Feeds

Third party developers blamed for Windows security woes

Users just don't apply security patches from non-MS applications...

Intelligent flash storage arrays

Failure to apply third-party patches rather than updates from Microsoft is "almost exclusively" responsible for the growing exposure of Windows machines to security threats, according to Secunia.

Stats from users of Secunia's patch management scanning tool report that, on average, less than 2 per cent of Microsoft programs are insecure on a user's Windows PC – while typically between 8 and 12 per cent of the third-party programs on the same box are insecure. A breakdown of all vulnerabilities affecting end-point PCs during 2010 records that 69 per cent stem from flaws in the third-party programs, 13 per cent originate in the Operating System, while a further 18 per cent stem from security bugs in Microsoft program.

Flaws in applications from the likes of Adobe, Apple and others, together with difficult-to-apply and often overlooked security update mechanisms have become the greatest single source of Windows security woes.

"The complexity of patching third-party programs has a measurable effect on the patch level found on typical end-point PCs – based on Secunia PSI measurements," Secunia concludes.

The latest version of Secunia's annual report also found that a patch was available at the time a vulnerability was disclosed in half the cases recorded in 2009 and 2010. Around 22 per cent of the total number of security bugs were patched at a later date while 28 per cent were never patched.

The number of vulnerabilities affecting a typical end-point PC increased by 71 cent between 2009 and 2010, Secunia reports, adding the choice of operating system has only a minor effect on the vulnerability state of Windows PCs. ®

Top 5 reasons to deploy VMware with Tegile

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.