Secunia launched a free online Software Inspector last December, and since then over 350,000 inspections have been completed. As we’ve discussed before, the service scans your computer looking for specific applications (Acrobat, QuickTime, iTunes, Windows Media Player, Firefox, Thunderbird, Internet Explorer, Opera, and more) to make sure that you’re running the latest version.
I ran the scan myself to see how well I keep my programs up-to-date, and it turns out that I do a pretty good job:
However, Secunia is reporting that not everyone cares so much about updating their software. Out of the 350,000 scans that they have done, here are the percentages of people running out-dated versions of the applications:
| Application | Out-dated |
| Firefox 2 | 5.19% |
| Internet Explorer 7 | 5.40% |
| Internet Explorer 6 | 9.61% |
| Opera 9.x | 11.96% |
| WinAMP 5 | 26.96% |
| QuickTime 7 | 33.14% |
In response to those numbers Secunia said that on average 28% of the applications were out-dated:
Most people using Windows and Microsoft products are usually aware of the monthly “Patch Tuesday” routine that Microsoft has set up, which can explain why the patch level for MS products are relatively high. These numbers also indicate that many people using Firefox and Opera are concerned about security and remember to keep their products updated.
But when it comes to other applications that don’t immediately seem that exposed, people tend to wait for an extended period of time before patching.
This constitutes a significant problem because many of those applications, like WinAMP and Quicktime, are readily used whenever users encounter media files of various kinds. Most people wouldn’t hesitate to open an .mpg, .jpg, .mov, or .mp3 file from any source if it seems the least bit interesting and relevant. It’s easy to embed a movie in your homepage, for example, and all it takes is one unpatched Quicktime vulnerability and a provocative video title to compromise a lot of visitors.
As you can see the updates are very important for more than just the browser, but users typically shrug them off as not necessary. So while you’re sitting there right now why don’t you open a new tab in your browser and run Secunia’s Software Inspector to make sure you are completely up-to-date (it does require that you have Java installed).
Source: Secunia Blog [via PC Advisor]
couldn’t Microsoft do something similar by checking add/remove programs and giving updates for programs via automatic updates?
i wish they would.
also secunia could do a better job by checking more programs via add/remove programs.i had some out of date applications that secunia missed.
Microsoft could indeed implement some sort of checks themselves, but I’m sure there is a big worry about checking the software to make sure it isn’t malicious. After all, you wouldn’t want to be using an application and then have Windows Update download a new version and install it, just to find out that the developer added a virus to it. Maybe Microsoft should just prompt the users so that they are notified that a new version is available, and then leave it to the users to go download it.
Secunia is mostly just checking the applications that frequently have Web-related exploits because that is where their focus is. They don’t look to check every single application because that would be hard for them to keep up with all of the version numbers.
WinAMP doesn’t surprise me with the high rate. They’ve had two updates in the past month.
I wasn’t extremely surprised either, because who really thinks that those updates could be critical? Maybe these companies should make users more aware of how critical some of the updates are.
Opps! Can’t use it, I don’t use Java or windows update. Personally I can’t see why they have to use either?
It uses Java so that it can scan your computer to see what versions of software you have installed. I’m sure there are other alternatives that can be used, but things like JavaScript are definitely out of the picture.
All the more reason not to use Java
I agree, I really do hate Java. In fact, the first thing I do after installing Firefox is disabling Java in the preferences. Then I only enable it when I need it.
As for WinAmp both times when I started the application I got a pop-box announcing new critical updates. If it were not for that I wouldn’t know otherwise. So NullSoft is doing a good job there, I think it is people don’t want to be bothered with installing updates and stick to the mentality “If ain’t broke…”