Bit9 Identifies 2007

List Reveals that Malicious Software is Not the Biggest Threat to Enterprise IT; Even Common Applications Pose a Risk

 

CAMBRIDGE, Mass. (Business Wire EON) October 29, 2007 — Bit9, Inc., a leading provider of application control and device control solutions, today released its annual list of the top popular applications with known vulnerabilities. Often running outside of ITs knowledge or control, these popular applications can be difficult to detect and remove. The list, published as a research brief entitled 2007s Popular Applications with Critical Vulnerabilities was designed to help IT departments regain control over their desktop environments.

  Each application on the list has the following characteristics:

1) Runs on Microsoft Windows.
2) Is well-known in the consumer space and frequently downloaded by individuals.
3) Is not classified as malicious by enterprise IT organizations or security vendors.
4) Contains at least one critical vulnerability:
  a. first reported in June 2006 or after,
  b. registered in the U.S. National Institute of Standards and Technology's (NIST) official vulnerability database at http://nvd.nist.gov, and
  c. with a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).

5) Relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.

The first five of the top ten applications with known vulnerabilities include:

1. Yahoo Messenger 8.1.0.239 and earlier

2. Apple QuickTime 7.2

3. Mozilla Firefox 2.0.0.6

4. Microsoft Windows Live (MSN) Messenger 7.0, 8.0

5. EMC VMware Player (and other products) 2.0, 1.0.4

These popular applications are frequently downloaded to corporate desktops by users and can present unnecessary security risk to IT and business operations, said Brian Gladstein, Director of Product Marketing and author of the research brief. The good news is that there are several steps that IT departments can take to shield themselves and fix these vulnerabilities in the application layer.

To discover the other applications on the list and what to do about them, please visit http://bit9.com/2007vulnerableapps. Readers will learn about a five-step approach recommended to control vulnerable applications within the enterprise.

About Bit9, Inc.
Bit9, Inc. is the leading provider of application control and device control solutions. The companys award-winning, patent-pending whitelisting technology prevents malicious software and data leakage by centrally controlling which applications and devices can and cannot operate.
Unlike other application control and device control alternatives, Bit9 leverages the worlds largest knowledgebase of application intelligence to achieve business-friendly whitelisting, enabling IT professionals to realize the highest levels of desktop security, compliance, and manageability. Founded in 2002 by the founders of Okena (acquired by Cisco Systems (NASDAQ: CSCO)) and headquartered in Cambridge, Massachusetts, Bit9 is a privately held company. For more information, visit http://www.bit9.com.

 

Bit9, Inc., Automatic Graylists, FileAdvisor, Find File, Parity, and ParityCenter are trademarks or registered trademarks of Bit9, Inc. All other names and trademarks are the property of their respective owners.

 

Leave a Comment