More than 98% of Windows computers harbor at least one unpatched application, and nearly half contain 11 or more programs at risk from attack, a Danish security company said Wednesday.
According to Secunia, 98.1% of the PCs on which its Personal Software Inspector (PSI) utility was installed during the last week sport one or more applications that have security updates available for downloading.
PSI scans Windows systems for installed applications, then compares their version numbers to the most up-to-date; if they're different, it makes note, then provides a link to the patch update. To gather its numbers, Secunia tracked the results of each user's first PSI scan.
Since Nov. 25, when PSI left beta and entered Version 1.0, more than 120,000 people downloaded the utility, said Thomas Kristensen, Secunia's chief technology officer. The company randomly selected 20,000 of those installations, then tallied the number of unpatched applications PSI found.
"Most people keep Windows up to date," said Kristensen, "because it's so easy to use Windows Update. Adobe Reader and Flash and Apple QuickTime are like that, too, as are browsers. But a lot of third-party [browser] plug-ins don't have any [update mechanism] and so people don't keep them updated."
The PSI data showed that while fewer than 1.9% of the users had a completely clean PC, 30.3% of the machines contained between one and five unpatched programs, 25.1% had between six and 10 at-risk applications, and 45.8% of the systems boasted 11 or more insecure programs.
Wednesday's numbers were even more dismal than those Secunia collected last January, when it surveyed a similar number of PCs that had just installed PSI. Then, approximately 4.5% of the machines were free of unpatched programs, more than twice as many as in the newest survey.
Kristensen explained the decline. "We've had a change in the user base, and managed to reach a much broader group of users," he said. PSI's early adopters were mostly tech-savvy types, Kristensen argued, but as word has spread about the utility, "it's reached a completely different group of users, many who never patch their PCs," he added.
Since Secunia brought the free utility out of beta test, the Copenhagen-based company claims about 900,000 users have downloaded the program. "We should clear one million around the first of the year," Kristensen said.
PSI runs on Windows 2000, XP, Vista, and Server 2003 and can be downloaded from the Secunia site.
NetApp quits bidding war in face of EMC opposition
Newest IE bug could be next Conficker, says researcher
Analysts: Google has muscle for long-term battle with Microsoft Windows
No sign of North Korean backing in bot attacks on US sites, says researcher
T-Mobile launches myTouch 3G; no plans for HTC Hero
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Top 10 Ways to Increase IT ROI Without Adding Staff
Reducing the risk of insider abuse
Speeding business innovation with Data Centre Transformation solutions
Customer Experience Management: Improving the Consistency and Quality of Customer Interactions
Best Practices in Lifecycle Management
Understanding Email Marketing: A Guide for SMBs
Data Center Eco-Nomics
State of Internet Security
Zones provide focussed content from Computerworld and leading technology partners.
Comments
Blind application of patches is NOT good practice
This tool is a scam.
Any IT person with any real experience knows that having the latest and greatest version is NOT a guarantee of security or functionality.
Many patches are not relevant to many organisations because they do not use the function being patched.
Some patches may make applications non-functional.
This is terrible reporting.
Post new comment