YOUR IT - Technology for you

No. 1 Story

Telstra adds one million mobile services, but Sensis plummets

Telstra has revealed the addition of almost one million new mobile services in the six months to December 2011, but Sensis revenues plummeted 24 percent in 12 months.

 read more
StumbleUponSubmit to redditShare this on TwitterShare on facebook | Print |PDF 

Vulnerabilities: are things getting better?

Stephen Withers
Monday, 18 February 2008 09:36

Your IT - Home IT

Page 2 of 3
So who is making the design and coding errors that allow these exploits? The top five vendors are (in descending order) Microsoft, Apple, Oracle, IBM and Cisco. Together they account for 13.6 percent of vulnerabilities. The more software you produce, the more chance you have of making a mistake (all other things being equal). And the more software you sell, the more people are likely to examine it for flaws.

Microsoft Office 365 Get your free Trial
Furthermore, 20 percent of those vendors' disclosed vulnerabilities remained unpatched by the end of the year. That statistic sounds pretty damning to me, but the X-Force report notes that it's a lot better than the rest of the industry, that had only managed to fix half of the known vulnerabilities.

Given the widespread use of the web, the number of attacks and the difficulty of detecting them before they reach the computer, how are the popular browsers doing in terms of critical vulnerabilities?

The score, according to X-Force, is Internet Explorer 28, Firefox (for Windows) 36. Significantly, all critical vulnerabilities disclosed during 2007 have been patched.

And as for malware, that's still a growth industry. X-Force analysed nearly 410,000 new malware samples during 2007, up 30 percent on the previous year.

I don't think there's a lot of point discussing malware categorisation, as most users don't care whether a particular nasty is a virus or a worm, they just don't want it on their computers. And as the X-Force report notes, "the classic categories of virus, worm, spyware, backdoor, etc. are becoming largely irrelevant. Modern malware is now the digital equivalent of the Swiss Army knife".

That said, one statistic from the analysis does deserve comment. The biggest category of malware was Trojans. Succumbing to a Trojan is arguably the most self-inflicted way of subverting a system. If you fall victim to a drive-by download from a subverted web site, or if you receive an infected file as an email attachment from a trusted party, it's hard to argue that you weren't behaving reasonably. It's unrealistic to tell people they shouldn't use the web or exchange files with friends, colleagues or business partners.

CONTINUED


Start 1 2 3 Next 

Sponsored Announcements

Websense #1 in Web Security Fourth Year in a Row

David Bass | For the fourth year in a row, IDC has placed content security provider Websense (NASDAQ: WBSN) at the top of the IDC Worldwide Web Security 2011 –…

You may have missed


Advertisement

- sponsored feature -

The Death of Traditional BI: What’s Next?

How to Make Business Discovery Work for Your Business IP PABX BUYING GUIDE

Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases