Microsoft Says Vista More Secure Than XP
The number of new vulnerabilities found in Microsoft software was lower in the first half of the year than the last half of 2007, with the Windows Vista OS proving more resistant to exploits than XP, according to Microsoft’s latest security report.
Microsoft’s fifth Security Intelligence Report showed 77 vulnerabilities from January to June compared to 116 for the last six months of 2007.
Microsoft said the decline is in line with the software industry as a whole, which saw a 19% decrease in vulnerability disclosures compared to the first half of 2007. However, those vulnerabilities considered highly severe rose 13%.
A third of the 77 vulnerabilities showed exploit code, however, reliable exploit code is available for only eight of those 77.
Data from other sources showed that XP is attacked more frequently than Vista.
In machines running XP, Microsoft’s own software contained 42 percent of the vulnerabilities attacked, while 58 percent were in third party software. For Vista machines, Microsoft’s software had 6% of the vulnerabilities attacked, with third-party software containing 94% of the flaws.
Vinny Gullotto, general manager of Microsoft’s malware protection center, said new security technologies such as address space randomization have led to fewer successful attacks against Vista.
He said moving on to Vista is clearly a safe bet. "For us, it’s a clear indicator that attacking Vista or trying to exploit Vista specifically is becoming much more difficult."
Microsoft said Windows 2000 and Windows Server 2003 operating systems showed the highest number of exploits.
Chinese speakers seem to be most vulnerable to hackers. Almost 50 percent of browser-based exploits were executed against systems with Chinese set as the system language, Microsoft said.
The most popular browser-based exploit is for the MDAC (Microsoft Data Access Components) bug that was patched (MS06-014) by Microsoft in April 2006.Some 12.1 percent of all exploits encountered on the Internet targeted that flaw. The second most encountered exploit is one aimed at a vulnerability in the RealPlayer multimedia software, CVE-2007-5601.
Microsoft said warned that the two most commonly exploited vulnerabilities in Windows Vista concerned ActiveX controls that are commonly installed in China.
“Microsoft is continuing to improve the Malicious Software Removal Tool (MSRT), a free but very basic security application that can remove some of the most common malware families,” said Gullotto.
Gullotto said last month, Microsoft added detection for "Antivirus XP," one of several questionable programs that warn users their PC is infected with malware. The program badgers users to buy the software, which is of questionable utility. "Antivirus XP" is also very difficult to remove.
Microsoft’s PC Safety line, where users can call and ask security questions, fielded around 1,000 calls a month about Antivirus XP.
Gullotto said calls concerning Antivirus XP dropped by half the first week once the MSRT started automatically removing the program.
—
On the Net: