Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Escapes Kaspersky's Top 10 Vulnerabilities List

Posted by timothy on from the or-maybe-it-goes-without-saying dept.

An anonymous reader writes "Security firm Kaspersky has released its latest IT Threat Evolution report. There were some interesting findings in the report, as always, but the most interesting thing that stuck out was all the way at the bottom: 'Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.'"

9 of 112 comments (clear)

  1. Re:Surprised? by Colonel+Korn · · Score: 5, Insightful

    Less surprising is that the top vulnerabilities are Oracle's Java and Adobe products. In fact, Adobe can claim 5 of the top 10. Too bad I still have Reader and Flash on my system, but Java was purged from my system about a week after I stopped doing Java development.

    Just to reinforce the picture of Java as crapware, it blows my mind that Oracle packages shit like the Ask Toolbar in the regular security updates and you have to uncheck a box in order to prevent its installation. Oracle is a Zynga-level company.

    --
    "I zero-index my hamsters" - Willtor (147206)
  2. Re:Windows is no longer relevant by jones_supa · · Score: 5, Insightful

    Windows 7 is the best desktop OS. Secure enough, runs fast, smooth, stable, and all software and hardware works. OSX is pretty good too, but you have to buy expensive hardware to get it, and the software selection (especially regarding games) is more limited.

  3. Re:Surprised? by malakai · · Score: 4, Interesting

    They still do it. See here: http://www.java.com/en/download/faq/ask_toolbar.xml
    From Java.com:

    The Ask Toolbar is integrated with the Java download. During the installation of Java, users are presented with an option of downloading the Ask Toolbar

    Also, although it's fixed now, for a time, you couldn't direct link to the Win x64 JRE. It forced you through a page, that would check your browser and give you a x32 if your browser was 32bit. I used to have to fire up IE 64 on Server 2008 to grab a JRE to install on my 64bit os.

    --
    -Malakai
    A Dragon Lives in my Garage
  4. auto-updates of java by Tim+Ward · · Score: 4, Informative

    But you can't do auto-updates of Java, otherwise other stuff on your machine stops working.

    Java is sufficiently flaky that it's very common for particular applications to need particular versions very carefully installed and configured, so you end up with several versions on your machine - allowing auto-update is a recipe for utter chaos.

    1. Re:auto-updates of java by Carcass666 · · Score: 4, Informative

      But you can't do auto-updates of Java, otherwise other stuff on your machine stops working.

      Java is sufficiently flaky that it's very common for particular applications to need particular versions very carefully installed and configured, so you end up with several versions on your machine - allowing auto-update is a recipe for utter chaos.

      This. For those running eBusiness Suite and also have to use sites with applets, companies are caught between the rock of having to update Java to keep your browsers happy and the hard place of incompatibility of applications with newer versions of Java. Yes, you can load multiple versions of Java, but keeping things automatically updated, and keeping each application/browser using the correct JVM? Ouch. The recent issues over the past few months with poorly executed changes in the security model (broken applets that leverage AJAX), Apple's insistence (now abandoned) on distributing its own, outdated Java, and the mediocre UI stack make Java on the desktop a nightmare. I love my glassfish servers, but Java needs to be abandoned on the desktop. I think most people have given up on "write once, run anywhere", they would settle for "write once, run consistently". The Java brand suffers because of the desktop nonsense, which is a shame because it is so powerful and useful on servers.

    2. Re:auto-updates of java by jbengt · · Score: 4, Informative

      #Java is sufficiently flaky that it's very common for particular applications to need particular versions very carefully installed and configured . .

      Exactly. I do work for a client that uses Primavera - which we have to access thru a browser for all records and communication on their construction projects. A recent update to their installation required us to install a very particular Java version that is not at all up-to-date or secure, fuck whatever else we might need Java for. The kicker is that both Java and Primvera are Oracle products.

  5. Re:Windows is no longer relevant by cvtan · · Score: 5, Funny

    You are not supposed to do developing at all. Use your smartphone to watch TV and movies as God intended.

    --
    Sorry, but gray text on gray background is making my eyes bleed.
  6. Re:Windows is no longer relevant by Sir_Sri · · Score: 5, Interesting

    This is one of those things that will be hard to judge.

    First off, there are more android installs than iOS, and a lot of them are older versions which aren't getting updates etc. I see what google et.al. are doing but that market fragmentation will eventually be a security nightmare.

    Secondly, MS moves something like 250 million copies of windows a year, and yes, turnover is going down, but that means there are still a billion windows PC's in the wild. The smartphone market has much higher turnover, in part because of carrier subsidies and the noticeable performance improvements still happening, and in part because cell phones are just much more likely to physically fail than a desktop, so I would be surprised if there are 300 million iOS devices in the wild at all. Officially they've sold 400 million iOS devices (http://news.cnet.com/8301-13579_3-57511323-37/apple-by-the-numbers-84m-ipads-400m-ios-devices-350m-ipods-sold/) through june, but a LOT of those are replacements for older iOS devices at this point (it would be a bit like MS talking about how many copies of windows it has sold since 2007 versus how many are actually in use).

    Lastly, a lot of mobile devices may have vulnerabilities than can be exploited but that don't put users at risk because users don't behave in a way that exposes them to much risk. If you aren't regularly grabbing new apps, or trying to click links in e-mails or the like, well, you're not a power user but you're not at a great deal of risk either. The only person on an island doesn't really gain much by locking their door sort of thing. And we all know hackers are after things worth money. Desktops are worth money, banking information is worth money, (and banking is becoming more popular on smartphones to be sure), pictures of naked women are worth money (and those are certainly on phones....), but it's hard to know if hackers, especially serious ones, are going to refocus on desktops, because now if you have a desktop you're probably a serious productivity person, which means you have something worth stealing.

  7. Re:Windows is no longer relevant by ILongForDarkness · · Score: 4, Interesting

    Well to be fair for the the majority of /. readers we aren't in the cheap desktop market. For one reason or another we'll find a way to drop 2k+ on our laptops and desktops. We're devs, or gamers, or video processing nerds, or guys that measure their worth by their massive stash of pirated material and seed ratio etc. Either way we seem to all want some combination of SSD, big disk capacity, massive monitor, top of the line CPU, etc. Apple gear might not be great value but they don't target the low end of the market and we generally aren't there anyways.