Security issues beyond Windows

[Wazoo]

Contents of an Internet Storm Center entry this morning reminded me of yet another recent article elsewhere ....

SANS comments about the current Storm crap include;

IMHO: this is a lost cause. People are either infected or they know how to protect themselves.

Who can argue about that these days?

This web page appears to attempt to exploit an older media player (WinAmp) exploit as well as attempting to trick the user into downloading the virus.

And this leads back to a Windows Secrets ariticle at http://windowssecrets.com/comp/070816/

Media players more dangerous than Windows

By Scott Dunn

Windows users face the greatest security risks today not from flaws in Windows itself but from unpatched media players.

That's because many Windows Secrets readers, according to an online test we sponsored, are running versions of Flash, Java, and QuickTime that are unpatched against the latest security threats.

Readers' systems are rife with outdated add-ons

In two of our recent issues, subscribers to the paid version of the Windows Secrets Newsletter were asked to scan their computers using the Software Inspector, a service of Secunia.com. The scan reveals versions of Windows and builds of applications that have security flaws for which a vendor patch is available.

Contributing editor Ryan Russell, whose columns appeared in the July 26 and Aug. 9 issues of the newsletter, described how we affiliated with Secunia.com, a respected security firm that conducts the tests. We've found that Secunia's service provides such important information that we want all of our free subscribers to take the test as well. A link to the test is provided near the end of this article.

The tests of our paid subscribers showed which applications are the most likely to be installed but unpatched on users' PCs. In the following list, number 1 represents the unpatched application that was found on the greatest number of readers' machines, with higher numbers representing fewer machines:

1. Adobe Flash Player 9.x

2. Sun Java JRE 1.6.x/6.x

3. Macromedia Flash Player 6.x

4. Macromedia Flash Player 8.x

5. Macromedia Flash Player 7.x

6. Apple QuickTime 7.x

7. Macromedia Flash Player 5.x

8. Mozilla Firefox 2.0.x

9. Macromedia Flash Player 4.x

10. Adobe Reader 7.x

All of these applications are media players, browser plug-ins that play media files, or a browser itself (i.e., Firefox). All of these programs can be attacked across the Internet — for example, if you play an infected Flash video you find on a Web site or that you received via e-mail. Consequently, using an older version of these program poses a real security risk.

Article then goes on to advise of tests, updates, etc. etc.

And of course, for those idiots that would dare to simply post the "switch to Linus" stuff apparently don't sapend much time in the security field, pay attention to their own distribution support sites, whatever ... to include the above mentioned Secunia site/newsletters/alerts, etc .... there are constant updates to various applications running under and as a component of *NIX, some off the wall extra applications, some core components .... even those that hype the Mac OS-X system as 'bullet-proof' must simply have no idea as to what the "Software Update" routine is there for .... (hint, OS-X is a version of *NIX)