Consistently Vulnerable Systems

Discussion in 'other security issues & news' started by Hungry Man, Jun 9, 2012.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    http://www.rationallyparanoid.com/articles/consistently-vulnerable-systems.html

     
  2. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    Interesting information, however of a theoretical rather than practical value... I ran a totally unpatched system for 3 years (some times ago) and I never got infected because of other security measures in place (including safe browsing, which can never be really quantified in a study).
     
  3. AlexC

    AlexC Registered Member

    Joined:
    Apr 4, 2009
    Posts:
    1,280
    You're part of a minority... It seems to me that the study has practical value and that, more than reasonable, is in fact conservative.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    IT's not about whether you'll be infected or not it's a matter of whether or not you're vulnerable and to what extent.
     
  5. Cudni

    Cudni Global Moderator

    Joined:
    May 24, 2009
    Posts:
    6,956
    Location:
    Somethingshire
    A finger in the air weather check type estimate and then subsequent conclusion based on same.
     
  6. BrandiCandi

    BrandiCandi Guest

    I hear people say that all the time. How do you KNOW that you weren't compromised?
     
  7. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    "Based on the figures above the average Windows desktop user would have been vulnerable to actively exploited 0-day vulnerabilities for at least 166 days, with any overlapping of vulnerability exposure being factored in."

    As I said, this is the kind of conclusion that has no practical use. It is interesting as a theoretical experiment, but it doesn't really matter that you are vulnerable 166 days, 180 days or 3 days. All that it matters is that there is a window of risk (longer or shorter, that is not really important) when you are vulnerable to 0-day exploits. Because of this (and the study points this out correctly) you need other security measures than just patching your OS and your application. This is exactly the case I was talking about, when I talked about the experiment of having a computer unpatched for a long time, but with other security measures in place.
    Again, to make myself clear, I wasn't contesting the results or the general conclusion, I was just pointing out that there is little practical use in knowing exactly how many days you are vulnerable in a year.
     
  8. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    With a few name, date and percentage changes, that looks almost exactly like articles I've been seeing for years. Windows and the apps installed on it have been consistently vulnerable for as long as it's been connected to the internet. In spite of who knows how many gigabytes of updates, scheduled patch days, all kinds of updaters and update services, and the rapid release of new versions of apps, in the end it's the same story it's always been.
     
  9. IMO it's hard to see how an OS can be used on 90% of desktops and not be consistently vulnerable. Say what you will about Windows' security shortcomings, omnipresence is a huge incentive for blackhats.
     
  10. Tarnak

    Tarnak Registered Member

    Joined:
    Feb 5, 2007
    Posts:
    3,875
    ...at least I am consistently vulnerable. ;)
     
Loading...
Thread Status:
Not open for further replies.