Former hacker praises Windows security

There's no safe place on the web, reports former hacker Marc Maiffret, who shared some interesting insights recently with CNET.com regarding Internet security.

Nearly a decade after he exposed the vulnerability used by the Code Red worm, Maiffret gave Microsoft's security model high marks.

"Now, when you look at Microsoft today, they do more to secure their software than anyone," he said. "They're not perfect; there's room for improvement. But they are definitely doing more than anybody else in the industry, I would say."

In general, platforms like Apple and Windows Mobile have been less-often attacked because their market share is relatively small and hackers like to go after the big fish, said Maiffret, now a security expert.

But there's nothing that makes those platforms inherently more secure than the Windows operating system, he said, and in fact, that could be a problem for Mac users.

"We've only seen a scratching of the surface as far as Apple vulnerabilities because nobody cares to find them," Maiffret said. "The Apple community is pretty ignorant to the risks that are out there."

IBM Distinguished Engineer Jeff Crume agrees.

"I know there are lots of people that think that because they use a Mac, they don't have to worry about security," he said. "As the saying goes, 'There's nothing more dangerous than presumed security.'"

Maiffret also pointed out other risks including Web-based applications such as Facebook and (surprising to me) Adobe. People don't regularly update security patches for Adobe and other desktop applications as they do for Microsoft software, he said, leaving them vulnerable every time they open a PDF.

By the way, to protect your system against PDFs carrying malicious code, the geeks at the blog ghacks.net suggest the following process: Open Adobe Reader or Acrobat and click on "Edit," then "Preferences."

Select "Trust Manager" from the categories menu on the left and uncheck the box that reads "Allow opening of non-PDF file attachments with external applications."

Add a Comment