I'm a long time Java dev and lately it's been terrible, totally terrible, for Java from a security point of view. A gigantic fiasco. Flash's track record is very poor too. Saying that something is "less vulnerable" than these two really doesn't mean much.
We're talking about hundreds of millions of zombie PCs due to Java applets + Flash exploits. So being "less vulnerable" than these technologies doesn't mean much.
So no Microsoft product in the top 10? You mean Word is not as big as an attack vector as Java applets and Excel is not as big as an entry point as Flash? Is there any surprise in here!?
That's not the interesting thing: what concerns most people is the browser they use to surf the Web. Is Safari + Java applet plugin more vulnerable then IE + Java applet? Is Chrome + Flash more vulnerable then IE + Flash?
That's what counts.
And also: how do you install Java on your system if you really need it (e.g. because you're a Java dev) and yet make sure it's not available from your browser? Or from another user account? This kind of stuff is trivial to do on Linux: it's been a long time since I'm using a throwaway user account that has no Java installed to "surf the Web" (using Chrome but whatever). It's trivial to do because on Linux you can install Java from a regular user account (no need to be root).
On Windows this is not possible: installing Java requires the admin password and opens a whole can of worms ; )
I can tell you: I'm surfing from Linux using Chrome which has Flash. I also have Java installed in a separate (developer) user account. And I'm pretty sure this is more secure than surfing from a Windows machine, no matter where Microsoft stands in that report from their "friend in bed" Kaspersky...
Also, for a little touch of irony regaring the article, Kaspersky's revenues are virtually entirely coming from sales of anti-virus protecting Windows OSes. Why aren't they succesful on the Linux servers powering the Internet?
We're talking about hundreds of millions of zombie PCs due to Java applets + Flash exploits. So being "less vulnerable" than these technologies doesn't mean much.
So no Microsoft product in the top 10? You mean Word is not as big as an attack vector as Java applets and Excel is not as big as an entry point as Flash? Is there any surprise in here!?
That's not the interesting thing: what concerns most people is the browser they use to surf the Web. Is Safari + Java applet plugin more vulnerable then IE + Java applet? Is Chrome + Flash more vulnerable then IE + Flash?
That's what counts.
And also: how do you install Java on your system if you really need it (e.g. because you're a Java dev) and yet make sure it's not available from your browser? Or from another user account? This kind of stuff is trivial to do on Linux: it's been a long time since I'm using a throwaway user account that has no Java installed to "surf the Web" (using Chrome but whatever). It's trivial to do because on Linux you can install Java from a regular user account (no need to be root).
On Windows this is not possible: installing Java requires the admin password and opens a whole can of worms ; )
I can tell you: I'm surfing from Linux using Chrome which has Flash. I also have Java installed in a separate (developer) user account. And I'm pretty sure this is more secure than surfing from a Windows machine, no matter where Microsoft stands in that report from their "friend in bed" Kaspersky...
Also, for a little touch of irony regaring the article, Kaspersky's revenues are virtually entirely coming from sales of anti-virus protecting Windows OSes. Why aren't they succesful on the Linux servers powering the Internet?