2007: How was it for security?

Summary:Security researchers worked overtime in 2007, which turned out to be a nightmare for software vendors from day one.

Security researchers worked overtime in 2007, which turned out to be a nightmare for software vendors from day one. In January alone, Apple, Google, Microsoft and Adobe were just some of the household names embarrassed for leaving gaping holes in their products.

For Apple, 2007 must feel like a slap in the face when it comes to security. The year kicked off with a month of Apple bugs; saw the company release more than 100 patches by June and finish the year with multiple variants of a nasty OS X trojan on its tail.

On top of this, users of its iPhone and recently launched iPod Touch were desperate to free themselves from the shackles of having a platform that was closed to third party applications. They gained their freedom by visiting Web sites that exploited a vulnerability in Safari to gain root access to their device. It's exactly the same way millions of Windows-based users become infected with malware on a regular basis, so the fact that Apple customers are doing this voluntarily seems less than intelligent.

As the year begun, Microsoft was again being criticised by security researchers after ignoring a known vulnerability in Word in its first Patch Tuesday of the year. It turns out that Word had numerous holes and attackers were exploiting them faster than the Redmond security people could fix them.

Google didn't escape the vulnerability overload either -- it had to fix a cross site scripting flaw that was letting attackers compromise other users' privacy.

Security researchers also warned that users of Adobe's PDF format -- just about everyone then -- were far more vulnerable to attack than previously thought: a fact proven later in the year.

Still in January, the Storm worm started brewing and was still blowing at the end of the year -- and it's likely to continue causing trouble during 2008.

With all these security issues on the horizon, it was a surprise that there were so few high-profile victims: unless you want to count Swedish bank Nordea which admitted to losing around AU$1.5 million in an online attack.

The month finished with both good and bad news. The good news was that viruses were no longer the biggest threat to security. The bad news was that, according to Messagelabs, they had been replaced by phishing, which now accounted for around one percent of all e-mails.

Ex-Prime minister John Howard's health was the focus of attention in February when phishers decided that he was close to death after suffering from a heart attack. Having captured the hopes of a nation, it turned out the rumours were just a silly hoax.

Symantec, which continues to claim it is the most "trusted name in security", decided that 2007 was the year to release what it had been promising for years -- a lightweight security solution that didn't suck up resources and was a pleasure to use. At ZDNet Australia we remained sceptical of the company's ability to create such a product.

As it turns out, by the end of the year, our readers confirmed our worst fears. It seems that Norton 360 is no better than the dreaded yellow boxes of death, which contain others products from Symantec's Norton security product range. Readers wrote to us in droves to complain about the product, with one labelling it: "The absolute worst experience of my life".

And as if to add fuel to the fire, Symantec customers in March found they couldn't access Yahoo Mail because the yellow beast managed to flag the popular mail program as a virus.

Microsoft once again proved that instead of making a security product to protect its flawed software, it should concentrate on creating flawless software: in mid-March, the software giant was in trouble with some of its customers who claimed that OneCare had conveniently deleted or quarantined their .pst or .dbx files. Microsoft responded in its usual caring fashion by blaming its customers -- despite one of its security managers admitting that the product should never have been released because it was missing "bits and pieces".

Soon after, Redmond apologised for its cock-up and tried to distract customers by selling the security benefits of Vista. Unfortunately this coincided with attackers exploiting a feature vital to all large companies -- the ability to animate the Windows cursor.

As administrators around the world spent sleepless nights wondering how their employees would manage without a cursor that changes shapes and leaves trails across the screen, Microsoft stepped in and fixed the problem with a patch outside of its monthly cycle. Phew!

Then came May and AusCERT 2007with the southern hemisphere's largest security conference hitting Queensland's Gold Coast.

The AusCERT conference kicked off with a keynote from Ivan Krstić, director of security architecture for the One Laptop Per Child project, who stunned the delegates by announcing that the IT industry had failed when it comes to desktop security.

It finished off with Richard Thieme warning delegates that they should consider everything -- including Alien invasion and God -- when planning their security budget.

Topics: Apple, Enterprise Software, Google, Hardware, Security


Munir first became involved with online publishing in 1998 when he joined ZDNet UK and later moved into print publishing as Chief Reporter for IT Week, part of ZDNet UK, a weekly trade newspaper targeted at Enterprise IT managers. He later moved back into online publishing as Senior News Reporter for ZDNet UK.Munir was recognised as Austr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.