As people heed warnings to install the latest security updates for Microsoft Corp.’s Windows operating systems and Internet Explorer browsers, researchers say hackers have been shifting their focus to applications that are harder to protect.

The SANS Institute’s annual list of top Internet security threats includes a separate category for “cross-platform applications” for the first time.

Data-backup programs, media players and anti-virus software were added to the list, joining instant messaging and file-sharing applications before listed under Windows threats.

Most of these programs lack auto-updating mechanisms now available to automatically take care of the Microsoft threats, setting the state of security back five or six years, said Alan Paller, director of research as SANS, a security training and research organization.

Backup programs are of particular concern because they are used by businesses to duplicate the most sensitive data, such as financial and hospital records, Paller said.

SANS considers the list – at http://www.sans.org/top20 – a consensus among security professionals of the vulnerabilities that require immediate attention.