Tuesday, June 23, 2009

Security for Me: Applications

It's time to go back to blogging, this time with a interesting topic for non-advanced users. You may ask why I link applications with security. The answer to this is simple: any application can be exploited by hackers to gain control over your computer and/or steal you confidential information. Did I said "any"? Yes, any, read on.

How do they do it?

Any application has (the technically called) buffers and stacks as part of they normal operation. If the developers of that application forget to add a test or two, the attacker can use that information and overflow them causing the content to "spill out" over the original application code. When this happens, the original code is overwritten by the malicious code and... voila!

Now... don't get paranoid and consider every application as a threat. Usually they are secured and regularly updated. Hackers tend to attack popular applications such as WinAmp, iTunes etc. because it makes sense to attack an application that is used by several million users than to attack an application that is only used by one thousand users.

However, be suspicious about your online programs (chats, browsers, file sharing etc.) and security ones (antiviruses, anti-spyware etc.) and make sure they are up-to-date always. If you wonder why I say to be suspicious about your security programs then keep in mind this: if they are not up-to-date they may not see a new threat and, worse, they can be exploited big time.

What can you do to stay protected?

Update your applications to their latest versions. Some of them provide mechanisms to automatically check for updates so leave that option active. If there is no such option in your program just remember now and then to visit the vendor site and check manually for a new version.

Alternatively, use a tool such as F-Secure Health Check (http://support.f-secure.com/enu/home/onlineservices/fshc/front.html) that provides an automated verification method. I am not affiliated in any way with them, this is not a commercial. F-Secure is a company that provides security products such as anti-viruses and it is well respected and deserves credit for their free tools.

Should I be worried?

Not really, but keep in mind those ideas and think twice before disabling automatic updates to any application and operating system... Make a habit of updating applications to the latest versions and read for yourself some security news blogs to be up-to-date with current major threats.

No comments: