Most vulnerable operating systems and applications in 2013

Discussion in 'other security issues & news' started by Nanobot, Feb 4, 2014.

Thread Status:
Not open for further replies.
  1. Nanobot

    Nanobot Registered Member

    Joined:
    Jun 23, 2010
    Posts:
    238
    Location:
    Neo Tokyo
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Interesting how many vulnerabilities were found in the Linux kernel, but then look at how many of those were medium-low vs Windows' amount of high.

    Windows 8's extra mitigations are obviously helping to reduce the amount of medium-low vulnerabilities it has encountered by a massive sum, but the amount of high doesn't seem to have changed much across versions. My bet is weaknesses in legacy code that is affecting all versions of Windows.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Last edited by a moderator: Feb 5, 2014
  4. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I don't see how it's "not that bad at all" for an OS, which codebase hasn't changed in a decade, yet is still getting hit by the same amount of exploits as active operating systems.

    I wonder how you will feel when 1 year down the line there will be 45 high rated exploits not patched, then a year after that, 90 high rated exploits not patched, then 135 high rated exploits not patched.

    I guess that's "not bad" also..? I suppose I'm preaching to the choir saying this though. Linux is free, move on already.
     
    Last edited: Feb 5, 2014
  5. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Xp in the hands of a knowledgeable user is as secure as any succeeding version of Windows and much more secure than any OS in the hands of someone who is careless and not knowledgeable in security. Code vulnerabilities that can be exploited are just one aspect of security. I don't know of a chart that of vectors of malware infections and what percentage are caused by what but I would guess that there are far more cases caused by user carelessness and ignorance than exploits.
     
  6. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Vulnerability count is one thing. Exploitability is another thing.

    XP simply has no ASLR. Heck, there is no proper user vs admin separation. Linux and Windows Vista onwards do. There is no way XP can be as secure. No amount of so-called knowledge can compensate that.

    Instead, what knowledge gives is the ability to identify and avoid being a victim of the common malware vectors. Examples include avoiding Java, browser hardening, etc. One aims to reduce likelihood of infection by securing the perimeter. Securing the perimeter can be done on any OS.
    One is not the same as the other.

    Social engineering is a human problem regardless of OS. One can be smart or be stupid and yet fall for social engineering. It all depends on habits and how much risk one exposes oneself to.

    Can one stay safe on XP? Probably. Can you call XP as secure as modern OSes? No.
     
  7. MisterB

    MisterB Registered Member

    Joined:
    May 31, 2013
    Posts:
    1,103
    Location:
    Southern Rocky Mountains USA
    Xp, and all NT based Windows systems, have a proper user/admin distinction. The problem is that MS doesn't set it up for the average user by default. Out of the box, you are in an admin account and it is up to the user to set up a user account with limited privileges. Out of the box security has improved with succeeding versions of Windows but the base is pretty much the same. Most users don't use what the OS has to offer in terms of security. Sys admins that set up business systems do. It takes some knowledge to set up a appropriate file permissions and group policy to secure an Xp system but if it is done right, that Xp system will be far more secure than and Windows Vista,7, or 8 out of the box.
     
    Last edited: Feb 6, 2014
  8. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
Loading...
Thread Status:
Not open for further replies.