11 Oct 2004
Businesses, vendors and individual computer users could stop most viruses and cyber attacks spreading by fixing a small number of common technology flaws, according to research.
Viruses, spam and distributed denial of service attacks could all be reduced by patching a number of common vulnerabilities found in Windows and Unix systems, says the government-backed Sans Institute.
Further reading
The study, which includes contributions from the UK's National Infrastructure Security Co-ordination Centre and the Cabinet Office's Central Sponsor for Information Assurance (CSIA) department, found instant messaging, internet browsers and web services were among the most common threats.
'Every day there are new vulnerabilities, new hacks and new exploits,' said CSIA director Stephen Marsh.
'Most people would use commercial off-the-shelf products if they were secure, and it is our job to make it easier.'
But Sans Institute Director, Alan Paller, told Computing that although companies needed to protect against the flaws, many of the related information security risks and costs could be removed if businesses put the onus on vendors to test systems before roll-out.
'The main thing to start thinking about right now is saying to your procurement department "We won't accept technologies with vulnerabilities",' said Paller.
Last month, Gartner also told Computing that businesses should put more pressure on vendors to remove security flaws before products are launched.
The analyst firm predicted that a 50 per cent reduction in software vulnerabilities before shipping could remove 75 per cent of configuration management and incident response costs incurred by businesses.
Top Vulnerabilities to Windows Systems
*Web Servers & Services
*Workstation Service
*Windows Remote Access Services
*Microsoft SQL Server (MSSQL)
*Windows Authentication
*Web Browsers
*File-Sharing Applications
*LSAS Exposures
*Mail Client
*Instant Messaging
Top Vulnerabilities to UNIX Systems
*BIND Domain Name System
*Web Server
*Authentication
*Version Control Systems
*Mail Transport Service
*Simple Network Management Protocol (SNMP)
*Open Secure Sockets Layer (SSL)
*Misconfiguration of Enterprise Services NIS/NFS
*Databases
*Kernel
What do you think? Email feedback@computing.co.uk
If you want to be first with the news, visit Computing every day.
Have your say on this article
Newsletters
Latest stories from Chips and Components
Latest videos
You may also like
Chips and Components jobs
Technology Patent Wars
Staff are increasingly using their personal devices for work. Productivity may increase as a result, but the trend brings with it security risks
Case studies from large organisations across all sectors
... And rich media, and flexible working, and peaks in traffic ...
Upcoming Events
Join us for this Computing web seminar, in which the Head of BI at the Co-operative Group Nick Colebourn will be explaining just how he reigned in the Group’s sprawling database estate and how significant savings were realised and data quality improved as a result.
Date: 31 May 2012
Time: 11:00 AM
Live June 13th 11:00am: Register now. During this web seminar we will be looking at the sorts of incidents that can bring data centres grinding to a halt and what can be done about them.
Date: 13 Jun 2012
Time: 11:00 am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
