Archive for July, 2010

Psst…Have you heard Mozilla and Apple’s dirty little secret?

July 23, 2010 · Filed under Industry Trends, Shavlik News, Patch Management, IT Risk and Compliance Issues, Microsoft Security and Systems Management, Top of the News, Endpoint Security, Antivirus

Still think patching non-Microsoft applications is unimportant? Guess again.

Technology reseller, Channel Reseller, just posted the latest security report (data from Secunia) identifying the most dangerous and most attacked applications and also the most vulnerable operating systems.

The report found that Mozilla’s Firefox and Apple’s Safari ranked No. 1 and No. 2 respectively as the most vulnerable third party applications. Mozilla Firefox contained a total of 96 vulnerabilities while Apple’s Safari thus far had 84.

According to the report, both Web browsers outranked Adobe products Reader and Acrobat, which each contained 61 vulnerabilities, as well as Flash Player and AIR, which each contained 51 security flaws.

The most prevalent attack vector during the first 6 months of 2010 was via remote code execution, meaning that hackers could exploit the majority of security flaws remotely with little or no user intervention required. Vendors typically rate vulnerabilities that allow remote code execution attacks with the highest severity rating of “critical.”

The report also points to a decisive upward trend in security vulnerabilities. During the first six months of 2010, researchers have detected 380 vulnerabilities, representing 89 percent of the total number for all of 2009.

And, interestingly, Microsoft does not lead the pack as the most vulnerable “platform”. That honor goes to Apple who is leading with the highest number security vulnerabilities reported. Rounding out the top 10 vulnerable platforms are: Oracle, Microsoft, HP, Adobe System, IBM, VMware, Cisco, Google and Mozilla Organization.

- Nancee Melby, Director of Product Marketing

Leave a comment »

R.I.P Windows XP SP2

July 14, 2010 · Filed under Industry Trends, Shavlik News, Patch Management, IT Risk and Compliance Issues, Configuration Management, Microsoft Security and Systems Management, Top of the News, Endpoint Security, Shavlik General, Cloud Computing, Antivirus, System Center Configuration Manager, System Center Updates Publisher

Tuesday, July 13…a date which will live in infamy.

Not really, but it is the last date that Microsoft will deliver patches for what may have been its most popular operating system/service pack combo. Yes, it is true. Windows XP SP2 has officially reached end of life. Rest in peace.

This seems to have caught people by surprise. A quick check of the stats from our customer base (both NetChk Protect and IT.Shavlik.com) indicates that about 16% of the target machines managed by Shavlik are running XP SP2 as their operating system.

In a story that appeared on Daniweb by Davey Winder, Qualys estimates that it will take a year before everyone can migrate off XP SP2.

Why should you care? This article from Computerworld sums it up best: You shouldn’t. The vulnerabilities in Windows XP SP2 that Microsoft will no longer fix aren’t your biggest problem. Your biggest problem is the vulnerabilities in non-Microsoft applications like Adobe Reader and Flash, Apple QuickTime, and Sun JRE that you’ve been ignoring for years.

News flash folks: hackers and those with malicious intent to infiltrate your environment and steal sensitive data aren’t focused on Microsoft operating systems any longer. They are targeting 3rd party applications…and in a big way.

From the Computerworld article titled “How to Keep Windows XP SP2 safer after Microsoft stops patching“:

Antivirus vendors McAfee and Symantec have both reported huge surges in attacks exploiting bugs in Adobe’s Reader, one of the most widely-installed plug-ins. McAfee, for example, said that exploits of Reader jumped 65% in the first quarter of 2010 compared to 2009′s total.

There you have it. Wring your hands in angst over the fact that XP SP2 is EOL. But then dust yourself off and start addressing the real threat to your data…unpatched Adobe, Apple, Sun, and Mozilla products.

Think you’re covered? Then I’ll extend a challenge. Register for IT.Shavlik.com. Check 10 machines in your environment (you can scan and patch up to 10 machines FREE). You’re not as patched as you think you are and IT.Shavlik.com will prove it.

Then, call me. Shavlik can help.

– Nancee Melby
– Director of Product Marketing, Shavlik

Leave a comment »

Last Comic Standing?

July 1, 2010 · Filed under Industry Trends, Patch Management, Configuration Management, Top of the News, Endpoint Security, Shavlik General, Asset Management, Cloud Computing

EMC bought Configuresoft.

Dell bought KACE.

Emerson is shopping LANDesk.

And now, IBM announces it will buy BigFix.

Mergers and acquisitions of Information Technology companies are not new. Globalization has fueled those activities for years.

But with the acquisition of BigFix by IBM, Shavlik becomes the last vendor focused on SMB and mid-market who hasn’t succumbed to the lure of big names and deep pockets and a troubled economy.

Which is good news for companies in the SMB market space.

Shavlik is strong and independent. We continue to innovate to solve problems for our customer base. Mark Shavlik has worked with and beside IT administrators for more than 25 years — inside and outside of Microsoft. While every high tech vendor on the planet is clamoring to attach “Cloud Computing” to its offerings, Shavlik has done more than just whitewash (or perhaps I should say cloud wash) our flagship product NetChk Protect and slap a cloud brand on it. No. With IT.Shavlik.com, we deconstructed the entire user interface and built a UI and user experience that changes the way we will manage our IT assets now and well into the future.

But we entered the Cloud Computing space in a way that makes sure our innovations spread across our product lines. We use a shared technology stack between the NetChk Platform and IT.Shavlik.com. With either offering, you get the same great patch data and engines, but you choose how you want to use it.

The blogosphere is ripe with opinions about the impact (demise or re-energize) of BigFix as a result of IBM acquisition. Mike Rothman of Securosis wrote a fairly balanced analysis.

And while you’re cruising the Internet, checkout IT.Shavlik.com. You’ll be glad you did.

Leave a comment »

Follow

Get every new post delivered to your Inbox.