As usual, secunia warns that these summaries are global, do not account for third-party protection, but account for cross-platforms (linux, mac…).
Moreover, the release dates of the said softwares are as follows:
FF 3.5 Jun 30 2009
IE 8 March 19 2009
Opera 10 Sept 01 2009
We therefore don’t know what version of what browser was tested, as none of them covers the full 2009 year, and we won’t of course speak of hypothetic vulnerabilities (some of them affect very speficic use of the browser and do not concern every user).
IE 8 has been a real (and the first) progress in terms of security in the IE world .
Nevertheless, every software has vulnerabilities to be discovered and sometimes exploited, and one thus cannot agree to the statement that what is relevant is the someday’s count of vulnerabilities, whereas it actually is the count of unpatched vulnerabilities.
Actually a little snippet of information out of context and without citation has little to no value,
and could be seen at worst as spreading FUD that would lead people to draw all kinds of
The entire report really doesn’t tell you much more than the tables do. Basically, 3rd party programs now account for the majority of security risks of all levels of criticality. IE has always been singled out as being the single biggest offender but it seems that is no longer true. It pretty much shows that the pond ■■■■ can hack anything they set their minds to.
Agree. The most market share the other gain, the most attacks will suffer. But, we know that some software are security oriented and others not (or not that much). Development is not easy in this field as exploits and vulnerabilities increase very much. Hope they win the fight. Anyway, layered security helps a lot and reduce the possibilities of these vulnerabilities in daily computer usage.
When I read the second paragraph it seems to me the makers themselves think they are not doing a proper job…
and that the numbers doesn't reflect the rating of the vulnerabilities, the type of vulnerabilities, type of coding errors, ability to respond to the reports, and many other factors which may be relevant in a proper comparison.
The marketshare is not the only argument in attack frequency.
Everyone knows that IE started to only think of security concerns starting with IE7, and mainly IE8, while the marketshare had not drastically changed due to mature versions of Firefox and Opera, but because the image of IE and Microsoft was getting very negative because of this lack of security.
The global linux marketshare is still very low, but linux remains naturally better protected then windows, notably due to superuser privileges.
I also think with EricJH that this periodic “state of the art” of vulnerabilities does not make much sense, not only because of the methodoly itself, but by nature: what seems to be relevant (and also is reported by secunia) is the cumulative number of unpatched vulnerabilities for a given version of some software at a given time, not even speaking of the severity of such vulnerabilities and of their pertinence to all users (some need for that user to use a particular service of the said software).
UAC will work the same as sudo… I mean, superuser privileges could be gain in both OS. I mean, it’s not the only factor that makes Linux more secure. The market share has it rules here also… besides the technical issues.
There’s no UAC in windows xp, Tech (and still less in windows 2000, altough 2000 was relatively secured for not integrating like xp a bunch of multimedia software).
Now, speaking of discutable statistics, there must most certainly be some by windows OS, but i am afraid they won’t make much sense either, as they wouldn’t account for e.g. third-party software and type of internet connexion.