Every now and then, someone wonders why I bother myself with Microsoft technologies in enterprise environment - "everyone knows that Microsoft software is buggy, prone to malware, viruses and exploits". Obviously, reasons of such thinking come from the times of MS DOS and first versions of Windows, but some think that nothing has changed in that matter. And they are very wrong - thankfully it’s very easy to prove that:
- Let’s start with the percentage of detected vulnerabilities in particular technologies:
- Java vulnerabilities were exploited in more than 50% of all attacks (56%).
- Adobe Acrobat Reader is second on the list - 25%.
- Microsoft Windows and IE - 4%.
In Top 10 vulnerabilities of Q3 2012 (all of those are rated AT LEAST as “Highly Critical”.) there’s not a single one in Microsoft software. Who’s there then?
- Adobe x 5
- Oracle x 2
- Apple x 2
- NullSoft x 1
Kaspersky’s products have identified total of 91.9 million URLs serving malicious code (jawdrop). Conclusions? I’ll let you to come up with your own ones.