Every now and then, someone wonders why I bother myself with Microsoft technologies in enterprise environment - "everyone knows that Microsoft software is buggy, prone to malware, viruses and exploits". Obviously, reasons of such thinking come from the times of MS DOS and first versions of Windows, but some think that nothing has changed in that matter. And they are very wrong - thankfully it’s very easy to prove that:
Kaspersky Labs have published latest version of their IT Threat Evolution report (for Q3 2012) - http://www.securelist.com/en/analysis/204792250/IT_Threat_Evolution_Q3_2012
The report itself is VERY interesting, so let me quote some excerpts:
- Let’s start with the percentage of detected vulnerabilities in particular technologies:
- Java vulnerabilities were exploited in more than 50% of all attacks (56%).
- Adobe Acrobat Reader is second on the list - 25%.
- Microsoft Windows and IE - 4%.
In Top 10 vulnerabilities of Q3 2012 (all of those are rated AT LEAST as “Highly Critical”.) there’s not a single one in Microsoft software. Who’s there then?
- Adobe x 5
- Oracle x 2
- Apple x 2
- NullSoft x 1
Kaspersky’s products have identified total of 91.9 million URLs serving malicious code (*jawdrop*). Conclusions? I’ll let you to come up with your own ones.