Thursday, August 12, 2010

Updates, patches and holes

In just the last few days there have been increased warning over the use of the Internet with viruses targeting people's bank accounts and turning other people's machines into remote computers. In response to these threats the big firms have rolled out updates to patch holes and security flaws. But not all has gone swimmingly. 

Microsoft release critical updates

Last night anyone with a PC will have noticed that Microsoft launched more than a dozen updates for Windows users, the latest in a continuing stream of patches released by the software giant [V3]. Microsoft has received a barrage of criticism ever since it was revealed that a flaw in Internet Explorer allowed hackers to breach Google's servers last year. The incident rattled Google, it rattled Chinese authorities after China was blamed, and it rattled Microsoft who went to work on patching holes and encouraging users to make sure their browsers and operating system was up to date.

But even when the security updates come, they sometimes bring tales of woe. In an attempt to tighten security on its Hotmail service Microsoft rolled out an update. But it has resulted in hundreds of complaints with many saying they cannot send email or in some cases access their accounts [Register]. Microsoft said it is "aware that some customers are experiencing issues with the latest upgrade to Windows Live Hotmail" and suggested older browsers were to blame. While it claimed that IE6 should not have display problems it even suggested users try using competitors browsers such as Google Chrome [Windows Live help]. Despite the problems experienced by some, Microsoft and security analysts have warned users to ignore the updates at their peril [V3]. 

Google updates browser & GMail

There were changes too in the Google camp overnight. The Google Chrome browser automatically updated to version 6.0.472.33 which brought with it an updated user interface, Form Autofill, syncing of extensions and autofill data as well as increased speed and stability [V3 / CNET / Register / Google blog].

The Autofill facility will save users time, Google says, but security will not be compromised. "For your security, any personal information stored in Chrome is safely stored and kept private until a user chooses to share the information with a website. Additionally, your credit card information is never saved without first asking you explicitly," Google software engineer James Hawkins said. Autofill data can also be synced between computers, with the exception of credit card numbers. 

There were a few cosmetic changes too. The http:// prefix no longer shows in the address bar unless the site is secure. In secure sites the https:// prefix is highlighted in green with a padlock, unless there are issues in which case a hazard triangle will be be displayed. The default browser theme colour has also changed from blue to a grey blue. 

GMail also saw some cosmetic changes, but for some it brought with it a few problems. Some users experienced a "502 Server Error" late Tuesday resulting in them not being able to access their GMail account for several hours. The problems were mostly fixed by Thursday. With IE and Chrome patched, Firefox was also expected to roll-out an update on Thursday [Conceivably Tech].

Adobe patches flaws

Adobe also released a security patch for flash ahead of schedule [V3]. It comes after several other issues concerning Adobe's PDF reader which has itself been updated in recent weeks. But there have been several incompatibility issues with some users. Adobe Reader 9 has caused problems for users attempting to open some PDFs which displayed perfectly well with Adobe 8. On contacting the company they said they would be looking into the issue. Adobe meanwhile say they are to release a patchy to plug vulnerabilities found in its reader [Register].

Apple updates iOS

Apple was not immune from vulnerabilities and issued an update to patch the iOS issues disclosed earlier this month by iPhone 'jail-break' researchers. The updates block remote code execution flaws in the iOS PDF viewer and IOSurface components which can be exploited through specially crafted web pages [V3 / BBC].

It becomes a tricky business to deal with updates, especially when they create issues for users. While some software updates automatically, others require users to initiate updates or set programs to auto-update. But it is often better to err on the side of caution, especially when Internet security is at stake

tvnewswatch, London, UK

No comments: