Hackers pose new threat to desktop software
The world's leading internet security body will on Tuesday warn that hackers are focusing on poorly protected desktop applications such as backup and anti-virus software.
For the past five years hackers have mainly targeted operating systems such as Microsoft Windows or e-mail systems. But as security has tightened hackers have focused on desktop software.
The non-profit SANS Institute is particularly concerned about security holes it has discovered in widely-used backup software made by Computer Associates, Symantec Veritas.
Alan Paller, director of research at the institute, said: “People think they are safe because they have bought this software, but it is actually creating new problems for them.
“With road safety, the driver has a responsibility not to crash but at least you get a seatbelt and an airbag and bumpers.
“With internet safety it's the equivalent of having to figure out which seatbelt you need and then installing it yourself, having to configure your own bumpers and doing all the safety recalls yourself.” Mr Paller said it was easy for hackers to steal information from backup software as companies tended to save their most critical data, such as customer details, but rarely had sophisticated protection such as encryption on these files.
He said other types of applications, such as database programs and popular media player software, such as RealPlayer and iTunes, were also vulnerable. Mr Paller said security had been set back years as software vendors scrambled to address the new threat. “We've gone back to the stone age. This is as bad as it was six years ago when everyone was screaming at Microsoft to protect its operating system.”
Unlike Microsoft Windows, which is now protected by a programme of regular online updates, or patches, to fix any security loopholes, there is no automated system for fixing software applications.
It took Microsoft about four years to get its Windows patching programme running and Mr Paller is concerned it could take applications vendors as long to devise effective protection for their software.
黑客将攻击反病毒软件
全球一主要互联网安全机构今天将发出警告,黑客正日益把目标对准备份和反病毒软件等桌面应用软件。
过去5年里,黑客主要把攻击目标对准微软(Microsoft)的Windows或电子邮件系统等操作系统。但随着这些系统上的安全措施得到加强,黑客已将目标对准了桌面软件。
非营利的美国系统网络安全协会(SANS Institute)特别担心在备份软件中发现的安全漏洞,这些软件由冠群(Computer Associates)和Symantec Veritas生产,使用广泛。
美国系统网络安全协会研究负责人艾伦?帕勒(Alan Paller)昨天表示:“人们以为很安全,因为他们购买了这个软件,但事实上软件在产生新的问题。”
他说,由于企业一般都会复制顾客详情等最重要的数据,但这些文件又几乎没有安装加密等任何高级保护程序,因此黑客很容易从桌面备份软件中盗取信息。
他表示,其它类型的应用程序也易受攻击,如数据库程序以及RealPlayer和iTunes等流行的媒体播放器软件。
帕勒先生表示,电脑安全已向后倒退了数年,而软件卖主们匆匆解决这一新威胁。
“我们已回到石器时代。这如同6年前一样糟糕,当时人人都在强烈要求微软保护其操作系统。”
微软Windows现在受到定期升级程序或补丁的保护,以修复安全漏洞。与微软Windows不同的是,没有用于修复备份软件等应用程序软件的自动系统。
微软花了约4年时间让其补丁程序运转起来。
