November 29, 2007 1:40 PM PST
Study: 'Huge jump' in Microsoft flaws since last year
- Related Stories
-
Bug hunting start-up: Pay up, or feel the pain
August 3, 2007 -
Solving the Web security challenge
June 28, 2007 -
Microsoft to release four critical patches
June 7, 2007
Between 2006 and 2007, there was an almost threefold rise in Microsoft flaws, Qualys said on Wednesday.
"We have seen a huge jump in the vulnerabilities in Microsoft Office products," said Amol Sawate, manager of Qualys' vulnerability-management lab. "These charts show growth of nearly 300 percent from 2006 to 2007, primarily in new Excel vulnerabilities that can easily be exploited by getting unsuspecting users to open Excel files sent via e-mail and instant message."
Alan Paller, director of research for the Sans Institute, a computer-security training organization, said that the reason more vulnerabilities were being found was that it was becoming increasingly profitable for crooks to target the software."It isn't that Microsoft isn't doing a better job," Paller said. "The reason (is that) it is so lucrative to find vulnerabilities in Excel and Word, so there are a lot of (hackers) searching for them."
Microsoft declined to comment for this story.
Tom Espiner of ZDNet UK reported from London. CNET News.com's Ina Fried contributed to this report from San Francisco.
See more CNET content tagged:
Qualys Inc.,
jump,
vulnerability,
flaw,
Microsoft Excel

MS continues to get abused for one reason:
It is trivial.
It is so trivial that a 12 year old kid who doesn't know what a buffer overflow is, much less how to write the simplest program can exploit MS products with ease.
MS are not so commonly and easily exploitable because it is "popular".
MS products get ripped up because MS is incompetent and doesn't want to put in the effort and money to design and write software correctly.
Lean and mean is the way of the future. Small application footprints and access to massive power. People will get what they want regardless of what MS does---regardless of their monopoly or power. They should be cluing into this about now? Change will come to MS very soon if they continue on the same path.
Anyway, OneCare (just one example) SUCKS 100% and nearly killed my computer. I got rid of it an went with NOD32 and wow the old thing can run again.
Microsoft"
I know perception can get skewed but it sure has felt like I've been doing a lot more Apple software patching over the past year than I have in the past.
Nope, it used to be good, now it's just a pay-for-training thing that doesn't actually teach anything. Don't believe me? Attend any conference and see for yourself.
But overall, it is true about flaws being found more. Apple has had a huge increase, as has Linux. Don't see a real change there.
It just so happens that Windows is the most prevalent OS out there so why would people waste their time on a minority share when they have all of these Windows systems out there?
It has been published and predicted that Vista (sigh) will be a major target in 2008 or when the market share gets to about the 10% mark.
That is going to be a turkey shoot since it has so many new lines of code that haven't been under the microscope as much as Windows XP.
Same goes for the Mac OSX and Linux. We are already starting to see it in the Mac community where it was almost null before now a Mac needs an anti-virus solution (God forbid).
More money can be made finding flaws in MS products than any other so while the flaws continue to be found they also continue to be fixed (maybe not in a reasonable time) but fixed none the less.
I will feel better with a more mature OS such as Windowss XP on a go-forward basis than Vista because the saame people that find the flaws haven't really concentrated on Vista yet but they have had 7 years to hack at XP.
(* ROFLOL *)
Their actions and these flaws speak louder than words!
Walt
As stated inside the article, MS does a pretty good job of keeping up with the SCUM by plugging th vulnerabilities. If people were honest and didn't try to constantly do harm to others, no form of security would ever be necessary.
OK ..... dream over ..... reboot!
- Penguinisto is going to save us all !!!
-
by fred dunn
December 3, 2007 4:37 AM PST
- He is "correct" any and all sensible posts with his God-Like prowess.
-
Reply to this comment
-
-
See all 64 Comments >>Don't bother trying to make any sense of any subject because Penguinisto knows it all and will show you the error in your ways.
Thank you Penguinisto for being here to show all of us how wrong we all are.
You are my hero.