Frissítés a cikkhez, hogy miért összegzi a Linux, és Apple Os -ket :
"The response to my post on the top vulnerabilities in 2014 has been amazing and I would like thank everyone who commented on the article. What certainly stood out in the comments and feedback is the fact that some of the statistics I reported on were not clear enough. Many comments queried why vulnerabilities were grouped in the way I did and why there’s a single entry for Apple OS X and Linux but seven entries for each Windows version.
In the following update, I’m going to try and clarify and answer most of our readers’ queries.
The operating systems are different and it is hard to group them in a way that everybody agrees with. For example, unlike Windows, the Linux Kernel can be upgraded independently of the rest of the operating system; therefore it is hard to link Linux Kernel vulnerabilities to a specific Linux distribution or Linux distribution version. This is why Linux vulnerabilities are grouped under Linux Kernel as a separate product and then there are the specific vulnerabilities for each Linux distribution. The reason why only Linux Kernel and Apple OS X are listed at the top is because the number of vulnerabilities that specifically apply to other Linux distributions (like Red Hat, Debian, etc.) is lower than the number of vulnerabilities that apply to the operating systems already listed.
For example, here are some statistics for several Linux distributions that did not make it to the top and which are not included under Linux Kernel entry:
39 total vulnerabilities 7 high severity 27 medium severity 5 low severity
Red Hat Enterprise
27 total vulnerabilities 6 high severity 17 medium severity 4 low severity
20 total vulnerabilities 9 high severity 9 medium severity 4 low severity
15 total vulnerabilities 3 high severity 9 medium severity 3 low severity
If we had to group the different Windows versions under one entry the statistics would look like this:
68 total vulnerabilities 47 high severity20 medium severity 1 low severity
As you can see a lot of Windows vulnerabilities apply to multiple Windows versions and because of that there is not a huge difference between the number for the entire Windows operating systems family and the numbers for different Windows versions.
Some readers have also asked where Android fits in. Here are the NVD stats:
6 total vulnerabilities 4 high severity 1 medium severity 1 low severity
It is important to note that Android is based on Linux Kernel too and some of those vulnerabilities apply to Android as well. The malware on Android devices is usually spread via applications installed on the devices rather than via holes in the operating system.
Another question: where is Safari? Are Safari vulnerabilities included in OS X counts? The answer is no. Safari vulnerabilities are counted separately as is the case with the other web browsers. The reason why Safari is not listed is because it did not make it to the top of the list (it does have a large number of vulnerabilities, but only three of them are high severity):
70 total vulnerabilities 3 high severity 67 medium severity 0 low severity
To conclude, the aim of the article is not to blame anyone – Apple or Linux or Microsoft. The message I am trying to get across is that all software products have vulnerabilities. The frequency of security updates increases with the product’s popularity. At GFI we would like the people to use the information as a guide and to show which areas to pay more attention to when patching their systems. At the end of the day, however, an IT admin’s attention should be on ALL products in his network and not limited to those at the top of the vulnerability list; neither should the assumption be made that those further down the list are safer. Every software product can be exploited at some point. Patching is the answer and that is the key message."