News Vulnerability Management
The Apps Users Don't Patch
Secunia data shows Shockwave, QuickTime, and Java JRE get updated the least by PC users
One of the weakest links is the system of leaving it up to users to manually update their software: it’s just not a given that most will bother doing it. New and unpublished data from Secunia shows just how inconsistently users update -- and how it leaves them and their organizations at risk.
Secunia in May took a random sample of U.S.-based PC users from its Secunia Personal Software Inspector (PSI) scans, and found that third-party apps are the worst-kept software: 66 percent of vulnerabilities came from third-party applications, 18 percent, from Microsoft software, and 16 percent, from operating systems. Some 13.7 percent of users were running unpatched operating systems, the data found: 16 percent of XP users, 13.7 percent of Vista users, and 12.8 percent of Windows 7 users.
More Security Insights
- IDC Analyst Connection: Using Blade Systems to Cut Costs and Sharpen Efficiencies
- Cloud-based data backup: A buyer's guide - How to choose a third-party provider for development, management of your data backup solution
- The Untapped Potential of Mobile Apps for Commercial Customers
- Augment your data warehouse with big data solutions
The top three apps that were most exposed were Sun Java JRE 1.6/6.x, with 31 percent of the machines running unpatched versions; Apple QuickTime 7.x, with 35 percent of the machines running unpatched versions; and Adobe Shockwave Player 11.x, which was unpatched in a shocking 67 percent of the PCs.
“Updating software is a daunting task. Most software vendors doesn't provide proper silent and automated updating mechanisms, this forces users to manually identify out-of-date and insecure software that needs to be updated and conduct the entire updating process, says Thomas Kristensen, chief security officer at Secunia. “This causes many users to neglect updating software at large, leaving gaping holes for criminals to exploit.”
Secunia revealed the data in conjunction with the release today of PSI 3.0, a free security scanner for PC users. The new version of the scanner provides automatic security patch updates for apps from some 3,000 vendors including Microsoft, and customization for non-technical users as well as technical users. It also automates patching for software that typically requires a manual installation. The company says there are more than 5 million users of the free tool worldwide.
Among the U.S. PC sample, the average number of vendor applications on PCs is 23. “For almost a decade, Secunia has been on a mission to thwart vulnerable software,” said Thomas Kristensen, Chief Security Officer of Secunia. “With the launch of the PSI 3.0 we are about to move a mountain by offering automatic and silent updating to all users.” The new PSI 3.0 tool is available for download here.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.