Report: Microsoft Software Security Improves Greatly

The company's aggressive approach to updating patches was cited for its significant improvement in recent years. But other companies aren't doing quite so well.

Microsoft may have a stigma for security vulnerability, but its products no longer match that reputation, according to a new report.

Software security firm Kaspersky Lab, in its latest IT Threat Evolution report, says the company’s software, which had long faced criticism for its weak security, has improved significantly in recent years.

This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.

“Microsoft products no longer feature among the top 10 products with vulnerabilities,” the company said in its report. “This is because the automatic updates mechanism has now been well developed in recent versions of Windows OS.”

With Microsoft out of the top 10, other companies have taken its place. The three biggest types of threats now:

Java: Oracle’s widely used programming language, originally created by Sun Microsystems, was knocked for two separate vulnerabilities, including one that could cause a denial-of-service attack. That specific vulnerability was found on 35 percent of all computers tested, far more than any other individual threat.

Adobe products: Adobe’s Flash Player, which was cited for three separate vulnerabilities that allowed for the execution of arbitrary code — and in one case bypassing security measures. Adobe’s Acrobat PDF reader, which is updated constantly, was also cited for a security vulnerability, as was the company’s Shockwave Player.

Media players: Apple products are prone to security issues these days, too — with QuickTime and iTunes both allowing for arbitrary code exploits. The older but still widely used Winamp, created by AOL’s Nullsoft subsidiary, was cited for similar reasons.

According to Network World, part of the reason some of these companies are on the list is because they’re “notorious slowpokes” at updating security vulnerabilities — most notably Oracle and Apple. The publication cites Microsoft’s aggressive patching, a cornerstone of the company’s Trustworthy Computing program.

Microsoft isn’t totally out of the woods — Windows 7 faced a big jump in malware infection this year — but the company is more on top of it. That’s clear by the fact that, even after the increase, users were two to three times less likely to get malware from Windows 7 than they were from Windows XP.

What sort of security issues have you dealt with in recent years — and does it feel like they’re on the decrease? And what sort of precautions have you taken against vulnerabilities from Java, Flash, or increasingly common attack vectors?

Let us know in the comments.

(Photo by bloomua / 123RF)

Ernie Smith

By Ernie Smith

Ernie Smith is a former senior editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!