Operating Systems

Tag ∙ 7 posts


At security conferences and events, I have noticed that the distribution of operating systems seems to differ somewhat from what I read in the papers. As my last post showed, the Internet Identity Workshop skewed decidedly in the Mac direction.

I thought it would be fun to put together a quick poll asking the members of the securitymetrics.org mailing what operating systems they used. I sent out a note asking the membership to respond to two simple questions:

ZDNet’s Ryan Naraine blogs about Joanna Rutkowska’s blog post on Vista security. Joanna pointed out that Vista’s Mandatory Integrity Control feature has a few implementation flaws and seems to default to prompting for admin credentials whenever setup apps run. EWeek’s Joe Wilcox asked me to comment on the imbroglio which I was happy to do. I also posted a lengthy comment on Joe’s story, which for posterity I reprint here.

Many readers know that my day job is as a security technology analyst for Yankee Group. Well, it’s about that time of year where we start to wind down our research calendar.

Rudolph Araujo, a contributor to the securitymetric.org mailing list, forwarded on a link to a Red Herring article about a new Cybertrust study on the impact of the Zotob worm by Russ Cooper.

Cybertrust has an interesting model… when major security incidents happen, they make a habit of canvassing a wide group of companies that have agreed to participate. Looks like they are up to about 700 or so participants, not all of which are their customers. I actually really like and appreciate that Cybertrust takes the time to do this, although in this particular example I think they raised more questions than they answered.

Webroot has lately been producing a series of quarterly statistics on infection rates for four types of badness: Adware Trojan horses—botnet software falls into this category System monitors—includes key loggers Tracking cookies Now, one could certainly raise objections about selection bias.