Here Are Some Scary Stats About Windows Devices

DuoSecurity analyzes Windows endpoints used by its customers and finds some dusty old applications in use.

Outdated Windows operating systems and applications are still par for the course in many enterprises today.

DuoSecurity studied some 1.26 million Microsoft Windows endpoint devices of its business customers, and found a disturbing chunk of old-school software in use. Tens of thousands of devices in the sample are running Windows XP, for example, and one-fifth of Internet Explorer browsers are out-of-date.

"What was most surprising to me was the browser data: 20% of all IE we see are older, non-supported versions," says Mike Hanley, director of security at DuoSecurity. "My hunch is that because they have this legacy application that, [for example], only works with IE 8, they continue to use IE 8," he says. It can be pricey for enterprises to update their legacy apps for a new browser version.

Among the other Microsoft endpoint findings by DuoSecurity:

·         65% of all Windows devices run Windows 7

·         98% of IE devices have Java installed

·         62% of IE devices have an outdated version of Adobe Flash installed

Hanley says the majority Windows 7 operating system wasn't too surprising, but it was disappointing. "A fully patched Windows 7 machine versus a fully patched Windows 10 machine" isn't the same thing, he says. "Windows 10 comes with more sophisticated security."

Windows 10 comes with an updated BitLocker feature that encrypts the entire hard drive as well as individual files, for example, plus the new Device Guard function that only allows trusted code to run on the machine.

Outdated OSes and applications obviously leave endpoints at risk. IE versions 8, 9, and 10, for example, are no longer supported by Microsoft, so users of these older versions could be a the mercy of older vulnerabilities and exploits. Most of the IE users in the sample—80%- run IE 11, and just 3%, Edge, according to Duo's report.

The XP devices in the sample were mostly desktops and laptops, not the usual suspects of kiosks or other devices.

A bit of good news from the survey: "Legacy IE usage has actually dropped off. Even if they're not running Windows 10, they are at least not using IE 8 as much," Hanley says, which is an improvement from data gathered by his firm earlier this year.

Related Content:


About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights