OFFICIAL SECURITY BLOG
February 3, 2014 | BY Adam Kujawa
The best way to predict security trends in the oncoming year is to look back and see what went wrong in the previous years. To that end, GFI labs released a report today on the most vulnerable applications and operating systems of 2013.
Most of the data are along the lines of what you would expect, Internet Explorer was very vulnerable, Java was very vulnerable, Windows was very vulnerable, etc. However some of the more specific details were a bit of a surprise and also mirror what researchers have been saying for quite some time.
According to the Most Vulnerable Applications chart, Google’s Chrome browser is listed as the third most vulnerable software of 2013, actually increasing its vulnerabilities since 2012 by 43.
Unfortunately, most of these vulnerabilities are listed as “High Severity” meaning that if they were exploited, they would cause far greater damage than vulnerabilities listed as medium and low.
The caveat here is that while Google Chrome is listed as having more vulnerabilities, unlike Adobe products and Java, it is not actively targeted by exploit kits and therefore not an active threat to users.
The proof is in the pudding when it comes to the user transition from XP to 7. The report shows that vulnerabilities discovered for Windows 7 in 2012 were greater by 58 in 2013.
However, most of these vulnerabilities are of medium risk, showing us that most of the big hitting vulnerabilities found in Windows 7 have been patched. And researchers and cyber-criminals alike are scraping for whatever vulnerability they could get.
The newest Windows user platform, Windows 8, has shown to be a new target for cyber-criminals as the number of vulnerabilities found has risen dramatically from just five high severity vulnerabilities in 2012 to 43 in 2013.
I expect this number to rise even more in 2014 as new device purchasing increases the amount of people using Win 8.
Despite the fact that 2013 showed us the greatest vulnerability count in the last four years, it also has the third-lowest count of high severity vulnerabilities, most of them being medium and therefore, possible to protect against with common security practices.
As always, the best method of safeguarding a system is to keep up with updates. This means:
Every year we look at stats like the ones mentioned here and at times it might be dissuading considering how often you hear about attacks online from every angle imaginable.
However, the best thing for a user to do is to be observant while online. Users should keep an eye out for anything that doesn’t seem right and tell people about it but most importantly, don’t fall for it.
Thanks for reading and safe surfing! DFTBA!