Patch by importance, not popularity

By on
Patch by importance, not popularity

Patching by popularity is risky business.

A patching strategy can reduce vulnerability risks by as much as 80 percent, according to a new study.

But administrators would on average have to be fluent in 14 different update programs to fully patch a system.

Worse, an organisation with 1000 programs that patches all of its Windows components would miss 78 percent of vulnerabilities, the research found, because third-party applications are responsible for 69 percent of flaws on a typical endpoint machine.

The study said attackers had more avenues for exploit because the number of endpoints had risen, and noted that securing the nodes was often difficult because of the large number of programs and plug-ins that operate on them.

Testing patching strategies against a bed of 200 programs by market share and risk of exploit, Security company Secunia said patching the most critical programs remediated 71 percent of total risk, while patching the most popular programs offset just 31 percent of the risk.

A separate report from Avast Software, released on Wednesday, echoes Secunia's findings regarding unpatched systems.

In a poll of users of its anti-virus solution, Avast found that more than 60 percent of those using Adobe Reader were putting their systems at risk of malware attack by running unpatched versions of the program.

One out of every five users was found to be using an unpatched version of Reader that was at least two generations old.

Despite regular patch releases, Adobe's widely used PDF reader has been a popular launch vehicle for miscreant coders, who use the application to embed malware exploits and payloads to take control of an affected system.

This article originally appeared at

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?