Monday | 13 October, 2008
CSO
Half of 2006 vulnerabilities still unpatched
Apple security holes set to outnumber Microsoft
Darren Pauli (Computerworld) 12/02/2008 16:59:19
Page:

Peter Allor, intelligence director at IBM ISS
Peter Allor, intelligence director at IBM ISS
Additional Resources

Newsletter Subscription

Sign up for our IDG newsletters!
Sign up for free newsletters that deliver cutting edge information on the latest research, white papers, webcasts and IT reports from editors and industry analysts. Sign up now to get all the information you need delivered straight to your inbox.
RSS Feeds

More than 3600 vulnerabilities discovered last year remain unpatched, according to a study.

The IBM Internet Security Systems (ISS) X-Force report for 2007 found of the 6437 vulnerabilities discovered, 20 percent of those targeting Microsoft, Apple, Oracle, IBM and Cisco were still in the wild up to 12 months later.

More than 50 percent of remaining 6200 flaws targeting other solutions remain currently unpatched.

IBM Internet Security Systems worldwide director of intelligence Peter Allor said Apple recorded almost as many vulnerabilities as Microsoft.

"Microsoft had more vulnerabilities than Apple, but not as many operating system flaws," Allor said.

"Users should make sure they are not lulled into a false sense of security because Apple is a big target."

If they take everything, I've still got a mattress and a Smith and Wesson
Peter Allor, intelligence director at IBM ISS

He said vulnerabilities affecting open source platforms are quickly found and corrected through community code development.

"Vulnerabilities affecting OpenBSD are fixed withing 24 hours because (founder) Theo doesn't waste any time, but it is up to the community to test it for bugs."

According to Allor, the testing phase delays patch deployment from 24 hours up to 6 months, as software developers perform lengthy code audits and cross-check updates to eliminate anomalies which could trigger an on-mass blue-screen-of-death.

The severity of vulnerabilities, base on the X-Force scorecard, rose 28 percent from 2006 despite an overall decrease of 5.4 percent.

Up to 90 percent of vulnerabilities can be executed remotely, according to the research, up 2 percent on 2006 figures.

The report claimed 5 to 11 percent of online devices, or between 32 million and 71 million, are botnet nodes. Storm holds the biggest army of 230,000 zombie machines, Rbot took second place with 40,000 nodes, followed by Bobax with 24,000.

Alloy said users can buy licenses from black-hat hackers to access a botnet, or can purchase a do-it-yourself phishing toolkit for about $1000.

The number of spam e-mails has fallen to pre-2005 levels, according to the study, which is the largest decline on record.

Malware rose by more than a third on 2006 levels to 410,000 thanks largely to Trojans which represented 26 percent of the total, in more than 109,000 varieties.

Page:
More about IBM, Microsoft, Rose, Apple, Oracle, Cisco, Security Systems, Wikipedia, Internet Security Systems, ISS, X-Force, OpenBSD

IDG Member Login

 
Get a job Careerone
Sponsored Links