Top Most Vulnerable Applications and Operating Systems in 2010

Analyzing the data on 2010 from National Vulnerability Database reveals some interesting statistics.

This is the list of the top most targeted applications in 2010:

As more and more businesses and applications are moving to the web, browsers are the favorite targets for hackers and security researchers. These are followed closely by Adobe tools, Microsoft Office, RealPlayer and Java Runtime Environment.

The top most targeted operating systems in 2010 are the following:

Microsoft still remains the preferred target when talking about operating systems, followed very far behind by Linux, Apple Mac OS X and Cisco IOS.

From the data above we can see that 75% of vulnerabilities are targeting applications, 18% operating systems and 7% hardware devices (i.e. Cisco). This means that patching only Microsoft products is not enough. Adobe products, web browsers and Java Runtime Environment are the minimum set of other applications that must be monitored closely to ensure they are always fully patched for adequate security.

Anand Kumar February 18, 2011 at 2:53 pm
This is great comparison and table.
Joe Bursky February 19, 2011 at 4:31 pm
Google Chrome isn’t that popular yet, so it is surprising that it is the number one target. However, attackers probably rely on the fact that Chrome is still new and many vulnerabilities haven’t been discovered yet. Otherwise, it is only natural that the most popular applications and operating systems are the most frequent targets.
Joe Bursky February 19, 2011 at 4:34 pm
Google Chrome is not that popular yet because it is relatively new but maybe it is the most attacked applications because of this – when an application is new, many unseen bugs appear out of nowhere. Otherwise, it is only natural that the most popular applications and operating systems are the most frequently attacked ones.
Joe Bursky February 20, 2011 at 5:26 pm
Joe Bursky – Google Chrome is not that popular yet because it is relatively new but maybe it is the most attacked applications because of this – when an application is new, many unseen bugs appear out of nowhere. Otherwise, it is only natural that the most popular applications and operating systems are the most frequently attacked ones.
Carmen Sidir February 21, 2011 at 3:01 am
Well, I guess we all know the reason why they’re the most targeted. They’re also the most popular. But what sets them apart from the other applications is they’re constantly updated by their developers. So although it’s making me anxious, I’m not completely worried.
1. Cristian Florian February 21, 2011 at 1:46 pm
  Indeed, 2010 was a rich year in security updates. Microsoft alone has released 106 security bulletins, which is a company all time record.
callmecool February 21, 2011 at 3:03 am
Another reason why you should never buy pirated goods! Try it once and it destroyed my system. I lost almost all my files.
Brian Eckman February 24, 2011 at 10:52 pm
Since when do *vulnerabilities* “target” applications, operating systems, and such? They don’t! EXPLOITS target these. Google Chrome isn’t the most “targeted” browser – it simply is the browser that had the “high severity” vulnerabilities listed within the National Vulnerability Database for the previous year.
As far as what software is/was most frequently exploited via the Internet to install malicious code, Java and Adobe Acrobat/Reader are pretty much tied for #1, with nothing remotely close to being next in line.
1. Cristian Florian February 28, 2011 at 6:58 pm
  @ Brian
  Strictly speaking it is people who are targeting these. And the first step to create an exploit is to find a vulnerability.
  The number of publically known vulnerabilities correlates with the interest hackers have to use the product as an attack vector.
  Indeed today Adobe Reader vulnerabilities, for instance, are more important than Google Chrome ones because Adobe Reader is more widely in use, especially in corporate environments.
  But Google Chrome is definitely on an ascendant path in capturing interest and becoming more “targeted”. The trend is obvious if we are looking at the numbers of vulnerabilities for it in the past three years (again the source is National Vulnerability Database):
  2008 -> 11 vulnerabilities
  2009 -> 31 vulnerabilities
  2010 -> 152 vulnerabilities
  I know that Java and Adobe Reader/Acrobat are widely exploited, but I don’t have exact figures. You are very sure that they are by far on the first place. Can you share with us the sources/facts that determined you to do this affirmation?
FOSS February 27, 2011 at 12:47 am
The reason Chrome is #1, Safari #2, Webkit #3, and Firefox #4 is because all of these browsers are open-source. When a project is open-source there is a much more transparent bug reporting method — most bugs found are considered potential security issues. On the upside, this means bugs are usually patched much more quickly than those in the closed source world.
Internet Explorer is closed-source which means it takes a little more work to discover flaws (but it doesn’t stop flaws from being discovered, as we all know). Moreover, Microsoft is under no obligation to report all vulns that they themselves find. If IE were open-sourced, you would see that it would have similar numbers to Chrome and FF.
1. Cristian Florian February 28, 2011 at 7:31 pm
  @FOSS
  Definitely Internet Explorer numbers would be higher if its code would be publicly available.
  However the trends in the past years, when we take each browser individually, are not influenced by this.
  For Internet Explorer the numbers are:
  2007 -> 68
  2008 -> 66
  2009 -> 58
  2010 -> 59
  For Firefox they are:
  2007 -> 77
  2008 -> 93
  2009 -> 128
  2010 -> 103
  For Safari they are:
  2007 -> 41
  2008 -> 39
  2009 -> 70
  2010 -> 122
  As you can notice Internet Explorer is the only browser that is having a descendant trend in the last four years. This means that:
  – Microsoft did improve security in the latest versions of Internet Explorer
  – This is another way to show that Internet Explorer lost market share and the other browsers gained and therefore they become more attractive for hackers and security researchers looking for vulnerabilities
Brian Camilleri March 5, 2011 at 11:35 pm
Great comparision, I am so glad to see Microsoft is trying what is possible to make its products better and secure. This information helps any person placed in a situation to decide which OS to use to make the right decision.
Great Work.
Brian
Jenna Ardi March 14, 2011 at 7:15 am
I’m surprised that Google Chrome OS and Chromium OS were not in the list for the most targeted operating systems in 2010.
The United States Computer Emergency Readiness Team stated last January 13, 2011 that “Google Chrome contains multiple vulnerabilities that can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.”
Although this problem can be fixed through software update, it still proves that the Google Chrome OS is receptive to most OS vulnerabilities.
Onion April 15, 2012 at 6:54 pm
There is a perception that “As long as it’s not Microsoft then I am safe”. Microsoft has put security at the forefront on their products. Their patch cycle is much more robust than some other companies.

Comments are closed.

If you have used this form and would like a copy of the information held about you on this website, or would like the information deleted, please email privacy@gfisoftware.com from the email address you used when submitting this form.

Top Most Vulnerable Applications and Operating Systems in 2010

About the Author: Cristian Florian

14 Comments

Top Most Vulnerable Applications and Operating Systems in 2010

Get your free 30-day trial

Get your free 30-day trial

About the Author: Cristian Florian

14 Comments