In association with heise online

22 April 2013, 13:51

The update jungle: PC owners have to watch 24 sources for fixes

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Vulnerabilities origin
Zoom 71% of vulnerablities on an average PC lurk within third-party software.
Source: Secunia
The average UK computer user has to keep their eye on 24 different update mechanisms to keep their PC up to date. That's the result that comes from Secunia's latest Security ReportPDF for the UK which looked at the state of security and the software installed on computer systems. Suffering from one of the worst offenders in terms of lacking updates were the 16% of users who had Adobe Flash Player 10.x installed on their systems; 88% of them were running unpatched versions. 90% of the users in Secunia's survey were running Flash Player 11.x and things were somewhat better there with only 14% being unpatched. Although open source applications are patched quickly, getting those patches to users also proved difficult.

The quarterly report shows that 74 different programs from 24 different vendors are installed on the average UK PC and 28 of them, just over a third, are from Microsoft. That third, and the operating systems, are mostly kept up to date with Microsoft's Windows Update system. But beyond that, there's another 23 different autoupdate mechanisms for the remaining programs which need to be monitored or managed. While some programs have auto-update mechanisms with silent updates, other programs which need regular updates require the user to visit the vendor's web site to check whether an update was needed.

Adobe's Flash Player was joined on the list of insufficiently patched programs by other Adobe products such as Air version 3.x and Reader X 10.x, although Adobe has been taking the initiative recently and producing regular updates. Similarly, Oracle/Sun's Java SE JRE versions 1.6/6 and 1.7/7 have also been seeing an increasing patch frequency as more and more vulnerabilities are revealed, but those updates are not making their way down to the users – 54% of Java 6 installations, with a 61% market share, are unpatched; as are 36% of the 49% market share of Java 7 installations.

Top 10 Vulnerable Programs
Zoom The Top Ten Vulnerable Program Families, rated by impact.
Source: Secunia
Open source applications also made the worst offender list. In the UK, VLC 2.x was installed of 31% of the surveyed systems and was unpatched on 49% of those systems. In the German version of the reportPDF, this rose to 49% market share and 53% unpatched and saw VLC joined by 3.x on 26% of the systems surveyed and unpatched on 58% of them. Other programs which made the list included Microsoft XML Core Services (51% unpatched), Apple's Quicktime 7.x (36%) and Apple iTunes 10.x (49%).

The report notes that around 8.9% of users have unpatched operating systems and estimates that, on average, 6.5% of programs on a PC aren't up to date. Around 3.4% of programs on the average PC are also end-of-lifed and no longer have security patches available for them. The data for the report has been compiled using Secunia's Personal Software Inspector which scans systems for outdated software and identifies software needing to be updated on a system.



  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit