Prev: Simple hack to get $500 to your home.
Next: Hitman Pro 3 3.5.6.106
From: Virus Guy on 14 Jul 2010 21:22
Secunia released their mid-year 2010 vulnerability report recently:

http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf

This is what I found interesting (page 6):

---------------
Figure 2 visualizes the dynamics in the Top-10 group and indicates that
popular vendors are also subject to more scrutiny by the security
community/researchers than less popular vendors; Oracle (including Sun
Microsystems and BEA Logic) ranked #1 in four out of five years
overtaken by Apple in the first half of 2010, with Apple consistently
ranking higher than Microsoft.
---------------

Apple ranks #1 in terms of having the most vulnerabilies during the
first half of this year, followed by Oracle (Sun), Microsoft, HP and
Adobe.

Interesting to see that 91% of the computer's in Secunia's sample had
Acrobat reader installed on it, 89% had Sun Java JRE, and 99% had Flash
player.

While only 15% were running Apple Safari, 43% had iTunes.

Perhaps the most relavent take-home message:

---------------
Today we are facing a much more challenging and complicated problem that
is likely to take years to solve; patching of 3rd party software.
Looking at the Top-50 programs installed by Secunia PSI users we see
that the programs come from 14 different vendors, it is also worth
considering that all the programs covered by Secunia PSI is spanning a
total of 3,000 vendors. Only recently have we seen significant
initiatives from Adobe, the most prevalent �3rd party� vendor due to
Adobe Flash Player and Adobe Reader, to start updating all their users
in a more efficient and rapid manner than earlier. This seems to be a
response to the increased exploitation of Adobe Reader vulnerabilities
in 2009.
------------------

Secunia seems to be giving Chrome, Firefox, Safari Java iTunes and
Thunderbird a break in this analysis - clearly they deserve a beating
over their poor showing in this report - perhaps moreso than Adobe.
From: Slarty on 16 Jul 2010 13:20
On Wed, 14 Jul 2010 21:22:58 -0400, Virus Guy wrote:

> Interesting to see that 91% of the computer's in Secunia's sample had
> Acrobat reader installed on it, 89% had Sun Java JRE, and 99% had Flash
> player.

No Acrobat (nor anything by Adobe) here, same with Java. Unfortunately
Flash is all too ubiquitous all over the web to be altogether avoided.
Firefox plus Flashblock is my compromise solution. Who needs Java anyway? I
certainly don't.

Cheers,

Roy
 | 
Pages: 1
Prev: Simple hack to get $500 to your home.
Next: Hitman Pro 3 3.5.6.106