Most vulnerable operating systems & applications in 2014

[Corrine]

The leader of the OS with the most vulnerabilities in 2014 may come as a surprise to some, although this shouldn't:

 

Third-party applications are the most important source of vulnerabilities with over 80% of the reported vulnerabilities in third-party applications. Operating systems are only responsible for 13% of vulnerabilities and hardware devices for 4%.

 

Top operating systems by vulnerabilities reported in 2014

 

No, you aren't misreading the chart. It is interesting that although Microsoft operating systems still have a considerable number of vulnerabilities, they are no longer in the top 3. Mac is at the top of the list, followed by iOS, Linux kernel and then Microsoft operating systems.

 

Top applications by vulnerabilities reported in 2014

 

Yes, IE is at the top of the application list. With Pale Moon previously based on Firefox ESR and not incorporating the changes for recent FF changes, I'm happy with my browser of choice.

 

More at the source: Most vulnerable operating systems and applications in 2014

[ebrke]

Interesting--hard to believe Flash is fourth on the applications list. Seems like I'm updating that on mother's machine every other week.

[Corrine]

That's certainly been true about Flash this year.

[V.T. Eric Layton]

I feel so... so... vulnerable these days.

[Guest LilBambi]

Interesting--hard to believe Flash is fourth on the applications list. Seems like I'm updating that on mother's machine every other week.

 

I prefer constant updates like with Flash than the more infrequent ones we have seen from Oracle for Java.

[Guest LilBambi]

Linux not any times more vulnerable than Windows 7. There are so many more bad things for Windows than Linux.

[lewmur]

corrine's chart shows linux with 119 and win 7 with only 36 - that means linux is 3x more vulnerable!

 

so why would you say not?

The difference is between 'vulnerabilities' and 'exploits'. Linux finds and patches 'vulnerabilities' BEFORE they become 'exploits'. As has been demonstrated multiple times, even when MS is warned of 'vulnerabilities', they wait months until the warning is made public before they do anything about it.

 

Ive been challenging those that claim "Linux is just prone to malware as Windows" to document ONE case where a Linux home user has suffered from a malicious malware attack. Haven't seen one yet.

 

I have one Win7 box that I run malwarebytes on about once a month and, even though it has MS Security Essentials running, I'm constantly finding malware.

Edited February 26, 2015 by lewmur

[V.T. Eric Layton]

That's it. I'm just too scared of being so vulnerable. I'm going to dump all my Linux stuff off my machines and install MS Windows 8.1.

 

 

 

 

 

 

 

 

 

 

 

In frickin' BIZARRO WORLD, maybe.

 

[abarbarian]

You need 10 to be up with the times and ahead of the bad guys Eric.

[Corrine]

Ok, Linux fans, don't get all in a tizzy. Add the various versions of IE that are installed on all Windows OSes and what does that do to the numbers? From an OS point of view, I think it was Heartbleed that took it over the top. From the article:

 

2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems. Heartbleed, for example, is a critical security vulnerability detected in OpenSSL while Shellshock is a vulnerability that affects GNU Bash.

[Guest LilBambi]

Yep those biggies are a problem.

[V.T. Eric Layton]

I'm not worried at all, actually. No OS is perfect. Some are less perfect that others.