The average PC user in the U.S. has 76 programs installed, and of those, 27 different update mechanisms are needed to keep them patched and secure, Secunia research revealed.
Understandably, regular patching is faltering with 14 percent of users having unpatched Operating Systems, including Win7, Win8 and Windows Vista, and 11 percent having unpatched non-Microsoft programs, according to a new study from Secunia. The company averaged the results of scans of PCs by the Secunia PSI between January 1 and March 31 of this year to compile its quarterly country report.
The large number of install mechanisms relate to non-Microsoft programs. Where one update will cover 32 Microsoft programs, or 42 percent of programs on a PC, 26 different updates need to be initiated to update the remaining 44 programs on a machine.
“To expect a private user with no particular focus on patch management – and maybe not even on PC security in general – to stay informed of vulnerabilities and available security updates is not realistic,” said Kasper Lindgaard, director of security and research at Secunia, in an email to SCMagazine.com. “Of course, some vendors make it easier for users to update their apps than others, but there is still room for improvement.”
Companies could better communicate the need to patch, for example, or make it easier with automated update processes, he said.
The study also ranked the top 10 most exposed programs based on their prominence and how many users have neglected to patch them. Oracle Java JRE 1.7.x /7.x was unpatched on 77 percent of users' machines, even though 101 vulnerabilities were detected in the program over the past year. In second place was Apple QuickTime 7.x, which was unpatched on 37% of machines, followed by Adobe Reader x 10.x, which was unpatched on 65 percent of machines.
Five percent of the average user's programs also were end-of-life programs that would no longer be patched by the vendor.
But more than anything, the study stresses the importance of patching.
“There are patches available for 83% of all vulnerabilities on the day they become publicly known, so it is possible to remediate the majority of vulnerabilities, as they become known,” Lindgaard said.