with issues then Apple or a lot of other vendors do.
by that definition, of course MS doesn't make the list. MS software is expected to be vulnerable, with great quantities of security holes.
That's correct. Again, this is to inform the IT departments of what they might NOT know, not what they already know. Talk about a waste of time. "Hey, let's list all the MS software that's got security issues with it!" (a shorter waste of time would be to detail the ones that don't).
idiots.
Only to those who don't know what the mission statement of this item was supposed to be. Oh, I'm sorry, that would be you. Ooops.
I doubt wsus (Windows Software Update Server) can adequately handle most 3rd party patch management adequately (not to mention other platforms), so since most enterprises have a need to employ these products, it behooves IT to broaden its scope.
LANDesk, or a similar very-nearly enterprise product would cover most companies. LANrev would cover the nearly all the rest.
Nothing pisses a user off more than a whiney I.T. department. >:|
On the other hand, I am also unaware of iTunes attack vectors/vulnerabilities. Doesn't mean it can't/won't/hasn't happened, but I do try to stay abreast of such things in general...