March 23, 2007 9:34 AM PDT
Study: Windows has fewest security holes
- Related Stories
-
Red Hat hopes to solidify lead with new Linux
March 14, 2007 -
Apple megapatch plugs 45 security holes
March 13, 2007 -
Mozilla releases security updates
February 23, 2007 -
Experts raise Windows security alarm
November 16, 2006 -
Zombies try to blend in with the crowd
October 19, 2006
Despite having the fewest security holes, Windows was hit by more critical flaws than either Red Hat Linux or Mac OS X, Symantec found.
Symantec's latest "Internet Security Threat Report" (PDF) reveals 39 security holes were discovered in Windows during the second half of 2006, with an average patch development turnaround time of 21 days, up from the 22 Windows holes found in the first six months of the year.
Red Hat Linux had 208 vulnerabilities for the same period with an average patch time of 58 days, a huge increase on the 42 patched vulnerabilities for the first half of the year.
Apple's Mac OS X had 43 vulnerabilities--more than double the number for the first half of 2006--and an average patch time of 66 days.
But almost one-third of the 39 Windows holes were high severity, and 20 were medium severity. Just two of the 208 Red Hat Linux security holes discovered were high severity, with 130 medium severity and 70 low severity. Only one of the Mac OS X holes was considered high severity, with 31 classed as medium and 11 as low severity.
The report found that Windows also had the most vulnerabilities with exploit code and exploit activity, which Symantec claims may be one explanation why Microsoft has been pressured to develop and issue patches more quickly than other vendors.
Mozilla Web browsers, such as Firefox, are also more secure than Microsoft's Internet Explorer, according to the report.
It found 54 holes in IE during the second half of 2006, with one of these being of high severity, compared with 40 holes in Mozilla browsers, which had no high-severity vulnerabilities. Only four holes were found in the Safari and Opera browsers over the same period.
The latest Symantec threat report, which covers the six-month period from July 1 to December 31, 2006, also reveals the number of "zombie" PCs hijacked by hackers and used to launch denial-of-service attacks or send out spam has risen by almost 30 percent in the past year.
Arthur Wong, senior vice president for Symantec Security Response and Managed Security Services, said attack methods used by cybercriminals are becoming more complex and sophisticated to escape detection.
See more CNET content tagged:
severity,
Red Hat Linux,
security hole,
Symantec Corp.,
Mozilla Web browser
vulnerabilities with associated exploit code and exploit activity in
the wild."
And that is all that matters.
http://www.mozilla.org/projects/security/known-vulnerabilities.html
There at at least 5 critical vulnerabilities reported in the second half of 2006, and Mozilla defines "critical" as "Vulnerability can be used to run attacker code and install software, requiring no user interaction beyond normal browsing."
from 3rd party applications? Certainly MS, Apple and Red Hat
aren't responsible for bugs found in others manufacturers
products?
I'm also not really keen on the 'security researchers'. Heaven
knows I'd love to have a job where I point out someone else's
flaws all day but is is really all that beneficial?
I'd love to see a study on how much of these increases can be
attributed to the exploits being 'known' (i.e. reverse engineered
from the patches) versus them being genuinely exploited?
Windows Security Holes Are Most Critical
Windows Has Most Critical Security Holes
Security Holes in Windows Rated Most Critical
Security Holes in Windows Tend Toward Most Severe
I think those tell the story better than the current distorting headline
- (* ROFLMAO *)
-
by wbenton
March 25, 2007 4:06 AM PDT
- After reading the title... I didn't feel like reading the rest of the story...
-
Reply to this comment
-
-
See all 24 Comments >>Such a farse of a title deserves to be ignored!!!
Walt