Malware Report Gives Windows Clean Bill of Health
For the first time since security firm Kaspersky started tracking malware threats, Microsoft products are off the company's top-10 list of vulnerability concerns, according to its recent quarterly report.
"Microsoft products have disappeared from this ranking due to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs," Kaspersky wrote in a release.
The improved track record of Windows software with regard to malware attacks is due in part to Microsoft's more recent security development lifecycle changes. In addition to Kaspersky taking notice, security expert Chris Paget outlined that view at the Black Hat conference earlier this month.
Paget and her team were involved in verifying that Windows Vista was safe to ship. The effort represented the first time that an independent team had been asked to do this check for a new Windows OS, according to Paget. Her comments came after a five-year nondisclosure time period had expired.
The findings of Paget's team did not give Vista a perfect security score, but she praised the company on its new procedures for finding software flaws and implementing fixes.
"Microsoft's security process is spectacular," Paget said. "Security is a process, not a product. It evolves. The question is, 'Was Vista secure?' Microsoft has a very bad reputation for security and it is very much undeserved."
Such praise doesn't come lightly, especially with Kaspersky pointing to the security shortfalls of software firms Adobe and Oracle. Those two companies had products with vulnerabilities making the top-10 list, marking another first in malware analysis. Adobe was the overall standout in Kaspersky's view, with seven of the 10 malware issues being associated with the Adobe Flash player.
Kaspersky found that the majority of software security risks were spread out globally, with the following countries being marked as "high" risk: Oman, Russia, Iraq, Azerbaijan, Armenia, Sudan, Saudi Arabia and Belarus. Kaspersky define high risk as having 41 percent to 60 percent of online users exposed to Web attacks.
The United States is in the "average" risk group, but its 40.2 percent user exposure level is on the border of being bumped up to the high-risk list. This finding is due, in part, to it and Russia being the top-two countries for having Web sites that house malicious code.
The Netherlands, according to the security firm, leads the globe in its continuous action to reduce the amount of sites hosting malware. The country's malware security rating dropped 4.3 percentile points to finish the second quarter of 2011 with 7.57 percent of malicious Web sites.
Two unhealthy trends Kaspersky observed over the second quarter was the rise in both fake antivirus programs and the continual momentum of mobile threats. System blocks of counterfeit antivirus programs increased by 300 percent, while attacks on the most popular mobile platform, Android, nearly tripled.