First, the title implies that the problem is patching Windows:
Secunia: Less than 2% of Windows PCs fully patched
but the actual difficulty is third-party applications running on Windows.
Then, the definition of vulnerable requires identifying the most recent versions of many pieces of software:
Secunia defines an ?insecure program? as a piece of software for which there is a newer version of the program available from the vendor that corrects one or more vulnerabilities, but the user have yet to install the secure version.
[End quote]
As anyone who uses software to check for the most recent version knows, there are problems with correctly identifying the most recent - applicable - version and the version which is actually present on the pc.
A quick example of the first is an update applicable to the Vista version of the software which is being checked for on a pc running XP.
A quick example of the second is a software update which incorrectly changes the registry to record the version installed. Or doesn't change the registry at all.
Software which checks third-party applications for updates can produce false results in a large percentage - meaning 40%, for example - of the listings given.
This check for updates would be more accurate if it were limited to a few pieces of software in widespread use in which accurate recording of the results could be assured directly.
There are problems with people keeping software updated. Some of the causes are reasonable, as when an older device cannot run a new version. But most are just If it works don't fix it. That said, this check of pc's has difficulty with both its sample (the sort of people who use this software vs the general population) and in assuring accuracy of the number of identified problem pc's.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
