Slashdot Mirror

← Back to Stories (view on slashdot.org)

95 Of Every 100 Windows PCs Miss Security Updates

Posted by timothy on from the vested-interests-rational-fears dept.

An anonymous reader writes "From Computerworld today: 'Nearly all Windows computers are likely running at least one unpatched application and about four out of every ten contain 11 or more vulnerable-to-attack programs, a vulnerability tracking company said today.' The new data comes from Secunia's free security-patch scanner the Secunia's PSI. The complete data run-down is available here."

13 of 126 comments (clear)

  1. Hang on- by Naughty+Bob · · Score: 5, Funny

    Well shit! this would explain all that stuff about windows and viruses I keep hearing about....

    --
    "Be light, stinging, insolent and melancholy"
  2. Sounds like like Lunix, OSX by Anonymous Coward · · Score: 5, Insightful

    So the point isn't about Windows... the point is about users.

    1. Re:Sounds like like Lunix, OSX by Architect_sasyr · · Score: 5, Interesting

      I don't know why this was modded flamebait, maybe because the AC says "Lunix". The point *is* about Lusers, that is the WHOLE point. I for one know that the only reason my Mac users update their software is so that they can have the latest and greatest, the Linux guys in the office don't update their software. This is actually good because I rely on exploits to gain remote control over some of those machines which are *technically* out of my jurisdiction. The windows users all update their software regularly. Why? Because I built a WSUS server and FORCE them to via group policy. Fully 85% of them hadn't done a single update till I forced this out (note: only recently stepped into this role, so not my fault!). I know most of them don't do it at home.

      Linux users, OS X users, hell even me and my FreeBSD boxes are just as bad. It's a PEBKAC and has nothing to do with what OS you run.

      --
      Me failed English...
      FreeBSD over Linux. If my comments seem odd, this may explain...
    2. Re:Sounds like like Lunix, OSX by VGPowerlord · · Score: 3, Insightful

      Mac users don't get annoyed by the bouncing icon?
      Ubuntu users don't get annoyed by the yellow box that pops up about system updates?

      You'd think that update systems that get on people nerves would actually make them update...

      --
      GLaDOS for President 2016! "Well here we are again. It's always such a pleasure." -- GLaDOS, 2011
  3. I'm not shocked by Nero+Nimbus · · Score: 3, Insightful

    This isn't really surprising, given that most people treat computers like just another appliance. Then again, not every piece of software alerts you when a new version comes out, so actually keeping 100% of all software on the box current is harder for Windows than say, Ubuntu.

  4. Re:Is that... by Qzukk · · Score: 4, Insightful

    Nah, it's the ones where people did the smart thing: they set up automatic updates, they set up a non-privileged user that they use every day... then they never logged back in as Administrator to click "ok" on the service pack 2 license.

    --
    If I have been able to see further than others, it is because I bought a pair of binoculars.
  5. People ignore software update alerts by Freaky+Spook · · Score: 4, Insightful


    When I look at people's computers these days they have heaps of different software popping up asking for updates, its got to a point where people ignore it, because its much too common.

    The thing that annoys me most about update alerts is they never give you a reason why the software should be updated. It would be nice if they would give you a link or a summary of simple reasons why you need to actually update their free crapware.

    Java and adobe products are probably the worst with this.

  6. Sales FUD by MeanMF · · Score: 4, Informative

    They're looking at EVERY piece of software installed on the computer, not the OS itself. They're doing this along with a very generous definition of "security update" to come up with hugely inflated numbers so they can better scare the clueless into buying their services.

  7. duhhhh.... by debatem1 · · Score: 4, Insightful

    Anybody who is remotely worried about security is probably not going to download a tool that reports your security status to another organization.

  8. Run Microsoft Update not windows update on windows by Joe+The+Dragon · · Score: 3, Informative

    Run Microsoft Update not windows update on windows system to get all of the windows base os + other APIs and runtimes + office updates.

  9. Updates Slow Computer Down by smist08 · · Score: 3, Insightful

    Many people have a bad impression of updates. They know for sure that updates slow down the computer and they know for sure that updates have previously broken things. So you have a choice: 1. Install something that will degrade your computer (possibly making parts of it unusable) or 2. Don't install it and just hope that you don't open a bad email or something, after all practically speaking viruses aren trojans are quite rare.

  10. How much of this is stuff people aren't using? by DrData99 · · Score: 3, Informative

    With all the pre-installed trials and other crapware the comes with home computers it is likely that many of these unpatched applications are ones that are not really at risk since they are never used. I see this even at work, where we run regular vulnerability scans. You tell a user that they need to update and get told that they haven't used said product in .

  11. You are happier with WSUS than I was by JimmytheGeek · · Score: 3, Interesting

    We deployed it at my previous job, for 1100 machines. I found it a huge waste of time with large numbers of machines unable to update, or only partially updating. Almost none were completely updated. Status reports were off, reporting missing patches that I KNEW were on the box (installed manually and verified). I'm pretty sure it reported patches on that weren't. So not only could I not rely on it to do the job, I could not rely on it to tell me where it had succeeded and where it had not. I found it marginally better than nothing, not a solid enterprise ready tool.

    It will take MS another 10 years before it's products are enterprise ready. Enterprises use their stuff anyway, but the products aren't ready.