InfoWorld: In minimizing zero-day, Microsoft misses the point

/Home/Internet Security: Articles/Internet Security: InfoWorld/InfoWorld: Antivirus

Zero-day vulnerabilities account for minuscule slice of Microsoft malware pie, but sheer numbers don't tell the whole story

By Woody Leonhard
OCTOBER 12, 2011

If you've waded through Microsoft's latest Security Intelligence Report and its special ZeroDay Article, you may have been struck by the claim that "less than 1 percent of all exploit attempts" against Microsoft software in the first half of 2011 took advantage of zero-day vulnerabilities.

While Microsoft's counting methodology makes a lot of sense, it doesn't cover all the bases -- and its conclusion isn't particularly accurate since it underestimates the impact of these attacks. In a nutshell, here's how the Microsoft Security Resource Center researchers came up with their numbers.

Click the URL above to read the full article