Filtered By: Scitech
SciTech

Microsoft off Kaspersky top ten list of vulnerable software


Could this be the start of a image turnaround for Microsoft? A computer security firm over the weekend said that Microsoft was no longer in the list of top 10 vulnerability-riddled software products. "Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs," Kaspersky Labs said in its second quarterly malware report for 2011. Instead, Kaspersky noted —for the very first time in its history— the top 10 list of vulnerabilities includes products from only two firms: Oracle and Adobe. Oracle is the maker of the popular Java software, while Adobe makes the Flash animation software. "Seven of those 10 (top) vulnerabilities (were) found in Adobe Flash Player alone," Kaspersky said. Excerpts of the report were posted in Global Security Magazine over the weekend. Hackers praise Microsoft security process Even hackers praised Microsoft for its "spectacular" security, according to a separate article on VentureBeat. "Microsoft’s security used to be a joke. Its operating systems were riddled with bugs that were exploited by hackers and mocked at conferences such as Black Hat, the Las Vegas confab for security technology. But (during this year's meet), one of the independent security researchers at the conference praised Microsoft’s progress on improving security," it said. It quoted Chris Paget, chief hacker at security consulting firm Recursion Ventures, as saying she was impressed with Microsoft’s thoroughness in testing software for security problems. “Microsoft’s security process is spectacular. Security is a process, not a product. It evolves. The question is, ‘Was Vista secure?’ Microsoft has a very bad reputation for security and it is very much undeserved," she said. The article also quoted Microsoft as saying its Security Development Lifecycle process is now a part of every single product it ships. In new reports, Microsoft says that the bugs reported in its software are measurably less exploitable than they were before. Microsoft also earned praise in a talk by representatives of security consulting firm iSec Partners, who said Microsoft’s current network security compared favorably to Apple’s. Also, Microsoft announced earlier this year it would give a $250,000 reward to security researchers who came up with the best defensive security improvements for Microsoft’s software. Second quarterly report For the second quarter of 2011, Kaspersky Lab noted navigating the web remains the riskiest activity on the Internet, with malicious URLs that serve exploit kits, bots, ransomware Trojans, etc. being the most frequently detected objects online (65.44 per cent). It said 87 percent of the websites used to spread malicious programs were concentrated in just 10 countries. “The first two locations were the US and Russia. The Netherlands led the way in reducing the number of malicious hosting sites: compared to the previous quarter, its share has fallen by 4.3 per cent to 7.57 per cent. This is down primarily to the efforts of the Dutch police and includes the neutralising of botnets such as Bredolab and Rustock," it said. Kaspersky Lab experts also divided countries into groups according to their local infection levels:

  • High-risk countries (41-60 per cent unique users subject to web attacks): Oman, Russia, Iraq, Azerbaijan, Armenia, Sudan, Saudi Arabia and Belarus. Newcomers to this group in Q2 were Sudan and Saudi Arabia, while Kazakhstan dropped down a level.
  • Average risk group (21-41 per cent): 94 countries, including: the US, China, the UK, Brazil, Peru, Spain, Italy, France, Sweden and the Netherlands. The US (40.2 percent) is very close to joining the high-risk group of countries due to the increase in the number of FakeAV detections.
  • Safe-surfing countries (11.4-21 per cent): 28 countries and included Switzerland, Poland, Singapore and Germany. In the second quarter of 2011, five countries left this group, including Finland, which entered a higher risk group with 22.1 percent.
India was among the top 10 countries in which users’ computers ran the highest risk of local infection. Every second computer in the country was at risk of local infection at least once in the past three months. “Over the last few years, India has been growing steadily more attractive to cybercriminals as the number of computers in the country increases steadily. Other factors that attract the cybercriminals include a low overall level of computer literacy and the prevalence of pirated software that is never updated," said Yury Namestnikov, Senior Virus Analyst at Kaspersky Lab. Namestnikov added botnet controllers see India as a place with millions of “unprotected and un-patched computers which can remain active on zombie networks for extended periods of time." Kaspersky said the five safest countries in terms of the level of local infections are Japan, Germany, Denmark, Luxembourg and Switzerland. Events Kaspersky said the second quarter of 2011 was eventful in terms of the hacking of major companies including Sony, Honda, Fox News, Epsilon and Citibank, with some victims falling prey to “hacktivism." Another event was the rise in fake antivirus programs detected globally by Kaspersky Lab, while the number of users whose computers blocked attempts to install counterfeit software increased 300 percent in just three months. Kaspersky Lab’s experts also said the number of mobile threats targeting different mobile platforms continues to increase exponentially as detected threats running on J2ME doubled during Q2 2011, while the number of detections of malicious programs targeting Android nearly tripled. “Once again malicious programs were detected in the official Android store Android Market," Kaspersky said. — TJD, GMA News
LOADING CONTENT