IT-Analysis.com
IT-Analysis.com Logo
Enterprise SME Business Issues Technology Services Channels
Top Level padlock  Members Area | Registration 
Archive  | Papers  | Research  | Events  | Newswire  | Blogs  Contact IT-Analysis.com 
Module Header
Nigel StanleyNigel Stanley
Nigel Stanley
25th July - The importance of saving Bletchley Park
Neil Ward-DuttonMWD
Neil Ward-Dutton
23rd July - Businesses aren't machines, and enterprise architecture can't make them so
David TebbuttTeblog
David Tebbutt
23rd July - A breath of fresh air. Eventually.
Peter AbrahamsAbrahams Accessibility
Peter Abrahams
22nd July - When is an accessible PDF accessible?
Simon HollowayRFID Scanlines
Simon Holloway
18th July - Reva announce new version of TAP
Josie SephtonFreeform Comment
Josie Sephton
17th July - Public VoIP for cheap long distance calls
Module Header
Q. How many email addresses do you have?
 
  • addtomyyahoo4
  • Subscribe in NewsGator Online
  • Add to My AOL
  • Subscribe with Bloglines
  • Add to netvibes
  • Add to Google
Blogs > IMHO
Microsoft in security
Michael Warrilow By: Michael Warrilow, Director, Hydrasight
Published: 13th April 2007
Copyright Hydrasight © 2007
 Logo for Hydrasight

Sometimes I'll point to a technology trend that is emerging in the market only to come back to it a few years later and feel an amazing sense of deja vu. Let me share one of these with you and, if you haven't guessed already, it has to do with Microsoft and security within organisations today.

IBM recently asked me to present a webinar on security in 2007 and beyond—one that was developed specifically for my part of the world (if you're interested, you should be able to access it here). So, as any good analyst would do, and as part of my preparation, I went away and did my homework to come up with a set of reasonable and balanced statistics that were up to date. This included SANS Institute, AusCERT, and others.

We've all known that the security threats are continuing to risk 'up the application stack' for some time, but one set of statistics grabbed my attention. Namely:

  • " ... 54 vulnerabilities in Microsoft Internet Explorer, 40 in the Mozilla browsers, and four each in Apple Safari and Opera." (Source: Symantec Internet Security Threat Report, Vol. XI)
  • "Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers." (Source: Symantec)
  • ""45 serious and critical vulnerabilities were discovered in MS Office products alone." (Source: SANS Top 20 Press Release)

Is anyone seeing a pattern yet? If not, read on:

  • "Surge in zero-day vulnerabilities and attacks that go beyond Internet Explorer to target other Microsoft software." (Source: SANS)
  • "Rapid growth in attacks exploiting vulnerabilities in ubiquitous Microsoft Office products such as PowerPoint and Excel" (Source: SANS)

This surprised me somewhat (while also giving me that weird "it's happening all over again" feeling), such that I thought I'd see what you—my good readers—thought. Moreover, I'm keen to hear more about what your organisations are doing to deal with these threats.

I'll confess that I approach this subject with slight trepidation, only because whenever I get quoted about Microsoft and security there always seems to be someone who misinterprets what I was trying to say. So this time I'm not going to prejudice your responses (I hope). Rather, I want to hear what you are thinking and how you have responded to this.

So have at it. I look forward to seeing your comments.

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.

13th April 2007: 'Duncan' said:

Surely Microsoft products are no weaker, or more insecure, than anyone elses. It is only because of their popularity and global reach that they are targeted so heavily. In a few years time when MacOSX reaches maturity I am sure we will see equivalent stats for Apple products!

Reply to Duncan?
Advertisement


Analysts
Bloor Research Freeform Dynamics Hurwitz & Associates Hydrasight Macehiter Ward-Dutton Quocirca Sageza Group, Inc. The Information Difference
Amplitude Research, Inc. Applied Computer Research, Inc. Callio Technologies Computer Economics CoreBrand Cranfield School of Management DMC Valuations Group eMarketer
About The Website | Advertising | Contact | Site Map | Terms of Use | Privacy | Accessibility
Copyright © IT Analysis Communications Ltd., unless stated otherwise		 Tel: +44 (0)203 051 5760
Fax: +44 (0)870 345 9922

Published by: IT Analysis Communications Ltd.
T: +44 (0)203 051 5760 | F: +44 (0)870 345 9922
Email: