On TV.com: Which Shows Are About to Get the AXE?
BNET Business Network:
BNET
TechRepublic
ZDNet

December 4th, 2008

Secunia: Less than 2% of Windows PCs fully patched

Posted by Ryan Naraine @ 2:13 am

Categories: Adobe, Apple, Arbitrary Code Execution, Browsers, Exploit code, Flash, Microsoft, Patch Watch, Research, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Program, PC, Malware, Windows PC, Secunia, Spyware, Adware & Malware, Cyberthreats, Microsoft Windows, Desktops, Tools & Techniques

An unpatched (Windows) monocultureIt’s long been established that the unpatched state of the Windows monoculture is the reason we are facing a malware epidemic.

Yet, the latest vulnerability patching statistics from Secunia’s PSI (Personal Software Inspector) is a major eye-opener for everyone tracking the security of the Windows ecosystem.  According to data culled from 20,000 users of the free software inspector, about 98% of all installed/detected applications are vulnerable to a known security flaw.

These stats confirm a scary reality and, when you compare them with information released by Secunia last May (when the unpatched count stood at 28%), you get a real sense of just how easy it is for malware writers to hit wide open targets.

The total number of PCs/users included in these numbers are 20,000, out of these 98.09% have 1 or more insecure programs installed on their PC, hence: 98 out of 100 PCs that are connected to the Internet have insecure programs installed!

[ SEE: Ten free security utilities you should already be using ]

Secunia defines an “insecure program” as a piece of software for which there is a newer version of the program available from the vendor that corrects one or more vulnerabilities, but the user have yet to install the secure version.

From Secunia’s blog:

  • No insecure programs:  1.91% of Windows machines
  • 1-5 insecure programs:  30.27% of PCs
  • 6-10 insecure programs: 25.07% of PCs
  • 11+ insecure programs: 45.76% of PCs

[ SEE: Secunia launches pay-as-you-go exploit shop ]

The company did not identify the applications on the list of “insecure programs” but it’s a safe bet it involves the most widely deployed software programs like Adobe Acrobat/Reader, Adobe Flash, RealNetworks’ RealPlayer, WinZip, QuickTime and Web browsers.

* Image source: Maggiejumps’ Flickr photostream (Creative Commons 2.0)

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 38 Talkback(s)
RE: Secunia: Less that 2?of Windows PCs fully patched
good article , I think
www.hey-b2b.com (Read the rest)
Posted by: heyb2b Posted on: 12/05/08 You are currently: a Guest | | Terms of Use
PSI program is a real eyeopener  THX 1138 | 12/04/08
Misleading report, though  Anton Philidor | 12/04/08
So there's problems..  gnesterenko | 12/04/08
Caveats  Anton Philidor | 12/04/08
There's a simple solution to all of this.  T1Oracle | 12/04/08
The above statement is false  gnesterenko | 12/04/08
Ubuntu not the answer to everything  medezark@... | 12/04/08
Ubuntu Sucks  soonerproud | 12/04/08
RE: Secunia: Less that 2% of Windows PCs fully patched  thetruth_z | 12/04/08
Bad logic  Brian G | 12/04/08
Another clueless poster.  ye | 12/04/08
That is so not true  Chad_z | 12/04/08
Your response was just more of the same FUD.  ye | 12/04/08
You can't prove...  storm14k | 12/04/08
The burden of proof is on the both of your shoulders.  ye | 12/04/08
That is a load of BS  GuidingLight | 12/04/08
The problem is NOT the MS applications, it is all of the OTHER applications  DonnieBoy | 12/04/08
You really don't expect users to fall for M$  thetruth_z | 12/04/08
I agree that MS is a big part of the problem for not creating a trusted  DonnieBoy | 12/04/08
not so much...  gnesterenko | 12/04/08
Still, it is a disaster to make users responsible for knowing about and  DonnieBoy | 12/04/08
Same with O$ X and various Linuxe$ out there  GuidingLight | 12/04/08
RE: Secunia: Less that 2% of Windows PCs fully patched  JayEdgar | 12/04/08
The problem is that there is not a software repository, and the years of  DonnieBoy | 12/04/08
Bingo.  no_zd_user_name | 12/04/08
M$ doesn't have a repository..  thetruth_z | 12/04/08
Yes, there are a lot of trust issues with MS around how they have used  DonnieBoy | 12/04/08
haven't heard of this  gnesterenko | 12/04/08
Users of Secunia's tool is not a statistically accurate sample of all PCs  PB_z | 12/04/08
I would suggest it shows better than reality.  TripleII | 12/04/08
Alternatively.  Bozzer | 12/04/08
ehh  gnesterenko | 12/04/08
Maybe  Bozzer | 12/04/08
Relevance  ThePrairiePrankster | 12/04/08
LINUX SECURITY = OBSCURITY and nothing more...  transposeIT | 12/04/08
As Are You  itanalyst2@... | 12/04/08
Advertisement Posing as Article  nucrash | 12/05/08
RE: Secunia: Less that 2?of Windows PCs fully patched  heyb2b | 12/05/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

  • Here to help you with your Document Management Needs
  • Doc is an enigma. Born to a Russian ballerina and a German electrical engineer, he grew up in various locations in the United States. He’s seen the insides of more brands, versions, and generations of printer and printer-related hardware than almost anyone.
  • To learn more about this mysterious figure check out his blog on ZDNet and his Workspace on TechRepublic. You’ll be glad you did.
  • Produced by
    ZDNet and