Jump to content
xisto Community
Hraefn

Popular Apps Are Drilling Holes In Your Os says two Princeton researchers

Recommended Posts

Any diligent Windows user knows that what it takes to keep your PC clean is to have a regularly updated anti-virus, a good firewall, and all the dozens of utilities dedicated to keeping your Windows machine squeaky clean. Well, apparently that's not enough.

According to two Princeton University researchers, many popular applications in the Windows world make changes to the operating system that could open the door to various attacks. They named AOL Instant Messenger and Photoshop as two culprits that suffer from some badly-written code, though the companies responsible for both have since fixed the vulnerabilities that [sudhakar] Govindavajhala and his co-author Andrew Appel discovered.
source



Another source states,

Several popular applications, from companies like Adobe, AOL, Macromedia, and Microsoft, had misconfigured their access control in ways that allowed relatively unprivileged users â in some cases even the lowliest Guest account â to gain full control of the system.
Sudhakar and Andrew notified the affected vendors well before publishing the paper, and some of the problems they found have been patched. But some problems remain, and testing on new systems tends to find still more problems.

source



Sounds bad, I know, but the good news is that none of these vulnerabilities are exploitable over the internet but rather require local access to the machine. Well, it's good news if you choose to look at it that way. Myself, I'd rather these companies clean up their act. These are programs I use almost everyday, and I dislike that thought that they're eating holes in my system. I mean, how many of these badly configured apps can we install before our OS breaks down? =/

Share this post


Link to post
Share on other sites

I always make sure my Firewall is configured the best it can be, and my anti-virus software is current.. other than that I don't really worry much. If I put my personal information on the internet, like if I buy something and use my debit card, I reboot my PC and use a different installation of Windows XP which is on a different hard drive in my PC. I have no programs installed on this windows installation, it's strictly for security. I have only McAfee Security Suite and the Windows Updates. Then when I'm finished, I reboot with my normal installation which has all my appz on the drive. I don't know for sure that this is more secure, but I feel alot better when I have a new clean windows running.

Share this post


Link to post
Share on other sites

If its all exploits based on access tables that are improperly used, and you need local access, I can't see this causing a large problem. Is it good? obviously far from it, but as long as they keep the external threats from easily wandering into my system thats my primary concern. Hopefully this study will get them to take notice and start fixing up their leftover security bugs tho.Must say, seeing Adobe/Macromedia on the list is a bit surprising though, M$ is known for this kind of stuff and I've never seen AOL as the most reliable in anything heh, but Adobe is usually on top of things. Just goes to show, trust is a dangerous thing.

Share this post


Link to post
Share on other sites

this is horrible news as i use alot of these programs too. I regularily update my antivirus and make sure my firewall is the best it can be but programs like Photoshop (a proffesional grade program) the retail at around $600 should not have problems with the code, as thier are huge companies that use these proffesional programs, and if theyre paying $600 for a program that eats away at your OS, really whats the point??Its just to hard to keep your computer safe these days

Share this post


Link to post
Share on other sites

Yeah, that figures. I already knew that Windows basically deteriorates on its own (hence, the need to reformat so much more often than, say, Linux users). But yeah, I can see how imperfect 3rd-party programming can add to the problem.Not that the problem is that big a deal. Since it's a local problem, not a flaw that can be exploited over the Internet, a lot of us are probably safe. Provided that we don't let complete nutjobs "borrow" our work stations, of course *grins*

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.