This Halloween as you enjoy the candy, parties and scary delights, you might take a moment to think about the ghouls and goblins that skulk around inside your personal computer.
While consumers are turning their attention to tablets and smartphones, many of them still have a desktop PC in their home or a laptop computer in their briefcase. While security companies are doing their best to improve security, it still depends on the end user to update their security software when advised to do so.
The security technology company Secunia today released a report on the state of PC security among U.S. users. The report provides a security profile of the average PC user, identifies vulnerable programs -- primarily from Microsoft, which has the lion’s share of the PC software market, but also third party software – and identifies software that is so outdated that software makers aren’t providing security updates anymore.
The third quarter 2013 Secunia PSI Report (so named for the Personal Software Inspector security it sells) looked at 75 different types of software commonly used on PCs and found that 40 percent of them are Microsoft programs, like Word, Excel, PowerPoint, and the other 60 percent are third party applications from companies such as Adobe, Apple, Firefox, McAfee or Oracle.
The problem is that Secunia finds that for the average PC user in the U.S., 14.6 percent of their Windows operating systems are unpatched, 4.1 percent of Microsoft applications are unpatched and that 10.7 percent of their third party apps are unpatched. Lastly, 3.9 percent of apps on a PC can’t be patched at all because they’re outdated, or at their “end-of-life” in software parlance.
Having written about this in the past, I know that the Windows XP OS will reach end-of-life in April 2014. That doesn’t mean your Windows XP computer will crash but that Microsoft will no longer provide patches to update XP. The same goes for Internet Explorer Web browsers; always run the latest version. A lot of cybercriminals spread malware and other viruses through Web browsers and the older your browser the more vulnerable it is. And that goes not just for Internet Explorer but browsers like Mozilla Firefox, Apple Safari, Google Chrome and others.
Secunia also identified the “Top 10 Most Exposed Programs,” based on the market share of the app (the percentage of PCs running it) and the percentage of apps that Secunia calculates are unpatched.
The number one most vulnerable app is called Microsoft XML Core Services, which is the underlying code for multiple Microsoft apps that are delivered or used over the Internet. Trust me, they’re on your computer somewhere. These apps have a 79 percent market share but half of them are unpatched.
I won’t go through all 10 for you but will note that the other apps in the top 10 include Apple Quick Time, Adobe AIR and Adobe Reader, Oracle Java, the widely used VLC Media Player and apps built on various versions of the Microsoft .Net Framework.
Secunia explains what the vulnerability assessment means: “If a vulnerable program remains unpatched on your PC, it means that your PC is vulnerable to being exploited by hackers. So if 55 percent of PCs running Adobe AIR 3.x, which has a 41 percent market share, are unpatched, then 23 percent of all PCs are made vulnerable by that program. The same PC can have several other unpatched, vulnerable programs installed.”
The lesson here this Halloween is not “Be Afraid. Be Very Afraid.” It’s more like be wise, be aware, be diligent and either vigilantly patch your software when advised to or replace it when it can no longer be patched.