Webtrends Tracking Code
 
UK Home >  OUT-LAW News >  News Archive >  2001 >  October 2001 >  Beware of default software installations

Beware of default software installations

OUT-LAW News, 03/10/2001

According to research, default software installations pose the most serious threat to computer security. Such installations occupy prime position in a list of twenty serious security threats compiled by the System Administration, Networking and Security Institute (SANS) and the FBI-led National Infrastructure Protection Centre (NIPC).

Default software installations are composed by the software vendor to include the pick of an application’s most useful components or services and are intended as a hassle-free way to install software. The SANS Institute explains, "Software vendors’ philosophy is that it is better to enable functions that are not needed than to make the user install additional functions when they are needed.”

However, components that will be actively employed by the purchaser are often grouped together with those that will lie idle. These dormant components are unlikely to be maintained by users and provide clear and easy paths for attackers to take over computers. Jack Dahaney, vice-president of the server security division at Watchguard Technologies asks, "If users don’t know what applications or services are running on their machines, then how will they know to apply patches to fix critical issues?"

Dahaney voices the opinion that, “software vendors have got to start opting for security over convenience.”

Failing a new approach by vendors, however, it will be left to purchasers to protect themselves.

In order to avoid creating vulnerabilities, security consultant Nicholas Versan recommends users opt for custom installation when installing software and then choose carefully from the list of software and services to be installed. Versan also suggests that those who have purchased computers with pre-installed Windows 2000 or NT operating systems and applications should scan their machines with Microsoft’s web-based MPSA security tool.

The NIPC has posted a companion list of simple security tips based on the errors presenting the greatest security threats. The list includes: using strong passwords, making regular backups of critical data, using virus protection software, avoiding e-mail attachments from strangers, regularly downloading security patches from software vendors, and avoiding keeping computers on-line when not in use.

In addressing the root problems causing the system and software holes exploited by all viral and hack attacks, the research warns that security enemies may be closer to home than imagined.

 

 

OUT-LAW Recommends

Free OUT-LAW seminars
- Making your contract work
- Information security
Six cities, October & November

This week's podcast
Are ISPs about to betray our trust?

Winner at 2008 Webby Awards

OUT-LAW star: link to the home page
Disclaimer | Privacy | Site Map | Accessibility
Disclaimer: This was printed from OUT-LAW.COM, a service of international law firm Pinsent Masons. We hope you find this content useful. However, please note that nothing in this document constitutes specific legal advice. You should consult a suitably qualified lawyer on any specific legal problem or matter. Any questions, please email info@out-law.com.