Secunia: Alarming stats on insecure applications

Secunia: Alarming stats on insecure applications

Summary: Secunia has some alarming stats on the lack of patching going on out there.Secunia uses its PSI application to track patches and the state of security.

TOPICS: Security, CXO, Hardware

Secunia has some alarming stats on the lack of patching going on out there.

Secunia uses its PSI application to track patches and the state of security. As you may know, PSI is one of those must have free security apps. psi.png

Also see: Ten free security apps you should already be using.

In a scan of new users of Secunia PSI in the last 7 days (covering 20,009 computers/users and 1.78 million applications), the company found the following:

  • More than 95 percent of those new PSI users have 1 or more insecure applications installed on their PCs;
  • Folks aren't installing newer versions of software when there's one that corrects one or more vulnerabilities. Here's the rundown:

Number of insecure applications per computer/user:

0 Insecure Applications: 4.54% of computers 0-5 Insecure Applications: 27.83% of computers 6-10 Insecure Applications: 25.69% of computers 11+ Insecure Applications: 41.94% of computers

Topics: Security, CXO, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Does this come as a surprise?

    Keeping 11+ software packages manually up to date isn't something that people like to do. (especially if all of them require a reboot )

    It just costs people to much time to perform all these updates. It's nice to have a very large eco system of software vendors, but if there's one thing Microsoft could learn from the average linux distribution it's how they manage software in their repositories.
    • Won't work

      Package management assumes there's some entity which could gather patches available for the full range of Windows applications available from all the proprietary software vendors (and open source as well).

      The only ones with the resources to possibly do it are Microsoft or the various hardware vendors. They'll have to develop some kind of patch management system that resolves dependencies (good old DLL hell?), and do testing.

      Such engineering efforts would eat into their profits, so some kind of payback analysis would have to predict positive cash flow...
      • True!

        For now I will rely on Secunia's PSI consol and do it manually.
  • One shouldn't have to buy...

    new software because the one they bought at first is insecure.

    Companies that sell insecure software should have to fix it for free or pay their customers to have someone else fix it.

    No financial responsibility, no secure software. Why write quality software when you don't have to?

    Once again, if the consumer is going to let it happen then they just need to live with it.
    • Secunia's service is free

      Other than that, I'm feeling you. ;)

      And besides, who pays for Flash Player, QuickTime (non-Pro), etc.?
      • re:who pays for Flash Player and Quicktime

        The developers who purchase the authoring tools to make content for these platforms, they more or less pay for them. An example of another platform that has been pointed out lately as having security flaws would be Adobe Acrobat. It costs a few hundred dollars to buy the software to make .PDF files from Adobe, unless of course you have the tools from Microsoft and Corel that will allow you to print directly to PDF files from Office or WordPerfect Suite. What I mean is that Microsoft has a plug in for Office 2007 that will allow you to send your output to PDFs. The functionality comes with the WordPerfect Suite, or at least it did at one time.
    • Most updates are free

      ...for software that hasn't reached end-of-life. Unfortunately, most users don't know when to look for updates, and almost nobody has time to look for updates for all their software on any kind of a regular basis.

      Secunia's PSI is free, and automates all this: it looks for outdated/insecure software and software that's reached end-of-life. For outdated/insecure, it lets you know where free updates are available. If software is end-of-life, it lets you know so you can take care of it. This last part is the only reason I can think of that you'd need to buy anything.

      I've been running PSI on my wife's machine for months now. Maybe you should do the same before complaining about perceived limitations.
      • I really like the Secunia PSI consol!...

        Even though it takes a little footwork to follow through(Oh Boo Hoo!)

        Readers trying this should take care to set the console to show fixes that take a little more manual effort. It is very worth while and not out of range of the average user. Occasionally I combine some file and small regedits with CCleaner to great affect in this process.
  • Well, duh!!?

    You think maybe there's a reason? It's gotten to the point that people don't trust the patches and updates! There no longer seems to be any vendor immune from rendering a product inoperable with their "fix". In particular, I have Windows Update turned off completely (or so I think...right?), and any other apps that have online update capabilities, I have it set to "check, but ask me first" - because I want to *know* that there is an update, but generally I want to wait a little bit and see if it causes problems before pulling it.

    Run a good firewall and don't open it up for just anything, and don't visit shady web sites...and you eliminate 99.9% of the chance for malware, whether fully up-to-date on patches or not.
  • You're on the right track...

    But until Secunia's service made it so easy to inventory your apps, determine the versions of them, and then lead you to the updates that are available for them, very few motivated users could accomplish this, never mind the mindless masses that make up the majority of Windows users.

    Microsoft should look into incorporating this type of service in their OS - it would pay big dividends.
    • God, I hope Microsoft doesn't buy Secunia!

      Talk about ruining a good thing! Not that it wouldn't be in Redmond's best interest, I just feel the overgrown giant would stumble and fall on a good thing. Fumble butts that they are already!
  • Another reason why I use Linux

    I don't have to worry about patching all my apps... it's part of the regular patch application! Done fer me! No need to research or worry about it. It's taken care of and all by ONE, yep that's right [B]ONE[/B] update manager! Makes life so much easier when all you have to do is click on the red flashing icon and have your entire system, OS and applications patched and updated, all without a reboot! ]:)
    Linux User 147560
    • Yeah hey that's right

      It's very difficult to have any apps with security holes when they aren't any apps that run on your OS.

      Have a nice day :)
      • Speak for yourself...

        but I have plenty of applications that I use daily for work. And I have plenty for when I am at home. Not sure where you got your misinformation from about Linux and applications... maybe your just pissed off because you have to suffer with your choice? ]:)
        Linux User 147560
        • but I have plenty of applications

          Indeed. That's another thing about Linux that I love, the number of good quality applications readily available via the package manager, all kept up to date by the same package manager's updater.
          tracy anne
    • Really?

      So all of your vertical apps are updated automatically? Is your commercial Audio production software updated then? What about your billing system?

      Is your setup so simple that everything your network at work uses comes in a single linux bundle?

      In the real world, life is more complex, and those distros either don't run the software the company needs and even if it does, that software is far less stable, less user friendly and more complex than most what you find on most commercial windows apps. That's not to say Windows is perfect, but I can promise you I have far more problems with software on *nix systems than that on Windows. The problem isn't Linux or any of the Unix variants, it's that apps on those platforms (generally incredibly extremely apps) are less reliable than anything from MS and frankly less reliable than most of the commercial software that people around here like to complain about.
  • More to the story

    There are times I voluntarily run the legacy version. Upgrading is not always an option.
    Real World
  • RE: Secunia: Alarming stats on insecure applications

    I truly question the accuracy of Secunia's 95% 'insecure users', for this reason: 2.x is listed by PSI to be my one insecure program on my 'puter.
    How many times do I have to hit their own direct download button to install 2.3.9215.500, only to have a window open at the end of it all saying that I've already got the latest version?
    I've gone online myself to download the latest greatest most updated version. At the end of this exercise, the same window appears. I'm updated already, for the latest version, this straight from the proverbial horses's mouth.
    I wrote Secunia a ltr re this. Nada reply.
    So what I'm 'insecure' about is Secunia's accuracy in claiming some 95% new users have insecure programs.
  • Secunia is not all it's cracked up to be.

    Secunia is not all it's cracked up to be.
    • In what ways...

      is it not all it's cracked up to be? I used the online version for awhile, and recently started using the desktop version. It doesn't automate everything, but it's much better than my doing it manually. (I'd say secunia is semi-automatic.) What problems have you run into?