Everyone knows that computer operating systems have vulnerabilities that require security patches. One could start a religious debate on which operating system is safer or better, with proponents defending their choices with fanatical zeal.
But since most people use Windows on their computers, our awareness of computer security threats usually focuses on malware that attacks Windows. As the dominant operating system, the bad guys will naturally target Windows because doing so provides better returns for their efforts.
That is not to say that other operating systems are perfectly secure. They aren’t. Even the Mac’s OS X has its weaknesses. Nevertheless, the advantages of those non-Windows operating systems descended from Unix, like OS X (BSD) and the various flavors of Linux, are that they pose more restrictions against rogue software and are less popular targets for malware. But let’s stick to Windows, for the moment.
Most people will also be aware of security issues in Web browsers. Driven in large part by security concerns, Firefox is now the dominant browser in use in the Philippines. As the previously most common Web browser, Microsoft’s Internet Explorer has historically had the most number of security issues.
One reason why IE is vulnerable is because it is integrated so closely with the Windows operating system. As with operating systems, Web browsers are now automatically updated against security threats regularly.
At this point, you may think you’re fairly secure, so long as the automatic updates apply security patches to your operating system and Web browser. Not so. In recent years, several critical security flaws have been exposed in application software, those programs that are not strictly a part of either the operating system or the browser. When it comes to security (and privacy) issues, one name recently stood out: Adobe.
You may wonder why Acrobat Reader has security holes. After all, it’s only used to read PDF (Portable Document Format) files. But, aside from the fact that Acrobat Reader ties in to browsers in order to allow you to view PDF files online, Adobe has been adding additional functionality to Acrobat.
When a software vendor adds extra bells and whistles to a commonly used product, then security flaws emerge. Fortunately, there are many third-party alternatives to Acrobat Reader, such as the Foxit PDF Reader <http://www.foxitsoftware.com/pdf/reader/>
Another piece of software that’s shown security flaws is Adobe’s (formerly Macromedia’s) Flash Player. There used to be a time when the use of Flash Player was optional. Nowadays, with YouTube and other streaming video sites, Flash Player is a must-have.
Some Websites even go overboard with home pages that you cannot navigate unless you have Flash Player. This is yet another bad example of bells and whistles taking precedence over sensible, straightforward functionality. Unfortunately, there are no common alternatives to Flash Player yet, so you have to make sure you have the latest (more secure) version. But there’s a problem.
As opposed to operating system and browser vendors (like Microsoft), the makers of applications software (like Adobe) aren’t as good at finding and fixing security bugs. In many cases the updates are delayed. And, in some cases, you have to manually uninstall the older version before installing the newer one.
Fortunately, Adobe will be overhauling its security patching procedures. There are also talks with Microsoft about plans to include Adobe’s patches in Microsoft’s regular update cycle. There are also efforts at moving away from the Flash video streaming and animation standard.
After Microsoft’s Silverlight debuted at the Beijing Olympics, the next version of Internet Explorer (IE9) will support the competing H.264 industry standard and not Adobe Flash. Even Steve Jobs has recently been very critical of Flash, refusing to install it on Apple’s popular iPhones and iPods. Not that Flash will disappear any time soon, but we can always hope for better, more secure alternatives.
Nor are Macs and Apple software immune from malware. Apple’s Safari browser has had several security holes, and both iTunes and Quicktime have been repeatedly patched over the years. While Apple’s update and patching works fairly well on Macs, this is not the case for Windows users who have iTunes and Quicktime installed.
So it's a good thing that there are alternative, third-party programs that will allow Windows users to mange their music and sync with their iPods.
Finally, whether those security holes are in the operating system, the browser, or application software, most of these vulnerabilities would be far less dangerous if you are NOT using the computer in Administrator mode. So set up a 'Restricted' or 'Regular' Windows account on your computer and use it for safer day-to-day surfing.
Whatever steps the software vendors may be taking to minimize the threat and damage from malware, in the end, the main guarantor of security is still individual awareness and reasonable caution.
Print ed: 06/10