Zero-day bugs overrated, Microsoft says
- Thread starter win7holic
- Start date
- Status
Hungry Man
New Member
- Jul 21, 2011
- 669
For someone on a forum like this who protects themselves 0day exploits are kinda the wrench in their system. For the average user maybe not so much.
I believe with malicious files you have to worry more about 0days but most exploits we see in the wild are from unpatched systems.
I believe with malicious files you have to worry more about 0days but most exploits we see in the wild are from unpatched systems.
- Jan 24, 2011
- 9,378
Social engineering is much more dangerous than exploits ..... Finding vulnerabilities in software or in the operating system is hard job and it requires a certain level of knowledge. Like Microsoft I do agree that the risk is overblown
This is a great video which resonates with my opinion :
This is a great video which resonates with my opinion :
Last edited:
bogdan
Level 1
- Jan 7, 2011
- 1,362
I'm probably able to stay away from social engineering but there is little I can do about a 0-day bug that is actively being exploited. I'm also selfish 
so I would like Microsoft to release a patch as soon as possible. On the other hand, I understand that it is impossible to build a bug-free OS, especially a complex one as Windows.
so I would like Microsoft to release a patch as soon as possible. On the other hand, I understand that it is impossible to build a bug-free OS, especially a complex one as Windows.
Hungry Man
New Member
- Jul 21, 2011
- 669
- Jan 24, 2011
- 9,378
[attachment=855]
Malware detected by the Microsoft Windows Malicious Software Removal Tool (MSRT) in the first half of 2011, categorized by propagation methods.
Surprised to see that Zero day exploits have 0% , I was expecting to see at least a 0,2% but I guess that wouldn't make Microsoft look good.
Anyway the report confirms that socially engineered malware (scareware pop ups; blackhat search engine optimization attacks), or malware requiring user interaction such as campaigns enticing users into downloading and executing a malicious file are the main source of infection.
Read : Microsoft Security Intelligence Report Volume 11.
Malware detected by the Microsoft Windows Malicious Software Removal Tool (MSRT) in the first half of 2011, categorized by propagation methods.
Surprised to see that Zero day exploits have 0% , I was expecting to see at least a 0,2% but I guess that wouldn't make Microsoft look good
.Anyway the report confirms that socially engineered malware (scareware pop ups; blackhat search engine optimization attacks), or malware requiring user interaction such as campaigns enticing users into downloading and executing a malicious file are the main source of infection.
Read : Microsoft Security Intelligence Report Volume 11.
Attachments
Hungry Man
New Member
- Jul 21, 2011
- 669
And yet Google puts exploits outnumbering socially engineered malware nearly 100:1.
I can't believe it's 0.0%. Literally makes 0 sense.
http://www.zdnet.com/blog/security/adobe-flash-zero-day-exploit-in-the-wild/1189
http://www.adobe.com/support/security/advisories/apsa11-01.html
We've seen these before.
How many articles have we seen seen showing Java exploits as attack vectors? Or Flash? Or even Windows? They may not always be 0days but they're still exploits.
Known exploits make up for only 5.6% of the malware according to this study. It's just so strange that Google's report contradicts it so wildly.
I can't believe it's 0.0%. Literally makes 0 sense.
http://www.zdnet.com/blog/security/adobe-flash-zero-day-exploit-in-the-wild/1189
http://www.adobe.com/support/security/advisories/apsa11-01.html
We've seen these before.
How many articles have we seen seen showing Java exploits as attack vectors? Or Flash? Or even Windows? They may not always be 0days but they're still exploits.
Known exploits make up for only 5.6% of the malware according to this study. It's just so strange that Google's report contradicts it so wildly.
- Status
Similar threads
