By Steven L., Cybersecurity Expert Squad
What is a security breach?
A security flaw, also known as a vulnerability, is a weakness in a computer system. This allows a potential attacker to compromise one of the four pillars of cybersecurity (availability, integrity, confidentiality, and, to a lesser extent, traceability).
Security flaws through time
When discussing "discovered" vulnerabilities in Windows, it is first necessary to discuss vulnerabilities in all systems combined, with an evolution over time.
As can be seen, Microsoft (all Microsoft systems combined) ranks first in terms of the number of vulnerabilities in its systems over the period from 1999 to 2019.
However, it should also be noted that Microsoft operating systems are the most widely used, if we exclude web servers and the world of IoT.
Windows versions used by users
Let's take a quick look back at the evolution of Windows.
For the main versions used by the average user, we had Windows 3.1, then Windows 95 (37 vulnerabilities reported between 1999 and 2009), Windows NT (242 between 1999 and 2010), Windows 98 (85 from 1999 to 2009), Windows 2000 (478 from 1999 to 2012), Windows XP (685 from 2000 to 2020), Windows Vista (793 from 2006 to 2020), Windows 7 (1,856 from 2009 to 2021), Windows 8 (252 from 2012 to 2018) and, finally, Windows 10. We will not be discussing Windows 11, which is currently in beta.
There has been a clear increase in the number of vulnerabilities detected over the last 20 years.
Windows 10 case study
Windows 10 has been publicly available since July 2015, so we can see that since its launch until 2021, just over 2,200 vulnerabilities have been found (and most of them fixed). In 2019 alone, 448 vulnerabilities were detected and fixed, and 807 in2020.
This can be explained, on the one hand, by the fact that today, searching for vulnerabilities can be lucrative and also because reporting them is easier than it was ten years ago. (And because publishers communicate about vulnerabilities.)
The cert-fr as we know it today only dates back to 2014.
However, it should also be noted that Microsoft Windows 10 is a consumer OS, so vulnerabilities are detected quickly and therefore fixed quickly.
In fact, for Microsoft, across all platforms, 84% of vulnerabilities are fixed within a year.
The most significant flaw: humans
In my opinion, the main flaw in Windows operating systems remains the human factor. To illustrate this, I will use a very simple example: Windows 7. A study by zdnet.fr 3 dated December 31, 2020 shows that nearly 100 million Windows computers are still running Windows 7, even though support ended in early 2020.
Recommendations:
- Update your operating system to the latest version
- Update your computer with security patches when they become available
- Keep your antivirus software up to date
- Back up your important data.
- Only use the Windows administrator account for administrative tasks. Specifically, only use it to install new software.
70% of critical vulnerabilities affecting Windows 7, Windows RT, 8/8.1, and 10 could have been prevented by removing administrator rights. 3
To go further, Windows 10: tips for improving security
References:
