According to a report from the vulnerability intelligence company Secunia

Dec 3, 2008 15:02 GMT  ·  By

Following the first stable release of its Personal Software Inspector (PSI) product, the famous Danish company has gathered data from new installations of the software on users' computers. Analysis of the data revealed that 98 out of 100 computers ran outdated and unpatched software.

Secunia is a company founded in Denmark that specializes in vulnerability research and analysis. The company is well-known for its security advisories and resources and for its free PSI tool, which has been in the beta stage of development for the past 17 months. The Personal Software Inspector is a tool that assesses the state of the software installed on a computer, and notifies the user about any available updates that fix vulnerabilities.

The PSI uses the Secunia resources to tag the installed programs as insecure (updates available), up-to-date (latest version installed) or end-of-life (no longer supported by the developer). The scanner is free for personal use, and, since the release of its first stable version (1.0.0.1 Final) a week ago, Secunia claims that it has recorded over 220,000 successful installations.

The company used the data gathered from scans performed in the last seven days on 20,000 unique computers in order to generate the statistics revealing that only 1.91% of the systems had no insecure programs installed. In addition, 1-5 insecure programs were found on 30.27% of computers, 25.07% had between 6-10 such programs installed, while 45.76% registered 11 and above unique software that required updating.

Secunia notes that these numbers are actually worse than the ones generated almost a year back, using similar data. “A vulnerability in a program can be exploited by hackers to anything from compromising a PC, to automatically install trojans/viruses, to sniff out private information (passwords, credit cards information, etc.),” warned Jakob Balle, the company's IT development manager. He also pointed out that “your anti-virus will not protect you from the security threats of vulnerabilities in programs,” referring to the highly controversial comparative test that Secunia had released a while back.

These results are even more worrying considering that, according to Balle, they represent “best case scenarios.” Over 98% of computers on the Internet being vulnerable represents the most hopeful estimation, because, as the researcher notes, the 20,000 individuals that installed the PSI tool are likely to be more vigilant about security than the average Internet users. Software patching is clearly still not popular amongst them, even though it represents one of the primary reasons for malware propagation. In comparison to the popular Linux distributions that offer solutions like software repositories, which allow for easy and centralized updating of the majority of the installed programs, patching Windows software requires a lot more time, patience and effort.