The Good, The Bad, and The Unknown – Part 1

The year 2010 has already demonstrated more potent exploit of vulnerabilities in standard desktop applications and browsers. Through appropriate deployment of protections, IT teams can build up an integrated base of countermeasures to eliminate fear of the unknown, while protecting against the bad and enabling the good, both good code and the successful operation of your business.
The high volume of malware and vulnerabilities increases the likelihood they will affect your users and systems. With more complex web applications and more users browsing the web on business systems, the likelihood of a breach or major infection increases dramatically.
It takes time to develop patches once vulnerability is uncovered. Some older systems may stop receiving patches. Some bugs will never be patched. When patches become available, Microsoft’s scheduled patch release program, known as Patch Tuesday, means some companies install patches for operating systems and Microsoft applications. More and more, other server- and client-side application-layer vendors, including Oracle and Adobe, are moving to this scheduled release approach. The published schedule also allows attackers to plan. They can capitalize on the window between the time the vulnerability is discovered and the time the signature, patch, or DAT anti-virus file is actually installed.
Many attackers are focusing their energies on the client because it is now seen as a weaker link since servers tend to be patched first because of their (continue reading...)