Bit9 says malicious software is not your biggest threat

This is an interesting way of looking at security risk.  Bit9 put together a list of the 15 most "dangerous" software products that are not malicious software.  To make it on to this list, the software:

  • is well-known in the consumer space and frequently downloaded by individuals;
  • is not classified as malicious software by enterprise IT organizations;
  • contains at least one critical vulnerability registered in the U.S. National Institute of Standards and Technology's (NIST) official vulnerability database;
  • has a severity rating of between 7.0 - 10.0 (high) on the CVSS scoring system;
  • relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.

Top of the list - that is, the most dangerous software - is reported as Mozilla Firefox 1.0.7, followed by Apple iTunes 6.02, Quicktime 7.0.3 and then Skype internet phone 1.4.

Internet Explorer does not appear in the list of 15 products Wink  You can see the full report here:
http://www.bit9.com/docs/15VulnerableApps.pdf

 

Published Thu, Jun 22 2006 11:50 by sandi
Filed under: ,