Programs in Peril

Browse With Care

Web browsers appear to be the most vulnerable applications today, drawing dozens of security warnings from the research firm Secunia. Compounding their flaws are problems afflicting the programs responsible for much of the Web's back end, including domain-name servers and the PHP scripting language that runs many discussion boards. A well-crafted attack could, for example, "poison" domain-name servers to redirect visitors from a legitimate Web site to a thieving phony site that takes advantage of browser holes to surreptitiously install malicious code on the users' computers.

Other browser vulnerabilities could allow Internet thugs to manipulate dialog boxes, for instance, so users might think that they're responding to an important system message when they're actually downloading malicious code.

Microsoft has blurred the line between Internet Explorer and the rest of Windows. Whether it's a deep-down part of the operating system or a distinct application, the dominant browser still has the most potential pitfalls. However, security holes in alternative programs such as Mozilla Firefox and Opera make them targets as well. Both IE competitors tend to fix new-found holes with quickly released patches, but remember: If you don't keep up with the updates, you're in danger.

Music to Hackers' Ears

Browser holes are like bull's-eyes for hackers, because most everyone surfs the Web. But those ubiquitous programs aren't the only popular applications to suffer from security risks. iTunes, RealPlayer, and other media players have multiple failings as well. Attackers could disguise their malicious code to look like a digital song or movie file, researchers say, or they could simply force the hapless media player to choke on an overly long Web address in order to take control of a vulnerable computer.

For the time being, however, flaws in media players are mostly a theoretical threat. Researchers have found viruses masquerading as MP3 files but have yet to put their finger on a serious attack against player programs. Don't wait for disaster to strike, though: If your media player has been alerting you about an available update, get it. Or check the software's version yourself (under the Help menu, usually) if your player doesn't give you a heads-up. Reducing the threat by uninstalling media players you don't use regularly is also a good idea.

Even must-have antivirus programs suffer from flaws. The number of vulnerabilities in antivirus and other security software is increasing at a faster rate than for Windows, according to a 2005 Yankee Group report that looked at government statistics.

While most every antivirus program updates itself quickly to close any newly discovered holes, an old antivirus utility can be worse than useless, SANS's Paller says.