Re: what vulnerabilities...?
Any vulnerability is a problem, thats what people need to understand. Take Nimda and Code:Red as well as Sasser. MS knew about the problems quite a few months before, yet chose to keep their collective heads in the sand.
According to Secunia's figures(http://secunia.com/product/11/), IE has 19 tested and proven vulnerabilities, some are harder to exploit than others, but thats not the point, ANY security hole is unacceptable on any software running on any OS. 19 of them going unpatched is an outrage. It doesnt matter how large or small it is, if its there, history has taught us, someone will exploit it to their own ends.
Adware and Spyware arent at issue here but since its been brought up, Those problems affect the archetecture of the Windows OS itsself, though its good to note that IE's a major vector(as is email). My question is why isnt there any Mac OS spyware/adware? same thing with BSD and Linux? Its not that its any harder to write for those archetectures, there just arent as many holes in any of those OS' security as a whole for the script kids to want to learn to break into them.
And its not because of marketshare or the GPL as Redmond's legions(and yourself) like to argue. Ive been told by a few CISSP and GIAC certified security professionals that some 90% of the servers on the web across the globe run either Apache or BSD. Seems to me that those OS have the marketshare when it comes to critical infrastructure, so if Linux and BSD were as generally as vulnerable in general as Windows is, through any means now, not just through a browser native to the OS like IE or Apple's Safari, the Internet and Web as we know it would simply cease to be.
Until MS gets a clue and gets proactive about security, the only way to mitigate is to cut off a vector, whether that means switching to a different OS, using a tool to prevent whatever from happening, or switching web browsers is up to you. Defense comes from Depth and Diversity.
But do keep in mind that theres no single, black and white, right answer when it comes to security.
Was this reply helpful? (0) (0)