“It’s the applications, stupid.”Roger Grimes offers that as a banner to security pros and systems administrators. If CanSecWest’s hacking contest proved anything, it’s that “Windows, Mac, and Linux zealots don’t really have any more ammunition to attack each other after the contest than they had before,” he writes in this week’s installment of Security Adviser. “And the positive note was that none of the computers were felled by remote exploits, which, when they exist, can be devastating. That’s good for everyone, no matter which platform you are partial to.” Yet client-side applications remain a problem, indeed. “If your applications are unpatched, it is much more likely that simply visiting a Web site can silently infect your computer. And remember, visiting only well-known, legitimate Web sites is no longer a defense.”Grimes continues that the defenses are to make sure your systems are fully patched, both OS and applications, and to educate your end-users about client-side vulnerabilities. With that in mind, Grimes shares four tactics for educating your end-users. Security