Most vulnerable software list

[cebugdev]

---

guys,

i found this post online...
Gulfnews: Browsers and bugs at war
Firefox named most vulnerable Windows application

comment everyone?

[eax]

Wala lagi Internet Explorer?

[javapenguin]

I am not surprise, it says

12 most vulnerable applications for the Windows platform

What's the real problem here? the application or the platform?

[poymode]

Ilaha ra sad na oi. hahaha...naa sad tay atoa.

[blackdronza]

guys,

i found this post online...
Gulfnews: Browsers and bugs at war
Firefox named most vulnerable Windows application

comment everyone?

Mozilla?I dont think so.Maybe Internet Explorer.

[blackdronza]

I am not surprise, it says

12 most vulnerable applications for the Windows platform

What's the real problem here? the application or the platform?

Maybe both of them.

[MarkCuering]

PLEASE DON'T SKIP THE ONE I HIGHLIGHTED AS RED (from the NEWS) and my Comment as GREEN (commens are welcome)....

NOTE: i'm not trying to defend Firefox, in fact I'm using IE while posting this....

BIT9 SITE: Application Control and Device Control Solutions - Bit9 News Releases



Each application on the list has the following characteristics:

• Runs on Microsoft Windows.

Then that wouldn't been vulnerable if I'm using in LINUX. ok fine.... this report is meant of Microsot...

• Is well-known in the consumer space and frequently downloaded by individuals.

Man.... have you ever remember last July, that MOZILLA FIREFOX and its MEMBERS/SUPPORTERS hit the title Guinness World Record for the most downloaded software? on their event "SPREAD FIREFOX" visit: Spread Firefox | Download Day 2008 ohh my..... if Firefox didn't able to hit that record, it won't be on the number 1 list

• Is not classified as malicious by enterprise IT organizations or security vendors.

That's great....! so most likely this will hit non-IT individuals? you don't have to blame FF on this I guess... if it was been recognized as most downloaded that how many percent they expect/applied prior to that vulnerable risk?

lets take a look on this site: Browser Statistics
see the difference?

FIREFOX is 44.2% and IE6 is only 20.0% even IE7 is only 26.6% considering the release of Vista which Firefox had gone some trouble earlier...loosing out some users.

that figures are doubled....my goodness.... ohh wait....did they separate the TWO IE versions? that makes IE out of the list?


• Contains at least one critical vulnerability that was:

o first reported in January 2008 or after,
o registered in the U.S. National Institute of Standards and Technology’s (NIST) official vulnerability database at http://nvd.nist.gov, and given a severity rating of high (between 7.0-10.0) on the Common Vulnerability Scoring System (CVSS).

Woaaaww.... all those Bugs and fixes are posted and submitted over Millions of users and individuals, including huge organizations such as GOOGLE, Known Vulnerabilities in Mozilla Products to help FIREFOX develop and improved....Did they count those minor issues on Firefox

that's insane, seeing those issues right away, discovering it before someones gets in on backdoor is a great sense of security, rather than waiting for updates... do IE post similarly to this? or they let their users wait on the said Auto Update features or pain waiting for the next Service Packs?

• Relies on the end user, rather than a central IT administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.

To think wisely... a lot of end users uses Firefox counting those who are not in organizations where the needs of IT admins is a must. manual patches or upgrade should not be an issue, but how the software is improving... Bugs and fixes of firefox are all exposed to the users... isn't it good? or maybe because of that they able see and count more on Firefox rather more than IE

• The application cannot be automatically and centrally updated via free Enterprise tools such as Microsoft SMS & WSUS.

heLL no!... is this some kind of marketing strategy? Firefox either detects and remind users to get some updates rather than using Windows Server Update Services (WSUS) Hey... does it mean that Mozilla community must pay to M$ to let them support this kind of features to lessen its vulnerable risk? hmmm... so for sure that's less for IE? too... as uncle bill own's WSUS.


well... that's all it takes for now....

[ChaosOrb]

how come this thread is in programming forums? I don't see any programming language codes flying around. Recommending for transfer to appropriate thread.

[MarkCuering]

there ya go moved for good