操作系统安全威胁的发展趋势 必复杂化 多种威胁往往交织在一起 拒绝服务 网页恶意代码,25 2005年,CNCERT/CC 主机入侵,45 攻击,35 蠕虫,67 收到了9112件非扫描类 僵尸网络,11 垃圾邮件,161 木马,10 网络安全事件报告按类 网络仿冒,475 其他,153 型统计情况 绝大部分与OS的安全性 相关 网页纂改,8130 口网页算改 ■网络仿冒 口垃圾邮件 口孀虫 ■主机入侵 口拒绝服务攻击■网页恶意代码口僵尸网络 ■木马 ■其他 2023/7/14 EMBEDDED SYSTEM LABORATORY SUZHOU INSTITUTE FON ADVANCED STUDY OF USTC
2023/7/14 SOS 18/103 操作系统安全威胁的发展趋势 ❖复杂化 ❖多种威胁往往交织在一起 2005年,CNCERT/CC 收到了9112件非扫描类 网络安全事件报告按类 型统计情况 绝大部分与OS的安全性 相关
07年微软安全研究员Jeff Jones公布的OS漏洞计分榜 2007年初~7月底,被修复的Vistai漏洞只有20个,大多 属于高危级,Windows XP不到40个,其他Jbuntu、Mac OSX、Red Hat、.Novell等少则130个、多则接近180个。 Workstation OS(all packages)-Year to Date Workstation OS(all packages)-3 Months YTD thru July 2007 May,June,July 2007 200 01501410000660100 ■Lowvulns fixed ore06000 Low vulns fixed Medium vulns fixed Medium vulns fixed High vulns fixed High vuins fixed Vista Workstation OS(reduced uinux pkgs)-Year to Date Workstation OS(reduced Linux pkgs)-3 Months YTDthru July 2007 May,June,July 2007 140 70 000640 ■Lowvulns fixed Medium vulns fixed 600000 Lowvuins fixed Medium vulns fixed ■High vulns fixed High vuins fixed 流实验室 LTS SED10 RHEL4WS 0sx104 M LABORATORY CEO STUDY OF USTC
2023/7/14 SOS 19/103 07年微软安全研究员Jeff Jones公布的OS漏洞计分榜 ❖ 2007年初~7月底,被修复的Vista漏洞只有20个,大多 属于高危级,Windows XP不到40个,其他Ubuntu、Mac OS X、Red Hat、Novell等少则130个、多则接近180个
在服务器OS方面,Windows Server2003只有不到40个漏 洞,Red Hat和Novell!则有120-150个。从这个数量相比, 微软操作系统漏洞尚不及Liux的13。 Server OS(all packages)-Year to Date Server OS (all packages)-3 Month YTDthru July07 May,June,July 07 180 151415006000 ■Lowvulns fixed 6001060501001010 ■Lowvulns fixed Medium vulns fixed Medium vulns fixed ■High vulns fixed ■High vulns fixed Ws2003 RHL4 AS svr RHEL5SVR· Novell WS2003 RHEL4AS sVr RHEL5 SVR*Novell 5LE510 Server OS(reduced Linux pkgs)-Year to Date Server OS (reduced uinux pkgs)-3 Month YTDthru July07 May,June,July 07 120 60 100 50 80 50 30 20 Lowvulns fixed 98 ■Lowvulns fixed Medium vulns fixed Medium vulns fixed 10 0 ■High vulns fixed ■High vulns fixed WS2003 RHEL4AS SVr RHEL5 SVR*Novell 流实验室 WS2003 RHEL4AS svr RHELS SVR*Novell SLESI0 51E510 M LABORATORY CEO STUDY OF USTC
2023/7/14 SOS 20/103 ❖ 在服务器OS方面,Windows Server 2003只有不到40个漏 洞,Red Hat和Novell则有120-150个。从这个数量相比, 微软操作系统漏洞尚不及Linux的1/3
08.5微软Vindows XP SP2/Vista年度安全对l比报告 .com 60 60 50 50 40 40 30 30 20 20 10 10 0 Windows XP SP2 Windows Vista Windows XP SP2 Windows Vista Critical Important Moderate Low ■High Medium■Low rivers.com .com Windows Vista Patch Events-2007 Windows XP SP2 Patch Events-2007 12 12 10 10 J07F07M-07A07M-07J-07J07A-075-07007N07D-0 -07 F-07M-07A-07M-07J-07J-07A075-070-07N-07D07
2023/7/14 SOS 21/103 08.5微软Windows XP SP2/Vista年度安全对比报告
08.5,第一季度客户端操作系统漏洞统计报告 Client OS Vulnerabilities Security Patch Events fixed Advisories Windows Vista 9 6 2 Windows XP 12 8 2 Q1 2008 Client OS Vulnerabilities Red Hat RHELD 5 60 19 12 90 (reduced) Red Hat RHEL WS 4 75 18 14 7 (reduced) Ubuntu 6.06 LTS 54 15 13 050 (reduced) Mac OS X 10.5 Leopard 83 6 20 yue断 1 WindowsWindows RHELCS RHEL4WS Ubuntu Mac OS X Mac OS X Q1 2008 Client OS Vulnerabilities-High Sev Only Vista XP reduced reduced 6.06LTS 10.5 10.4 reduced 30 25 14 12 20 oup 10 15 10 WindowsWindows RHELC5 RHEL4WS Ubuntu Mac OS X Mac OS X Vista XP reduced reduced 6.06LTS 10 -10.4 Windows XP Windows Vista reduced 助之 ■High■Medium e服助送
2023/7/14 SOS 22/103 08.5, 第一季度客户端操作系统漏洞统计报告 ❖08年5月