Monday, November 19, 2012

Here's What Happens When Security Watchdogs Ignore Their Own Advice | ZDNet

Here is what a German federal agency experienced when they set up two Windows 7 systems. None of this is really news, but it validates our decision to focus our internet browsing through the Chrome browser and to avoid Java as much as possible.

"According to the study, the agency tested two different Windows 7-based systems. Both OSes were up to date with the latest available patches and also used Microsoft's free antivirus product, Security Essentials. One system used Google Chrome 21, Adobe Reader X, Libre Office and a standard user account. The other one had IE9 installed alongside an older versions of Adobe Reader (version 9.4) and Libre Office (version 3.4.3). The system also had a year-old version of Java Runtime (version 6, update 26), along with an older version of Adobe Flash and an administrator account.

After the set-up, both systems were pointed to a hundred different websites, each of which tried to infect the system with a drive-by attack. According to the agency, the test system that followed the BSI guidelines did not suffer an infection, but four websites were able to download files to the system.
On the second, less secure system, a total of 49 attacks were successful. 36 websites were able to exploit security flaws and infect the Windows machine. Another ten attacks were able to exploit vulnerabilities in the system, but the MSE antivirus blocked an infection taking place. Three drive-by exploits were able to download data to the system, but unable to infect it as a result.
The government agency then compared those results to an older installation of Windows XP. There, a total of 88 attacks were able to exploit and infect the targeted computer."

Here's happens when security watchdogs ignore their own advice | ZDNet

No comments:

Post a Comment