Over 25% of Saudi PCs running unpatched software
Saudi PC users facing risk from software vulnerabilities, Secunia report says
More than a quarter of PC users in Saudi Arabia are running on unpatched operating systems, according to third-quarter 2014 report released this week by Secunia.
The Personal Software Inspector (PSI) Country Report for Saudi Arabia found that the average PC user in the Kingdom has 85 programs installed from 30 different vendors, and that 25.4% of users are using PCs with unpatched vulnerabilities on them.
Secunia said that the security of a PC is largely controlled by the number and type of programs installed on it, and to what extent the programs are patched. Microsoft programs represented 39% of the overall share of programs installed on Saudi PCs, with the remaining 61% coming from third-party vendors, the report said.
According to the report, 16.3% of third-party programs on Saudi PCs were unpatched, compared to 5.8% for Microsoft programs. This was due to the fact that, while there is a single update mechanism for Microsoft programs, different update mechanisms are required to patch the other programs.
The report ranked the top 10 programs based on risk exposure - these programs were ranked based on 2 parameters: the percentage market share multiplied by the percentage of unpatched. It was discovered that Oracle Java JRE 1.7.x/7.x was at the top of the list.
Secunia also released the top 10 end-of-life (EOL) programs based on market share. EOL programs are programs that are no longer patched by their creators. The Microsoft XML Core Services 4 was found to be number one on the list with 76% market share.
"It is always recommended to remove end-of-life programs from your PC as they are no longer maintained and supported by the vendor and do not receive security updates," said Kasper Lindgaard, director of research and security at Secunia.
"They must therefore be treated as insecure. If you identify and remove end-of-life programs, you have made your PC a great deal more secure.
"It only takes one vulnerability for a hacker to exploit a user's system. Just one. We are concerned to see such a high share of users with unpatched and end-of-life browsers and operating systems," Kasper added.
Vulnerabilities are discovered in software programs on a regular basis, and the vendor will usually release a patch for users to apply in the form of a security update. However, Secunia suggested that there has been a significant increase in the number of users running programs that are no longer patched by the vendor.