Failure to apply third-party patches rather than updates from Microsoft is "almost exclusively" responsible for the growing exposure of Windows machines to security threats, according to Secunia.
Stats from users of Secunia's patch management scanning tool report that, on average, less than 2 per cent of Microsoft programs are insecure on a user's Windows PC – while typically between 8 and 12 per cent of the third-party programs on the same box are insecure. A breakdown of all vulnerabilities affecting end-point PCs during 2010 records that 69 per cent stem from flaws in the third-party programs, 13 per cent originate in the Operating System, while a further 18 per cent stem from security bugs in Microsoft program.
Flaws in applications from the likes of Adobe, Apple and others, together with difficult-to-apply and often overlooked security update mechanisms have become the greatest single source of Windows security woes.
"The complexity of patching third-party programs has a measurable effect on the patch level found on typical end-point PCs – based on Secunia PSI measurements," Secunia concludes.
The latest version of Secunia's annual report also found that a patch was available at the time a vulnerability was disclosed in half the cases recorded in 2009 and 2010. Around 22 per cent of the total number of security bugs were patched at a later date while 28 per cent were never patched.
The number of vulnerabilities affecting a typical end-point PC increased by 71 cent between 2009 and 2010, Secunia reports, adding the choice of operating system has only a minor effect on the vulnerability state of Windows PCs. ®