Australian PC users are making slow progress in reducing their exposure to unpatched applications and operating systems, new figures from Flexera Software have shown even as major vendors step up their efforts to remove key vulnerable software from circulation.
Flexera's Secunia PSI Country Report for Q4 2015 found that the average Australian PC user had 79 programs installed from 28 different vendors, down from 81 programs early in 2015.
Just 8.9 percent of users were running unpatched versions of Windows 7, Windows 8, Windows 10 or Windows Vista – representing a significant drop from the 12.4 percent penetration of unpatched operating systems in the previous study.
That figure likely reflects a decline in the usage of Windows XP, which is now out of Microsoft's formal support program and has become a source of security concern since Windows XP finished its extended support phase in 2014. More recently, Windows 7 left mainstream support, although its extended support phase will run for years still.
Although many businesses and government agencies have paid Microsoft to continue support for Windows XP, the ongoing risks to the system came into sharp relief this month as the Royal Melbourne Hospital faced major problems after the outbreak of a virus that targeted its XP-based computers in its pathology department.
The risks of such infections, particularly in the sensitive healthcare industry, were highlighted in the recent Verizon 2015 Protected Health Information Data Breach Report, which analysed 1931 security incidents involving breaches of more than 392 million personal healthcare records.
That study found not only that 90 percent of industries have breaches of patient data, that insider misuse is as problematic as outsider attacks, and that 86 percent of all healthcare data breaches are inadvertent.
“Many organizations are not doing enough to protect this highly sensitive and confidential data,” wrote Suzanne Widup, senior analyst and lead author for the report. “This can lead to significant consequences impacting an individual and their family and increasing healthcare costs for governments, organizations and individuals. Protected health information is highly coveted by today’s cybercriminals.”
Unpatched software remains a key vector by which cybercriminals can penetrate systems and steal sensitive data. Flexera's latest report, which is based on figures collected from users of its Personal Software Inspector (PSI) tool, showed a faint decline in the proportion of end-of-life programs on the average PC, which dropped from 5.7 percent of programs to 5.5 percent. Many popular add-ons, however, remained vulnerable with the likes of Adobe Flash Player v19 still found on 78 percent of tested computers despite being end-of-life software (the previous analysis found similar penetration for the former v17).
Exposure to the Oracle-owned Java platform was also high, with 25 percent of polled computers running the deprecated Java Runtime Environment 1.7 and a further 16 percent running version 1.6.
Oracle announced this week that it will kill off the long-exploited Java browser plugin.
A 2015 Google study found that patching was one of the key areas where security experts were likely to be more diligent than non-experts.
Read more: DDoS targets look to outside help as attacks target cloud, distract from data theft