A survey of 20,000 computer systems running Microsoft Windows found that nearly all ran at least one program with a vulnerability that put the computer at risk, security firm Secunia said in a brief analysis published on Wednesday.
The survey, using data from the first week that the company's Personal Software Inspector was available, found that only 1.9 percent of Windows systems that ran the utility for the first time had no out-of-date programs. About a third of the systems ran a vulnerable version of five or fewer programs, while nearly half of the machines ran 11 or more insecure applications.
"Close to all PCs continues (sic) to run with several insecure programs installed," Jakob Balle, the company's information-technology development manager, wrote in the analysis posted to the Secunia's blog. "If anything, these numbers are worse now than (the previous survey 11 months ago) when we generated these numbers initially."
The company released version 1.0 of its Personal Software Inspector on November 25. The free program checks users' systems for out-of-date programs and provides links to the most recent version of the software. In the past week, more than 120,000 people have downloaded the application, Secunia said. In its study, the company focused only on the 20,000 users that did not install previous beta versions of the program.
The company considered a program "insecure" if a newer version -- correcting at least one security flaw -- was available but not installed on the user's system.
Both responsible researchers and online criminals are increasingly focusing on finding vulnerabilities in third-party applications. Much of the effort is focused on programs in widespread use, such as Microsoft Office, Adobe Acrobat and Flash, and browsers, such as Firefox, Safari and Opera. Even flaws in security software pose a threat to systems, researchers say.
Microsoft has focused efforts on teaching third-party developers more secure programming practices.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos