Keeping your software well maintained and updated is one of simplest ways to increase your computer's security. However, statistics from Flexera Software show that many PCs are still running vulnerable programs.
Flexera says the second quarter data comes from their Personal Software Inspector Program, which has millions of users across the world.
According to the results, 28% of the vulnerabilities come from Microsoft programs, and 47% come from third party ones. The reason for this is fairly clear: keeping individual programs updated is hard work.
The average user has 74 applications31 of which are Microsoft, and 43 from others. In total, the average user has applications from 26 different companies.
Flexera found that a single update mechanism controls each of the 31 Microsoft programs. Users often have to update third party apps separately, which can be time-consuming.
The company also lists the ten most exposed programs:
- Oracle Java JRE 1.8.x / 8.x
- VLC Media Player 2.x
- Adobe Reader XI 11.x
- Apple iTunes 12.x
- Malwarebytes Anti-Malware 2.x
- Google Picasa 3.x
- Adobe Shockwave Player 12.x
- Mozilla Firefox 45.x
- PuTTY 0.x
- Adobe Acrobat Reader DC 15.x
It's no surprise to see most of the programs on the list. Shockwave Player was the victim of a large-scale malware attack in March. Google and Mozilla are starting to discontinue support for the service this month, and Microsoft is implementing extra security measures in Edge.
The majority of Microsoft vulnerabilities come from so-called “end-of-life” programs. These programs are no longer maintained and updated, and as such, are treated as insecure.
Adobe Flash Player 21.x topped this list, with an 84% market share. In second was Microsoft XML Core Services 4.x at 65%, followed by SQL Server 2005 Compact Edition at 62. End of life programs made up 6.3% of total applications installed by the user.
Out of all of the Microsoft programs, 4.3% were unpatched, an excellent number next to the 13.5% from other vendors. Though unpatched software is ultimately down to user error, Microsoft has been providing good incentives and frameworks to keep its software updated.
The full report is available here.