Just because you are installing the latest version of a piece of software on your PC doesn't mean that you are getting the very latest (and most secure components). A good example is offered up by Brian Krebs of the Washington Post.

Users who accept the default installation options for OpenOffice 3.0.1 also will get Java 6 Update 7, a version of Java that Sun Microsystems released last spring (the latest version is Java 6 Update 12).

This is notable because not only could attackers target security vulnerabilities that were fixed in subsequent versions of Java, but Java 6 Update 7 was released prior to Sun's inclusion of a feature known as "secure static versioning," which is intended to prevent Web sites from invoking even older versions of Java that may be present on the user's system.

OpenOffice.org, free substitute to Microsoft Office, was once an application only used by geeks. Now it's being installed by regular users who don't know what Java is and won't have a clue how to update it (or more importantly, that you have to uninstall the old version too).

Keeping a PC fully updated with the latest security updates is no longer a trivial matter. To help keep my PCs updated I use Secunia's PSI scanner. This is a great bit of kit that scans your PC for old, insecure software and offers you advice on how to secure the system, as well as download links to the updates software in most instances. I get a great sense of security from scanning my systems regularly for old software.

Be Sociable, Share!

• 

This entry was posted on Thursday, February 5th, 2009 at 10:36 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.