Windows tool to eliminate update hassle
Every five days, the average Windows user must install an update or patch a program to close a potential security hole in a Windows application. To do this, users must on average learn to handle 22 different update mechanisms. These are the results of a study conducted by Danish security firm Secunia.
The study is based on anonymised personal data, including the programs and respective versions installed on a computer, which is collected via the Personal Software Inspector (PSI). PSI examines the installed software for known security holes and reports them to the user – and to Secunia.
The study found that 90 per cent of PSI users had to manually update between 51 and 86 times to close up to 342 holes over the past twelve months. The respective holes all came from programs by only 36 vendors. The total effort and update frequency required to keep systems secure most likely exceed what the typical user is willing to invest, Secunia concluded in their study.
A uniform Windows solution which automatically monitors and facilitates the patching of diverse programs by different vendors could remedy this situation, said Secunia. Such a feature for Windows 7 was already suggested in the editorial, "My wish list for Windows 7: updates for everything" published on The H Security in mid 2009. While current update managers display an overview of obsolete software versions and offer links to manually download and install the latest versions, an automated update function would be a desirable addition.
This is what Secunia plans to integrate into the forthcoming version 2.0 of the Personal Software Inspector to simplify the task of keeping users' systems updated. The vendor has already integrated and tested a similar feature in the corresponding corporate product, the Corporate Software Inspector (CSI).
Linux users are off the hook: Almost all distributions offer to auto-update all the packages they supply. Only those who customise their systems need to keep an eye on potential security updates. Many distributions even allow non-free software such as Adobe Reader and Adobe's Flash Player, which have become the most popular points of entry for exploits, to be installed and updated via repositories.