Security Company M86 Security Labs came yesterday to a new report on Internet-based security threats. The report contains statistics from the first half of 2010 and includes several interesting observations.
It is of course no coincidence that this is so. Both Internet Explorer and Adobe Reader are among the most widespread and most commonly used applications that exist.
They are security fixes to all of the vulnerabilities, and there are only two of the vulnerabilities that have first been removed in 2010. Several vulnerabilities are up to four year old, and the attacks might with ease have been avoided if the users had installed the available security updates.
M86 Security Labs report examines why so many have not installed the updates, but there are indications that it is related to either lack of knowledge of the user or the lack of opportunity.
Many computer users are not aware that there are updates to their software and allows thus be to see if it exists. Automatic notification of new updates and easy installation of these, has only recently become widespread. In addition, there are many people who have pirated software, which can not be update.
Many plug-ins to web browsers are widespread, while the ever discovered new vulnerabilities these. Adobe Reader and Flash Player are among the most vulnerable, but the M86 Security Labs writes in the report that the last six months have registered a significant growth malware that exploits vulnerabilities in Oracle's Java plugin. This is probably not as widespread as Flash Player, but still offers the vulnerabilities that are often independent of the operating system.
M86 Security Labs provides four Java vulnerabilities are often exploited, two of which have been recognized and removed the first year.
The report presents the M86 Security Labs also the number of spam activity, compromised of sites and methods to disguise malware security software. The entire report is available here.
