Feeds

Third party developers blamed for Windows security woes

Users just don't apply security patches from non-MS applications...

Internet Security Threat Report 2014

Failure to apply third-party patches rather than updates from Microsoft is "almost exclusively" responsible for the growing exposure of Windows machines to security threats, according to Secunia.

Stats from users of Secunia's patch management scanning tool report that, on average, less than 2 per cent of Microsoft programs are insecure on a user's Windows PC – while typically between 8 and 12 per cent of the third-party programs on the same box are insecure. A breakdown of all vulnerabilities affecting end-point PCs during 2010 records that 69 per cent stem from flaws in the third-party programs, 13 per cent originate in the Operating System, while a further 18 per cent stem from security bugs in Microsoft program.

Flaws in applications from the likes of Adobe, Apple and others, together with difficult-to-apply and often overlooked security update mechanisms have become the greatest single source of Windows security woes.

"The complexity of patching third-party programs has a measurable effect on the patch level found on typical end-point PCs – based on Secunia PSI measurements," Secunia concludes.

The latest version of Secunia's annual report also found that a patch was available at the time a vulnerability was disclosed in half the cases recorded in 2009 and 2010. Around 22 per cent of the total number of security bugs were patched at a later date while 28 per cent were never patched.

The number of vulnerabilities affecting a typical end-point PC increased by 71 cent between 2009 and 2010, Secunia reports, adding the choice of operating system has only a minor effect on the vulnerability state of Windows PCs. ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
State Dept shuts off unclassified email after hack. Classified mail? That's CLASSIFIED
Classified systems 'not affected' - but, is this reconnaissance?
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
How to simplify SSL certificate management
Simple steps to take control of SSL certificates across the enterprise, and recommendations centralizing certificate management throughout their lifecycle.