The Sans Institute, a source of information security training, certification and research, released their Top 20 list — security risks for 2007. They release this Top 20 annually, it’s a popular read for security professionals and enthusiasts.
Not surprisingly, they noticed that operating system targets are not attacked by massively propagating worms anymore. They note that “Operating systems have fewer vulnerabilities that can lead to massive Internet worms…There have not been any new large-scale worms targeting Windows services since 2005.”
I think that the vulnerabilities are still present in XP. They just are not researched or attacked as much anymore.
One might also notice that the decrease in the presence of network worms coincided with a major sea of change in the OS marketplace: the introduction and rampup of Windows systems running a host-based firewall. In late 2004, XP SP2 users were treated to a host based firewall that finally was delivered and enabled by default. Users also started looking for better host based firewalls once they understood what host based fw really were. Accordingly, the Sassers and Zotobs of the internet had no easy in. By the end of 2005, it just wasn’t all that fruitful to try to remotely attack Windows services that were now closed off from the internet cloud. The activity did not stop, however, it just took a turn.
Reading through the list or press release, you might also notice a corresponding rise in methods attackers use to evade the Windows host based firewalls: “We have seen significant growth in the number of client-side vulnerabilities, including vulnerabilities in browsers, in office software, in media players and in other desktop applications. These vulnerabilities are being discovered on multiple operating systems and are being massively exploited in the wild, often to drive recruitment for botnets.”
This arena of research has received the most attention, because these attacks are now the easiest to deliver.
Overall, it’s an interesting read. Enjoy!
