Tuesday of this week, the second Tuesday of the month, was “Patch Tuesday.” That’s the day that Microsoft releases its monthly batch of software updates in an attempt to repair and “patch” the many security holes found in things like Windows and Microsoft Office.
It is absolutely essential that all computers, including Apple Macintosh computers, are regularly updated and patched. In fact, monthly updates from Apple are becoming the norm rather than the exception. This year alone, Apple has issued seven major packages of security updates for its OS X operating system, patching gaping holes that allowed Internet bad guys to take over computers, steal personal information and otherwise make life miserable for Apple customers. Apple has even started recommending that its customers install and use antivirus software, because the days of Apple computers being safer than Windows computers are long gone.
The process of patching and updating your computer’s software does what antivirus and all of the other “anti” programs cannot do. Many computer users have been lulled into a false sense of security because they have installed an “Internet security” program. This is understandable because of the wild and irresponsible claims made by antivirus companies. Norton claims that its Internet Security software “protects you from the latest online threats.” McAfee offers “total protection” and “worry-free online shopping.” Trend Micro touts “maximum security, online freedom: surf the Web without worry.” While it is important to install and use antivirus and other security programs, none of the antivirus companies can live up to the claims made by their marketing departments.
The reason for this sad situation is that most modern threats to computer users do not come in the form of blatant viruses attached to emails. Instead, they come as maliciously-crafted files such as .jpg pictures, .doc Word documents or .ppt PowerPoint presentations. These files, known as “exploits,” have nasty code embedded in them that exploit vulnerabilities in unpatched operating systems and programs. These malicious files can be received as email attachments, but they are usually delivered by compromised websites. People think that they are clicking on advertisements or downloading cute screensavers, wallpaper images or videos, when what they are really downloading is trouble.
Antivirus and internet security programs do a horrible job of protecting against such threats. This lack of protection is illustrated by a report released in October by the researchers at Secunia, a highly respected Internet security company. Secunia tested twelve popular antivirus and security programs against 300 well-known and dangerous exploits. The programs tested were from companies such as Norton, McAfee, Trend Micro, ZoneAlarm, Kaspersky and AVG. The test results were, at best, disappointing.
Coming in at first place was Norton Internet Security. Norton can’t claim any bragging rights, though, as it still only detected 21.33% of the exploits thrown its way. Results for all of the other programs were much worse, ranging from 2.33% to a dismal 0%.
Antivirus vendors should be ashamed of such frightening statistics. Until they can improve their products, they should stop deceiving their customers into thinking that they have anything even remotely resembling “total protection.”
As things now stand, patching and updating the software that you use is your best protection against the new wave of Internet threats. Secunia has provided a handy free tool to assist Windows users with this chore called Secunia PSI (Personal Software Inspector). Download this great program by visiting secunia.com and clicking on the Vulnerability Scanning tab. I just ran it on one of my laptops and it detected 8 programs that needed security updates, including Java, Adobe Flash Player, WinZip and Firefox. Semper vigilans.