Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8 is the most vulnerable Windows OS, ...thank Flash for that


  • Please log in to reply
24 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:31 AM

Posted 27 February 2014 - 01:40 PM

Windows 8 is the most vulnerable Windows OS, you can thank Flash for that

Microsofts Windows 8 platform has been tagged by security research firm Secunia as being the most vulnerable Windows platform on the market....according to their research, Windows 8 had more vulnerabilities than previous versions of Windows that are currently supported by Microsoft for 2013....the answer is quite simple; Flash. Because Flash is now baked into the modern instance of IE, any Flash vulnerability can now be tied into Windows 8 as well.


flashwin8.png

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:31 AM

Posted 27 February 2014 - 01:52 PM

Hmm...wouldn't that make IE the most vulnerable? Since technically you can have win8 and not use IE? I have it and I use Firefox. No issues here.



#3 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:31 AM

Posted 27 February 2014 - 04:08 PM

Hmm...wouldn't that make IE the most vulnerable? Since technically you can have win8 and not use IE? I have it and I use Firefox. No issues here.

 

It would - but the report to which this article links, says that IE is baked in to Windows and thus it's a Windows vulnerability too.


If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#4 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:31 AM

Posted 27 February 2014 - 04:53 PM

Yes it is part of the operating system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:03:31 AM

Posted 27 February 2014 - 04:58 PM

I understand. However I fail to see how you would be vulnerable if you decide not to use IE. Not using it, not updating Flash when asked, etc. Does that mean that using Flash in other browsers will make you more susceptible to malware and hackers? I fail to see the correlation.



#6 saluqi

saluqi

  • Members
  • 653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:12:31 AM

Posted 27 February 2014 - 06:07 PM

Using Windows 8 on the office laptop I have now received several prompts from Avast! Internet Security to update Flash Player.  All those updates have failed.  Is that good or bad?

 

I have installed Google Chrome and use that in preference to MSIE.  Have i understood correctly that Win 8 remains vulnerable (for the specific vulnerabilities in Flash) because Flash is active whether I will or no, and whether or not I use MSIE?

 

I can switch off the Flash-specific Avast! reminder, if that would be a good idea?

 

Thanks,



#7 Ted Striker

Ted Striker

  • Members
  • 1,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:03:31 AM

Posted 27 February 2014 - 07:46 PM

I understand. However I fail to see how you would be vulnerable if you decide not to use IE. Not using it, not updating Flash when asked, etc. Does that mean that using Flash in other browsers will make you more susceptible to malware and hackers? I fail to see the correlation.

 

I think it means that since any vulnerability in IE affects Windows 8, the vulnerabilities in Flash, combined with the amount of people who use IE in a Windows 8 environment has made Windows 8 the most vulnerable OS.  If you use another browser then you're not affected but I guess there are still enough people who use IE to make this a huge problem.



#8 Brandon Young

Brandon Young

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hagerstown
  • Local time:04:31 AM

Posted 27 February 2014 - 08:07 PM

Why doesnt everyone Go to Google Chrome. Its not that bad, Its actually better In some cases. I have been using Google Chrome for three years and havent had a problem with it.



#9 Platypus

Platypus

  • Global Moderator
  • 15,439 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:07:31 PM

Posted 27 February 2014 - 08:29 PM

The browser in use isn't the specific source of the vulnerability. Once IE became integrated into the Operating System, the code is present and callable regardless of whether IE is currently instantiated as a browser. IE provides some WIndows functionality, a well kown example is the HTML rendering engine which was used for the Help system, and could be called by other browsers (and hence malicious code also) if they wished. With Flash support integrated, if it contains a vulnerability, it's not dependent upon IE running as a browser for it to potentially be exploited.


Top 5 things that never get done:

1.

#10 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:31 AM

Posted 27 February 2014 - 08:47 PM

And Windows 8 includes a bundled, integrated version of Adobe Flash so the Metro-style browser will be able to use Flash.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 27 February 2014 - 09:38 PM

And what about Silverlight which is analog of adobe flash?



#12 UNC61

UNC61

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Fancy Prairie, IL
  • Local time:03:31 AM

Posted 27 February 2014 - 09:42 PM

   The observation in the report was different than the headline.  Essentially, it said that Windows 7 had 102 vulnerabilities identified in the system during 2013. Flash Player is now embedded in Windows 8/8.1. As a result of that, the 56+ (I stopped counting at 56) vulnerabilities of Flash Player in 2013, took the total vulnerabilities in the system up to 154. Had Microsoft not embedded Flash Player, Windows 8 would actually had 100 or less vulnerabilities in Windows 8 during the year. The browser is irrelevant, from the aspect of Flash Player. However, considering the ridiculous numbers of vulnerabilities discovered in Firefox and Chrome, they would have merely increased the level even further, under the same considerations.

   I suspect that the thinking at Microsoft was that a patched Flash Player was better than an unpatched Flash Player, so they took on responsibility to ensure that Flash Player gets automatically patched in Windows 8.  For instance, I noted on 5 different Windows 7 machines that unneeded residue from Flash Player 12.0.0.44 was left behind when Adobe "automatically" updated the latest version 12.0.0.77.  Of course, guess what aspects were left behind?  Yes, the vulnerable files.

   I appreciate everyone's penchant for beating up on Microsoft, but the issue here is Adobe Flash Player, not Internet Explorer, Firefox, Safari or Chrome. When talking about security, pretty has no place.

   Secunia is in need of an headline editor. Actually, that is OK with me because I really appreciate all of the really good that they do. :thumbup2:

 

UNC



#13 TsVk!

TsVk!

    penguin farmer


  • Members
  • 6,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Antipodes
  • Local time:06:31 PM

Posted 28 February 2014 - 12:59 AM

I can see it now....

 

Windows 9's newest 'feature'... Integrated OS Java.... :lmao:



#14 PC-ASSIST

PC-ASSIST

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 28 February 2014 - 09:56 AM

Least of all that Win8 is mostly avoided by corporations and most of my clients....who needs an OS that redefines standard usage?



#15 battyhippie

battyhippie

  • Members
  • 430 posts
  • OFFLINE
  •  
  • Local time:03:31 AM

Posted 28 February 2014 - 02:11 PM

As always, Thanks for my chuckle of the day, TsVk!

 

Now on a serious note, I am running Mint 16, just got 2 updates for flash...flipped over to Crazy 8.1, nope nothing nada. Sad ...are they going to wait for Patch Tuesday?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users