By Thomas Kristensen
Unpatched programs are a primary source of IT insecurity. But due to the complex and immeasurable scope of patching, it is neglected by the majority of private users. Not a viable approach to ensure online safety - Secunia has set out aggressively to change this!
Our latest whitepaper “Security Exposure of Software Portfolios”, reveals that in order for the typical home user to stay fully patched, an average of 75 patches from 22 different vendors need to be installed, requiring the user to engage in a patch action every 4.8 days.
These findings are based on data from the more than two million users of the Secunia Personal Software Inspector (PSI), and supports that the complexity and frequency of actions required to keep a typical home user's system fully patched and secure, most likely exceeds what users are willing and able to invest. In fact, it is highly unlikely that even skilled enthusiasts will patch their systems as frequently as the whitepaper's findings indicate.
The core of this patching issue is that the software industry has, so far, failed to come up with a unified patching solution that can help home users on a large scale; that is, encompassing all software programs. To exemplify the consequence of this, referring to the data above, this means that in order for the user to install the 75 patches from the 22 different vendors, he or she has to master more than 22 different updating mechanisms, which is outside the bounds of what you can expect from a typical home user.
Secunia speaks up and takes action
At the RSA conference in 2009, Secunia CEO, Niels Henrik Rasmussen, envisioned a solution to address this problem, and to lift the burden off the home users' shoulders. Some software vendors showed genuine interest to discuss this, while other vendors chose to ignore the problem. And finally, some key industry players suggested that Secunia should go ahead and prove this possible, hoping to pave the way for a future collaboration between a broad range of vendors. And so we did throughout 2009!
The successful beta testing of the Secunia Corporate Software Inspector (CSI) integrated with Microsoft WSUS, announced in January 2010, has served as the first proof-of-concept, verifying that it is possible to patch a rich diversity of products in an automated and unified manner. And to transfer this knowledge to the segment of private users, our development team is currently working on a technology preview of the Secunia Personal Software Inspector (PSI), encompassing this updating technology.
Secunia's Automatic Updating initiative will help users on a global scale to automatically patch a majority of their software portfolio, and, thereby, stay fully patched and secure all the time.
Stay tuned and learn more as we release the first technology preview of the Secunia PSI 2.0 with “Automatic Updating”.
Patch & Stay Secure,