Programs in Peril

Illustration: Stuart Bradford

With a spiking number of security flaws, the programs you run every day are now a more enticing hacker target than your operating system.

The Windows OS has become battle-hardened over years of trial by fire, enduring relentless hacker attacks. Although sometimes-critical flaws continue to surface, security patches applied via automatic updates have made Windows a tougher nut to crack.

If hackers were still just kids out to cause trouble and make a name for themselves, this might be enough to divert them to less destructive pursuits. But these days money, not mayhem, motivates a determined core of Internet attackers. (See the exclusive PCWorld.com series "Web of Crime" for more on this new and unsettling trend.)

These hackers are looking for easier ways to break into your computer--and they're finding your applications.

Porous Programs

It could be your antivirus application that leaves you exposed to online threats. It could be the media player software that opens the door to your unsuspecting PC. Even playing a CD on your computer could prove dangerous, should the disc contain slipshod anticopying software.

And Mac users, wipe that smug look off your faces: Because these security flaws are found in applications rather than operating systems, you are at risk as well.

Desktop programs such as iTunes, RealPlayer, and even the security-conscious Firefox now account for more than 60 percent of serious vulnerabilities, according to the British security firm Qualys. See the chart "Keep an Eye on These Apps" for a tally of flaws in popular applications.

The trend has offset years of painstaking progress in improving Internet security, says Allan Paller of the SANS Institute, a Maryland cybersecurity research organization. "We're back to where we were six years ago," he warns.

Windows remains a popular hacker target simply because it's so prevalent on both consumer and corporate computers, and new, sometimes critical vulnerabilities still surface on a regular basis. One recent major Windows flaw involving .wmf image file handling could have given attackers remote control of your machine (Microsoft quickly released a patch, however).

Despite new holes, though, Microsoft products are still notably more secure than they used to be, according to John Pescatore, a security analyst at Gartner Research. The majority of security risks now surface in everyday apps like Web browsers, media players, and even must-have antivirus applications, according to SANS's recent report, "The Twenty Most Critical Internet Security Vulnerabilities."