How going open source can cause IT security chaos

The German IT security watchdog has issued a warning about a large number of e-commerce Web sites that are infected with malware and the reason for the infections is simple: the Web site operators have failed to keep their software up to date.

This is the privileged identity management and security management specialist, a classic case of cybercriminals taking advantage of business computer users who have either overlooked the need to update their e-commerce software – or who are just too busy to keep track of all their applications.

The fact that the e-commerce software that is at the heart of this problem is open source is probably the cause of the failure to patch and update, as unlike commercial software, there is no-one to ‘nag’ the user about the need to update.

Of course, the users of the e-commerce software also have the advantage that they will have saved money in going down the open source route, so it’s a shame that they haven’t invested some of those savings in additional software that auto-updates their applications or – at the very least – keeps track of the various versions of software installed and alerts them of the need to install the necessary patches.

Good IT security is about developing the right strategy in managing your computer systems. You can install best-of-breed security software to defend your IT assets, but without an effective planning and review strategy to back that software up, the advantages can quickly be lost.

And the malware that has caused the German regulator to issue its warning takes advantage of outdated software of all types, with the end result that visitors to the various affected sites are being routed via drive-by download infections – something which can have a serious effect on the brand of the company whose Web portal is infected.

Word travels quickly about companies that fail to look after the security interests of their customers and site visitors. Before long, news of an infected e-commerce site will have spread far and wide, and sales will almost certainly take a nosedive as a direct result.

In the longer term it can cost a company dearly if it suffers reputational damage arising from a site infection, and this can even impact on its share price – all from a failure to keep the businesses’ software up to date.

You’d think the moral of the story here is to go for commercial software over open source, but the reality is that unless the company keeps its systems and software patched and fully up to date, its system security is going to be impaired – no matter what software it has installed on its systems.

With the newswires talking about as many as eight million infected Web pages arising from the osCommerce failure-to-patch saga, this is a potentially major problem that could so easily have been prevented. The message is clear: computer users need to patch, update and patch again, in order to maintain their optimal security posture.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Philip Lieberman, the founder and president of Lieberman Software, has more than 30 years of experience in the software industry. In addition to his proficiency as a software engineer, Philip is an astute entrepreneur able to perceive shortcomings in existing products on the market, and fill those gaps with innovative solutions. He developed the first products for the privileged identity management space, and continues to introduce new solutions to resolve the security threat of privileged account credentials. Philip has published numerous books and articles on computer science, has taught at UCLA, and has authored many computer science courses for Learning Tree International. Philip has a B.A. from San Francisco State University.