The 16 Most (Potentially) Dangerous Applications on your Network
System admins know the importance of keeping up with operating systems patches on their workstations and servers, and making sure their antivirus definitions are kept up to date. We plan for and test regularly Microsoft’s monthly releases, and ensure 100% compliance on all our systems. But unless we’re using a commercial patch management solution, there are probably a myriad of third party applications that are installed on our workstations that are unfortunately not getting patched. Many of these applications are some of my favorites and I consider some of them to be ‘official’ applications for use on the network, but they don’t have their own central patch management capability, and cannot be managed using WSUS.
Trying to manually update applications on more than a handful of systems is a Sisyphean task. Just as you get to the end of the process, more updates come out as new vulnerabilities are discovered, or bugs are squashed. Ignoring these applications is dangerous though, as many could become the source of a system compromise. Many do have their own automated method for checking for updates, but require the end user to acknowledge and install the update. These generally also require that the user have administrative rights to the operating system. Relying on end users to patch is neither practical, nor safe. Here are sixteen of the most popular applications that you might not be currently patching.
Browsers
Browsers can be especially dangerous to leave unpatched, as they are what users view websites with, and with their extensions, can include even more code that might inadvertently execute malware from a compromised site.
1. Mozilla Firefox
Many users swear by Firefox, which also has a rich portfolio of extensions and plugins. Users can check for updates manually by clicking Help, Check for Updates.
2. Google Chrome
Increasing in popularity, Google Chrome also has a growing number of plugins. Chrome checks for updates at each launch.
3. Opera
Opera also checks for updates automatically, and will prompt the user to install them when a recommended update is available.
4. Apple Safari
Apple’s Safari uses the Apple Software Update service to check for updates, and can be configured to install them automatically.
Media
Some may consider media players as not for business use, but between blended learning, content rich web based applications, and smart phone management, you will undoubtedly find most if not all of these on many workstations in your environment.
5. Apple iTunes
Apple’s iTunes application is required for the initial setup and ongoing management of iPhones and iPads. As these devices permeate the corporate environment, keeping these applications up to date will become more and more important. Like Safari, iTunes uses the Apple Update Service to check for updates, but the user must download and install the latest version.
6. Apple Quicktime
If you have iTunes, you have Quicktime, and just like iTunes, the Apple Update Service can check for updates, but the user must install them.
7. Adobe Flash Player
Flash is almost the de facto format for content-rich websites, and dynamic content on web based applications. Flash will check for updates automatically, but again, the user must download and install the update. Corporate users can register to download a network redistributable package, but must work out how to install that on their own.
8. Adobe Shockwave Player
Like Flash, Shockwave is frequently installed on laptops to access rich content on websites. It too has a redistributable package that can be deployed through a script.
9. Real Player
Many corporate training solutions use Real Player to deliver required courses to all users. RealPlayer has an auto update feature which requires that the user have admin rights.
Runtimes
Runtimes provide great functionality for application development, but come with the risk that malicious applications can be downloaded and executed.
10. Adobe Air
Adobe Air’s auto-update feature checks every two weeks to see if updates are available and then will prompt the user to install them. This requires that the user close any open Air apps, and that they have admin rights.
11. Java Runtime Environment
The Java Runtime will also check periodically for updates, and prompts the user to download and install them. As with the others in this list, it requires the user to have administrative rights.
Utilities
12. Adobe Reader
Adobe’s PDF Reader software is frequently updated. Current versions do check for updates and prompt the user to install them.
13. BlackBerry Desktop Software
The management application for BlackBerries checks for updates when launched, and will prompt the user to download and install the latest version.
14. 7-Zip
One of the two most common compression utilities, there is no setting in the program for automatically checking for updates.
15. WinZip
The other of the two most common compression utilities, again, there is no setting in the program for automatically checking for updates.
16. Pidgin
The Pidgin Instant Messaging application includes a plug-in called Release Notification that, when enabled, will check for updates and notify the user that they should download and install the latest version.
Fortunately, most of these (and many more) can be updated by commercial patch management software such as GFI LANguard. Others may require a manual install method like a login script or batch file. If you have these applications deployed on your network, make sure you are updating them on your workstations and servers.
About the Author: Ed Fisher
Ed Fisher is an information systems manager and blogger at several sites including his own site, http://retrohack.com. An InfoTech professional, aficionado of capsaicin, and Coffea canephora (but not together,) he has been getting my geek on full-time since 1993, and has worked with information technology in some capacity since 1986. Stated simply, if you need to get information securely from point A to B, he’s your guy. He is like "The Transporter," but for data, and without the car; and with a little more hair.
Thanks for this nice list. I will use it as reference. I never bothered to remember which of these popular applications need to be updated manually and which are smart to check for updates automatically but now when this list is compiled, this will be of great help. I sometimes get update notifications from Firefox but I haven’t paid attention if these are notifications that a new Firefox version is available, not that one of the extensions has a new version. Next time I get such an update, I will take the time to read it more carefully.
You’re welcome! I’m glad you found it useful.
Ed
There is always a risk adopting these kinds of helpful “universal applications” in a corporate environment. I don’t see why since Windows adopted built-in compression/decompression of .zip files why they don’t continue to add support for .rars and .7zs, as those become more widespread.
Essentially, the scenario here is even if you put a security system in your house, if your kitchen window doesn’t lock correctly, burglars can still get in. You’re only as secure as your most vulnerable program, and I think if a piece of software hasn’t updated to be appropriately patched for security, it should be discontinued from use inside of your company.
Good points Justin, though many times what is not included with Windows has more to do with licensing than anything else.
Applications can only be dangerous when they’re not updated. Take for instance Firefox. For me, it’s the safest browser available today. But if you’re stock with Firefox version 3.XXX, then prepare for the worst.
Even if you have the latest and the most powerful paid anti-virus software, you should still update to the latest stable version (not beta of course) of all your applications.
Absolutely. Keeping your apps up to date is the best way to stay secure in the long term.
Hi Ed,
Why is Internet Explorer not here? Is it safer than Firefox, Chrome, Opera, and Safari? I don’t think so. In fact, it’s the least secure Internet browser.
I’ve used several browsers before, sometimes 2 at a time. My current web browsers now are Firefox 4 and IE 9. I’m just using IE 9 because I don’t want my kids to see and access my Firefox bookmarks.
On a head to head match, Firefox 4 will win on the feature category and IE 9 will have the upper hand in the design. Which one would you choose, functionality or design?
GameMan1983,
I think you miss the point. IE is not in this list because it is patched with Windows Updates, WSUS, or SCCM. All of the apps listed above are third party, which means that clicking the box to automatically download and install updates doesn’t cover them. Yes, both FF and Chrome, as well as practically all of the rest, have an update functionality, but it must be manually set by the user and cannot be controlled by the admin without third party software.
Ed
I remember back in 2009, Adobe was hit pretty hard with the Gumblar attacks – so I’m still weary of running Adobe products on my Windows box because I don’t believe they ever actually fixed the issue. For those that don’t recall Gumblar, it’s that nasty virus that stole user FTP login credentials through sniffed network traffic and local FTP clients, resulting in the defacements of millions of websites.
The Adobes are known for their insecurities and vulnerabilities against (I think) almost all types of malwares. Take for instance Adobe Reader. According to ZDnet, in 2010, among the most commonly used document-based software (Adobe Reader and MS Powerpoint, Word, & Excel), it is the most targeted application.
Even frequent updates could not stop viruses from attacking the Reader. In fact, there are times when this software is exploited once a month.