Latest X-Force report reveals security trends

I just learned via the Internet Security Systems-issued X-Force report that the number of computer vulnerabilities is down from last year. That seemed like good news until I learned that that doesn't translate to more safety on the Web. It probably just means less vulnerabilities were reported.

The ISS's report notes that even though the overall number of vulnerabilities reported is down, those that do get reported are "high severity." The X-Force report revealed that the big software producers like IBM, Cisco, Apple and Microsoft suffered the most vulnerability exposures, but even so combined they only amount to 13.6 percent of all disclosed vulnerabilities. Sadly, of all the disclosed vulnerabilities, only half can be fixed with vendor patches.

X-Force reveals lots of interesting data on Trojans and spam. They found that Trojans - with over 100,000 varieties - were the largest malware category for 2007. Popular spam subject lines are pretty funny when you see them in a chart, but you can see how users could be tempted by them.

I was glad to see a notable decrease in image-based, animated GIF-based and PDF attachment spam - apparently security vendors have conquered the technique needed to root out the offenders. ISS expects that PDF and MP3 spam will further decrease simply because users really need to be active - open a PDF, open a ZIP file, or start an MP3 file - and text or image spam is just easier.

I wasn't surprised to see phishing was on the rise. The most popular subject lines included bank names and/or account security alerts and most phishing e-mails originate from bot networks.