More than 3600 vulnerabilities discovered last year remain unpatched, according to a study.
The IBM Internet Security Systems (ISS) X-Force report for 2007 found of the 6437 vulnerabilities discovered, 20 percent of those targeting Microsoft, Apple, Oracle, IBM and Cisco were still in the wild up to 12 months later.
More than 50 percent of remaining 6200 flaws targeting other solutions remain currently unpatched.
IBM Internet Security Systems worldwide director of intelligence Peter Allor said Apple recorded almost as many vulnerabilities as Microsoft.
"Microsoft had more vulnerabilities than Apple, but not as many operating system flaws," Allor said.
"Users should make sure they are not lulled into a false sense of security because Apple is a big target."
He said vulnerabilities affecting open source platforms are quickly found and corrected through community code development.
"Vulnerabilities affecting OpenBSD are fixed withing 24 hours because (founder) Theo doesn't waste any time, but it is up to the community to test it for bugs."
According to Allor, the testing phase delays patch deployment from 24 hours up to 6 months, as software developers perform lengthy code audits and cross-check updates to eliminate anomalies which could trigger an on-mass blue-screen-of-death.
The severity of vulnerabilities, base on the X-Force scorecard, rose 28 percent from 2006 despite an overall decrease of 5.4 percent.
Up to 90 percent of vulnerabilities can be executed remotely, according to the research, up 2 percent on 2006 figures.
The report claimed 5 to 11 percent of online devices, or between 32 million and 71 million, are botnet nodes. Storm holds the biggest army of 230,000 zombie machines, Rbot took second place with 40,000 nodes, followed by Bobax with 24,000.
Alloy said users can buy licenses from black-hat hackers to access a botnet, or can purchase a do-it-yourself phishing toolkit for about $1000.
The number of spam e-mails has fallen to pre-2005 levels, according to the study, which is the largest decline on record.
Malware rose by more than a third on 2006 levels to 410,000 thanks largely to Trojans which represented 26 percent of the total, in more than 109,000 varieties.
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Fortinet November Threatscape Report Shows Calm Before Holiday Storm 2008-12-05 16:00:00+11
Epicor® Cited as an Order Management Solutions Leader by Independent Research Firm 2008-12-05 15:52:00+11
F-Secure: Growth In Internet Crime Calls For Growth In Punishment 2008-12-05 13:00:00+11
International researchers gather in Sydney to preview the clever web 2008-12-05 09:48:00+11
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
Achieving the impossible: Unlimited application scalability
Learn how provide applications with significantly higher throughput and lower latency for data operations while retaining the appropriate levels of data quality with clustered caching. Read on to improve your application scalability now.
Buying Guides
Latest Products
Buying Guides
