News Column

49% OF VULNERABLE PROGRAMS COME FROM NON-MICROSOFT VENDORS

July 14, 2014



finds the Secunia PSI Country Report for Saudi Arabia for Q2 2014

DUBAI, United Arab Emirates:Secunia, the leading provider of IT security solutions that enable businesses and private individuals to manage and control vulnerability threats, recently published the Personal Software Inspector (PSI) Country Report for Saudi Arabia for the second quarter of 2014. The report reveals that the average PC user in Saudi Arabia has 86 programs installed from 30 different vendors and that 7.0% of these are no longer patched by the vendor an increase by about 35% from Q1 2014. While cyber security makes up one of the fastest markets globally and the Middle Eastern market is estimated to be worth several multi-billion over the next decade, cybercrimes continue to grow in complexity and frequency which translates into more vulnerability windows for exploitation that hackers can use to access critical personal data.

According to Secunia's report, Microsoft programs represent 39% of the overall share of programs installed on Saudi PCs, while the remaining 61% come from third-party vendors. The security of a PC is largely controlled by the number and type of programs installed on it and to what extent these programs are patched. Secunia reveals that 49% of vulnerabilities come from third-party vendors. Also, 17.9% of users have unpatched operating systems such as Windows 7, Windows 8, Windows XP, and Windows Vista. On the average PC, 15.8% of third-party programs are unpatched compared to 5.2% for Microsoft programs. Whilst there is a single update mechanism for the 34 Microsoft programs, 29 different update mechanisms are required to patch the remaining 52 programs from the 29 third-party vendors.



Kasper Lindgaard, Director of Research at Secunia

The Secunia KSA report also released the top most exposed programs based on market share and percentage of unpatched users. Once again, the Microsoft XML Core Services 4 is found to be the most exposed program after it was recognized as such in the previous report for Q1 2014 released in April 2014. "Although no new vulnerabilities have been discovered in Microsoft XML Core Services 4 for the past 12 months, 2 old vulnerabilities continue to haunt PC users who still have not patched. In KSA, 72% of PC users who use the Secunia PSI had Microsoft XML Core Services installed in Q2 2014. 53% of these users had not patched the program, even though a patch is available. This means that an estimated 38% of Saudi PCs are made vulnerable by MSXML 4. And since we can assume that computer users who install the Secunia PSI on their PCs are more security aware than the average user, we suspect that 38% is a conservative number. The situation can be remedied by installing the latest service pack for the software, which is also offered to consumers through the Secunia PSI and to businesses through the Secunia CSI. Once the latest service pack is installed, patches will once again be offered correctly through Windows Update", said Kasper Lindgaard, Director of Research and Security at Secunia.

Kasper continued: "the state of security on private PCs is quite stable, for better or worse. The conclusion for the Secunia KSA report is that private users still have a long way to go when it comes to vulnerability awareness which means understanding that it is important to apply security patches to vulnerable software programs to protect their PCs, and the data on them, from hackers." Commenting on Adobe Flash Player topping the list of End-of-life programs with a 66% market share, Kasper explained: "it is always recommended to remove End-of-Life programs from your PC as they are no longer maintained and supported by the vendor and do not receive security updates. They must therefore be treated as insecure. If you identify and remove End-of-Life programs you have made your PC a great deal more secure."

Vulnerabilities are discovered in software programs on a regular basis, and the vendor will usually release a patch for users to apply in the form of a security update. However, the latest findings from Secunia suggest that there is a significant increase in the number of programs that are no longer patched by the vendor. If users do not perform these updates, their PC will be vulnerable to attacks because hackers can use the vulnerability as an entry point. The best way for private users to stay secure is to make sure the software on their PCs is always updated with the latest software security updates. The Secunia PSI Country Report for Saudi Arabia data reflects the state of Secunia PSI users and shows that Secunia PSI users are more secure than other PC users.

Methodology

The Secunia Country Reports show on average how much vulnerable software is present on private PCs and list those programs that make PCs more exposed to cybercrime. Secunia releases quarterly country reports which provide insight into software security on private PCs in a number of countries including Saudi Arabia. The reports are based on data from the millions of users of Secunia's free consumer security software, the PSI. The data includes the average numbers of installed programs, patched and unpatched, on private PCs and information on the 10 most exposed programs, the number of programs installed on PCs, the share of Microsoft and non-Microsoft (third-party) programs and the prevalence of End-of-life programs.

About Secunia Personal Software Inspector:

The Secunia Personal Software Inspector (PSI) is a free computer security solution for private users that identifies vulnerabilities in non-Microsoft (third-party programs) which can leave the PC open to attacks. Simply put, it scans the software on the system and identifies programs in need of security updates to safeguard the PC against cybercriminals. It then supplies the computer with the necessary software security updates to keep it safe. The Secunia PSI is also available in Arabic for free download.

About Secunia:

Secunia is recognised industry-wide as a pioneer and global player within the IT security ecosystem, in the niche of Vulnerability Management. Our award-winning portfolio equips corporate and private customers worldwide with Vulnerability Intelligence, Vulnerability Assessment, and automated Patch Management tools to manage and control vulnerabilities across their networks and endpoints.

A strong strategic vision of becoming number one is, and always has been, a founding pillar of Secunia. We therefore deliver best-in-class solutions that have less superficial gift wrapping and instead contain true value. All Vulnerability Management products in Secunia's portfolio provide proven endpoint protection against vulnerabilities, due to our special combination of unique application scanning, unrivalled expertise, and impeccable customer service. All of this is achieved by the dedicated efforts of the industry-renowned Secunia Research Team and enhanced by Secunia's focused sales and support functions.

A track record of excellence makes Secunia a preferred supplier for enterprises, such as Fortune 500 and Global 2000 businesses, and government agencies worldwide


For more stories covering the world of technology, please see HispanicBusiness' Tech Channel



Source: Mid-East.Info


Story Tools






HispanicBusiness.com Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters