Security News PCs still at risk from end-of-life programs

Winter Soldier

Level 25
Thread author
Verified
Top Poster
Well-known
Feb 13, 2017
1,486
The latest software vulnerability report from Secunia Research at Flexera Software reveals that the average US private PC user has 75 installed programs on their PC, 7.4 percent of which are no longer patched by the vendor.

More detailed analysis of the findings shows that 7.5 percent of users had unpatched Windows operating systems in the final quarter of 2016, up from 6.1 percent in Q3 of 2016 and down from 9.9 percent in Q4, 2015.

In addition 14 percent of users had unpatched non-Microsoft programs in Q4, 2016, up from 13.8 percent in Q3 of 2016 and 12.2 percent in Q4 of 2015. The top three most exposed programs for Q4 in terms of the numbers unpatched, market share and the number of known vulnerabilities, were Apple iTunes 12.x. (55 percent unpatched, 43 percent market share, 29 vulnerabilities), Oracle Java JRE 1.8.x / 8.x (50 percent unpatched, 47 percent market share, 39 vulnerabilities), and VLC Media Player 2.x (44 percent unpatched, 28 percent market share, 5 vulnerabilities).

“Software Vulnerability Management is an effective strategy for minimizing the attack surface by enabling people and organizations to identify known vulnerabilities on their devices, prioritize those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,”
says Kasper Lindgaard, director of Secunia Research at Flexera Software. “But risk remains if unsupported, end-of-life programs containing vulnerabilities are running. Private PC users should continually scan their devices and remove end-of-life programs from their systems. Within a business setting, security teams should collaborate closely with their Software Asset Management teams to discover and inventory their application estate and remove any unsupported, end-of life programs.”

The report for the US along with those for other regions around the world is available to download from the Flexera website.
 
5

509322

The latest software vulnerability report from Secunia Research at Flexera Software reveals that the average US private PC user has 75 installed programs on their PC, 7.4 percent of which are no longer patched by the vendor.

I don't think I've ever had more than 30 programs installed - and about half of those were OEM\driver related - like Intel Graphics, Engine Management, Synaptics\ELAN, etc.

The top three most exposed programs for Q4 in terms of the numbers unpatched, market share and the number of known vulnerabilities, were Apple iTunes 12.x. (55 percent unpatched, 43 percent market share, 29 vulnerabilities), Oracle Java JRE 1.8.x / 8.x (50 percent unpatched, 47 percent market share, 39 vulnerabilities), and VLC Media Player 2.x (44 percent unpatched, 28 percent market share, 5 vulnerabilities).

Unpatched softs with vulnerabilities is the No. 1 reason exploits succeed - and not true zero-day exploits.

“Software Vulnerability Management is an effective strategy for minimizing the attack surface by enabling people and organizations to identify known vulnerabilities on their devices, prioritize those risks based on the criticality of the vulnerabilities, and mitigate those risks via automated patch management systems,” says Kasper Lindgaard, director of Secunia Research at Flexera Software.
  • Use alternative software to the most targeted programs.
  • Keep installed programs up-to-date.
The need to install an anti-exploit software is massively reduced.

If you must use an unpatched version of a program - which is mightily rare and almost exclusively limited to Enterprise users - then by all means install an anti-exploit software and make sure the unpatched program is protected by the anti-exploit.

* * * * *

This is not difficult.

People over-complicate their security configurations (security soft geeks, paranoid).

People add software and security\related softs that they don't need (security soft geeks, paranoid).

This article is about everybody else. Those people don't know what to do.
 
Last edited by a moderator:

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
Majority of my work can be done through online software like Google Chrome. I don't need a specific program for music or photos. Google Drive is great IMO, nothing is perfect though. I have more than 75 programs. That is if it counts to have a huge library of steam games. :p

Thanks for the share! I use Kaspersky Software Updater for updating my software. Even though its in BETA I'm surprised about it not being noticed much. I had difficultly and impatience with Secunia. Found Kaspersky to be a little faster..
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
MS is right to enforce telemetry and forced updates, careless and lazy people are the reason of malware spreading. Their behavior cost billions in collateral damage.

A permit to use a computer should be created... :D

Yeah even with the chance of a brick from the MS updates id take it over a giant ransomware attack that ends up formatting my HD. :p

I defiantly have over 70+ Software... (Steam library counts right??) lol

I find Kaspersky software updater to be a good fit for me. Even though its in BETA I think it gets the job done.

As Lockdown said above "Use alternative software to the most targeted programs." I find a majority of my work able to be done in Chrome or at least 1 installed program. You don't need an abundance of software to do what you want. I could right now listen to my music through Google Drive or my tablet.

Thanks for the share!
 

Handsome Recluse

Level 23
Verified
Top Poster
Well-known
Nov 17, 2016
1,242
Yeah even with the chance of a brick from the MS updates id take it over a giant ransomware attack that ends up formatting my HD. :p

I defiantly have over 70+ Software... (Steam library counts right??) lol

I find Kaspersky software updater to be a good fit for me. Even though its in BETA I think it gets the job done.

As Lockdown said above "Use alternative software to the most targeted programs." I find a majority of my work able to be done in Chrome or at least 1 installed program. You don't need an abundance of software to do what you want. I could right now listen to my music through Google Drive or my tablet.

Thanks for the share!
If you look at asd, OS updates limit damage while app updates prevent damage. Self utility for OS updates since it can also brick the system has marginal SELF utility. App updates however are very useful.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top