Almost every Windows PC contains at least one insecure program

Almost every Windows PC contains at least one insecure program

Summary: Sobering stats from Secunia. Out of a random sampling of 20,000 systems, a whopping 98.09% have one or more insecure program installed.

SHARE:
TOPICS: Hardware
77

Sobering stats from Secunia. Out of a random sampling of 20,000 systems, a whopping 98.09% have one or more insecure program installed.

The total number of PCs/users included in these numbers are 20,000, out of these 98.09% have 1 or more insecure programs installed on their PC, hence: 98 out of 100 PCs that are connected to the Internet have insecure programs installed!

It gets worse - nearly half of all Windows systems have eleven or more insecure programs installed.

Here's the data:

  • 0 Insecure Programs: 1.91% of PCs
  • 1-5 Insecure Programs: 30.27% of PCs
  • 6-10 Insecure Programs: 25.07% of PCs
  • 11+ Insecure Programs: 45.76% of PCs

This data is a subset of the data collected by Secunia's own PSI (Personal Software Inspector) scanner software.

The more software someone has installed, the more chance there is of there being a vulnerable application installed. Since not all programs have a built-in update mechanism, vulnerable programs can remain installed (and open to being exploited) for a long time. The Secunia PSI scanner is a very quick and easy way of spotting vulnerable apps.

So, how secure are your systems?

Topic: Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

77 comments
Log in or register to join the discussion
  • of course!

    The Mac/Linux fanboys would say that, by definition, 100% of windows PCs are running an insecure program.

    Them notwithstanding, flash, quicktime, etc. are becoming better targets for malware writers. Flash is flash, whether i'm running Windows, Mac, or Linux. This way, exploits are platform independent. These things are almost necessary now - have you tried finding a site that *doesn't* use Flash to some extent? I'd dare say that Flash has more of a user base than Internet Explorer does. This is simply a matter of the lowest common denominator. It's becoming more advantageous to write malware this way because of the diversification that's going on.

    Joey
    voyager529
    • 'assetID' is a required parameter for CNETAssetKey

      'assetID' is a required parameter for CNETAssetKey
      No_Ax_to_Grind
      • I kept getting that too on the article page

        When you click reply to story when reading someone else's talkback that doesn't happen.
        Michael Kelly
        • I was just sitting there reading ZDNet..

          the other day and my UAC went off - something was coming in and trying to install from an advertisement that was playing on the page.

          All it had for ID was a character string set. Needless to say, I didn't give it administrative permission to install.

          Haven't seen it again, since!?!
          JCitizen
    • Yes, and believe it or not..

      Microsoft's SilverLight is considered more secure than flash - for now that is.
      JCitizen
    • Sort of

      When the vast majority of Windows users are no longer running with administrator privileges, and are not running applications that require elevated privileges, you'll have a point, but probably not until then.

      UNIX/OSX/Linux is safer in that regard because the above has always been true. Ordinary users can still hose their own accounts and you still have the potential for buffer overflows on servers, but it's a lot harder for an ordinary user to cause problems for the entire system (ie. root can infect system files with viruses, but ordinary users can only infect their own).
      John L. Ries
  • Is this a Windows only phenomenon?

    Headline: 95% of men who get shot in the head will die.

    Might be true but does this mean we can come to any conclusion about what percentage of women will die from gunshots to the head?

    In fact, based solely on the never ending parade of QuickTime patches, one could say that 100% of OS X machines contain at least one insecure program.

    Quite frankly, this article is the very best type of FUD. It is 100% true, it makes people afraid, and it makes people want to change for the wrong reasons.
    NonZealot
    • I Think Obviously Not Windows-Only

      Well, I hope it was a case of the surveyors or researchers
      appropriately delimiting their sample. As to the ZDNet headline
      writers, perhaps, here, we meet our Dr. Pavlov.

      I was facilitating a skype roll-out at the office this week. (I
      haven't used it before.) I noticed that it had a file exchange
      feature and, in my book, that makes it insecure.

      Whither the way of the bit. Any non-trivial program which
      provides access and file exchange to an unseen entity across a
      network is insecure. That's cross-platform baby and
      forewarned is forearmed.
      DannyO_0x98
      • 'assetID' is a required parameter for CNETAssetKey

        'assetID' is a required parameter for CNETAssetKey
        No_Ax_to_Grind
    • Get a life

      Nowhere in the article was Mac OSX mentioned. Nowhere did
      he say you should switch your OS. Your groping at something
      that doesn't exist.

      Why don't you get the ball rolling and study the amount of
      insecure programs on OSX yourself. Prove that your theory is
      right. Please vindicate your bigoted position instead of
      constantly bitching.
      ChrisOPeterson
      • HELP 'assetID' is a required parameter for CNETAssetKey

        'assetID' is a required parameter for CNETAssetKey
        No_Ax_to_Grind
        • IT's your Vista ... (nt)

          ^o^
          n0neXn0ne
          • No.. It's ZDNet's servers blowing chunks...

            This, btw, was written on a computer running VISTA...

            So put that in your crack pipe and smoke it, troll...
            Wolfie2K3
          • Perhaps it's his system not the server?

            Or his browser? Others don't seem to be having the problem.
            Posted from Firefox on OS X 10.5 btw.
            914four
    • The problem is, there is the culture with Windows of downloading and

      installing software, partly since MS never offered a complete repository of all the nifty free software. We do not have to get into the reasons why. That makes everything other than MS software a separate download / install process, and a separate update procedure. Often there IS no automatic update - you would have to hear about security holes and look for the update yourself. That is what causes this mess, nothing else.

      Mac may be just as bad - I am not a Mac user.

      But, I know that it is NOT a problem with Linux - though independent verification would be good.
      DonnieBoy
      • JAVA GARBAGE 'assetID' is a required parameter for CNETAssetKey

        'assetID' is a required parameter for CNETAssetKey
        No_Ax_to_Grind
      • Read here...

        Notice the section detailing Linux defenses:

        http://blogs.techrepublic.com.com/10things/?p=416

        If you care to share your arguments about how Linux is somehow invulnerable, I'm sure they will explain it to you.
        JCitizen
        • Really a good read there...

          As well there is a 10 list of botnet info that jogged my memory about some stories I read about eight to ten years ago about sloppy sysadmins who ran compromised linux/unix systems and wondered why their network traffic was spiking all the time.

          I would wager that SELinux is perhaps the most invulnerable OS available but it also has a learning curve so a user might be tempted to setenforce = 0 and leave the doors wide open so they could get MySQL to talk to their webserver.
          awasson1
          • Yes, the user can be his/her own worst enemy..

            even on Linux.

            I think you'd find people are more willing to seriously discuss the problems out there instead of flaming each other on Tech Republic.

            I really like the information and the business approach over there too. Michael Kassner is one of my favorite reporters at TR.

            Enjoy!
            JCitizen
    • FIX ME 'assetID' is a required parameter for CNETAssetKey

      'assetID' is a required parameter for CNETAssetKey
      No_Ax_to_Grind