Objective ad verbatim:
“It is critical that security updates be applied in order that computer systems remain secure. Unpatched application software programs are increasingly becoming the target of attackers. Although Microsoft has developed a process through which user are notified of security updates each month, most other software vendors do not have this feature and many applications are unpatched.
One solution is to use an online software scanner that will compare all applications on your computer with a list of known patches from software vendors. The online software canner can alert you to any applications that are not properly patched. In this project you will use Secunia’s Software Inspector to identify any applications that need to be patched.” (Ciampa, 2009)
Process:
1. First of all, I created a System Restore Point. Something I will do regularly and before any practical that involves the installation of software or manipulation of files at a high level in any way.
2. I started up my web browser (nothing but Firefox, of course!) and pointed it to the URL: http://secunia.com/vulnerability_scanning/online/. I then navigated using the navigation bar to the programs covered by Secunia’s Online Software Inspector.
3. After scanning through the list to assess the scanner’s thoroughness, I returned to the previous page to begin the scan.
4. After clicking on ‘Start Scanner’, Java prompts me to allow Secunia’s application to run. Satisfied that the certificate is legit, I allowed Secunia access to run its application.
5. I then checked the ‘Enable thorough system inspection’ check box and clicked ‘Start’. I left it to scan my system for unpatched software.
6. The results were pretty appalling. There were exactly eight (8) insecure versions of applications detected in the system, some of which are used frequently. For obvious reasons, I will not be posting a list of them.
7. The next step in remedying this ensanguined flaw in the computer system would be to begin patching the offending programs. Simply click upon the ‘Download’ button and download the patched version. The picture shows Mozilla Thunderbird’s latest patched version being downloaded. (Version information is withheld for obvious reasons.)
Reflection:
This Hands-On Project is a good example of the current state of User Awareness. Many users are not aware of the security implications or some find it a bother to regularly patch and update their software. Personally, I have found that certain software on my one-year old system were unpatched and therefore were security risks. Most were programs that were not frequently used.
However, there were exceptions. One of which was Mozilla Firefox, a pretty crucial piece of software to update. I realize that without running a Software Inspector, offline or online like Secunia’s, one would find it hard to keep track of software requiring patching and would thus leave vulnerabilities open in their systems. This is especially the case with older computers with more programs installed.
Hands-On Project 1.3 Sources
No comments:
Post a Comment