Unpatched OS use declines in Australia but out-of-life Java, Flash persist

Australian PC users are making slow progress in reducing their exposure to unpatched applications and operating systems, new figures from Flexera Software have shown even as major vendors step up their efforts to remove key vulnerable software from circulation.

Flexera's Secunia PSI Country Report for Q4 2015 found that the average Australian PC user had 79 programs installed from 28 different vendors, down from 81 programs early in 2015.

Just 8.9 percent of users were running unpatched versions of Windows 7, Windows 8, Windows 10 or Windows Vista – representing a significant drop from the 12.4 percent penetration of unpatched operating systems in the previous study.

That figure likely reflects a decline in the usage of Windows XP, which is now out of Microsoft's formal support program and has become a source of security concern since Windows XP finished its extended support phase in 2014. More recently, Windows 7 left mainstream support, although its extended support phase will run for years still.

Although many businesses and government agencies have paid Microsoft to continue support for Windows XP, the ongoing risks to the system came into sharp relief this month as the Royal Melbourne Hospital faced major problems after the outbreak of a virus that targeted its XP-based computers in its pathology department.

The risks of such infections, particularly in the sensitive healthcare industry, were highlighted in the recent Verizon 2015 Protected Health Information Data Breach Report, which analysed 1931 security incidents involving breaches of more than 392 million personal healthcare records.

That study found not only that 90 percent of industries have breaches of patient data, that insider misuse is as problematic as outsider attacks, and that 86 percent of all healthcare data breaches are inadvertent.

“Many organizations are not doing enough to protect this highly sensitive and confidential data,” wrote Suzanne Widup, senior analyst and lead author for the report. “This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organizations and individuals. Protected health information is highly coveted by today’s cybercriminals.”

Unpatched software remains a key vector by which cybercriminals can penetrate systems and steal sensitive data. Flexera's latest report, which is based on figures collected from users of its Personal Software Inspector (PSI) tool, showed a faint decline in the proportion of end-of-life programs on the average PC, which dropped from 5.7 percent of programs to 5.5 percent. Many popular add-ons, however, remained vulnerable with the likes of Adobe Flash Player v19 still found on 78 percent of tested computers despite being end-of-life software (the previous analysis found similar penetration for the former v17).

Exposure to the Oracle-owned Java platform was also high, with 25 percent of polled computers running the deprecated Java Runtime Environment 1.7 and a further 16 percent running version 1.6.

Oracle announced this week that it will kill off the long-exploited Java browser plugin.

A 2015 Google study found that patching was one of the key areas where security experts were likely to be more diligent than non-experts.

Read more: DDoS targets look to outside help as attacks target cloud, distract from data theft

Participate in CSO and Gigamon's survey on Security Priorities today!

Go into the draw for a chance to win an Apple iWatch Sports or the equivalent of $500 Visa Cashcard. For full terms and conditions click here.

Start survey NOW!

Join the CSO newsletter!

Error: Please check your email address.

Tags vulnerable softwareAustralian PCUnpatched OSlexera SoftwarejavaflashCSO Australia

More about AppleCSOExposureFlexeraGigamonGoogleMicrosoftOraclePSIRoyal Melbourne HospitalSecuniaVerizonVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts