by Chris Taylor
I have given
seminars on computer security at OPCUG meetings. I give
them on an on-going basis at the Ottawa Public Library
http://opcug.ca/public/OPL.htm. It would be an understatement to
say I care about computer security.
A few years ago, I had to stand in front of audiences and
tell them they must keep their software patched for
security vulnerabilities. I would tell them that
Microsoft has a decent service for keeping their products
patched called variously; Windows Update, Microsoft
Update, or Automatic Updates, depending on what they felt
like calling it any particular week. Okay, maybe it just feels
like they change product names that often.
Then I had to keep a straight face and tell people that
they should visit the vendor web sites for all their
other software, search for security updates for the
version they used, and install those updates. And that
they should do this every month or two.
A few years ago, I ran across a wonderful, free program
from Secunia called Personal Software Inspector
(PSI). Secunia is tracking over 20,000 programs for
security vulnerabilities, and PSI can apply security
patches for you. I wrote a review of PSI in the January, 2011 issue of the
newsletter - http://opcug.ca/public/Articles/1101.pdf
I knew Secunia gave away PSI free for personal use in
order to spread the word and get people to tell their
administrators at work about how great it is (there is a
commercial offering that costs money) and also to find
out about programs they were not yet tracking for
security vulnerabilities/security patches.
In late February Secunia sent out an email, saying the Secunia
Vulnerability Review 2014 was available. It turns
out that Secunia is also collecting anonymous data using
PSI to find out about the programs we use and our
exposure to security vulnerabilities.
According to Secunia, the average user has 75 programs
installed. Of course, I am proud to report that PSI found
160 programs on my main desktop computer! Without PSI, I
wouldnt have a hope of keeping up-to-date on
security patches for all of those.
reports that, in 2013, an astounding 2,289 vulnerable
products from 539 vendors were discovered with a total of
13,073 vulnerabilities in them. This represents a 45%
increase in vulnerabilities over five years, and a 32%
increase from 2012 to 2013.
looked at various versions of Windows itself. It is
interesting to note that all versions of Windows had
about the same number of vulnerabilities found in 2013.
The larger number of vulnerabilities in Windows 8
actually stems from the fact that Adobe Flash Player is
integrated into Internet Explorer in Windows 8. I have to
wonder if Microsoft regrets that decision! Remove the 50
(!) vulnerabilities in Adobe Flash Player and the
vulnerabilities found in Windows range from 99 in Windows
XP to 104 in Windows 8 essentially a dead heat.
This also makes me wonder about Microsofts
assertion that newer versions of Windows are more secure.
wonders why I recommend they remove Adobe Acrobat Reader
and install a replacement such as Foxit Reader, only need
look at the 67 (!) vulnerabilities found in Adobe Reader
vs. the 1 vulnerability found in Foxit Reader.
The report also has information on browser security, the
top 50 apps, zero-day vulnerabilities, criticality of
vulnerabilities, time-to-patch, and more.
The full 20-page report is available at http://secunia.com/vulnerability-review/
Originally published: September, 2014
top of page
The opinions expressed in these reviews
do not necessarily represent the views of the
Ottawa PC Users' Group or its members.