Best patch management practices enable you keep on top of the security issues that are constantly being discovered. It seems as soon as one patch is released to deal with xyz security issue, another issue is discovered and another patch released.
For IT professionals, this never-ending release of patches can be a nightmare to manage, but it is essential that best patch management practices are adopted to prevent hackers exploiting operating system vulnerabilities.
All operating systems have security issues, and no operating system is less prone to them than another. Below we provide an overview of some of the most recently discovered security issues affecting the major operating systems.
Windows network security issues
In the last forty years, Windows has done much to mitigate the risk of certain vulnerabilities, but the Wintel 8086 architecture has several inherent issues that are not easily resolved. For example, one process should not be able to read the memory of another. Consequently Windows is susceptible to buffer overflow attacks in which a hacker adds their own instructions to the end of a field.
In this example, a hacker could look in the computer´s memory for .DLLs to load and run. Some older .DLLs do not have the security requirement that programs are signed before they can be executed and, if there is no root certificate for the signature, an error is thrown.
In some scenarios, a hacker does not need to exploit a buffer overflow to load and run a .DLL – the computer user does it for them. This most commonly occurs when a browser loads an ActiveX control like the Adobe Shockwave platform using the OBJECT and CLASSID HTML tags.
This code, for example, would be how you would instruct Adobe Shockwave play a video on a specific URL:
Brian Krebs, a former Washington Post IT blogger and now writing for Krebs on Security, believes that best patch management practices are not enough to cope with the security issues on Adobe Shockwave and, in 2014, he published an article Why You Should Ditch Adobe Shockwave.
Krebs claims that 80 percent of webmasters have already quit using Adobe Shockwave because of security issues. He references a security expert that says because of security issues with Adobe Shockwave, “an attacker may be able to execute arbitrary code with the privileges of the user.”
However, before you decide to abandon best patch management practices for Adobe Shockwave, we recommend that you read the comments at the end of the article to understand some of the other issues that can arise from ditching the platform.
Macs have security issues too
Contrary to popular belief, Mac operating systems are not without security issues of their own – maybe not as many as Windows operating systems, but it is still advisable to adopt best patch management practices if you want to blockade your computer(s) from would-be hackers.
Google’s security researchers recently found this issue with the Bluetooth drive on Yosemite:
You can´t get away from security issues if you use a Linux OS
Just because Linux is an open source operating system, it does not mean it is free of security issues. One massive vulnerability was discovered in February 2015 which, had a hacker discovered it before a security researcher, could have been used multiple times over to devastating effect as it affected the root directory of Samba – a tool which allows the sharing of drives between Linux and Windows.
Best patch management practices
To avoid hackers exploiting vulnerabilities in your computer´s operating system, it is crucial that you adopt best patch management practices. Stay on top of patching, patch all applications and operating systems. If you are responsible for the security of a workplace network, layered network security, continuous security audits, and employee education about security threats are also essential.
SMEs with a small IT unit may be able to assign one employee to keep up-to-date with security issues by following security bloggers such as Brian Krebs and subscribing to security bulletins. If you software supplier is a cloud vendor, some of the best patch management practices will already be taken care of. However, it can save a lot of grief further down the line if you do not rely too heavily on your software vendor and keep abreast of best patch management practices.
Ireland is famous for many things, but cybersecurity technology would not come top of many peoples list of famous Irish exports. However, that is fast changing thanks to an Irish cybersecurity firm called SpamTitan Technologies.
Irish CyberSecurity Company Ranks in Cybersecurity Ventures’ Top 125
SpamTitan Technologies is the top Irish cybersecurity firm according to the recent “Cybersecurity 500” list produced by Californian Security Research organization, Cybersecurity Ventures, having been ranked in position 123 out of the top 500 firms.
Cybersecurity Ventures compiled the list of the world’s top internet, email, and network security firms to help companies of all sizes pick the most appropriate IT security partners. The CV top 500 list is aimed at IT security professionals, CISOs, CIOs and VCs, and helps them to find the best products and best partners to assist them keep their confidential data secured and their networks protected from attack.
No company pays to be included in the list, and the companies are not selected on size or revenue. Instead they are chosen based the quality of the products and services offered. The list is compiled by obtaining recommendations from security experts on efficiency, effectiveness, speed, ease of implementation, and usability of the products.
Galway-based SpamTitan Technologies is an up and coming Irish cybersecurity firm that specializes in developing powerful solutions that allow small to medium sized enterprises to tackle the growing problem of hacking, data theft, and sabotage. Online criminals are targeting corporations of all sizes and many small to medium sized businesses are struggling to repel attacks. There are many possible attack vectors and the threat landscape is constantly changing, but some of the biggest threats to data and network security are targeting employees. Workers are widely regarded as the weakest link in the security chain.
SpamTitan Technologies provides powerful, cost-effective, and easy to implement email and Internet security solutions that help businesses increase protections against malicious outsiders. The company’s products help businesses reduce the risk of data breaches and network infiltration by keeping employees’ devices protected and reducing the opportunities given to cybercriminals to launch an attack.
Over the past couple of years there has been a decline in the volume of spam emails being sent. Just a few years ago over 70% of the total number of emails sent were actually spam. Botnets have recently been taken down and one of the world’s most active spammers has been arrested. This year spam email accounted for just under 50% of total email volume.
This is certainly good news. Less time is spent dealing with annoying emails. However, the risk of harm to equipment and finances does not appear to be reducing at the same rate. In fact, the risk of suffering losses due to the activities of cybercriminals is increasing. Spam email volume may be decreasing, but the quality and sophistication of spam email attacks has increased. Spam email still represents a major threat to businesses.
SpamTitan Technologies is tackling the issue. The company’s Anti-Spam solutions use two powerful anti-virus engines to scan incoming and outgoing email, with independent tests showing a catch rate of 99.7%, while the false positive rate is virtually zero. Less spam is delivered to employees’ inboxes, reducing the risk of malware and viruses being delivered.
The Irish cybersecurity firm also offers protection from the growing online phishing threat. Spam email volume is falling, but the number of malicious websites being created is increasing. Online criminals are switching their mode of attack and are targeting Internet and social media users. SpamTitan Technologies’ WebTitan web filtering solution offers protection from phishing websites and sites containing malicious code. Phishing attempts are blocked, users are prevented from visiting malicious websites, and their computers are kept free from malware. So are the networks those computers connect to.
There may not be many Irish cybersecurity firms in the list – just three in fact – but SpamTitan has been rated the hottest prospect and is the Irish cybersecurity company to watch in 2015. NetFort was also named in the list, with the Network Security monitoring company just creeping into the top 500 list at position 498. PixAlert, the IT governance and compliance firm, placed inside the top 350 global firms at position 332.
