sjb007

The era of operating system vulnerability is slowly drawing to a close, with more than nine out of ten published software vulnerabilities now appearing in applications, Microsoft's latest half-yearly report has suggested.

According to the company's Security Intelligence Report for the first half of 2008, OS vulnerabilities are now stable at between 6 and 8 percent of those reported, a level they have been at since the first half of 2006. Vulnerabilities in Windows XP and Vista have shown a modest decrease in 2008, continuing a similar trend over the same period.

But the report paints a more complex picture in terms of which platforms are the ones most likely to run vulnerable applications. Vista scores well, with Microsoft-based software accounting for only 6 percent of vulnerabilities on that platform, with none of the top ten browser-based holes hitting the OS.

Over the period, the biggest Vista-based software vulnerabilities appeared to be in two ActiveX controls installed only in China, which would seem to confirm the relative obscurity of serious issues on the platform.

XP, by contrast, is still Microsoft's biggest headache, with 42 percent of all app holes on that platform coming from Microsoft's own software.

Using the number of PC's cleaned per 1,000 executions of Microsoft's own Malicious Software Removal Tools (MSRT), Visa SP1 scored 4.5, while the different updates of XP scored between 9.2 and 33.8. All of this confirms what has been well established in the past - XP and its applications are still relatively vulnerable, while the newer Vista and its applications do considerably better.

Full article here - http://www.techworld.com/news/index....&NewsID=106453