Slashdot Mirror
Microsoft Escapes Kaspersky's Top 10 Vulnerabilities List
An anonymous reader writes "Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom: 'Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.'"
And in other news MicroSoft purchased security firm Kaspersky for undisclosed billions of dollars in gold...
[/humor] - just kidding!
Less surprising is that the top vulnerabilities are Oracle's Java and Adobe products. In fact, Adobe can claim 5 of the top 10. Too bad I still have Reader and Flash on my system, but Java was purged from my system about a week after I stopped doing Java development.
Looks like MS is being dethroned. Between Apple, Oracle, and Adobe it's not looking good.
Agile Artisans
Many of the entries appear to be for identical things
"Oracle Java Multiple Vulnerabilities: DoS-attack (Gain access to a system and execute arbitrary code with local user privileges) and Cross-Site Scripting (Gain access to sensitive data). Highly Critical."
Seems to be prepared for someone who has no knoledge on what DoS and CSS are.
See subject-line above - MAN: This article's findings MUST have "stunned" the "Pro-*NIX" crowd here into silence... lol!
* Ah yes, "will wonders NEVER cease"...
BESIDES - it's NOT like you can't secure Windows well: It's VERY "doable" as is, just takes time & effort to an extent!
APK
P.S.=> I wish Windows 8 didn't have "METRO", or @ least allowing an OPTION to flip back to the classic Win9x style interface shell that I've used since 1995 or so (which, from what hairyfeet, a member here I am SURE you all know, told me that Mr. Sinofsky @ MS KILLED that possibility) - it's got a few things I really like that relate to security, such as:
---
1.) Guard pages (this supplements ASRL & DEP iirc) on the heap -> http://news.softpedia.com/news/Chris-Valasek-The-Windows-8-Heap-Manager-Is-the-Most-Secure-to-Date-282466.shtml
2.) AND, more -> http://www.techradar.com/news/software/operating-systems/windows-8-security-explained-1107206
---
And, of course, "self-terminating" services - which isn't security-related, but rather, performance-oriented!
(Which alleviates the need to "tweak/tune" your services, which those interested in performance on Windows have been doing for decades, myself included since Windows NT 3.51 onwards)...
I've said I don't predict success for MS here on the PC desktop, but I will say that METRO does make sense on say, smartphones &/or tablets though... nice part is?
All of these improvements I LIKE, will make their way into Windows 9, & hopefully MS "rights things" in regards to this new interface on the desktop, leaning a lesson - but, we'll see how it all goes...
...apk
Anytime a vulnerability occurs on a multi-platform application it shows up on all of the platforms. The only time this doesn't happen is if the application/library has multiple sources - then it depends on the distribution.
The Java problems are most likely in the runtime that was open sourced - but still in use by both sources of the runtime.
I would agree with you except for the fact that I have no idea what this "Windows" thing is supposed to be.
Get free satoshi (Bitcoin) and Dogecoins
With the rise of OS X Windows is no longer relevant.
Parent is correct - although a little hyperbolic. Windows is no longer the 800 lb gorilla - Apple iOS is.
The market trend is towards more mobile type of computing and less desktop related type of things. Yes, yes, yes, I know that you need a desktop for "real" work, but many many others don't. Most of what I need to do can be done on a tablet or smartphone - where Windows has a very small market share.
Also, generally desktops are being kept longer and longer because there's really no need to keep doing so. Microsft sees the writing on the wall and they are scrambling to get move into other profitable (for them) lines of business before their gravy trains (Windows and Office) slows down too much.
This article is nothing but Softie cheerleading without any meat. You have to go to the report itself for any real facts.
Indeed, this paragraph explains *why* Java exploits are common in the wild.
In other words, if you do auto-updates of java and stuff like it, you are far less vulnerable. I don't think Windows even has a facility to do this, one must roll one's own for each package.
Keeping up to date with Oracle Java on Debian style systems:
http://www.webupd8.org/2012/09/install-oracle-java-8-in-ubuntu-via-ppa.html
--
BMO
Just too bad it's no longer a good *desktop* OS!
Windows users, both enterprise and home, pretty much all use AVs and since Windows 8 comes with one built in, and SCCM 2012 takes care of that in the enterprise at a low cost relatively speaking, there is no room for market growth there...the slime that run the AV corporations are painting their sites on iOS and Android.
Follow the money, whats the publisher selling?
I'm not developing on a fucking smart phone, so suck an egg.
Windows 7 is the best desktop OS. Secure enough, runs fast, smooth, stable, and all software and hardware works. OSX is pretty good too, but you have to buy expensive hardware to get it, and the software selection (especially regarding games) is more limited.
But you can't do auto-updates of Java, otherwise other stuff on your machine stops working.
Java is sufficiently flaky that it's very common for particular applications to need particular versions very carefully installed and configured, so you end up with several versions on your machine - allowing auto-update is a recipe for utter chaos.
You are not supposed to do developing at all. Use your smartphone to watch TV and movies as God intended.
Sorry, but gray text on gray background is making my eyes bleed.
Windows is still very insecure. After all it has that whole list of software exposing it to danger.
http://www.securelist.com/en/analysis/204792250/IT_Threat_Evolution_Q3_2012
They finally paid off the FSB.
This is one of those things that will be hard to judge.
First off, there are more android installs than iOS, and a lot of them are older versions which aren't getting updates etc. I see what google et.al. are doing but that market fragmentation will eventually be a security nightmare.
Secondly, MS moves something like 250 million copies of windows a year, and yes, turnover is going down, but that means there are still a billion windows PC's in the wild. The smartphone market has much higher turnover, in part because of carrier subsidies and the noticeable performance improvements still happening, and in part because cell phones are just much more likely to physically fail than a desktop, so I would be surprised if there are 300 million iOS devices in the wild at all. Officially they've sold 400 million iOS devices (http://news.cnet.com/8301-13579_3-57511323-37/apple-by-the-numbers-84m-ipads-400m-ios-devices-350m-ipods-sold/) through june, but a LOT of those are replacements for older iOS devices at this point (it would be a bit like MS talking about how many copies of windows it has sold since 2007 versus how many are actually in use).
Lastly, a lot of mobile devices may have vulnerabilities than can be exploited but that don't put users at risk because users don't behave in a way that exposes them to much risk. If you aren't regularly grabbing new apps, or trying to click links in e-mails or the like, well, you're not a power user but you're not at a great deal of risk either. The only person on an island doesn't really gain much by locking their door sort of thing. And we all know hackers are after things worth money. Desktops are worth money, banking information is worth money, (and banking is becoming more popular on smartphones to be sure), pictures of naked women are worth money (and those are certainly on phones....), but it's hard to know if hackers, especially serious ones, are going to refocus on desktops, because now if you have a desktop you're probably a serious productivity person, which means you have something worth stealing.
Well to be fair for the the majority of /. readers we aren't in the cheap desktop market. For one reason or another we'll find a way to drop 2k+ on our laptops and desktops. We're devs, or gamers, or video processing nerds, or guys that measure their worth by their massive stash of pirated material and seed ratio etc. Either way we seem to all want some combination of SSD, big disk capacity, massive monitor, top of the line CPU, etc. Apple gear might not be great value but they don't target the low end of the market and we generally aren't there anyways.
Not really, no. My current gaming rig cost me about 800€, my laptop was 350€ and my smartphone was 100€ (from store, not operator, no subsidy).
Quite a few of us like bang for a buck, rather then bang at any cost.
You used four $ signs in referring to Microsoft, which makes your comment four times as irrelevant.
Well to be fair for the the majority of /. readers we aren't in the cheap desktop market.
[Citation needed]
"His name was James Damore."
Rather, you are buying software + hardware when you go with Apple. Good software costs money. You seem to be coming from the Windows world where the software costs can easily be broken out. I choose not to go that route simply because I do not like the way Windows works. I'd rather have a really nice gui on top of a 'nix for when I have to get down and dirty. MS software always struck me as rinky-dink, no forethought, and as Jobs put it, no taste.
even the black-hats found it difficult to use Windows after Vista.
Sorry, that fifth one slipped under the radar.
Pictures of naked women aren't worth anything. Google Images of naked women - 821,000,000 hits. Cheaper than free.
http://slashdot.org/
Extortion, sourcing of underage material without being responsible for its production, advertising revenue from high traffic sites.
Imagine you did a data dump of all of the women in (e.g.) the netherlands on facebook. And posted it on a website, where it could be indexed, rated searched etc. You'd probably get a huge crush of traffic, and traffic = revenue.
You're thinking from the perspective of a product - you don't need to pay because someone else is monetizing you visiting their site- which is true, what they need is a way to get product, and if you're googling images of naked women, you're a product they can sell if they can just get you to click on their link rather than someone else's....
"Rather, you are buying software + hardware when you go with Apple. Good software costs money."
https://itunes.apple.com/us/app/os-x-mountain-lion/id537386512?ls=1&mt=12 (OS X 10.8 upgrade $19.99)
http://www.microsoftstore.com/store/msstore/en_US/pd/productID.216644200?WT.mc_id=mercent&mr:trackingCode=F1CB13AA-D1D4-E011-B18D-001B21A69EB0&mr:referralID=NA&mr:adType=pla&mr:keyword={keyword}&mr:match={matchtype}&origin=pla&mr:ad=15239889307&mr:filter=21844073347 (Windows 7 upgrade - student price $64.99)
Windows 8 is the best desktop OS. More secure, faster, more stable and has more software and hardware than Windows 7...
...IF, you can handle the FrankenOS of Metro/Win32...
They don't understand that in businesses, you don't run users as admins, which is what the Adobe Updater appears to require for autoupdates.
What they need to do is bring out a decent admin tool like WSUS for their products which enables centralized administration. Ditto Apple, Firefox, Java and a truckload of other software that would probably have a bigger market share if they just understood that where business is concerned with patching and security; Microsoft 'just gets it'. That's one of the key reasons why IE is the business browser of choice, because patching it is easy and quick, not convoluted and frustrating.
That said, it is possible to centrally manage Macs, to a degree...
Ever since I swore off Apple products (thank you OS X Lion for that revelation...), I've been repurposing and having a blast.
I spent $300 on a scratch and dent Dell Athlon (from the Dell Outlet, with surprisingly few scratches), put Debian on it, added 2GB of RAM (for a total of 6), a $35 power supply upgrade and a $20 video card off eBay. :) My secondary machine is an original Athlon XP I got for $40 off eBay, also running Squeeze. (It needs more RAM though.)
I always have a distant plan to build another system in the near future (something with oodles of RAM and enough processor cores to choke a horse), but in reality, my machines are running fabulously... Even my $70 Dell optiplex I bought from a friend so I could make it my "GOG.com game machine". :) I find goofing around with these older machines fun. And with Debian Squeeze (and fluxbox)... I could still be using a Pentium III 800mhz (which I plan to repurpose as a NAS for my LAN...) Old PCs have plenty of life left in them...
I was reading a Debian developer's blog a while back (the name of the blog and the developer escape me at the moment), but he wrote a great piece about keeping hardware and getting the most out of what you already have, rather than going into debt to be "cutting edge" for 15 minutes. I am not doing this because I'm some sort of eco-terrorist who wants to blow up SUV dealerships and live in a tree. Rather, I'm a person who likes to get his money's worth. And with my computers I have now, I get the most bang for my buck, and with low margin PC sales dominating... I can do it without breaking the bank. :)
This was not to say that those folks on the bleeding edge are somehow idiots and have too much money... I just found a neat way to continue my hobby and keep costs to a minimum. :)
It's the Stay-Puft Marshmallow Man.
The article is about the most common vulnerabilities on "pc's with kaspersky software installed": it is not about most secure software. This report just says that many people, who use kaspersky, do not keep updated their java and flash. Secunia rates the unpatched vulnerabilities of Windows 7 as highly critical. It's just that big companies (the most likely customers of kaspersky) don't use W7 as much as Java.
Secunia: "the most severe unpatched Secunia advisory affecting Microsoft Windows 7, with all vendor patches applied, is rated Highly critical". Kudos to MS for making (some of us believe they made) a secure OS.
Cracking and Virus writing has NEVER been about the number of systems like the MS fanbois love to claim. It has always been about what is easier to attack. At this time, all of the other systems need to focus on security as well. Regardless, this reminds me of the bear joke:
bear coming in the back of a tent, and one guy putting on shoes. Other screaming that they have to outrun the bear, and asks first guy why putting on shoes. He says that he does NOT have to outrun the bear. He simply has to outrun the other guy.
I prefer the "u" in honour as it seems to be missing these days.
Bloatware with vulnerabilities. Anybody surprised?
Windows Phones have zero capability of showing email headers, so it becomes a choice of deleting the message or opening the message. When the message is opened, Windows Phones have no capability of checking a link before clicking it.
That's two security vulnerabilities security firms can add to their list against Microsoft.
and driving like you're owning the road. And don't use your flashers, I really hate it when people signal their intentions. And of course, please honk after 2ms at the green light.
And I can't have enough of your crappy sound system when you're parked right in front of my house
I've got better things to do tonight than die.
"Rather, I'm a person who likes to get his money's worth."
Good for you. Really, I mean that. All of those old components that you save and use later are a little bit of good karma for you.
I've been managing to keep 4-5 computers going (one for each of our family members and a shop machine) and we only buy a new machine maybe once every 5 years. I save every single component, I reuse, repurpose, etc. I don't throw anything away until it is broken beyond use. But, I do not collect other peoples junk. We occasionally buy single components to upgrade--a video card here, a monitor there.
After 20 years of doing this, I've finally run out of hard drives. Them old platters just get tired of spinning, I guess. But, I can say that I've added the bare minimum of waste to the environment, I've saved our family a lot of money and I feel good about it.
Interestingly, the moment I leave the Desktop PC market and enter the tablet or smartphone market, I lose the ability to continue doing this.
I agree. I don't care how advanced your smart phone/tablet is. Unless it can be converted into a desktop environment that supports keyboard, mouse, multi-monitor, and multiple apps open simultaneously. The desktop will not die out.
I don't understand why everyone wants to keep declaring the PC dead, its not. When I walk into a LAN party, I don't see a single tablet or phone being used to play a game, It's all PC's. At school i don't see any phones or tablets used for presentations, that is all macs and PC's. When you look inside embedded devices (routers, modems, etc...) you wont find IOS or Android in there that is mostly dominated by Linux, or custom OS. I have yet to hear of a single App, or program that was developed on a smartphone or tablet. Heck I don't think there are even any compilers for those restricted devices. Not that it's not possible , it just does not seem like a good use of the technology.
Now if you want to know why, PC market shares are down. It's PC's last for more than a 2 year contract. This means that i can expect my PC to still be working 3,5,10, or more years from now. PC's are also easily upgradable. (even laptops cant spout that) Heck I have data on my PC that dates back far more than 10 years. If your smartphone has that than kudos to you, but i know many people who have PC's in that realm. PC's are just more reliable than your average tablet for data storage. BTW when i can store more than 10 TB on a smartphone, and have that date be virtually indestructible (meaning i can smash the phone with a sledge hammer, or drop the phone from orbit, and have it take only damage.), and alleviate the easy of theft that is currently possible with smartphones, and develop interfaces that are better than desktop for gaming and development, and make the phones as easily upgradable as a desktop, then and only then will I concede that the desktop is about to die. And i say about to die because it will still linger for several years before it actually dispersers.
Even though the smartphone is a useful tool, it is not an all purpose tool. And just because you who don't play any real games, write software, participate in cutting edge technology development, or do anything that needs a screen larger than 2.5" don't see any need to use a PC think it's dead. Does not mean it is dead, BTW if market shares, and annual profits dictated the life or death of something, then the personal computing device (yes cell phones are included) would never have become a household item. Heck even star-trek thought typing was important enough to teach it to engineers of the future...
As you will notice in my sig, I am a dumpster diver. I do (did, I toned down quite a lot) what you do and I have saved quite some money as you did by mixing, matching, maximizing machines. The thing is, you do put a lot of time in it and you're lying to yourself that you do it to save money. You do it because you enjoy it. If you factor in your time, you're not saving money. I realized that when I have perfectly fine Athlon 64 machines with 2GB RAM that nobody would take. I still can't help myself to pick up an old computer, but it really really really has to be something extremely good (Core 2 Duo for example is still hard to find in the dumpster, but I have gotten a Core Duo a time ago... as a laptop no less)
Anyway, what I try to say is that you're better off specifying your needs and looking for deals and things on sale. That Celeron, will do just fine as a nettop for surfing, youtube etc... Especially if the drivers are ok (I have a Atom D525, which I stopped using because it really was too slow, but another Atom 330 performed better and the difference was the chipset... Go figure. All on Linux. I found out that the D525 chipset I had sucked under Linux. Bad buy.. Should have researched beforehand). In a similar vein, I got myself a Core i7 laptop with FullHD for a mere 525€. Did I get, lucky? Hell yes! It now even has 16GB RAM because it has become so cheap.
You already realized that you don't need the top of the line. So did I. Now realize that your time is worth a lot more than the old hardware. Well, if it's a hobby... fine, but then call it a hobby stops you from spending.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
It's amazing what old hardware will do if you don't install iTunes
All the good attacks are at facebook etc. b
It's the 21st century equivalent of the horse-drawn buggy.
That's why people call it a buggy OS.
this goes to the 'only one on an island not needing to lock their door'. Windows phone is too small to matter much - it's not like MS products don't have known, exploited vulnerabilities, just in terms of the most exploited ones they aren't that bad. They seem to be reasonably on top of fixing things overall. At least relatively to Java and Flash.
MS products do not have top vulnerabilities, but they are still top targets: most malwares are still designed for Windows. It is just that the attackers reach the target by different vulnerabilities. It is therefore still true that using Windows poses a risk.
Really, that's what I did with the Dell. I wanted a 64-bit machine on the cheap that had decent hard drive space out of the box, but was standard enough to upgrade when I need it (I've had this Dell now for about 2 years or so.) I also check barebone bundle prices from time to time just to see if there's a great deal I can't live without (so far, my price ceiling is about $400.) :) I know there are a few bundles I am keeping my eye on, but I haven't found a need for an 8-core Athlon with 16GB of memory. :) At least not yet, of course....
I love to tinker, too. Proprietary cases annoy me... they have to be pretty cheap to be worth my time. :)
It's the Stay-Puft Marshmallow Man.
Thanks for the support. I sometimes get blank stares when people hear what I do with computers in my spare time. :) My only weakness is my desire to find the perfect keyboard. :) I had one once... but I traded it for some other parts many moons ago.
It's the Stay-Puft Marshmallow Man.
The desktop is not going away any time in the forseeable future. People have been saying for almost 10 years now how the desktop was dead, and everyone would have laptops, yet desktops persist. Enthusiasts and gamers keep the desktop alive. Beige boxes are almost half of all desktops sold, and they are also a growing market. Laptops are also preferred by a very many people. They are effectively just desktops with screen and batteries attached. Tablets are new and great, and I forsee laptops becoming more tablet like in terms of form factor and mobility. At best buy, many laptops now have touchscreens I've noticed. Some have detachable keyboards and become very tablet like. It's exciting times.
Sent from my desktop.
Be sure to provide an example of a non-buggy OS. Don't be offended if I don't wait up waiting for your reply.
Just an FYI, Windows 7 Ultimate has a full Unix layer. As for the rest, beauty is in the eye of the beholder. I've yet to find anything I like about the appearance of Apple's software. Their hardware looks ok though, but they aren't unique in that regard these days either.
Have they found any exploits that work reliably on Win8 yet?
You mean iOS. OSX still has a pittance for market share. Besides, we just spent over a decade and a half dealing with one insecure OS, we don't want to start over with another.
"Microsoft products no longer feature among the Top 10 products with vulnerabilities"
"Kaspersky Lab is a Microsoft Gold Certified Security Solutions Partner and is currently working on several joint projects with Microsoft". link
AccountKiller
I built my mom a AMD-A6 3650 with 16GB RAM. Given, I had all the other stuff (nice case, etc..) already since it was the motherboard of her machine that started to get flaky, the upgrade was only 250€ or so... The price difference for "classical" 4GB was negligent. Sure, it's not octo-core, but quad-core. Sure, she has no use for it, but why not? Incidentally: that was a CPU/Motherboard combo on sale too.
Ahhh...the great dumpster continuum. Many a free computer will be found there. -- sowth (748135)
speak for yourself!
While I agree with you in general, there are actually apps which are developed on smartphones. As an example, WP7 has an app (written by MS) called "TouchDevelop" that's basically a touch-oriented scripting engine. It supports packaging scripts developed with it as apps and submitting them to the store, and some people have taken advantage of this.
It's slow and has an unfortunate effect on battery life when running anything remotely real-time, but it works, it's free, and it's really easy to use... and it's only available on the phone. There may be similar apps on other phones; I don't know.
Also, I personally have written and executed scripts on the Surface RT tablet, just to see if I could (it's actually really easy). I didn't try to package them as apps, though.
There's no place I could be, since I've found Serenity...
You can copy link addresses and paste them into a text window, rather than just opening them in the browser. It's a bit messy, but you are factually incorrect on that point.
However, the first point is (officially) correct. Technically you *can* read them, but it requires some hacks.
There's no place I could be, since I've found Serenity...
Give that man the clap!
You do realise that older computers use more electricity than newer ones don't you? So by solely using older computers you are actually using more electricity and thus they are costing you more money for less performance. Keeping up-to-date is not solely about power but also about power consumption. My new computer which is about 5x faster than my old one also uses about 100w less.
I'm not developing on a fucking smart phone, so suck an egg.
I am ... must suck to have your phone!
Can a person program a new solution to a problem? Why should anyone be able to stop such a thing? -Richard Stallman
considering Microsoft's stuff is still basically pre-security-conscious with bolt-ons. Amazing that it works as securely as it does. ty Bill and stephen
While I am a big fan of Win7 Ultimate, I think calling the posix layer a "full Unix layer" is a bit of a stretch.
Windows is no longer the 800 lb gorilla - Apple iOS is.
iOS is 2nd in market share in mobile just like Apple is 2nd in market share on desktop. How does coming in 2nd in every market they touch make them the "800 lb gorilla"?
AccountKiller
I agree it's hard to judge as an entire marketplace. I mean Microsoft might not be on he list cause the PC to tablet market is so different number wise. I would like to see a top 10 for PC then top 10 for smartphones. Plus like mentioned people due get longer out of PCS then phones and tablets not just due to build but because PCS can be repaired where phones and tablets are disposable.
http://www.thetechnologygeek.org
All his detractors have's an unjustified downmod but no facts why.