Do you still believe Windows is an unsecure operating system? Hold on a second; just last week a vulnerability was published for Java 7. It affects Windows PCs, Linux distributions, Macs, and Internet Explorer, Firefox, as well as Safari. In fact, it affects all computers that have the Java 7 plug-in enabled in a browser. Once you visit a malicious website your computer is infected - which is game over. For those computer researchers thinking this is obvious, remember not everyone thinks about online security in the same way.
No longer do attackers target a computer’s operating system, but rather vulnerabilities inherent in plug-ins, for example Acrobat Reader, Adobe Flash, or Java. All these are standard plug-ins added into your favorite web browser to make your web-surfing more comfortable. A single compromised website, however, is sufficient to probe your browser’s plug-ins for vulnerabilities, and can eventually infect your PC. You are not even safe if you use Mozilla’s Firefox or Google’s Chrome, instead of Internet Explorer. If you neglect to update your Acrobat Reader, Adobe Flash, or Java your PC will get infected, full stop.
Even worse, these plug-ins are also a standard part of browsers in Linux systems or Macs. Thus, do yourself a favor and take care of all your installed software and apply patches in a timely manner. For Linux distributions, make sure you regularly run the ‘yum update’, or even better, enable automatic updates. Don’t forget to reboot your computer when a new kernel is installed, in order to properly apply kernel patches.
If you have a Windows operating system, check the ‘Windows Update’ in the program listing of the ‘Start’ button and switch to the recommended ‘automatic’ update method. For Apple Macs, use the software update mechanism which is accessible under the ‘Apple’ menu.
Also, ensure that you regularly update your Acrobat Reader, Adobe Flash, Java and all other plug-ins. If this is a program you have downloaded and installed from the Internet it is up to you to ensure it is up to date and patched. If you are in doubt (and run a Windows system), you can install and run the program on Secunia which checks your computer’s outdated software.
Stefan Lüders is the computer security officer and head of computer securitybasedat CERN, Geneva, Switzerland.