Microsoft off Kaspersky top ten list of vulnerable software
Could this be the start of a image turnaround for Microsoft? A computer security firm over the weekend said that Microsoft was no longer in the list of top 10 vulnerability-riddled software products. "Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs," Kaspersky Labs said in its second quarterly malware report for 2011. Instead, Kaspersky noted âfor the very first time in its historyâ the top 10 list of vulnerabilities includes products from only two firms: Oracle and Adobe. Oracle is the maker of the popular Java software, while Adobe makes the Flash animation software. "Seven of those 10 (top) vulnerabilities (were) found in Adobe Flash Player alone," Kaspersky said. Excerpts of the report were posted in Global Security Magazine over the weekend. Hackers praise Microsoft security process Even hackers praised Microsoft for its "spectacular" security, according to a separate article on VentureBeat. "Microsoftâs security used to be a joke. Its operating systems were riddled with bugs that were exploited by hackers and mocked at conferences such as Black Hat, the Las Vegas confab for security technology. But (during this year's meet), one of the independent security researchers at the conference praised Microsoftâs progress on improving security," it said. It quoted Chris Paget, chief hacker at security consulting firm Recursion Ventures, as saying she was impressed with Microsoftâs thoroughness in testing software for security problems. âMicrosoftâs security process is spectacular. Security is a process, not a product. It evolves. The question is, âWas Vista secure?â Microsoft has a very bad reputation for security and it is very much undeserved," she said. The article also quoted Microsoft as saying its Security Development Lifecycle process is now a part of every single product it ships. In new reports, Microsoft says that the bugs reported in its software are measurably less exploitable than they were before. Microsoft also earned praise in a talk by representatives of security consulting firm iSec Partners, who said Microsoftâs current network security compared favorably to Appleâs. Also, Microsoft announced earlier this year it would give a $250,000 reward to security researchers who came up with the best defensive security improvements for Microsoftâs software. Second quarterly report For the second quarter of 2011, Kaspersky Lab noted navigating the web remains the riskiest activity on the Internet, with malicious URLs that serve exploit kits, bots, ransomware Trojans, etc. being the most frequently detected objects online (65.44 per cent). It said 87 percent of the websites used to spread malicious programs were concentrated in just 10 countries. âThe first two locations were the US and Russia. The Netherlands led the way in reducing the number of malicious hosting sites: compared to the previous quarter, its share has fallen by 4.3 per cent to 7.57 per cent. This is down primarily to the efforts of the Dutch police and includes the neutralising of botnets such as Bredolab and Rustock," it said. Kaspersky Lab experts also divided countries into groups according to their local infection levels:
- High-risk countries (41-60 per cent unique users subject to web attacks): Oman, Russia, Iraq, Azerbaijan, Armenia, Sudan, Saudi Arabia and Belarus. Newcomers to this group in Q2 were Sudan and Saudi Arabia, while Kazakhstan dropped down a level.
- Average risk group (21-41 per cent): 94 countries, including: the US, China, the UK, Brazil, Peru, Spain, Italy, France, Sweden and the Netherlands. The US (40.2 percent) is very close to joining the high-risk group of countries due to the increase in the number of FakeAV detections.
- Safe-surfing countries (11.4-21 per cent): 28 countries and included Switzerland, Poland, Singapore and Germany. In the second quarter of 2011, five countries left this group, including Finland, which entered a higher risk group with 22.1 percent.