Secunia CSI7
About us
Careers
Memberships
Newsroom
Contact us
Blog
News
Articles

An alarming trend for end-user security

Get this blog as an RSS Feed
9:10 CET on the 24th August 2010
Entry written by Stefan Frei.

Secunia has just released the first Secunia Half Year Security Report 2010, elaborating on the evolution of the security threat posed by vulnerabilities, and providing projections for the 2010 vulnerability levels.

With this report we continue to publish results from our research into the threats typical end-users face when surfing the Internet. Earlier this year, in our RSA 2010 paper “The Security Exposure of Software Portfolios”, we reported that overall 50% of the users are found to have atleast 66 programs from more than 22 different vendors installed. To elaborate on this research we built a representative portfolio of the Top-50 most prevalent programs found on the average end-user PC, and examined the evolution and origin of the vulnerabilities affecting this portfolio since 2005.

We found an alarming trend: in the two years from 2007 to 2009 the number of vulnerabilities affecting a typical end-user PC almost doubled to 420, and based on the data of the first six months of 2010 the number is expected to almost double again in 2010. In other words, during the first 6 months of 2010 Secunia published 380 vulnerabilities affecting the typical end-user PC, or 89% of the figures for the entire 2009.

A breakdown of these vulnerabilities into contributions from (A) the Operating System, (B) Microsoft programs, and (C) from 3rd party (non-Microsoft) programs reveals that this trend is almost exclusively due to vulnerabilities in 3rd party programs; a typical end-user PC with 50 programs had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. Considering the overall results of the research and findings, we expect an increase of this ratio to 4.4 for the year 2010.

It is safe to assume that a large part of the users, focusing primarily on updating their Microsoft OS and programs, succumb on the enormous task and complexity of frequently patching all their 3rd party programs. However, by neglecting the risk of ubiquitous 3rd party programs, users risk being compromised by cyber-criminals every day, despite the deployment of other security measures.

I hope this report contributes to raising awareness on the origin of the threats, and spurs further discussion on how to deal with the issue of 3rd party program risks.

Stay Secure,

Stefan Frei

Discuss this blog entry
A new thread in our forum is created. Activate the thread by commenting/discussing below.
Subject: An alarming trend for end-user security
 
User Message
mogs RE: An alarming trend for end-user security
Expert Contributor 25th Aug, 2010 23:22
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 25th Aug, 2010 23:37
From my somewhat limited and local experience; the average end user finds security/patching, a mundane and boring subject; and it's rather alarming that they should be so inefficient/insecure/oblivious seemingly...whilst at the same time spending more time on the web.
Of course we could discuss the subject more in the forum.....without a preacher and plenty of decorum....but we're all converted ?!
The Auto updating psi feature will obviously go a long way towards easing the complexities faced by users; but is it enough ?
Is Secunia involved in getting itself pre-installed....I would have thought manufacturers would like to be seen as doing their bit, from the outset.
Thankyou Stefan Frei for the blog and inspiration.


--
Was this reply relevant?
+3
-2
taffy078 RE: An alarming trend for end-user security
Contributor 26th Aug, 2010 11:04
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 26th Aug, 2010 11:26
Someone I recently persuaded to come on board Secunia has this morning emailed me to ask what this thread is about and how does Mogs' post fit in.

He says when he looked at the thread, all he saw was that a Secunia official had posted this sentence: "An alarming trend for end-user security".

Being new here, he wasn't to know that this thread was auto-generated by the blog entry here: http://secunia.com/blog/119.

Unfortunately, he missed the path above the post i.e. "See the original Secunia blog entry: An alarming trend for end-user security".


May I suggest to Secunia that it considers adding to the sentence shown in these auto-generated posts a link to the relevant blog?

EDIT: typos

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+5
-1
york779 RE: An alarming trend for end-user security
Member 27th Aug, 2010 17:34
Score: 2
Posts: 1
User Since: 27th Aug 2010
System Score: N/A
Location: N/A
(unknown source)
From my somewhat limited and local experience; the average end user finds security/patching, a mundane and boring subject; and it's rather alarming that they should be so inefficient/insecure/oblivious seemingly...whilst at the same time spending more time on the web.
.

Dear Mogs. You have described me. I never bothered with all these things until taffy tols us in our newspaper forum that we should. He told us to come here so I did.

All my day today is spent on updating. Thank you secunia people for your good advise.

I was the one emailing taffy to say your post confused me. He explained why and said he will make a suggestion here to secunia.

I dont have an idea why your scores work but the mark down 1 for him - does this mean secunia don't like his suggestion? If they dont, can someone say why?

I will be in trouble with taffy now for getting him a lower score. Apologise from me, taffy.
Was this reply relevant?
+2
-0
taffy078 RE: An alarming trend for end-user security
Contributor 27th Aug, 2010 21:34
Score: 408
Posts: 1,340
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Hiya, J. Thanks for the plug!

Don't worry about the "-1" score that someone gave me. But how making a suggestion for change is classed as "irrelevant" does confuse me! I'm pretty certain it wasn't a Secunia officaial who scored it.

Perhaps whoever did it doesn't understand how the scoring is supposed to work! But I won't go down that path again!

Take care.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+1
-1
mogs RE: An alarming trend for end-user security
Expert Contributor 28th Aug, 2010 03:03
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Hello york779 !
So you're working your way out of a bit of a typecast hotspot, or I can add "sensitive to psychic phenomena " to my curriculum vitae ?! Ha !
Glad to make your cyber-aquaintance, and hope you get all patched up in no time !! All the best.......

--
Was this reply relevant?
+0
-0

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability - Disclaimer