Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Non-Microsoft security flaws cause biggest headache, says Secunia

Three quarters of vulnerabilities in third-party software

Article comments

Three quarters of Windows security vulnerabilities in 2013 were connected to non-Microsoft programs that often lack adequate patching mechanisms, an analysis by security firm Secunia has found.

Using figures drawn from the firm’s popular Personal Software Inspector (PSI) tool, the average PC has around 75 programs installed on it, about 39 percent of which are from Microsoft.

Narrowing this down to the top 50 most popular, Microsoft’s share rises to 66 percent, leaving a large number of sometimes small vendors supplying the remaining 34 percent. This third accounted for 75.7 percent of 2013’s security vulnerabilities, actually a decrease compared to 2012 when it was 86 percent.

This means that the bulk of the patching work is spread across a multitude of small vendors rather than Microsoft alone.  In Secunia’s view, this represents a major structural issue with patching, although you could also argue that it is an inherent weakness with the traditional PC as a platform for every conceivable type of software.

“Quite simply, the automation with which Microsoft security updates are made available to end users – through auto-updates, Configuration Management systems and update services ensures that it is a reasonably simple task to protect private PCs and corporate infrastructures from the vulnerabilities discovered in Microsoft products,” said Secunia CTO, Morten R. Stengaard.

“This is not so with the large number of third-party vendors, many of whom lack either the capabilities, resources or security focus to make security updates automatically and easily available,” he said.

Microsoft actually reported more vulnerabilities in 2013, up from 8.4 percent to 15.9 percent since 2012, overwhelmingly in Windows 7 and XP. Windows 8 also reported a relatively vulnerability count but this was mostly explained by flaws in the Adobe Flash plug-in inside in Internet Explorer.

Patching in the top 50 is a strong point with 86.1 percent having a patch available on the day an issue was disclosed; how long systems take to apply this patch if, of course, another matter.

The good level of patch availability is probably explained by better coordination of vulnerability disclosures, Secunia said.

As to zero day vulnerabilities, their prevalence in the top 50 programs has remained at a surprisingly low level since 2005, offering up between 6 and 13 since then. The number when measured against all software was 14 in 2013, down from a peak of 26 in 2011.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *