Slashdot Mirror
92% of Windows PCs Vulnerable To Zero-Day Attacks On Flash
CWmike writes "More than 9 out of every 10 Windows users are vulnerable to the Flash zero-day vulnerability that Adobe won't patch until Thursday, Danish security company Secunia says. According to Secunia, 92% of the 900,000 users who have recently run the company's Personal Software Inspector (PSI) utility have Flash Player 10 on their PCs, while 31% have Flash Player 9. (The total exceeds 100% because some users have installed both.) The most-current versions of Flash Player — 9.0.159.0 and 10.0.22.87) — are vulnerable to hackers conducting drive-by attacks hosted on malicious and legitimate-but-compromised sites. Antivirus vendors have reported hundreds, in some cases thousands, of sites launching drive-bys against Flash."
Browsing the web without a few browser mods is the only to surf these days anyway.
Well at least the iPhone is safe...
Will Flash just die already! We have the video tag, IE users can suck it up as well. FlashBlock for Firefox, but what to use for Chrome?
This is the reason why we either need diversity in software or OSS. Flash is installed on practically ever computer, and for good reason, many sites require Flash. However relying on a single software and single software versions is a bad idea, even more so when it is closed-source.
Taxation is legalized theft, no more, no less.
I feareth not, for I haveth disablethed the abomination frometh Adibe !!
The lord hath spokenth to meith and said I ameth saved.
Everybody, Roll back to Flash player 5 for a little bit. And then have that warm gooey feeling of when you first tried animating with it... Now change your pants.
This makes FlashBlock all the more useful. No flash that I don't explicitly enable ever runs in my browser, which should stop these drive-by attacks in their tracks (unless they somehow infect flash objects I would normally allow, instead of injecting a new "hidden" object into the hacked sites).
The fix to all Flash problems lies here on Adobe's own web site: How to uninstall the Adobe Flash Player plug-in and ActiveX control.
If you're not using this, or something like it, then your Admin isn't doing their job.
It looks like none of the users are getting flash until thursday. Sorry guys, no pandora for you. (also looks like I won't be getting a cake on sysadmin day).
NewslilySocial News. No lolcats allowed.
is like RealNetworks was years ago.
The only difference is that when Real started raping people's computers it was replaced.
I've always said(for years) that Flash would be the killer infection vector and that its cross platform ubiquity would be the Achilles heel for Linux and Mac.
This is but a taste of things to come. Flash is an abomination. It has too much power with too little end user control over that power. Combined with its insanely large install base and you have disaster waiting to happen.
I'm not sorry for being right all the time. So suck it!
Zero-Day attack
The coder: whack
One means to stop
The furbrained attack
Burma Shave
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
FlashBlock stops Flash from running after a second or two. Some of the remote code still runs. This may be enough time for an attack to get through.
A computer worm that spreads through Flash and PDFs on PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough to still think Windows is not ridiculously and unfixably insecure by design.
Despite many years' warnings that Microsoft regards security as a marketing problem and has only ever done the absolute minimum it can get away with, millions of users who click on any rubbish they see in the hope of pictures of female tennis stars having wardrobe malfunctions still fail to believe that taking Windows out on the Internet is like standing bent over in the street in downtown Gomorrah, naked, arse greased up and carrying a flashing neon sign saying "COME AND GET IT."
Millions of smug Mac users and the four hundred smug Linux users pointed and laughed, having long given up trying to convince their Windows-using friends to see sense. "There's a reason the Unix system on Mac OS X is called Darwin," said appallingly smug Mac user Arty Phagge.
"It can't be stupid if everyone else runs it," said Windows user Joe Beleaguered, who had lost all his email, business files, MP3s and porn again. "Macs cost more than Windows PCs."
"Yes," said Phagge. "Yes, they do."
Ubuntu Linux developer Hiram Nerdboy frantically tried to get our attention about something or other, but we can't say we care.
http://rocknerd.co.uk
9 out of every 10 Windows users are vulnerable to the XXXXXX vulnerability.
Flash is installed on almost every PC. The large majority of Windows users still use Internet Explorer, so the majority right there are vulnerable. Firefox has a respectable percentage of the user base, but very few of those people (outside of the Slashdot crowd) seem to use tools like Flashblock. The other browsers - Chrome, Safari, Opera round out the group; their users are pretty much all vulnerable too.
It's sad, I agree - but we already knew this was the case since we've known about this unpatched flaw for a while now...
#DeleteChrome
This gives a new meaning to the term Killer App
Well at least the iPhone is safe
+1 Funny!
In times of universal deceit, telling the truth gets you modded -1 Troll
If it were an actual mistake, then I would agree with you. It wasn't an error.
He purposefully did it and when he got caught he then apologized for it. What I'm saying is, if nobody said anything, he'd still be doing it.
"A critical vulnerability exists in the current versions of Flash Player (v9.0.159.0 and v10.0.22.87) for Windows, Macintosh and Linux operating systems" (emphasis added.)
TFA only mentions Windows because they don't bother scanning Macs or Linux boxes.
You know ...
I hate Adobe software.
There, I said it.
Photoshop is buggy. Premiere is often weird and arcane. Flash and Reader have had some NASTY security holes of late. Reader is a painfully source resource pig. Adobe is at least a year late in releasing a 64 bit version of Flash (outside of the Linux beta).
You know you're in trouble when freakin' MicroSoft is putting out better software.
Adobe's releasing one awful update after another. They seem to lack the resources and expertise to maintain a huge portfolio of overly-ambitious software on a wide variety of platforms. They just can't seem to get anything right with their free (as in beer) software from a security, and sometimes even usability, standpoint.
Dear god.
Request to Adobe: if you want to be the gateway for rich content on the 'net, please realize what's at stake if you fsck things up. By botching security, you're putting millions of people at risk for having their lives turned upside down by thieves and fraudsters. You're releasing the digital equivalent of Pintos. Please start fixing your mess.
Flash is now among the top attack vectors for Windows, and it isn't even covered by Windows Update.
There were 23 reported security issues in the last 2 years, including at least 4 browse-and-get-owned vulnerabilities.
In comparison, Silverlight has had no security bulletins since its 1.0 release (it's now at 3.0).
This may be just yet another reason to migrate to Silverlight, especially for intranet applications.
throw new SuccessException("Sig read successfully");
An interesting approach, using IP addresses as version numbers
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
So do you have to be on an administrator account for the attack to work?
I am becoming gerund, destroyer of verbs.
IBM Corporation - 9.0.159.0
Internet Assigned Numbers Authority - 10.0.22.8
Tinfoil hats now half off.
... if everyone knows about it?
Or am I missing something here?
Comment removed based on user account deletion
Privilege separation is a useful tool, but minimizing the surface area for the initial attack is critical. Security is like sex, once you're penetrated, you're ****ed.
The biggest problems Windows has are related to the surface area exposed to attack:
1. The lack of the ability to bind most survices to a specific IP address means that even services intended for internal use have to be blocked by a firewall rather than being bound to 127.0.0.1.
2. The lack of ability to pass parameters to a program without passing through a re-parsing step, leading to quoting attacks against helper applications.
3. ActiveX.
4. ActiveX.
5. The use of a common set of helper application bindings for the shell and browser, a vulnerability alas copied by Apple.
6. Did I mention ActiveX?
Windows has privilege separation issues, but not nearly as great as they used to, so I wouldn't put this even in the top 10 security problems.
Common runtimes, like Flash, Silverlight, and Java, are a problem because they create the possibility of a "one size fits all" attack. You shouldn't ignore the danger whether you're running Windows or UNIX.
were turned off at the moment of the counting.
The other 8% were:
1 -- Downloading Flash because they felt "left out"
2 -- Powered off
3 -- Already infected
4 -- At the local Geek Squad store having their Owners' Personal Information "backed up" to the technician's USB stick (It's value-added!)
5 -- Some combination of the above choices
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
Hmm, I actually liked that one. At least it wasn't about some jackass trying to eat it or anally raping themselves. More original, for this site anyway.
the best thing to ever happen to Silverlight?
Yes, who are they to support all platforms in equal manner allowing same functionality in all sites?
My suggestions are:
1) Drop PowerPC support
2) Drop Linux support
3) Find some sold out once open source heroes to implement half ass functional thing with a cool name.
4) Go mono! err.. profit!
Comment removed based on user account deletion
Comment removed based on user account deletion
I visit a site
It uses Flash 10 Player
I am truly fucked
Sig Follows: "Suppose you were an idiot. And suppose you were a member of Congress. But I repeat myself." -- Mark Twain
... welcome our new Flash overlords. Not even Flash Gordon can save us now.
Byzandula
insecure -adj
Merriam-Webster: not adequately guarded or sustained : unsafe an insecure investment
Random House: not secure; exposed or liable to risk, loss, or danger: an insecure stock portfolio.
You fail it.
Let's not let the facts get in the way of rabid fanboyism! After all, Linux is 100%, completely secure! There are magical GPL fairies in the kernel that protect it from any and all attacks, even when the app in question is from a 3rd party.
When there is a zero day issue exploited in the wild and if it is effecting near billion computers, some questions must be asked.
1) Will the FBI and security organizations look to this matter as a threat to global security and this time, actually find the gang to question them?
2) When did we start supporting zero day exploiting black hat mafia?
3) Who is really behind this?
4) Why would it take until Tuesday to fix the issue? Can't they provide a quick hotfix until Tuesday and ship the real thing with more testing with 1 week later?
5) Will Adobe do some serious internal investigation, working with the law enforcement agencies to find out the root cause of this issue, this kind of behavior among their developers, team leaders and testers?
Some company known to work in a very dirty ways when it got cornered is at version 3 of their software and nobody, including their media puppets seems to care. Just saying...
So, are you saying Windows is not done until Adobe is broke, so that people will use M$ stuff instead? They have done that before. I don't think Adobe is at fault, since the same problem appears many times for them, but no issues on Silverlight. Interesting, Adobe works on the Mac and Linux flawlessly. So it's got to be the evil empire again. Look out for the fine they are going to get now. WOW.
Flashblock will not save you from this vulnerability. Flashblock only blocks flash objects in your internet browser (firefox/seamonkey.) This attack uses flash objects embedded in pdf documents which are handled by Adobe Reader. Now, who decided it was a good idea to allow pdf documents to have flash embedded in them?
Does this affect us who never upgraded from 7/8?
This is something that can be detected and stopped by Antivirus software, right? Since my Avast! updates every day, if it can protect me against this Flash vulnerability, then it shouldn't matter to me when Adobe issues the patch.
This may be just yet another reason to migrate to Silverlight, especially for intranet applications.
Other than the large security problem of handing Microsoft any degree of weight in the market for internet clients.
Particularly given Microsoft's history, which suggests they barely have the slightest idea of how to create anything secure, chances are that Silverlight's record has a lot to do with its small market share.
But mostly, they're simple not trustworthy. We saw what they did with IE6. Even if you ignore the rest of their history, trusting them is foolish.
Tweet, tweet.
Adobe should give a notification in their updater that their software is insecure, and give the option to disable it until the next patch. Quarantine is usually the immediate response to an outbreak before we have a suitable vaccine.
These bloated plugins seem to also be responsible for 80%-ish of the crashes I have in Mozilla.
They are the big weakness of the web: what if someone decides to start putting a non-standard format out there that becomes a de facto standard because it's the easiest way to do something?
Flash seems to be the easiest way to put up an animation.
PDF is the best format for distributing documents that you don't necessarily want others to edit.
No one wants to explore alternatives because the content is in these somewhat unwieldy formats.
Futurist Traditionalism
I noticed in early July that my Kubuntu 8.10 machine started showing corruption in the EXT3 filesystems, and it seemed to happen everytime I used Firefox (which had Flash installed). I finally got so sick of restoring from backups that I rebuilt a totally new Kubuntu 9.04 image, without Firefox. I now run Firefox in VirtualBox, using a sandboxed image of Kubuntu 9.04. This has stopped the filesystem corruption in the host OS, but I continue to see EXT3 corruption in the sandboxed Firefox with Flash. It's beginning to look very sensible to use 3 virtual machines for browsing the web now. Green Sandbox for just my banks. Yellow Sandbox for email and Paypal, and Red Sandbox for everything else (including Slashdot). Even with Noscript, the Red Sandbox gets dirty still, and needs rolling back to the initial snapshot. I haven't run rootkit detection or virus scanning yet, but I'm beginning to believe that integrated intrusion detection will be the next Great Thing (tm) for virtual machines. Charlie Stross thought about this years ago in Accelerando. It's worth a read.
Yes he did, but he's not some huge, evil megacorporation. He's one guy who has cooked up this software that everybody wants to use, isn't he?
His only mistake was not telling people in the first place - not the whole whitelist/redirect thing. If you want to use NoScript than obviously a condition of that use is that the NoScript site is automatically whitelisted and the page opens up every time you have an update. For all of the benefits it gives one that is an awfully generous tradeoff.
Random Thoughts From A Diseased Mind (Not For Dummies)
I don't know if it does, but I would certainly like to know the secret to living with Flash 7 when everyone and their uncle check the version of Flash before allowing me in to their website. Is there a way to declare a different version instead of updating something that is (was) actually working fine?
"1) This vulnerability exists on OSX, Windows, and Linux.
2) The annual pwn2own competition, among others, shows that Linux and Windows are similarly secure and OSX is much less secure. OSX goes down first every year, while Windows and Linux both last until later days of the competition when more direct access to the systems is granted to the contestants.
A Windows machine is more likely to be compromised, but that's because of market share. "Insecure by design" implies that you're talking about the security of the OS against someone who wants to compromise it. It's proven every year that only OSX lags in this area, and it lags quite badly (this year's winner rated the difficulty of compromising Vista and Linux as a 9-10, and the difficulty of breaking into OSX as a 3, IIRC).
3) Goto 1)" - by Colonel Korn (1258968) on Tuesday July 28, @12:54PM (#28854687)
No one could say it better than you have Colonel, GOOD JOB, & if I had the ability to give "mod points" I would mod you up, but alas, as an "A/C" here? I cannot... so, all I can say is "well said, & good job"...
APK
P.S.=> NOW - As far as the "Pro-*NIX FUD Spreader", who obviously cannot THINK for himself & thinks others are the same as he, whom you replied to? Here is what I can give HE, in response to his obvious misleading b.s.:
"A computer worm that spreads through Flash and PDFs on PCs without the latest security updates is posing a growing threat to users blitheringly stupid enough [today.com] to still think Windows is not ridiculously and unfixably insecure by design" - by David Gerard (12369) on Tuesday July 28, @11:08AM (#28852797) Homepage
Oh, really? Then, try THIS "on for size", in response to your FUD spreading:
----
HOW TO SECURE Windows 2000/XP/Server 2003, & yes, even VISTA (& it's descendants), + make it "fun-to-do", via CIS Tool Guidance (& beyond):
http://www.tcmagazine.com/forums/index.php?s=aeba48c4aeccd4a426f664b5db5574e8&showtopic=2662
----
Results? Ok, & from Linux AND Windows no less, @ the start of that guide (which show that Linux itself also needs added work to secure it, & guides from Apple Computer also show that MacOS X is NOT that secure "outta the box/oem stock" as well, & recommend FAR MORE to do, to secure it as much as is possible, vs. what you get from them oem/stock/outta the box):
http://www.xtremepccentral.com/forums/showthread.php?s=b38271cfc7ef82deafc78e2e2ef23a0f&t=28430&page=3
----
"Its 2009 - still trouble free! I was told last week by a co worker who does active directory administration, and he said I was doing overkill. I told him yes, but I just eliminated the half life in windows that you usually get. He said good point. So from 2008 till 2009. No speed decreases, its been to a lan party, moved around in a move, and it still NEVER has had the OS reinstalled besides the fact I imaged the drive over in 2008. Great stuff! My client STILL Hasn't called me back in regards to that one machine to get it locked down for the kid. I am glad it worked and I am sure her wallet is appreciated too now that it works. Speaking of which, I need to call her to see if I can get some leads. APK - I will say it again, the guide is FANTASTIC! Its made my PC experience much easier. Sandboxing was great. Getting my host file updated, setting services to system service, rather than system local. (except AVG updater, needed system local)" THRONKA user @ xtremepccentral.com
----
All with MOSTLY "native tools" already in your OS', or webbrowsers (the MAIN 'disease vector', via javascript especially (THIS NEEDS REVISION THE MOST, where is th
I stopped reading there. Obviously a slow news day.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Flash is a ongoing security nightmare. Users demand the functionality but don't understand or care about the security cost.
Flash is one abomination that should be put out of its misery ASAP.
FlashBlock can be easily circumvented by any attacker.
The only reliable flash-blocking whitelist is NoScript.
I would highly suspect by now the entire eco-system involved in an average patch in FOSS software is very much outstripping the resources of MS. At least on the eyeball side. What does MS put at any given problem a few hundred or a few thousand programmers? Yea, there might be a whole lot more people in the marketing spin department, but they don't really count as helpful.
It is not just the guys around one project, a particular writer in FOSS that vets the patch. It is the entire community of hundreds of different distros, sub-projects, individual users, and so on that vet a patch or change and decide to include it, ignore it, put it on the shelf, and push changes back up the food chain as problems are found.
I consider myself to be fairly much an end user of FOSS, but perhaps leaning more on the power users side of things. I remember a bug in a early development release of Firefox I found. From the time it was released, to the time I found it, verified it, and went to report it, was less than 30 mins. Guess what? 100 other people found it, 10 proposed patches had been submitted, and the best was already accepted and in to the next version a full 15 mins earlier than me. That is just normal in FOSS.
No one can tell me a company with massive bureaucracy of rules and procedures would be able to mobilize anything at that speed. It likly takes them a week just to get authorization to look at the source code they wrote from the legal department.
Living in Chile
This is not so much a Windows issue as it is a browser issue. Secunia reports MSIE7, Mozilla, Chrome, and Opera ALL insecure for browsing for the same reasons: Flash, Adobe Reader, and Sun Java being the consistently prime culprits, but it also reports MSIE 7 and Mozilla as unsecure all by themselves.
Secunia is an interesting program in many ways, but it reports 'vulnerabilities' as soon as anyone releases a new version of anything. Suddenly, you are 'insecure.'
Regardless, Secunia is well worth taking a look at. http://www.secunia.com/
How about a moderation of -1 pedantic.
"So your hateboy statement that "It's proven every year that only OSX lags in this area" is simply disingenuous." - by Super_Z (756391) on Tuesday July 28, @04:51PM (#28858765)
Does it? Ok, let's "put that to the test", shall we?
Windows Server 2003 Known Vulnerabilities that are critical & unpatched/unworkaroundable:
----
http://secunia.com/advisories/product/1174/?task=advisories
240 Vulnerabilities
----
vs.
MacOS X (latest build) Known Vulnerabilities that are critical & unpatched/unworkaroundable:
----
http://secunia.com/advisories/product/96/?task=advisories
971 Vulnerabilities
----
READ 'EM & WEEP... &, that is absolutely current data, for both of their "all-time" advisories list, & unpatched (or work-around-able) issues... &, it appears MacOS X has been affected by FAR MORE than Windows Server 2003 (what I use here, as I consider IT the "real version of Windows", even vs. VISTA/Server 2008/Windows 7).
In fact? I'll discuss ANY of them @ length with you, as to the currently STILL "outstanding" issues... the ones to be of most concern, are of course, those that allow remote exploits of CRITICAL nature, because that's where I'll simply then show you EASY WORK-AROUNDS for the ones in Windows Server 2003... easy ones, mostly dealing in ACL's alterations in fact, which is, very easy, to do!
I mean, because of HOW I setup Windows Server 2003? Well, basically/fact is??
I am "proof" to a few just based on that alone, & only because of how I setup Windows Server 2003 here (default setup mostly, @ least AT setup that is, since it installs by default, as "workstation/pro" mode basically, not a full-blown server & I am proof to the issues that surround THAT end of things because of that alone)...
Fact is, quite recently, I have had that kind of 'debate' here on /., QUITE recently!
(I think the person who attacked me over it (Americano &/or RyuuzakiTetsuya (same guy, diff. logons)) found it "QUITE ENLIGHTENING", lol, to say the least... with him having to use multiple accounts like that, & still failing to prove that MacOS X is more secure than Windows Server 2003 is... @ least in terms of current vulnerabilities & MacOS X still has one it has totally NOT PATCHED, deals in scripting (& they ONLY RECENTLY PATCHED A JAVA ISSUE ALL OTHER OS VENDORS PATCHED MONTHS AGO, no less)).
APK
P.S.=> Seems like YOU are the "disingenious one", as most of you "Pro-*NIX" fud spreaders, with your "straight outta pravda" b.s., which has been CLEARLY, shown as only that much... b.s.! Because, believe me, on this issue? I am "prepared as prepared gets", & anytime you want to discuss that (MacOS X vs. Windows Server 2003? I'm ready, willing, & able))... apk
92% of Bind 9 servers are vulnerable to zero day attacks too.
"You read the numbers in a weird way. The pages of Secunia say:" - by tgv (254536) on Wednesday July 29, @03:02AM (#28863045)
Did I? Funny, 971 vulnerabilities over time in MacOS X is a heck of a lot more than the 240 for Windows Server 2003, over time (both reported as the # of vulnerabilities found in each, so, how did I "read that funny"? It's there, in black & white, lol)... first of all!
----
"Furthermore, it is 4 against 12 unpatched (in favor of OSX)" - by tgv (254536) on Wednesday July 29, @03:02AM (#28863045)
Show me a SINGLE ONE on Windows Server 2003, that I cannot patch myself via simple things like ACL alterations (or just avoid to not be made victim by)...
You do that (& you won't be able to, lol), & I'll show you a quick + easy work around.
Then - I can show you the ONLY PARTIALLY FIXED MacOS X scripting bug, that YOU cannot fix & are STUCK with period (and, just judging by the 'turn around time' on the last major fix Apple had in MacOS X for the JAVA bug that all other OS vendors patched months before Apple did? Tells you just how long you'll be STUCK WITH THAT SCRIPTING BUG most likely).
Neither's perfect, & you can avoid behaviors + tools/files on both to avoid problems... but, what "bugs me" is how you MacOS X & *NIX fans in general LOVE to put down Windows, but, it seems to be as secure if not MORE SO, than your OS' are (per what I put out + others here such as in the pwn2own contests data others put up).
APK
P.S.=>
"And your language and mark-up suggest mild paranoia. You have not been attacked, and the Pravda doesn't deal with Windows viruses. Get treatment, or move to Montana and join the militia." - by tgv (254536) on Wednesday July 29, @03:02AM (#28863045)
Care to show us your PHD in Psychiatry, plus a license to practice it, as well as your formal analysis of myself in that regards? Oh, you don't have ANY of those?? Ok, "I rest my case"... apk
"1. You are comparing the aggregate of security vulnerabilities of OSX 10.0, 10.0 Server, 10.1, 10.1 Server, 10.2, 10.2 Server, 10.3, 10.3 Server, 10.4, 10.4 Server, 10.5 and 10.5 Server to Windows Server 2003. Feel free to add the vulnerabilities of the other Windows Desktop and Server releases from 1999 and onwards." - by Super_Z (756391) on Wednesday July 29, @02:32PM (#28870735)
Add them ALL together, because, it doesn't matter - I can SHOW YOU a bug in MacOS X that is outstanding & there is NO FIX FOR (only partial & STILL vulnerable)... whereas there is NOT A SINGLE ONE on Windows Server 2003 (the model of Windows I use, what I consider to BE the TRUE Windows, not this latest crap in VISTA onwards) I cannot fix... or, avoid just because of HOW I setup my version of Windows (default is workstation/pro install - you add server stuff, after, ONLY if you wish though).
----
"2. Apple and Microsoft shipped software have different disclosure policies. Microsoft never patches until they are forced to (witness the 18 month lead time on the ActiveX vulnerability just disclosed). MacOSX includes software that have "disclose everything now" policies." - by Super_Z (756391) on Wednesday July 29, @02:32PM (#28870735)
WHAT? Apparently, you aren't aware of the JAVA bug that Apple had, for MONTHS now, that other vendors patched many, Many, MANY months ago... would you like proof of THAT, also?? Just ask... I'll get the link, & right from this website...
----
"3. MacOSX simply bundles more software than Windows Server. A quick look at the MacOSX advisories show that they include vulnerabilities in Python, Perl, PHP, Ruby, Java, ClamAV, SquirrelMail, X11, Apache, BIND, OpenSSL, OpenLDAP, MySQL, Flash etc." - by Super_Z (756391) on Wednesday July 29, @02:32PM (#28870735)
LMAO - Windows runs more software AND ON MORE HARDWARES in peripherals, period, than MacOS X ever has (or, probably EVER WILL)... so, "so much for that" line of pure b.s.!
APK
P.S.=>
"4. Secunia has some weird counting going on. Check out the XP Professional 2009 advisory page. I count 25 vulnerabilities in 12 advisories - yet the total statistics claim 244 advisories with 253 vulnerabilities. If the numbers are to add up, previous years would have to have more advisories than vulnerabilities." - by Super_Z (756391) on Wednesday July 29, @02:32PM (#28870735)
That is because advisories are patched issues mostly (already patched), & again - 971 vulnerabilities for MacOS X? That's what?? Almost 4 orders of magnitude MORE than those found in the version of Windows I use (&, whether you KNOW this or not? Modern versions of Windows are based off the SAME Windows 2000 codebase, albeit with some added features & modifications, but mostly, the same)... apk
Comment removed based on user account deletion