All the latest UK technology news, reviews and analysis
|
|
|
15 Dec 2006
Microsoft patched 133 'critical' or 'important' vulnerabilities in 2006, more than doubling the number from 2005, according to data collected by security vendor McAfee.
Both Microsoft and McAfee pointed to a variety of factors as the cause for the rise in vulnerabilities, but none of those suggested that there is anything wrong with the quality of Microsoft's code.
Dave Marcus, security research and communications manager at McAfee, told vnunet.com that Microsoft's software was not necessarily at fault, but that the overall success of the company's products made Microsoft a popular target for an ever-expanding market for exploits and malware.
"When it comes to talking about vulnerabilities, the existence of a vulnerability in and of itself does not mean that there is an increase in risk, " said Marcus.
"The rise in critical vulnerabilities really just means a rise in discoveries; the vulnerabilities were there in the first place."
Marcus pointed out that detecting and removing every possible vulnerability in an application like Windows or Office, which can contain millions of lines of code, would be nearly impossible.
Vulnerability researchers and malware writers are focusing their bug searches on critical vulnerabilities. Because they can be exploited to install malware and spyware, they are the most useful for commercial exploitation.
"The critical vulnerability is definitely the holy grail," said Marcus.
Mark Miller, director of the Microsoft security response centre, agreed that the increased monetary value placed on the discovery and exploitation of security vulnerabilities is causing more vulnerabilities to be found.
"I think there is a rise across the industry," he said. "Microsoft's increase is relative to that."
Marcus believes that Microsoft's market domination has put it in the spotlight for security researchers and malware authors, and that less popular applications yield a smaller pool of potential victims.
"Targets of opportunity is a big deal," he said.
Latest stories from Operating Systems
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Principal Development Engineer Lead- London - Smart TV...
Development Engineer - London - Smart TV, Gaming, Tablets...
Principal Development Engineer - London - Smart TV, Gaming...
Test Engineer -London - Smart TV, Gaming, Tablets, PC...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?