OS vulnerabilitys
Results 1 to 10 of 10

Thread: OS vulnerabilitys

  1. #1
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Thumbs up OS vulnerabilitys

    Mac OS among least prone to attack
    Thu Oct 31, 7:26 PM ET
    by Paul Roberts, IDG News Service Boston Bureau

    Apple Computer Inc.'s Macintosh (news - web sites) was among the computer operating systems least prone to attack and damage from malicious hackers, worms and viruses in 2002, while Microsoft Corp.'s Windows and the Linux operating systems were the most vulnerable, according to a report by technology risk management company mi2g Ltd.




    The report, which will be released Friday, presents data on the discovery of software vulnerabilities and incidents of digital attack for 2002, according to a summary of the report released Thursday.


    Data from the report is taken from mi2g's SIPS (Security Intelligence Products & Systems) database, which stores information on more than 6,000 hacker groups reaching back to 1995.


    According to the company, 1,162 new software vulnerabilities were discovered during the first 10 months of 2002, including vulnerabilities discovered in operating systems, server software, and third-party applications. Of that number, fewer than 25 were attributable to the Macintosh operating system (OS).


    Two different versions of Unix (news - web sites) shared top honors with Macintosh with fewer than 25 vulnerabilities: Compaq Computer Corp.'s Tru64 and The SCO Group Inc.'s SCO Unix.


    In contrast, Microsoft's Windows operating system accounted for the lion's share of new vulnerabilities, with more than 500 vulnerabilities discovered affecting Windows operating systems. More than 200 vulnerabilities were discovered that affected the Linux operating system, according to the information released by mi2g, based in London.


    The number of vulnerabilities reported by software vendors and users so far this year is lower than the 1,506 vulnerabilities discovered in all of last year. However, mi2g notes that the pace of discoveries is picking up, with 301 new vulnerabilities discovered in the month of October.


    The report also found that 2002 was the worst year on record for digital attacks, with almost 58,000 attacks taking place during the first 10 months of the year, a 54 percent increase from the 31,322 attacks recorded in 2001.


    The number of vulnerabilities discovered in an operating system, as opposed to market share, correlated with the likelihood of an operating system being attacked, mi2g found.


    Macintosh, which is used on between 3 percent and 5 percent of the world's computers, was the target of only 31, or .05 percent, of all overt digital attacks through October 2002. Microsoft Windows, which is on more than 90 percent of all computers, was the target of 31,431, or 54 percent, of those attacks.

    The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.

    Mi2g estimates economic damage by collecting information from a variety of sources and estimating the cost of lost productivity as well as losses stemming from property rights violations, liabilities and share price declines, according to the company.

    Mi2g recommends creating new, trusted computing platforms and secure operating systems from scratch, rather than relying on patches to fix vulnerabilities.
    -----------------------------------------------------------------------------------------------------------
    wow, thats really cool i think, its still awesome that the new MAC OS X is based on FREE BSD but some of that stuff was just neat, lol.

  2. #2
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Thumbs up OS vulnerabilitys

    Mac OS among least prone to attack
    Thu Oct 31, 7:26 PM ET
    by Paul Roberts, IDG News Service Boston Bureau

    Apple Computer Inc.'s Macintosh (news - web sites) was among the computer operating systems least prone to attack and damage from malicious hackers, worms and viruses in 2002, while Microsoft Corp.'s Windows and the Linux operating systems were the most vulnerable, according to a report by technology risk management company mi2g Ltd.




    The report, which will be released Friday, presents data on the discovery of software vulnerabilities and incidents of digital attack for 2002, according to a summary of the report released Thursday.


    Data from the report is taken from mi2g's SIPS (Security Intelligence Products & Systems) database, which stores information on more than 6,000 hacker groups reaching back to 1995.


    According to the company, 1,162 new software vulnerabilities were discovered during the first 10 months of 2002, including vulnerabilities discovered in operating systems, server software, and third-party applications. Of that number, fewer than 25 were attributable to the Macintosh operating system (OS).


    Two different versions of Unix (news - web sites) shared top honors with Macintosh with fewer than 25 vulnerabilities: Compaq Computer Corp.'s Tru64 and The SCO Group Inc.'s SCO Unix.


    In contrast, Microsoft's Windows operating system accounted for the lion's share of new vulnerabilities, with more than 500 vulnerabilities discovered affecting Windows operating systems. More than 200 vulnerabilities were discovered that affected the Linux operating system, according to the information released by mi2g, based in London.


    The number of vulnerabilities reported by software vendors and users so far this year is lower than the 1,506 vulnerabilities discovered in all of last year. However, mi2g notes that the pace of discoveries is picking up, with 301 new vulnerabilities discovered in the month of October.


    The report also found that 2002 was the worst year on record for digital attacks, with almost 58,000 attacks taking place during the first 10 months of the year, a 54 percent increase from the 31,322 attacks recorded in 2001.


    The number of vulnerabilities discovered in an operating system, as opposed to market share, correlated with the likelihood of an operating system being attacked, mi2g found.


    Macintosh, which is used on between 3 percent and 5 percent of the world's computers, was the target of only 31, or .05 percent, of all overt digital attacks through October 2002. Microsoft Windows, which is on more than 90 percent of all computers, was the target of 31,431, or 54 percent, of those attacks.

    The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.

    Mi2g estimates economic damage by collecting information from a variety of sources and estimating the cost of lost productivity as well as losses stemming from property rights violations, liabilities and share price declines, according to the company.

    Mi2g recommends creating new, trusted computing platforms and secure operating systems from scratch, rather than relying on patches to fix vulnerabilities.
    -----------------------------------------------------------------------------------------------------------
    wow, thats really cool i think, its still awesome that the new MAC OS X is based on FREE BSD but some of that stuff was just neat, lol.

  3. #3
    Senior Member
    Join Date
    Nov 2001
    Posts
    109
    From the looks of it the study is done simply on general statistics, the number of vulnerabilities, the number of attacks, cost, etc. However based on such stats: running Mac OS doesn't mean your more secure, it simply means your less of a target.


    Off topic: I do like what I've heard about Mac OS X, though I have heard most of the unix like stuff isn't there (which would disapoint me being a hardcore Linux user).

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    109
    From the looks of it the study is done simply on general statistics, the number of vulnerabilities, the number of attacks, cost, etc. However based on such stats: running Mac OS doesn't mean your more secure, it simply means your less of a target.


    Off topic: I do like what I've heard about Mac OS X, though I have heard most of the unix like stuff isn't there (which would disapoint me being a hardcore Linux user).

  5. #5
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    how does anyone figure out how much these attacks cost?

    'The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.'

    Are we using lost data? downtime for staff? cost of replacing hardware? cost of finally putting in some security?

    Just seems that these kinds of figures are touted around allot but no one ever seems to be able to explain how they were derived. In fact, given thats lots of companies do not report security problems the number may be even higher....

    Or it could all be BS.
    Quis custodiet ipsos custodes

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    how does anyone figure out how much these attacks cost?

    'The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.'

    Are we using lost data? downtime for staff? cost of replacing hardware? cost of finally putting in some security?

    Just seems that these kinds of figures are touted around allot but no one ever seems to be able to explain how they were derived. In fact, given thats lots of companies do not report security problems the number may be even higher....

    Or it could all be BS.
    Quis custodiet ipsos custodes

  7. #7
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Remember that the number of vulnerabilities that are discovered is not necessarily related to the number of vulnerabilities that exist.

    The OS that tops the charts (unsurprisingly) is the most used one.

    The ones that come in at the bottom (some weird proprietry versions of UNIX) were the ones with the least deployments.

    This does not surprise me, neither security companies nor hackers are going to bother looking for problems in OSs that hardly anybody runs.

  8. #8
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Remember that the number of vulnerabilities that are discovered is not necessarily related to the number of vulnerabilities that exist.

    The OS that tops the charts (unsurprisingly) is the most used one.

    The ones that come in at the bottom (some weird proprietry versions of UNIX) were the ones with the least deployments.

    This does not surprise me, neither security companies nor hackers are going to bother looking for problems in OSs that hardly anybody runs.

  9. #9
    Junior Member
    Join Date
    Nov 2002
    Posts
    13
    how does anyone figure out how much these attacks cost?

    'The cumulative economic damage of such attacks, worldwide, was estimated to be $7.3 billion according to mi2g. When taken together with so-called "covert" attacks such as worms and viruses, however, that figure grows to between $33 billion and $40 billion.'

    Are we using lost data? downtime for staff? cost of replacing hardware? cost of finally putting in some security?
    <snap>
    I have actually read an article about it couple years ago, don't remember where though. Thats hilerious how they do it, they calculate everything from OS reinstalls, Possible profits, that could be maid to extra pay to administrator and employee training.

  10. #10
    Banned
    Join Date
    Oct 2001
    Posts
    263
    ok i know that trashing mac and M$ is quickly going out but i have to say that in comparison programing virii and 'hacking programs' is harder..... in fact ive never even seen an ad for any kind of programing language FOR mac (unless you count java and the like, eg. enterpeted languages) i guess that mac can the whole idea of 'security thru obsturity' right.... mabee M$ sould take some tips from apple...... oh wait........ thats the whole MacOS vs. winblows argument..... whoops! mabee its just that M$ cant get anything right when it comes to security...... tho there still a hell of sales group

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •