Tech Center Current

28% of all applications are insecure

May 16th, 2007 by David Hammond

Secunia, a major software security tracking company, recently released a report which found that 28% of popular software installations miss important security updates. This means that the users of that software have neglected to apply the critical security updates provided by the vendors. The data was gathered through Secunia’s free “Software Inspector” tool, which is currently only available for Windows users. The statistics covered 4.9 million popular software installations, 1.4 million of which were missing vendor-supplied fixes for security vulnerabilities capable of compromising the system.

The report specifically broke down some figures for the three major web browsers for Windows:

Comparing browsers and looking at Firefox, Opera and Internet Explorer, we found out that Firefox 2 is the least vulnerable, as only 5.19% of all Firefox 2 installations miss security updates, whereas 11.96% of all Opera 9.x installations miss security updates, and the numbers for IE6 and IE7 are 9.61% and 5.4% respectively. These numbers are not that alarming and show that users are fairly concerned about applying relevant updates for their browsers – which naturally is one of the most exposed applications.

However, the figures for popular media players like Quicktime and WinAmp were more concerning. 26.96% of all WinAmp users and 33.14% of all Quicktime users missed important security updates. A malicious mp3 or other media file could easily take advantage of a security vulnerability in your media player and achieve the same level of impact that critical browser vulnerabilities allow. Similar problems were also found in other non-core applications.

The study did not appear to take into consideration vulnerabilities which the vendors had not yet supplied a fix for. It was merely focused at whether or not the users applied the available updates.

The study didn’t find any significant difference between home and corporate environments in regard to diligence of updating.

If you use an application on a regular or semi-regular basis, you should dedicate some time every month to check if you’re using the latest version with all available updates. Most applications have an “About” window, usually from the “Help” menu, which tells you which version you’re running. You can check the official website of the application for the most recent version.

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.