The Next Web

Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom:

Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.

I can hear the Microsoft haters crying foul all across the globe. Yet it’s true. Here are the top 10 vulnerabilities for the third quarter, according to Kaspersky:

1. Oracle Java Multiple Vulnerabilities: DoS-attack (Gain access to a system and execute arbitrary code with local user privileges) and Cross-Site Scripting (Gain access to sensitive data). Highly Critical.
2. Oracle Java Three Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
3. Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Gain access to sensitive data. Highly Critical.
4. Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Highly Critical.
5. Adobe Reader/Acrobat Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
6. Apple QuickTime Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
7. Apple iTunes Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
8. Winamp AVI / IT File Processing Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
9. Adobe Shockwave Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
10. Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Gain access to sensitive data. Extremely Critical.

The rankings are based on the percentage of users whose computers had the vulnerability in question. In other words, unpatched and old software, or just poor software in the first place.

A few years ago, Microsoft would be all over the list, but starting with the release of Windows Vista, the company has seriously cleaned up its act. Windows 7 builds on that, and Windows 8 takes it yet another step forward. Windows is still highly targeted due to its market share: 0-days for Windows 8 allegedly already exist.

If you’re looking at that list above and demanding for some juicy security figures, this list of findings is for you:

• 28 percent of all mobile devices attacked run Android OS version 2.3.6, which was released in September 2011.
• 56 percent of exploits blocked in Q3 use Java vulnerabilities.
• A total of 91.9 million URLs serving malicious code were detected, a 3% increase compared to Q2 2012.

That second one is brutal. It’s exactly why you shouldn’t have Java install, unless you absolutely need it.

See also – Security companies are recommending you disable Java, or just uninstall it and IE9 passes 20% market share, Firefox falls below 20%, Chrome loses users second month in a row.

http://thenextweb.com/microsoft/2012/11/02/microsofts-security-team-is-killing-it-not-one-product-on-kasperskys-top-10-vulnerabilities-list/?utm_campaign=social%20media&utm_medium=share%20button&utm_content=Microsofts%20security%20team%20is%20killing%20it:%20Not%20one%20product%20on%20Kasperskys%20top%2010%20vulnerabilities%20list&awesm=tnw.to_lLo7&utm_source=Twitter

I haven't had a Java hit through any browser since 2010, though i also rarely go anywhere that uses Java anymore.

Pretty cool read, good to know Microsoft staying outta the spotlight even with a 20% market share in Browsers. One thing that I would like to know tho, they mention chrome users fell for the 2nd month in a row, but what % of net users actually use googles browser now?

Click the link at the bottom of the link its shows a bunch of statistics.

Edit: i'll just put it here http://thenextweb.com/apps/2012/11/01/ie9-passes-20-market-share-firefox-falls-below-20-chrome-loses-users-second-month-in-a-row/

Very interesting read indeed. When MS gets competitive and its monopolizing policies dont work. Its a really good company.

Microsoft has certainly gotten better, though they'd have to be pretty bad to rank up there with Java and Flash and other web media platforms. They will probably always be in the top 10. I don't know if Microsoft should exactly be praised for not being horrible.

I am impressed with how good Windows security measures are now, though, after years of being superfluous and ridiculed. Everything I've read has said that they are well ahead of Apple in that regard.

Which leads to the question, why is iTunes on that list with multiple vulnerabilities? And ahead of Shockwave? That's very bad. People need to know about that.

IE still over 54% and Firefox is still the biggest non pre-installed browser.
Interesting to see how many people apparently decline automatic browser updates, still a lot of people using old versions of IE and Firefox.

I'm kind of surpised that IE8 is number 1. I've never actually seen it out in the wild. Usually IE7 or Chrome.

IE8 is thie highest because this is the latest browser Win XP users can install. Thank god there is Chrome and FF for those people cause I'd kill myself if I had to use IE8.

This just shows what a massive turnaround MS did with IE9, which is the most secure browser by far, yet still very competitive with speed, JS and other benchmarks... And IE10 is even better. The Trident rendering engine used in IE has come a long way. And to think they were considering switching to Webkit before IE9 was released...

Adobe need to step their shit up, that is just embarrassing.