Internet Security Risks on the Rise

July 25, 2005 — -- It's been years since a major online computer virus or worm such as Nimda or Red Alert has crippled millions of computers across the Internet.

But don't breathe a sigh of relief just yet. There are plenty of dangers out there, and many of the newest target popular programs like iTunes or RealPlayer.

The threats to computer and Internet users are still there and they are growing by the day, according to a new report compiled by experts at the SANS Institute, an Internet security research and education organization in Bethesda, Md.

SANS researchers, along with other experts from various technology and government security groups, note that more than 422 new computer vulnerabilities were discovered during the second quarter of 2005 -- a nearly 11 percent increase from the first three months of the year. And compared to the numbers of just a year ago, the number of new threats has grown nearly 20 percent.

"You can view this through optimistic glasses and say a 10 percent uptick is modest … water under the bridge," says Ed Skoudis, an instructor at SANS. "But the number of vulnerabilities keeps going up. We're spending all this money and attention on security and we're still finding all these problems. It's disheartening news."

But security experts such as Skoudis aren't just frustrated over the increase in software glitches that could lead to the next big Internet attack. They're also concerned about where those flaws are increasingly being found.

Since SANS began tracking the so-called Top 20 Internet vulnerabilities in the fall of 2001, most of the online weaknesses were found in operating system software and "server applications" -- programs that distribute Web pages and e-mails across the Net, for example.

But as organizations heed security warnings and became more vigilant in patching, or fixing, these software loopholes, hackers and online criminals are beginning to exploit weakness in "client applications," or individual programs installed on a personal computer connected to the Internet.