You’ll Never Guess 2014’s Most Vulnerable OS

The Most Vulnerable Operating System Wasn’t Windows!

Apple’s operating system is considered to be the most secure consumer operating system whether it’s Mac OS X for desktop computers or iOS for iPhones. But believe it or not, they were the most vulnerable operating systems of 2014.

Windows, which is often referred to as the most vulnerable operating system in the world and also an easy target for hackers, is not even listed on the top three vulnerable Operating Systems.

Top Vunerable OS

According to an analysis by the network and security solutions provider GFI, the top three most vulnerable operating system are:

  • Apple’s Mac OS X
  • Apple iOS
  • Linux kernel

GFI analysis is based on the data from the US National Vulnerability Database (NVD), which shows that in 2014, the top three most vulnerable operating systems became so by the following number of vulnerabilities reported in their software:

  • Mac OS X – Total 147 vulnerabilities were reported, 64 of which were rated as high-severity
  • Apple’s iOS – Total 127 vulnerabilities were reported, 32 of which were rated as highly-severity
  • Linux Kernel – Total 119 vulnerabilities were reported, 24 of which were rated as high-severity.

MAJOR VULNERABILITIES REPORTED IN 2014

The major vulnerabilities that took over the Internet in 2014 were as follows:

HEARTBLEED – A critical security vulnerability detected in OpenSSL left large numbers of cryptographic keys and private data from the most important sites and services on the Internet open to hackers. It was considered to be one of the biggest Internet threats in history.

SHELLSHOCK – A critical remotely exploitable vulnerability discovered in the widely used Linux and Unix command-line shell, known as Bash, aka the GNU Bourne Again Shell, left countless websites, servers, PCs, OS X Macs, various home routers, and many more open to  cyber criminals.

Surprisingly, Microsoft’s Windows 7, 8 and 8.1 Operating Systems were the least vulnerable Operating Systems, as they fall into the bottom half of the list and rank at 5th, 7th and 8th, with 36 vulnerabilities reported in all of them.

“2014 was a tough year for Linux users from a security point of view, coupled with the fact that some of the most important security issues of the year were reported for applications that usually run on Linux systems,” explained GFI Software manager Cristian Florian.

Linux and Mac OS X Most Vulnerable OS In 2014

2014 Vulnerable OS list

Windows Server 2008 was the fourth most vulnerable OS in 2014 with 38 vulnerabilities, but it isn’t a version aimed at consumers.

MOST VULNERABLE APPLICATION

However, when it comes to applications, Microsoft came in where we thought it would, as its Internet Explorer browser lead the list with 242 total vulnerabilities, with 220 of them being rated as critical.

Obviously, this could embarrass Microsoft, as Internet Explorer has nearly twice as many security flaws than the second most vulnerable application, which was Google Chrome.

Google Chrome browser had 124 vulnerabilities reported in 2014. On the other hand, Adobe Flash Player improved last year with only 76 vulnerabilities reported.

Vulnerable Applications to Hackers

Overall, a total of 7,038 new security vulnerabilities were added to the National Vulnerability Database (NVD) last year, which indicates that an average of 19 new security vulnerabilities were reported every day.

Out of those, 80% were reported in third-party applications, 13% in operating systems, and 4% in hardware devices.

For those who aren’t aware, NVD is the US government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP).

Thanks to GFI and “The Hacker News” for the report.

FASTER AND MORE SECURE INTERNET HERE SOON –

Get Ready as the entire web you know is about to change. The new and long-awaited version of HTTP took a major step toward becoming a reality –  It has been officially finalized and approved. 1st Choice Website Solutions is happy to help spread the news.

Mark Nottingham, chairman of the Internet Engineering Task Force (IETF) working group behind creating the standards, announced in a blog post that the HTTP 2.0 specifications have been formally approved. Now, the specifications will go through a last formality – Request for Comment and Editorial Processes – before being published as a standard.

LARGEST CHANGE IN HTTP OVER LAST 16 YEARS

HTTP, or Hypertext Transfer Protocol, is one of the web standards familiar to most as the http:// at the beginning of a web address. HTTP protocol governs the connections between a user’s browser and the server hosting a website, invented by the father of the web Sir Tim Berners-Lee.

HTTP/2 is simply an update to the protocol, but is really a huge deal because the last time the HTTP specification was updated back in 1999. This means the HTTP/2 will be the first major update to the HTTP standard over the last 16 years, marking the largest change since 1999 when HTTP 1.1 was adopted that underpins the World Wide Web as we know it today.

WHAT IS HTTP/2 ?

HTTP/2 promises to deliver Web pages to browsers faster, allowing online users to read more pages, buy more things and perform more and faster Internet searches.

HTTP/2 is based on SPDY protocol, a protocol introduced by Google in 2009 and adopted by some technologies including Google’s own Chrome browser, Mozilla’s Firefox, Microsoft’s Internet Explorer, many websites such as Facebook, and some of the software that delivers Web pages to browsers.

SPDY (fittingly pronounced “speedy”) was designed to speed up the loading of web pages and the browsing experience of the online users. Both SPDY and HTTP/2 use “header field compression” and “multiplexing” to let browsers make multiple requests to web servers via a single connection.

HTTP/2 uses multiplexing to allow many messages to be interleaved together on a connection at the same time, so that one large response (or one that takes a long time for the server to think about) doesn’t block others,” Nottingham said.

BROWSE EVERYTHING FASTER

HTTP/2 won’t replace the traditional web standard what the world knows and loves, but it is expected to help websites load faster and more securely once it’s adopted a wide scale.

Making HTTP/2 succeed means that it has to work with the existing web. So, this effort is about getting the HTTP we know on the wire in a better way, not changing what the protocol means,” Nottingham wrote in a blog post last month.

PUSHES ENCRYPTION

HTTP 2.0 also brings another big change – Encryption. It was originally planned to push encryption technology called TLS (Transport Layer Security, formerly called SSL for Secure Sockets) in HTTP/2, but this was rejected because of inconvenience to certain network operators and proxy vendors by burdening them with new standards.

However, when Firefox and Chrome developers said that they won’t support HTTP/2 unless it does support encryption. Therefore, Nottingham says, sites that want to get the benefit of faster browsing “will need to use TLS if they want to interoperate with the broadest selection of browsers.”

WHEN WILL USERS GET HTTP/2 ?

As the specification of the HTTP/2 standard is finalized and approved, after going through some editorial processes HTTP/2 will be published and ready for adoption.

Well, to enjoy HTTP/2 on Internet depends on websites, hosting services and companies such as Google to implement the standard. For its part, Google already announced that it will adopt HTTP/2 in Chrome by early 2016. Users can also expect Firefox to follow suit, as well. More information is available in the HTTP/2 FAQ.

 

Thanks to “The Hacker News” for the story.