Microsoft Subnet An independent Microsoft community View more

Microsoft Trustworthy Computing finally pays off in a big way

In the latest security report from a major malware vendor, Microsoft is nowhere to be seen.

Back in 2002, then-Microsoft CTO and senior vice president Craig Mundie authored a whitepaper on what would become the framework of the company's Trustworthy Computing program. It would be built around four pillars that all Microsoft products would embrace: Security, Privacy, Reliability and Business Integrity.

It was first designed to implement best practices for secure, reliable software development within Microsoft, and then pass them on to developers as Microsoft refined them. Over a decade later, it seems Microsoft has done a better job of embracing these principles than the competition.

RELATED: First look: Windows 8 Surface RT

Microsoft has become everything it 'despised,' insiders tell Vanity Fair

Antimalware vendor Kaspersky has released its latest IT Threat Evolution report with some very interesting information. Some products are hotbeds of insecurities and vulnerabilities, but Microsoft products aren't among them. Java, Acrobat and iTunes are far worse.

A whopping 56% of exploits blocked in Q3 use Java vulnerabilities while another 25% use exploits in Acrobat Reader. Windows and IE accounted for just four percent of exploits. The top 10 exploits of Q3 2012 were listed at the very bottom of the report:

  • Oracle Java Multiple Vulnerabilities: DoS-attack (Gain access to a system and execute arbitrary code with local user privileges) and Cross-Site Scripting (Gain access to sensitive data). Highly Critical.
  • Oracle Java Three Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical. Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Gain access to sensitive data. Highly Critical.
  • Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Highly Critical.
  • Adobe Reader/Acrobat Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Extremely Critical.
  • Apple QuickTime Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  • Apple iTunes Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  • Winamp AVI / IT File Processing Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  • Adobe Shockwave Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Highly Critical.
  • Adobe Flash Player Multiple Vulnerabilities: Gain access to a system and execute arbitrary code with local user privileges. Bypass security systems. Gain access to sensitive data. Extremely Critical.

The rankings are based on the percentage of users whose computers had the vulnerability in question. They had failed to patch or update their computer sufficiently, and in the case of the top Oracle Java vulnerabilities, a lot of people were slacking off on patching because the infection percentage exceeded 30%.

All Kaspersky had to say on Microsoft was "Microsoft products no longer feature among the Top 10 products with vulnerabilities. This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS."

But that's not entirely it. Java and Adobe Reader have their own pop-ups to alert you of a revision/update. But they aren't as aggressive about it as Microsoft, which has automatic updates and defaults the settings to on, so when the Patch Tuesday load is dropped, you get the fixes pushed to your PC automatically.

Plus, some of these companies are notorious slowpokes, especially Oracle and Apple. Neither one has the nimbleness of Microsoft when it comes to fixing bugs. Holes in their products go reported but unfixed for months. In this regard, they lag far behind Microsoft.

So good job to the TwC team, formed during that so-called "lost decade."

Insider Tip: 12 easy ways to tune your Wi-Fi network
Join the discussion
Be the first to comment on this article. Our Commenting Policies