JorgeA Posted November 17, 2013 Share Posted November 17, 2013 I read somewhere recently that nowadays the majority of security threats to PCs and their users lies not in the operating system itself, but in the installed applications and in software platforms such as Flash and Java.Does anybody have solid statistics (or a link to such) as to the proportion of PC attacks/infections that are attributable to the vulnerabilities that Mcrosoft deals with on Patch Tuesday, vs. those that are due to vulnerabilities in platforms like Flash and Java, or to the programs residing on a PC?--JorgeA Link to comment Share on other sites More sharing options...
jaclaz Posted November 17, 2013 Share Posted November 17, 2013 I guess you are asking a bit too much.Particularly the "solid", but in any case it doesn't work really-really like this.I mean, there are several stages that do not allow IMHO to draw a line.A "vector" may be (in my personal experience the "best" vector is the user clicking on random things AND Outlook Express ) Flash or Java, but 1/3 to 4/5 of *any* program nowadays access the Internet, at the very least to check for it's own updates, so it is difficult to say.But the "vector" is only HOW the malware enters a machine, then the "payload" may make use of *any* vulnerability present on the system.Loosely I would say that the patches on "Patch Tuesday" (those that tend to lead to "Exploit Wednesday" ) - with the singular exception of Internet Explorer (and Outlook/Outlook Express) patches - are largely preventing the "payload" from doing damages/work, and very little about the "vectors", but it is difficult - as said - to draw a line between the two.jaclaz Link to comment Share on other sites More sharing options...
JorgeA Posted November 17, 2013 Author Share Posted November 17, 2013 Thanks, jaclaz. It's too bad that there don't seem to be (and that it may not even be possible to have) good studies on this question that offer statistical breakdowns.If the issue of hacking somebody's PC is a dynamic process where (say) the existence of a Java vulnerability then enables the use of a hole in the OS, then it all becomes a tangled mess and it's hard to tease out the causes.--JorgeA Link to comment Share on other sites More sharing options...
JorgeA Posted November 21, 2013 Author Share Posted November 21, 2013 (edited) Maybe this report will throw some light on the issue. Scroll down to the "Vulnerabilities" section.If I read it right, it sounds like the great majority of security holes nowadays are in Adobe or Java products rather than the operating system.Anybody have better (clearer or more definitive) numbers?--JorgeAP.S. Also check this out, especially the charts on pages 31 and 42 of the Full Report.P.P.S. And one more:Eighty-seven percent of the vulnerabilities found in the top 50 programs affected third-party programs such as Adobe Flash and Reader, Java, Skype, various media players and others outside the Microsoft ecosystem. That means the remaining 13 percent “stem from operating systems and Microsoft programs,” according to Secunia’s Vulnerability Review report, released yesterday. Edited November 22, 2013 by JorgeA Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now