14 DAY TRIAL // Think Windows Vista is bad? Well, the fact of the matter is that is largely a subjective perspective that is little open to dispute. However, when it comes down to what users can integrate with the operating system, the situation is a tad more severe. Security company Bit9 compiled a list with the top 10 absolute worst Windows application in 2007 from a security point of view, focusing on items full of Critical security vulnerabilities.
Security has always been a top issue with the Windows operating system, be it on the client or the server side. But while Microsoft has been hammering away at the platform, and with stages in product evolution such as Windows XP SP2 and Windows Vista (via the Secure Development Lifecycle), the threat environment is finding alternative paths, independent of Microsoft. In this context, third party applications developed outside the Microsoft sphere of influence are the new avenues of attack for a shifting threat environment.
In the recently released Microsoft Security Intelligence Report covering January - June 2007, the company illustrated an increasing trend for operating systems to be targeted less and less. Insecure third-party applications give attackers and ample window into the operating system, bypassing the native security boundaries, features and mitigations introduced by Microsoft.
"These popular applications are frequently downloaded to corporate desktops by users and can present unnecessary security risk to IT and business operations", said Brian Gladstein, Director of Product Marketing and author of the research brief. "The good news is that there are several steps that IT departments can take to shield themselves and fix these vulnerabilities in the application layer."
According to Bit9 here are the most vulnerable applications running on Windows today:
1. Yahoo Messenger 8.1.0.239 and earlier 2. Apple QuickTime 7.2 3. Mozilla Firefox 2.0.0.6 4. Microsoft Windows Live (MSN) Messenger 7.0, 8.0 5. EMC VMware Player (and other products) 2.0, 1.0.4 6. Apple iTunes 7.3.2 7. Intuit QuickBooks 9 and earlier 8. Sun Java Runtime Environment 1.6.0_X 9. Yahoo! Widgets 4.0.5 and previous 10. Ask.com Toolbar 4.0.2.53 and previous
