Is your media player inviting in cyber criminals?
Recently we’ve discussed a tendency for some types of business to put less of a priority on IT and, as a result, keep running outdated and insecure operating systems.
That risk extends beyond just the version of the Windows operating system you’re running though. There are a number of programmes that have been around for years and became standard across platforms but which are now out of date and nothing more than a security nightmare.
They’re not just the preserve of the computers running old copies of Windows XP though sometimes they get installed even in new setups because they are thought to still be useful.
We’re talking about familiar old favourites such as Flash, Java and now Quicktime. They’re mostly used to present multimedia content, supporting other programmes that don’t have that functionality built in. The trouble is they are just another layer of risk – another way for data criminals to burrow into your networks and data through their imperfections.
Part of the problem is that they can be overlooked while you’re updating more obvious and important software and it’s so easy to end up with outdated copies of Flash, for example, which are known by criminals to be insecure and exploitable.
Sometimes it’s not even in your hands to be able to update if the software maker has decided to stop supporting the programme and is letting it die quietly.
Here’s a list of some of the most common pieces of software you should be looking out for:
- Any out of date browser
- Adobe Flash Player or Flash Player browser plugin
- Apple Quicktime Player
- Adobe Air
- Acrobat Reader
- Oracle Java Runtime Environment
- Adobe Shockwave Player
- Microsoft .NET Framework that’s out of date
It only takes one weak point in one of these pieces of software to put you at risk of giving up your passwords or critical data.
A very current and dangerous example is Apple’s Quicktime media player, which is still widely installed but no longer supported by Apple on Windows machines. There are identified vulnerabilities but Apple appears to have no plans to fix them anytime soon.
Even the US Department of Homeland Security is urging people to remove the risk by removing the software.
The answer, of course, seems to be to do just that – except… There are still programmes that you might rely on which themselves rely in some way on things like Flash and Quicktime. If you uninstall the obviously risky ones, you might no be able to keep using the ones you really need. A particular case is Adobe’s widely adopted software-as-a-service product, Creative Cloud. It needs Quicktime and Adobe can’t yet give anyone an idea when that will cease to be the case.
The best approach to this conundrum is to have an expert audit of what you’ve got, what you need and what you shouldn’t have anymore. If it’s not needed, it should go. If it is needed but is a risk, then it’s time to look at alternatives or ways to remove, or at least limit, the risk.
Maybe that computer which absolutely has to have access to Creative Cloud (and therefore Quicktime) needs to be isolated for now? We can assess and advise on all these things, as well as cleaning up all of those now unnecessary bits of lurking software danger and implementing systems to keep you up-to-date and secure without having to worry about it in the future.
Feel free to give us a call for a chat if any of this gives you cause for concern.