Security Flaws Caused by Apps, not Operating Systems

by Istvan Fekete on March 3, 2014

One of the key selling points of an operating system is its security: some are less secure than others. For example, Windows has always had a bad reputation, although it has improved over the years. OpenBSD is known as being very secure, but Mac OS X is also among the leaders, alongside Linux, although the recent “gotofail” SSL/TSL bug has seriously damaged OS X’s reputation.

But as the security firm that recently gained attention thanks to the uncovered OS X “gotofail” bug FireEye says, the real security problem is not the operating system, but the apps.

And they are right: while security reports point to a specific operating system, they also reveal the application targeted by attackers. To put that into more perspective, according to a recent Secunia report, last year 76% of security flaws in the 50 most popular apps on private PCs affected third-party programs.

And Windows is still the most targeted in terms of operating system – being the most popular always captures the attention of most of the attackers – see Google’s head of Android Sundar Pichai’s comment on the matter.

Furthermore, the same Secunia report says that there were more vulnerabilities found in Microsoft’s programs last year, compared to the previous year. To put that into numbers: flawed apps are up from 8.4% to 15.9%. For enterprises, this means a malware attack every 1.5 seconds.

And if I say that Web browsers and other Internet-connected programs are the source of most attacks, I’m not revealing anything new. But this is exactly why Google and HP are offering more than $3 million in rewards to hackers who break the most popular browsers and demonstrate them at security conferences.

But there is some good news as well: Zero-day attacks are becoming less common. The majority of the most popular apps have a patch available on the day of disclosure, so you can relax.

However, if the end user doesn’t update their application, it will remain vulnerable. And that applies to both mobile and desktop users.

Did you like this post? TheTelecomBlog.com publishes daily news, editorial, thoughts, and controversial opinion – you can subscribe by: RSS (click here), or email (click here).

Written by: Istvan Fekete. www.digitcom.ca. Follow TheTelecomBlog.com by: RSS, Twitter, Facebook, or YouTube.

{ 1 trackback }

Google's New Mobile Monetization Strategy — TheTelecomBlog.com
March 10, 2014 at 7:39 am

Comments on this entry are closed.

Previous post:

Next post: