Cracks in the defences
Which software is the favourite target for hackers and spreaders of malware? According to F-Secure, it is not Internet Explorer, nor even Microsoft Word. The top spot is now occupied by the PDF Reader from Adobe.
In computing security, a targeted attack is one aimed at a specific organisation or industry and here we are typically talking about poisoned files attached to emails or websites. Figures from the anti-virus company, F-Secure, indicate that 49% of the targeted attacks last year were aimed at users of Adobe Reader software, (the software you use to read PDF files), compared to 39% aimed at users of Microsoft Word. This is a sharp rise over the previous year when Reader was targeted in less than 30% of attacks. This change in behaviour by the attackers is borne out by security company Bit Defender which recently had infected PDF files topping its Top Ten threats list. This pattern doesn't mean that Adobe software has more holes in it than Microsoft, but it does indicate that Microsoft is being successful at patching its vulnerabilities and, most importantly, getting those patches deployed to users. With Reader, on the other hand, many view it as a safe format and are unaware that attacks can be launched via maliciously formatted PDF documents.
Compiling any sort of figures on computer attacks is always difficult because organisations tend to hush up true security failures, yet often blame hardware or user errors on a mysterious computer virus. Freecom, which specialises in hard drives, backups, and data recovery recently gave some statistics on the causes of data loss. 49% are due to failure of the disk drive itself. 29% are caused by damage to the hard drive, such as dropping it. Badly written software accounts for some 14% of the failures. Viruses are only responsible for about 8% of all data losses, and the remaining 1% is down to things such as damage in fires and floods.
How secure are "secure" government systems such the passport service and the National ID Card schemes? Home Secretary Alan Johnson recently told the House of Commons that there were eleven occasions in the last year when information on those systems was used or accessed improperly. Of course, that does not mean there were only eleven incidents in total. It just means that there were only eleven incidents that were aware of. Johnson also said the Identity and Passport Service does not "specify the activities involved in each case" as it was UK Border Agency policy not to provide any further breakdown or details. If a government agency's "policy" is not provide information to Parliament, who are they accountable to?
26th March 2010
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.