Thursday, April 03, 2008

PWN2OWN - Apple is now the target

Apple Macs have in the past been perceived as more secure than Microsoft Windows systems and depending on what you read and who did the tests you might have been able to make that argument. Well I think the PWN2OWN contest from CanSecWest last week and last years month of Apple exploits shows that Mac owners just like Windows owners need to keep their systems current on patches. Also with Apples increased market share the size of the bullseye on Apple is growing. The problem I think for Apple is first having to admit their systems need frequent patching just like Windows machines. But a bigger problem for Apple and Microsoft users in general is finding out about patches and then the real killer is getting people to take the time to install the patches once they are aware of them. For Microsoft products you have the Microsoft Update tool which helps users find and if you let it automatically install patches. But the problem is your average Windows machine has lots of other non-Microsoft software on it and Microsoft Update does little to help you with non-Microsoft software. So here is where a free tool that is currently in beta from Secunia called PSI (Personal Software Inspector) helps you find most of your unpatched software. PSI continually scans your Windows PC for installed software and then lets you know if patches are needed and where you can download the patches from, no it will not automatically install patches and probably never will . Now if Microsoft and Secunia would just team up and make PSI part of Microsoft Update so that all Windows users would be more aware of the all the needed patches that would be progress. For Apple owners tools that accomplish what PSI does are also needed and hopefully are a priority for Apple. Overall both Apple and Microsoft need to keep improving their patch management tools so users can easily keep all of their software patched not just the software from the OS vendor. Also scanning for patches needs to be a free tool that is part of the OS, not another paid subscription tool like anti-virus, anti-spyware, etc.. Otherwise most users will not take the time to install a free tool and forget it if you expect most consumers to spend money for a patch management tool.

No comments: