Computer security: software patches more vulnerable to hackers.

Software "patches" to update source code or alter it to subvert hackers or other invaders represent an ever-growing cost item, especially for major organizations with locations around the country or around the world. And it seems that hackers are getting better at finding the vulnerabilities faster.

Gartner Inc. predicts that by 2006, 30 percent of all cyber (1) From "cybernetics," it is a prefix attached to everyday words to add a computer, electronic or online connotation. The term is similar to "virtual," but the latter is used more frequently. See virtual. attacks will target vulnerabilities where a patch has been available for fewer than 30 days--double the 15 percent in 2003. The "window of invulnerability in·vul·ner·a·ble
adj.
1. Immune to attack; impregnable.

2. Impossible to damage, injure, or wound.

[French invulnérable, from Old French, from Latin " in which systems are protected from a new virus or worm has shrunk from a month to a week in the past year, says John Watters, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of iDEFENSE, a Reston, Va.-based provider of intelligence about cyber threats. Meanwhile, the average patch takes 56 days to deploy from the time programmers start developing it, he says.

As Watters describes it, computer security is a core business issue that has transcended the IT area--"it's creeping up in budgets where people are struggling to decide if throwing more money at it is the right way to go ... You need technology products to manage your security, and in the past few years that has meant having a centralized cen·tral·ize
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es

v.tr.
1. To draw into or toward a center; consolidate.

2. command and control console. Most larger organizations have deployed spot [security] products, and have spent the last year catching up with compliance."

Watters says his company--which caters to major financial and government institutions--concentrates "on helping customers pick vulnerabilities to defend first. We provide decision-support information to focus their resources and decide how to put them to best use."

Drawing from a network of 150 "researchers" in 30 countries around the world, iDEFENSE attempts to spot any and all "exploit" opportunities and alert vendors to the threat. While Microsoft, and particularly its Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. , is still the top target, Watters says the company has worked with more than 100 software vendors.

"An interesting trend is that an increasing percentage of vulnerabilities are in the information security products themselves," he says. "The bad guys are figuring how to use AV [anti-virus] products to attack the systems they're supposed to protect."

Microsoft is the biggest target in part because it's the most widely deployed operating system operating system (OS)

Software that controls the operation of a computer, directs the input and output of data, keeps track of files, and controls the processing of computer programs. in the world, but also because the hacker community resents "closed source" applications like Windows.

But Watters believes the hacker threat is subsiding sub·side
intr.v. sub·sid·ed, sub·sid·ing, sub·sides
1. To sink to a lower or normal level.

2. To sink or settle down, as into a sofa.

3. To sink to the bottom, as a sediment.

4. , and can be dealt with largely through traditional anti-virus products. "The real threat is electronic crime and espionage," he says, apparently abetted in some cases by "state-sponsored" affiliations with hacker groups Hacker groups began to flourish in the early 1980s, with the advent of the home computer. Prior to that, the term hacker was simply a referral to any computer hobbyist. The hacker groups were out to make names for themselves, and were often spurred on by their own press. .

COPYRIGHT 2005 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	businessBRIEFS
Author:	Heffes, Ellen M.
Publication:	Financial Executive
Geographic Code:	1USA
Date:	Mar 1, 2005
Words:	415
Previous Article:	Economic outlook: manufacturing CFOs souring on sector.(businessBRIEFS)(forecasts of manufacturing industries)
Next Article:	Healthcare: schemes tackle rise in prescription costs.(businessBRIEFS)
Topics:	Computer crimes Control Evaluation Computer software industry Industry forecasts Software industry Industry forecasts Software patches Management

Related Articles
INCREASE IN HACKER ACTIVITY HIGHLIGHTS NEED FOR HEIGHTENED EBUSINESS SECURITY.(Product Information)
MICROSOFT'S PATCH TO THWART THE LOVE BUG.(Product Information)(Brief Article)
Protecting Against Computer Viruses a Wise Investment.(Brief Article)
Where hackers hit pay dirt: Web applications provide an easy tool for hackers mining for sensitive data. (Internet).(Industry Overview)
Microsoft critical flaw.(Security)(Brief Article)
Four new 'critical' windows flaws.(Security)
How secure are you? University CIOs are leveraging new people, policies, and professional tools to ensure network security.(Security)(Cover Story)
Boss cautions Microsoft's forced deployment of SP2 for Windows XP computers may cause widespread issues and disrupt business continuity.
Dasher-B expoits Windows 2000 PC's.(Security News)
Second Mac OS X worm spreads via Bluetooth vulnerability.(Virus Notes)