Symantec's New Internet Security Threat Report

Security vendors often release reports based on their perspective of current and future Internet-related security threats. The reports are useful in learning what the vendor sees, which in turn can lead you to your own widened perspective on potential problems.

Symantec recently released "Internet Security Threat Report, Trends for July-December 2006." While the report is based on historical data, it does lend some insight into the future.

According to the report, the latest trend for intruders is to use medium-risk vulnerabilities as launch points to conduct future attacks. Symantec said that intruders are more frequently using combined vulnerabilities and that financial gain is often the motive.

The company said it bases its findings on a network of more than 40,000 sensors in more than 180 countries, more than 2 million decoy email accounts, and information collected from its BugTraq mailing list.

Some interesting highlights from the report include the discovery that of all the attacks that affected Web browsers, approximately 77 percent were aimed at Microsoft Internet Explorer (IE). Ninety-three percent of all attacks were aimed at home users.

Another interesting data point is that Symantec tracked over 5,200 Denial of Service (DoS) attacks per day. That's a lot! Interestingly enough, the company said that figure dropped from last year when it tracked more than 6,100 DoS attacks per day.

The company also documented more than 2,500 vulnerabilities; 66 percent of them were related to Web applications, and 79 percent were "easily exploitable."

Another interesting set of points are patch turnaround times for OSs. Symantec measured five vendors: Microsoft, Sun Microsystems, Apple, HP, and Red Hat. Of those five companies, Symantec found that Microsoft had the fastest average turnaround time overall, Red Hat was second, HP was third, Apple was fourth, and Sun was fifth.

The number of vulnerabilities measured for each vendor varied as did the response time, when comparing the second half of 2006 with the first half. For example, HP's average response time in the first half of 2006 was 53 days for the seven vulnerabilities the company disclosed. In the second half of 2006, HP's number of disclosed vulnerabilities increased to 98 and the company's average response time increased to 101 days.

Even though we'll most likely see fewer vulnerabilities in Vista than we do in previous Windows platforms, I expect Microsoft's average vulnerability response time will remain steady since it uses a monthly patch release schedule.

Vista will no doubt affect the future reports of most any Windows-based security vendor--Symantec certainly included. The report predicts that third-party software developers could become the source of a significant percentage of attacks against the OS.

That's just the tip of the iceberg of the information in Symantec's 104-page report. Other information includes trends regarding specific types of attacks, what future trends might be, and a lot of detail about some of the topics I covered briefly here. If you're interested in reading the entire report, you can get a copy in PDF format at the URL below:

http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_internet_security_threat_report_xi_03_2007.en-us.pdf