9:10 CET on the 24th August 2010 Entry written by Stefan Frei.
Secunia has just released the first Secunia Half Year Security Report 2010, elaborating on the evolution of the security threat posed by vulnerabilities, and providing projections for the 2010 vulnerability levels.
With this report we continue to publish results from our research into the threats typical end-users face when surfing the Internet. Earlier this year, in our RSA 2010 paper “The Security Exposure of Software Portfolios”, we reported that overall 50% of the users are found to have atleast 66 programs from more than 22 different vendors installed. To elaborate on this research we built a representative portfolio of the Top-50 most prevalent programs found on the average end-user PC, and examined the evolution and origin of the vulnerabilities affecting this portfolio since 2005.
We found an alarming trend: in the two years from 2007 to 2009 the number of vulnerabilities affecting a typical end-user PC almost doubled to 420, and based on the data of the first six months of 2010 the number is expected to almost double again in 2010. In other words, during the first 6 months of 2010 Secunia published 380 vulnerabilities affecting the typical end-user PC, or 89% of the figures for the entire 2009.
A breakdown of these vulnerabilities into contributions from (A) the Operating System, (B) Microsoft programs, and (C) from 3rd party (non-Microsoft) programs reveals that this trend is almost exclusively due to vulnerabilities in 3rd party programs; a typical end-user PC with 50 programs had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. Considering the overall results of the research and findings, we expect an increase of this ratio to 4.4 for the year 2010.
It is safe to assume that a large part of the users, focusing primarily on updating their Microsoft OS and programs, succumb on the enormous task and complexity of frequently patching all their 3rd party programs. However, by neglecting the risk of ubiquitous 3rd party programs, users risk being compromised by cyber-criminals every day, despite the deployment of other security measures.
I hope this report contributes to raising awareness on the origin of the threats, and spurs further discussion on how to deal with the issue of 3rd party program risks.
Discuss this blog entry
A new thread in our forum is created. Activate the thread by
Score: 2265 Posts: 6,266 User Since: 22nd Apr 2009 System Score: 100% Location: UK Last edited on 25th Aug, 2010 23:37
From my somewhat limited and local experience; the average end user finds security/patching, a mundane and boring subject; and it's rather alarming that they should be so inefficient/insecure/oblivious seemingly...whilst at the same time spending more time on the web.
Of course we could discuss the subject more in the forum.....without a preacher and plenty of decorum....but we're all converted ?!
The Auto updating psi feature will obviously go a long way towards easing the complexities faced by users; but is it enough ?
Is Secunia involved in getting itself pre-installed....I would have thought manufacturers would like to be seen as doing their bit, from the outset.
Thankyou Stefan Frei for the blog and inspiration.
Score: 2 Posts: 1 User Since: 27th Aug 2010 System Score: N/A Location: N/A
(unknown source) From my somewhat limited and local experience; the average end user finds security/patching, a mundane and boring subject; and it's rather alarming that they should be so inefficient/insecure/oblivious seemingly...whilst at the same time spending more time on the web.
Dear Mogs. You have described me. I never bothered with all these things until taffy tols us in our newspaper forum that we should. He told us to come here so I did.
All my day today is spent on updating. Thank you secunia people for your good advise.
I was the one emailing taffy to say your post confused me. He explained why and said he will make a suggestion here to secunia.
I dont have an idea why your scores work but the mark down 1 for him - does this mean secunia don't like his suggestion? If they dont, can someone say why?
I will be in trouble with taffy now for getting him a lower score. Apologise from me, taffy.
Score: 408 Posts: 1,335 User Since: 26th Feb 2009 System Score: 100% Location: UK
Hiya, J. Thanks for the plug!
Don't worry about the "-1" score that someone gave me. But how making a suggestion for change is classed as "irrelevant" does confuse me! I'm pretty certain it wasn't a Secunia officaial who scored it.
Perhaps whoever did it doesn't understand how the scoring is supposed to work! But I won't go down that path again!
-- taffy078, West Yorkshire, UK
Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v184.108.40.20603
Score: 2265 Posts: 6,266 User Since: 22nd Apr 2009 System Score: 100% Location: UK
Hello york779 !
So you're working your way out of a bit of a typecast hotspot, or I can add "sensitive to psychic phenomena " to my curriculum vitae ?! Ha !
Glad to make your cyber-aquaintance, and hope you get all patched up in no time !! All the best.......
Was this reply relevant?
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.