Page 2 of 2
"Java has been fiercely under attack for over a decade now," added Schouwenberg. "In that time, Sun [and] Oracle have made no significant security improvements to Java. This is extremely disturbing and should really worry people. The best course of action really is to uninstall Java. Most people really no longer need it."
Schouwenberg advised that "corporations that need it for internal applications should at least disable the Java browser plug-ins. Unfortunately, the plug-ins get enabled again after updating Java. So that's something to watch for."
As another alternative, he recommended that browser settings could be switched to "click to play" in order to prevent the program from running automatically.
Meanwhile, the study ranks Adobe Acrobat Reader second in vulnerable applications that were targeted by exploits during the third quarter, accounting for 25 percent of all attacks. The report also says that Adobe Reader exploits are gradually declining due to enhanced security. Automatic updates, which were introduced in the latest versions of Reader, are believed to be contributing to the decline.
Among other notes, a total of 30,749,066 vulnerable programs and files were detected during the third quarter on computers of Kaspersky Security Network users, with an average of eight different vulnerabilities on each affected computer.
"I find it very telling that over 90 percent of our web detections come from our URL blocker and related technologies," added Schouwenberg. "That means the traditional scanning technologies play a minor role here. It really proves the case that antimalware is much more than just a scanner of sorts."
Nearly one-third of US-based computers were attacked during the third quarter while the user was surfing the web.
Apple's QuickTime and iTunes came in at sixth and seventh place, with vulnerabilities showing up on 13.8 percent and 11.7 percent of computers, respectively.
Microsoft did not appear on the Top 10 vulnerabilities list, marking the first time in history that the software giant has been absent from this list. Kaspersky believes this is largely attributable to enhancements made to the automatic updates mechanism.
PUBLISHED NOV. 2, 2012