The quest for “instant gratification” has driven America's economy for decades and given rise to such cultural trends as fast food, the internet's streaming media, and even the internet itself, but like all trends, these were not without their darker sides. Fast food encouraged poor nutritional habits, the internet's streaming media gave rise to a new breed of piracy, and the internet itself now hosts a thriving malware industry. It is the last of these, and how our custom software helps to protect our clients from it, that I will describe today.
All operating systems are vulnerable to attack to some extent and security is significant among the things a company considers when choosing the one upon which to run its corporate software. That is why the vast majority of web servers run on Linux, which has the best security record of any operating system commonly employed for that purpose, and why we recommend it to our clients. The techniques for properly securing a Linux server are beyond the scope of this article, so we will move on to the application layer and the problem that we are examining today.
Hackers have developed their own “instant gratification” culture and much of the software they use to compromise web applications is purchased on underground forums and bulletin boards. This software usually comes in the form of a “kit” which contains the software necessary to exploit some known vulnerability in a widely distributed software package. The target chosen for these kits is a simple financial calculation in which the malware writer determines which web applications are the most popular and consequently will attract the greatest number of hackers wanting to buy his kit to exploit them. Thus, while there is a great deal to be said for some of the popular content management systems like Wordpress and Drupal, which are highly configurable, deploy quickly, and have a vast user base, they also have armies of potential hackers hard at work discovering new ways to defeat their security mechanisms each day. While the numerous and robust security measures that we build into our software are the best protection against this or any other kind of attack, the economics of building a “malware kit" for a single site are simply untenable. We dismiss the concept of “security by obscurity” as unprofessional at best, but feel that it is significant that custom software provides additional insulation against this popular class of attack. Thus, in addition to offering the high degree of integration and customization only available in bespoke applications, we can provide our clients with a standard of security that is unavailable to the user of the “off-the-shelf” software. So whether you just need your present system updated, modified, or secured; or if you are contemplating an entirely new system, contact us today and we'll be pleased to describe how we can best serve your requirements.
