Earlier this week, Symantec
released a huge head-turner in the world of security (and lack thereof). In Volume VIII of its industry-leading Internet Security Threat Report
, the company found that of the 1,862 new vulnerabilities detected between January 1 and June 30 of 2005, approximately 59% of them belonged to Web applications, namely browsers. This is an increase of 109% over the report issued one year ago.
So, internet security is a growing problem, you say? What's the shock? Of the nearly 1100 newly discovered bugs, Firefox outnumbered IE by 2 to 1. Yes, that's right...our beloved Fox has fleas.
It's not surprising that as the browser gains in popularity, that it will incur more attention from hackers. But the browser was also faulted along with other software for not updating very quickly in response to these changes. In fact, the average response time for any major software to correct its problems was over 48 days, leaving systems administrators to their own devices, and most home PC users to their own lack of knowledge that there's even a problem.
Other major findings from the security report (which you must register to obtain, though it is free) include:
- An overall trend of increasing attacks on small businesses and home desktops is emerging, as threats move farther away from major corporate networks that stand a better chance of being guarded.
- The time it takes from the publication of a vulnerability to a script-kiddie writing something to exploit it has fallen to 6 days from 6.4. In the meantime, it has been taking software vendors 54 days to patch their software.
- Of the 1,862 vulnerabilities, which is a record high number, 97% were classified as moderate to high in severity.
- Denial of Service (DOS) attacks increased significantly from 119 per day to 927 per day. That's a rise of up over 680% from just last half. Primary targets have been schools, followed by financial institutions.
- Worms and viruses written for the Win32 environment were up 48% over last half.
- Adware and spyware continue to increase, with 8 of the 10 biggest threats coming directly through your browser. Of those 10 biggest threats, 5 actually hijack the browser in some capacity.
- VoIP and Wireless are regarded as the biggest security-threat targets in the upcoming year.
Once again, Symantec have reminded us all that in the ever-changing world of security, no one company or product reigns supreme for long. I hope that Firefox get a little bit worried over this report and work hard to rectify some of the oversights that seem to have come to light.
So, does this report look to alter the scape of the browser-wars? Or will a little TLC and flea-bath from the folks at Mozilla cure it? Take a dip in our forums
and let us know your thoughts.