Bit9, Inc. released its research entitled “2008’s Popular Application with Critical Vulnerabilities,” that lists popular consumer applications which most likely pose security threats that may compromise your PC.
Bit9’s list named Firefox to be the most vulnerable application. Top 12 consumer application are as follows:
- Mozilla Firefox
- Adobe Flash & Acrobat
- EMC VMware Player, Workstation and other products
- Sun Java Runtime Environment (JRE)
- Apple QuickTime, Safari & iTunes
- Symantec
- Trend Micro
- Citrix Products
- Aurigma, Lycos
- Skype
- Yahoo! Assistant
- Microsoft Windows Live (MSN) Messenger
The list draws lots of criticism and some say that Microsoft might have influenced in the publishing of this research.
Bit9 characterises the mentioned application by the following:
- Runs on Microsoft Windows.
- Is well-known in the consumer space and frequently downloaded by individuals.
- Is not classified as malicious by enterprise IT organizations or security vendors.
- Contains at least one critical vulnerability that was:
- first reported in January 2008 or after,
- registered in the U.S. National Institute of Standards and Technology’s (NIST) official vulnerability database at http://nvd.nist.gov, and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).
- Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
- The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.
“Year after year, we see a growing number of applications within the enterprise creating security vulnerabilities that are easily prevented through better visibility across endpoints, and a more centralized patch-management process,” said Harry Sverdlove, chief technology officer, Bit9 Inc. “2008 has been no exception. This year, along with the widely reported huge increase in malware, the number of well-known applications causing security problems for companies has also increased. Our annual ranking now covers 12 applications, up from 10 last year.”
About Bit9, Inc.
Bit9 is the pioneer and leader in enterprise application whitelisting. The company’s patented application control solutions ensure only trusted and authorized applications are allowed to run, eliminating the risk caused by malicious, illegal and unauthorized software. Unlike traditional, reactive controls that try to scan and prevent the never-ending list of unauthorized software, Bit9 leverages the Bit9 Global Software Registry™ — the world’s largest database of software intelligence – to ensure only authorized applications can run, delivering the highest levels of desktop security, compliance, and manageability. Bit9 customers include companies in a wide variety of industries, such as retail, financial services, healthcare, e-commerce, telecommunications, as well as government agencies. Founded in 2002, Bit9 is privately held and based in Waltham, Massachusetts. For more information, visit http://www.bit9.com or call +1 617.393.7400.