Attackers don’t go after operating systems like they used to. They’ve found bigger fish to fry in flawed applications like the average AV, database, IM or media player program. They’re also paying more attention to flaws in the routers and switches that keep the Internet afloat and are successfully stealing data from government networks. That’s the consensus among security experts who contributed to the SANS Institute’s Top 20 vulnerability list for 2005. “The bottom line is that security has been set back nearly six years in the past 18 months,” SANS Institute Research Director Allan Paller said in an e-mail exchange.