14 DAY TRIAL // In order to make sure that their copies of Windows are bulletproofed against exploits in the wild, customers need to apply a patch every five days, according to Secunia. Of course, not all patches target the Windows operating system. Updates are also needed to plug security holes in the software that runs on top of the platform. Thomas Kristensen, the chief security officer of Secunia, revealed that security vulnerabilities were the main avenue for attacks, allowing for the affected systems to be compromised.
Kristensen opined that customers chose to let their machines be vulnerable to exploits because of the complexity and sheer amount of the effort involved in keeping a PC up-to-date. A typical Windows user would have to update not just the operating system, but also a plethora of applications installed, each one with its own patch delivery mechanism. According to Secunia, many users simply give up on updating altogether.
“In order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to engage in a patch action every 4.8 days. These findings are based on data from the more than two million users of the Secunia Personal Software Inspector (PSI), and supports that the complexity and frequency of actions required to keep a typical home user's system fully patched and secure, most likely exceeds what users are willing and able to invest,” he stated.
Kristensen revealed that members of the software industry were in fact responsible for this situation. The solution, albeit apparently simple, is not even considered by some software developers. Essentially, end users would benefit from a unified patching solution, but no such offering exists at this time.
“To exemplify the consequence of this, referring to the data above, this means that in order for the user to install the 75 patches from the 22 different vendors, he or she has to master more than 22 different updating mechanisms, which is outside the bounds of what you can expect from a typical home user,” Kristensen said.
However, Secunia not only worked to draw attention to this problem, but also labored to provide a solution. “Our development team is currently working on a technology preview of the Secunia Personal Software Inspector (PSI), encompassing this updating technology,” Kristensen noted. “Secunia's Automatic Updating initiative will help users on a global scale to automatically patch a majority of their software portfolio, and, thereby, stay fully patched and secure all the time.”