Domain: csis.dk
Stories and comments across the archive that link to csis.dk.
Comments · 5
-
Re:20k
It's both.
TFA confirms that it's written in assembly and saying that the security holes in Windows are really huge, well, that's just common knowledge.
-
Re:Java...
> http://www.csis.dk/en/csis/news/3321/ [www.csis.dk]
Thanks. I don't think that this webpage justifies the claim, although it is interesting.
It does not appear to be a very formal study, or at least the webpage has no report of the methodology. So when they say "37% was JRE", it's not clear what those 37% were: e.g. was it the case that 37% of the exposures of users to potential infections were exploits using the JRE? Were these the successful ones or not? And given that according to the document, their study only considers 80% of infections, that other 20% could be the important 20%. Too many unanswered questions.
There must be a published paper on this somewhere, but I can't find one
:-(. It seems like such an obvious thing to study. -
Re:Java...
-
Re:Java...
-
Re:Please God no!
Adobe Reader will read ALL PDFs that are out there, guaranteed.
Right, even the ones with malicious scripting that get delivered and opened in an iframe that doesn't even show up on the page.
I've encounter PDFs which opened up to a blank page in Foxit, whereas they worked just fine in Adobe Reader.
So why not set the default reader to an alternative, and only use Acrobat if the document can't be opened elsewhere? Having Acrobat set as the default reader with the browser plugin installed and enabled is the source of the problem.
The same people that rant on and on about attack vectors are also the same people who think Windows BSODs and gets infected with malware/viruses/trojans all the time
Pay attention to what I'm saying. I'm not saying that Windows is insecure or unstable, I'm saying that Acrobat is insecure. That's a fact, it's not just my opinion. I'm not ranting against Windows, I'm still happily using XP. IE, for it's part, is only number 4 or 5 on the attack vector list, a full 85% of attacks come through insecure plugins (like Acrobat). You can bury your head in the sand and act like it isn't true if you want, but that doesn't change anything in reality. Acrobat alone is responsible for nearly a full third of infections. Here is the study.