If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Windows 8 is the most vulnerable Windows OS - you can thank Adobe Flashfor that
If you are wondering why Windows 8 tops the charts, even though
Microsoft touts the platform as more secure than its predecessors (don't they always) - the answer is quite simple; Flash. Because Flash is now baked into the modern instance of IE, any Flash vulnerability can now be tied into Windows 8 as well. http://www.neowin.net/news/windows-8...flash-for-that http://www.neowin.net/images/galleries/1821/vultop.png ----------------------------------------------------------- Breakdown of end-point vulnerabilities in 2013 XP Vista Win-7 Win-8 Operating system 99 102 102 156 Micro$oft Programs 192 192 192 192 Third-party programs 914 914 914 914 Total 1204 1206 1208 1261 ---------------------------------------------------------- Approximately one-third of the vulnerabilities of the Windows 8.x OS for 2013 is probably attributed to a single program that until Windows 8 was an external program (Flash player) and is still in a way an external program since "Microsoft is not directly responsible for the Flash code". And for older OS, updates for that external program will continue to come directly from Adobe regardless of which older OS you happen to be running, even if you are running an "unsupported" XP. The vast majority of the vulnerabilities for all OS are attributed to programs other than the OS, and are constant across all OS. The OS is only "responsible" for less than 10%. And since the OS can be "shielded" by means of routers, firewalls, anti-virus and other anti-malware software, and user attention to what the heck they are doing, then the choice of OS, from a security perspective, becomes more and more a moot point. Because of this tight integration of Flash into IE, for those that think that IE8 (the last Internet Exploiter version to run on XP) is less secure than IE 11 for windoze 8 - think again. ======================= After 7+ years of retail availability (1999 - 2006): Vulnerability Report: Microsoft Windows 98 Second Edition http://secunia.com/advisories/produc...ask=advisories Affected By: 33 Secunia advisories 22 Vulnerabilities Unpatched: 9% (3 of 33 Secunia advisories) The most severe unpatched Secunia advisory affecting Microsoft Windows 98 Second Edition, with all vendor patches applied, is rated Less critical. ====================== After 1.5 years of retail availability: Vulnerability Report: Microsoft Windows 8 http://secunia.com/advisories/produc...ask=advisories Affected By: 68 Secunia advisories 200 Vulnerabilities Unpatched: 1% (1 of 68 Secunia advisories) The most severe unpatched Secunia advisory affecting Microsoft Windows 8, with all vendor patches applied, is rated Not critical ======================= Now, I could be _really cruel_ and post the number of advisories, vulnerabilities and especially unpatched vulnerabilities for Windoze 7, but you can laugh your ass off by looking at them he http://secunia.com/advisories/produc...ask=advisories Meekro$oft's motto: If it works, it's not complicated enough. Macro$haft: The bloat and exploits go in before the name goes on. Windows NT/2k/XP/7/8 - Like the Emperor's new clothes - woven from the finest code, the most expensive threads. The Windows NT line of Operating systems: Are we secure yet? Windoze xp (scratch that) Windows Vista (no wait) Windows 7 (hold on) Windows 8: - How do you want to be hacked today? |
#2
|
|||
|
|||
Windows 8 is the most vulnerable Windows OS - you can thankAdobe Flash for that
XP Guy wrote:
If you are wondering why Windows 8 tops the charts, even though Microsoft touts the platform as more secure than its predecessors (don't they always) - the answer is quite simple; Flash. Because Flash is now baked into the modern instance of IE, any Flash vulnerability can now be tied into Windows 8 as well. http://www.neowin.net/news/windows-8...flash-for-that http://www.neowin.net/images/galleries/1821/vultop.png ----------------------------------------------------------- Breakdown of end-point vulnerabilities in 2013 XP Vista Win-7 Win-8 Operating system 99 102 102 156 Micro$oft Programs 192 192 192 192 Third-party programs 914 914 914 914 Total 1204 1206 1208 1261 ---------------------------------------------------------- Approximately one-third of the vulnerabilities of the Windows 8.x OS for 2013 is probably attributed to a single program that until Windows 8 was an external program (Flash player) and is still in a way an external program since "Microsoft is not directly responsible for the Flash code". And for older OS, updates for that external program will continue to come directly from Adobe regardless of which older OS you happen to be running, even if you are running an "unsupported" XP. The vast majority of the vulnerabilities for all OS are attributed to programs other than the OS, and are constant across all OS. The OS is only "responsible" for less than 10%. And since the OS can be "shielded" by means of routers, firewalls, anti-virus and other anti-malware software, and user attention to what the heck they are doing, then the choice of OS, from a security perspective, becomes more and more a moot point. Because of this tight integration of Flash into IE, for those that think that IE8 (the last Internet Exploiter version to run on XP) is less secure than IE 11 for windoze 8 - think again. ======================= After 7+ years of retail availability (1999 - 2006): Vulnerability Report: Microsoft Windows 98 Second Edition http://secunia.com/advisories/produc...ask=advisories Affected By: 33 Secunia advisories 22 Vulnerabilities Unpatched: 9% (3 of 33 Secunia advisories) The most severe unpatched Secunia advisory affecting Microsoft Windows 98 Second Edition, with all vendor patches applied, is rated Less critical. ====================== After 1.5 years of retail availability: Vulnerability Report: Microsoft Windows 8 http://secunia.com/advisories/produc...ask=advisories Affected By: 68 Secunia advisories 200 Vulnerabilities Unpatched: 1% (1 of 68 Secunia advisories) The most severe unpatched Secunia advisory affecting Microsoft Windows 8, with all vendor patches applied, is rated Not critical ======================= Now, I could be _really cruel_ and post the number of advisories, vulnerabilities and especially unpatched vulnerabilities for Windoze 7, but you can laugh your ass off by looking at them he http://secunia.com/advisories/produc...ask=advisories Meekro$oft's motto: If it works, it's not complicated enough. Macro$haft: The bloat and exploits go in before the name goes on. Windows NT/2k/XP/7/8 - Like the Emperor's new clothes - woven from the finest code, the most expensive threads. The Windows NT line of Operating systems: Are we secure yet? Windoze xp (scratch that) Windows Vista (no wait) Windows 7 (hold on) Windows 8: - How do you want to be hacked today? Your table of numbers is pleasantly nonsensical. Are you in effect telling me that the availability of ASLR on the later OSes, made absolutely no difference to some of these things ? You're also telling me, that two of the OSes share so much code, as to be identical. Surely there are *some* differences, byte for byte, between those two OSes. The table is convenient, but lacks enough statistical noise to pass scrutiny. Windows 8 added an entirely new subsystem (Metro), which, like other GUI subsystems, is going to have its own issues and its own bugs. It's not a surprise there are more exploits. And "features" have always trumped "security", no matter what century it is. You can't sell a new OS, without some glossy frosting on top, but at the same time, that frosting is going to be vulnerable. For the stats to remain the same or trend downwards, we would need all elements of the OS to remain static (frozen design intent), plus rewrite them until they're "clean". Like that would ever happen. It's a matter of expectations. Is there any reason to expect things to trend downwards ? The attack surfaces aren't being removed. They're all still there. The "more secure" moniker, only refers to adding the elements of EMET, for what they're worth. Whether it's NX or ASLR, those technically made the OS a tiny bit more secure. And to any thinking person, when you release an OS, the developer has no way of knowing exactly how vulnerable it really is. Some exploits and classes of bugs, go back 15 years, and the code in those likely remains the same. I would also expect the browser design (sandboxing) to make some differences. And some of the OSes in the chart, don't have the availability of the later versions of Internet Explorer. I just can't buy that table, as currently being sold. The table is "constructed" and obviously not measured as such. The trending would likely have much more noise in it, to the point of making it hard to "leap" to any conclusions. But then, that wouldn't make for a very good rant. Paul |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
WTB: URGENT NEED - MICROSOFT OFFICE SOFTWARE ALL VERSIONS/TYPES -MICROSOFT WINDOWS XP PRO, WINDOWS 2000 PRO, WINDOWS HOME ALL VERSIONS/TYPES- NEED AS MANY AS YOU CAN SELL US | none | Homebuilt PC's | 0 | April 16th 09 02:18 PM |
Windows installer keeps wanting to reinstall Adobe Acrobat 7.0.8 | [email protected] | Dell Computers | 8 | October 31st 06 12:02 AM |
PSU problem causing windows\system32\config\system is missing or corrupt in windows XP | dk | Homebuilt PC's | 3 | March 1st 05 11:14 PM |
GA-7DXR+ Not Compatible with Windows XP and Adobe Premiere Pro 1.5? | Mark & Mary Ann Weiss | Gigabyte Motherboards | 3 | July 30th 04 02:21 AM |
GA-7DXR+ Not Compatible with Windows XP and Adobe Premiere Pro 1.5? | Mark & Mary Ann Weiss | Gigabyte Motherboards | 0 | July 24th 04 02:20 AM |