Last updated: November 21, 2005 10:02 pm

Hackers pose new threat to desktop software

The world’s leading internet security body will on Tuesday warn that hackers are focusing on poorly protected desktop applications such as backup and anti-virus software.

For the past five years hackers have mainly targeted operating systems such as Microsoft Windows or e-mail systems. But as security has tightened hackers have focused on desktop software.

The non-profit SANS Institute is particularly concerned about security holes it has discovered in widely-used backup software made by Computer Associates, Symantec and Veritas.

Alan Paller, director of research at the institute, said: “People think they are safe because they have bought this software, but it is actually creating new problems for them.

“With road safety, the driver has a responsibility not to crash but at least you get a seatbelt and an airbag and bumpers.

“With internet safety it’s the equivalent of having to figure out which seatbelt you need and then installing it yourself, having to configure your own bumpers and doing all the safety recalls yourself.” Mr Paller said it was easy for hackers to steal information from backup software as companies tended to save their most critical data, such as customer details, but rarely had sophisticated protection such as encryption on these files.

He said other types of applications, such as database programs and popular media player software, such as RealPlayer and iTunes, were also vulnerable. Mr Paller said security had been set back years as software vendors scrambled to address the new threat. “We’ve gone back to the stone age. This is as bad as it was six years ago when everyone was screaming at Microsoft to protect its operating system.”

Unlike Microsoft Windows, which is now protected by a programme of regular online updates, or patches, to fix any security loopholes, there is no automated system for fixing software applications.

It took Microsoft about four years to get its Windows patching programme running and Mr Paller is concerned it could take applications vendors as long to devise effective protection for their software.

Copyright The Financial Times Limited 2015. You may share using our article tools.
Please don't cut articles from and redistribute by email or post to the web.


Sign up for email briefings to stay up to date on topics you are interested in