Microsoft blames outside firms for Windows security problems
A new Microsoft security briefing reportedly says most major security issues in Vista are down to third-party applications. It claims that’s a big change from XP where Windows itself was responsible for many of the security gaps.
The report, which covers the first half of 2008, says the number of vulnerabilities in the most serious category is up compared with July-December 2007 but down compared with the same period last year. (Perhaps hackers take summer, Thanksgiving and Christmas vacations just like the rest of us…)
The figures show a shift towards hackers exploiting problems in applications rather than Windows itself, with 90 percent of all exploits now in applications. The report also shows that whereas half of the ten most serious exploits in XP were down to Microsoft products, all ten in the equivalent Vista list involve third-party applications, including RealPlayer and Apple QuickTime. And looking at the figures for all exploits, 42 percent were down to Microsoft products in XP, compared with just 6 percent in Vista.
In some senses these figures back up Microsoft’s insistence that Vista is much safer than XP. The problem is that you can’t discount the possibility that the trends are also down to third-party applications simply getting sloppier. The figures will also come as little relief to Vista users who’ve endured the nagging of User Account Control on the grounds that it will make third-party software safer on Windows.
The report also makes a valuable point which is easily forgotten: the most common cause of data loss is people physically stealing computers rather than hacking into them.
There are also some interesting stats on e-mail scams: almost a third of all spam involves adverts for Viagra and similar products, with just over half of spam involving some form of pharmaceutical product. Only 2.5 percent of spam blocked by Microsoft’s products was an attempt at phishing, though the scammers behind such tricks are shifting their attention away from the US towards users in the United Kingdom and India.
Related Posts:
