Blogs > IMHO

Microsoft in security

Michael Warrilow By: Michael Warrilow, Director, Hydrasight
Published: 13th April 2007
Copyright Hydrasight © 2007
 Logo for Hydrasight

Sometimes I'll point to a technology trend that is emerging in the market only to come back to it a few years later and feel an amazing sense of deja vu. Let me share one of these with you and, if you haven't guessed already, it has to do with Microsoft and security within organisations today.

IBM recently asked me to present a webinar on security in 2007 and beyond—one that was developed specifically for my part of the world (if you're interested, you should be able to access it here). So, as any good analyst would do, and as part of my preparation, I went away and did my homework to come up with a set of reasonable and balanced statistics that were up to date. This included SANS Institute, AusCERT, and others.

We've all known that the security threats are continuing to risk 'up the application stack' for some time, but one set of statistics grabbed my attention. Namely:

  • " ... 54 vulnerabilities in Microsoft Internet Explorer, 40 in the Mozilla browsers, and four each in Apple Safari and Opera." (Source: Symantec Internet Security Threat Report, Vol. XI)
  • "Microsoft Internet Explorer was targeted by 77 percent of all attacks specifically targeting Web browsers." (Source: Symantec)
  • ""45 serious and critical vulnerabilities were discovered in MS Office products alone." (Source: SANS Top 20 Press Release)

Is anyone seeing a pattern yet? If not, read on:

  • "Surge in zero-day vulnerabilities and attacks that go beyond Internet Explorer to target other Microsoft software." (Source: SANS)
  • "Rapid growth in attacks exploiting vulnerabilities in ubiquitous Microsoft Office products such as PowerPoint and Excel" (Source: SANS)

This surprised me somewhat (while also giving me that weird "it's happening all over again" feeling), such that I thought I'd see what you—my good readers—thought. Moreover, I'm keen to hear more about what your organisations are doing to deal with these threats.

I'll confess that I approach this subject with slight trepidation, only because whenever I get quoted about Microsoft and security there always seems to be someone who misinterprets what I was trying to say. So this time I'm not going to prejudice your responses (I hope). Rather, I want to hear what you are thinking and how you have responded to this.

So have at it. I look forward to seeing your comments.

Reader Comments

We are no longer accepting comments against this item. We suggest contacting the author directly.

13th April 2007: 'Duncan' said:

Surely Microsoft products are no weaker, or more insecure, than anyone elses. It is only because of their popularity and global reach that they are targeted so heavily. In a few years time when MacOSX reaches maturity I am sure we will see equivalent stats for Apple products!

Reply to Duncan?

The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.