- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
Microsoft's latest security report shows that the number of new vulnerabilities found in its software was lower in first half of the year than the last half of 2007, with the Windows Vista OS proving more resistant to exploits than XP.
Microsoft reported 77 vulnerabilities from January to June compared to 116 for the last six months of 2007, according to the company's fifth Security Intelligence Report.
The decline is in line with the software industry as a whole, which saw a 19% decrease in vulnerability disclosures compared to the first half of 2007, Microsoft said. However, those vulnerabilities considered highly severe rose 13%.
Exploit code was available for about a third of the 77 vulnerabilities; however, reliable exploit code is available for only eight of those 77.
Other data shows that XP is attacked more frequently than Vista. In XP machines, Microsoft's own software contained 42 percent of the vulnerabilities attacked, while 58 percent were in third party software. For Vista machines, Microsoft's software had 6% of the vulnerabilities attacked, with third-party software containing 94% of the flaws.
New security technologies such as address space randomization have led to fewer successful attacks against Vista, said Vinny Gullotto, general manager of Microsoft's malware protection center.
"Moving onto Vista is clearly a safe bet," Gullotto said. "For us, it's a clear indicator that attacking Vista or trying to exploit Vista specifically is becoming much more difficult."
The highest number of exploits were released for Windows 2000 and Windows Server 2003 operating systems, Microsoft said.
(See a slideshow on nine Web sites for Windows administrators.)
Hackers appear to be increasingly targeting Internet surfers who speak Chinese. Microsoft found that 47% of browser-based exploits were executed against systems with Chinese set as the system language.
The most popular browser-based exploit is for the MDAC (Microsoft Data Access Components) bug that was patched (MS06-014) by Microsoft in April 2006.Some 12.1 percent of all exploits encountered on the Internet targeted that flaw. The second most encountered exploit is one aimed at a vulnerability in the RealPlayer multimedia software, CVE-2007-5601.
The two most commonly exploited vulnerabilities in Windows Vista concerned ActiveX controls that are commonly installed in China, Microsoft said.
The Leader in Network Knowledge
Comments (15)
Linux - Like giving you enough rope to hang yourself, then a litBy Anonymous on November 4, 2008, 9:25 pmXP is [BY.................FAR] the most popular of ALL client O/S's. In general, the amount of issues with something is directly proportional to the amount of people...
Reply | Read entire comment
Else it would have been among the Darwin awardsBy Anonymous on November 4, 2008, 5:34 amTo all the critics in all of us, if they didn't "improve" something in a new OS they would have been among the Darwin awards ...
Reply | Read entire comment
Childish opinionsBy Anonymous on November 4, 2008, 5:23 amI seriously don't get why everyone dislikes vista. It's been working perfectly for me since day one. Sure there were driver issues in the beginning, but who's fault...
Reply | Read entire comment
MSFT punishes users for its own security flawsBy Anonymous on November 3, 2008, 3:24 pmThe reason that Vista seems "more secure" is merely a function of a relatively new OS which hasn't been picked apart for exploitable bugs such as the more mature...
Reply | Read entire comment
ME was better?By inverse137 on November 3, 2008, 3:19 pmWhile Vista does indeed suck, it is at least somewhat usable. ME was not even a usable OS. ME was the WORST operating system to ever be released. The fact that...
Reply | Read entire comment
View all comments