Security holes in Adobe’s Flash and Oracle’s Java have become so commonplace, it’s actually helped to raise awareness about the necessity of keeping these platforms updated, but there’s a third platform that many of you probably use everyday without ever realizing that it too needs to be patched. Would it surprise you to know that it’s a Microsoft product? Microsoft’s Silverlight technology was originally built to compete with Flash, but it’s probably best known as the platform that delivers Netflix’s streaming content to your computer. Hackers, unfortunately, are very much aware of how widespread Silverlight is, and are currently pressing their attacks on older versions of Silverlight, seeing as their usual punching bags, Java and Flash, are now firmly in the security spotlight.
What this means for you:
If you’ve ever watched Netflix streaming content on your computer, you have Silverlight installed. Even if you don’t use Netflix streaming, there is a high probability Silverlight is installed on your computer, even if it’s a Mac. Depending on how long ago it was initially installed, it might be out of date, especially if you disallowed automatic updates of the software. The latest version of Silverlight is 5, and to make sure you are up to date, you can use this link here. While you are at it, double check to make sure Java and Flash are both up to date as well, but be careful of the “optional software” both companies push when you update their platforms. Oracle variously pushes the Ask toolbar or McAfee Security Scan, the former a very annoying adware-spawning toolbar, and the latter may be redundant if you already have a decent antimalware app installed. Adobe is a little less obnoxious, but it does offer to automatically install Google Chrome (and the Google Toolbar), which may be redundant if you already have it installed, or possibly very confusing to a less savvy computer user who thinks Internet Explorer is the web browser.
Java’s recent security problems hasn’t stopped its smarmy practice of foisting the Ask-dot-com toolbar or McAfee’s Security Scanner on you every time you update Java. In case you didn’t notice, or were wondering how either of those products got installed on your computer, Java was the likely culprit. This wouldn’t be so bad, except the Java updater uses a trick called an “opt-out” checkbox which most people (who might be in too much of a hurry to get back to working|playing) just assume is part of the default Java update. If you actually look at what it’s asking you install, you’ll notice, “Hey, that’s not Java!”
What this means for you:
If you’ve been a diligent netizen, you probably heeded the countless warnings about the latest flaw in Java and updated it when Oracle released their patch last week. If you are a normal human being, you were probably frustrated with yet another series of dialog boxes filled with barely intelligible technobabble and progress meters creeping across the screen, and you might have accidentally left that checkbox checked, which means you are the proud new owner of a questionanbly useful toolbar from Ask-dot-com. Unless you’ve fallen in love with it (for some crazy reason), I’d recommend removing this software at once.
If you want to read more about why you should do this, have a look at the ZD Net article detailing Ask’s shady takeover of your browser. I’ve not had any personal experience with McAfee’s Security Scanner, but I’ve found just about all third-party browser security “scanners” to be at best, barely functional, and at worst, completely disruptive to normal, safe browsing. Let me know if you’ve had a positive experience with either product!