Comments on: Top Most Vulnerable Applications and Operating Systems in 2010

By: Onion

Onion — Sun, 15 Apr 2012 16:54:41 +0000

There is a perception that “As long as it’s not Microsoft then I am safe”. Microsoft has put security at the forefront on their products. Their patch cycle is much more robust than some other companies.

By: Jenna Ardi

Jenna Ardi — Mon, 14 Mar 2011 06:15:01 +0000

I’m surprised that Google Chrome OS and Chromium OS were not in the list for the most targeted operating systems in 2010.

The United States Computer Emergency Readiness Team stated last January 13, 2011 that “Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.”

Although this problem can be fixed through software update, it still proves that the Google Chrome OS is receptive to most OS vulnerabilities.

By: Brian Camilleri

Brian Camilleri — Sat, 05 Mar 2011 22:35:34 +0000

Great comparision, I am so glad to see Microsoft is trying what is possible to make its products better and secure. This information helps any person placed in a situation to decide which OS to use to make the right decision.

Great Work.

Brian

By: Cristian Florian

Cristian Florian — Mon, 28 Feb 2011 18:31:39 +0000

@FOSS

Definitely Internet Explorer numbers would be higher if its code would be publicly available.
However the trends in the past years, when we take each browser individually, are not influenced by this.

For Internet Explorer the numbers are:
2007 -> 68
2008 -> 66
2009 -> 58
2010 -> 59

For Firefox they are:
2007 -> 77
2008 -> 93
2009 -> 128
2010 -> 103

For Safari they are:
2007 -> 41
2008 -> 39
2009 -> 70
2010 -> 122

As you can notice Internet Explorer is the only browser that is having a descendant trend in the last four years. This means that:
- Microsoft did improve security in the latest versions of Internet Explorer
- This is another way to show that Internet Explorer lost market share and the other browsers gained and therefore they become more attractive for hackers and security researchers looking for vulnerabilities

By: Cristian Florian

Cristian Florian — Mon, 28 Feb 2011 17:58:04 +0000

@ Brian
Strictly speaking it is people who are targeting these. And the first step to create an exploit is to find a vulnerability.

The number of publically known vulnerabilities correlates with the interest hackers have to use the product as an attack vector.

Indeed today Adobe Reader vulnerabilities, for instance, are more important than Google Chrome ones because Adobe Reader is more widely in use, especially in corporate environments.

But Google Chrome is definitely on an ascendant path in capturing interest and becoming more “targeted”. The trend is obvious if we are looking at the numbers of vulnerabilities for it in the past three years (again the source is National Vulnerability Database):

2008 -> 11 vulnerabilities
2009 -> 31 vulnerabilities
2010 -> 152 vulnerabilities

I know that Java and Adobe Reader/Acrobat are widely exploited, but I don’t have exact figures. You are very sure that they are by far on the first place. Can you share with us the sources/facts that determined you to do this affirmation?

By: FOSS

FOSS — Sat, 26 Feb 2011 23:47:50 +0000

The reason Chrome is #1, Safari #2, Webkit #3, and Firefox #4 is because all of these browsers are open-source. When a project is open-source there is a much more transparent bug reporting method — most bugs found are considered potential security issues. On the upside, this means bugs are usually patched much more quickly than those in the closed source world.

Internet Explorer is closed-source which means it takes a little more work to discover flaws (but it doesn’t stop flaws from being discovered, as we all know). Moreover, Microsoft is under no obligation to report all vulns that they themselves find. If IE were open-sourced, you would see that it would have similar numbers to Chrome and FF.

By: Brian Eckman

Brian Eckman — Thu, 24 Feb 2011 21:52:18 +0000

Since when do *vulnerabilities* “target” applications, operating systems, and such? They don’t! EXPLOITS target these. Google Chrome isn’t the most “targeted” browser – it simply is the browser that had the “high severity” vulnerabilities listed within the National Vulnerability Database for the previous year.

As far as what software is/was most frequently exploited via the Internet to install malicious code, Java and Adobe Acrobat/Reader are pretty much tied for #1, with nothing remotely close to being next in line.

By: Cristian Florian

Cristian Florian — Mon, 21 Feb 2011 12:46:39 +0000

Indeed, 2010 was a rich year in security updates. Microsoft alone has released 106 security bulletins, which is a company all time record.

By: callmecool

callmecool — Mon, 21 Feb 2011 02:03:40 +0000

Another reason why you should never buy pirated goods! Try it once and it destroyed my system. I lost almost all my files.

By: Carmen Sidir

Carmen Sidir — Mon, 21 Feb 2011 02:01:46 +0000

Well, I guess we all know the reason why they’re the most targeted. They’re also the most popular. But what sets them apart from the other applications is they’re constantly updated by their developers. So although it’s making me anxious, I’m not completely worried.