The Secunia "Security Watchdog" Blog is used to communicate our opinions about vulnerabilities, security, ethics, and our responses to articles, research papers, and other blog entries regarding Secunia and vulnerabilities.
To get the facts about vulnerabilities read our Secunia advisories. To get our opinions read this Blog.
Return to Blog Overview
Interesting Statistics from the Secunia PSI
14:58 CET on the 9th January 2008. Entry written by Jakob Balle.
Previously we have released statistics about the number of applications that are not patched on user's system, such as:
SI: 28% of all detected applications are insecure (May 2007)
PSI: Your security: 1 in 5 applications are not patched! (December 2007)
The feedback has been great and the interest for these statistics has been huge, which has prompted us to dedicate some support resources for continuously providing you with more interesting statistics. Be sure to let us know (support [AT] secunia [DOT] com) if there are some statistics that you feel could be of great interest to the public.
With this blog we are focusing on the number of insecure applications on a pr. computer/user basis.
About the data used in this blog entry
We have used statistics collected from NEW users of our Secunia PSI during the last 7 days. The statistics in this blog is based on data from 20,009 computers/users, which in turn includes a total of 1,788,832 applications.
The data used is collected from the very first scan a user has conducted, that is, before the user has started securing their system (patching installed applications) with the Secunia PSI.
Please note. Due to the way data is collected by the Secunia PSI all results presented here are to be considered "best case" scenarios, the real numbers are likely to be worse.
There are two primary reasons as to why this should be considered "best case" data compared to data of the average Internet user.
1) The users of the Secunia PSI are most likely more vigilant and security minded/conscious than your "average" Internet user.
2) We cannot register if a Secunia PSI user has used the Secunia PSI to patch their system completely, then uninstalled the Secunia PSI just to install it again (e.g. to get a clean patch history), thus the user would figure as a "first time" user in these statistics.
Are computers up-to-date with security patches?
The short answers is NO - by no means. Close to all computers are running with several insecure applications installed.
The total number of computers/users is 20,009, out of these 95.46% have 1 or more insecure applications installed on their computers - 95 out of a 100 computers that are connected to the Internet have insecure software installed.
By "insecure application" it is understood, that there is a newer version available from the vendor of the application that corrects one or more vulnerabilities, but the user have yet to install the secure version.
Number of insecure applications per computer/user:0 Insecure Applications: 4.54% of computers
0-5 Insecure Applications: 27.83% of computers
6-10 Insecure Applications: 25.69% of computers
11+ Insecure Applications: 41.94% of computers
About the Secunia PSI
The Secunia PSI is a free solution from Secunia that allows private users to map, patch, and secure the software installed on their computers. As of January 2008, the Secunia PSI has been installed on more than 215,000 computers, the Secunia PSI monitors more than 17,6 million applications, categorised as either Insecure, End-of-Life, or Patched.
The first version of the Secunia PSI was released July 2007, it is currently in version 0.9.0.0 (Release Candidate 1).
Join the many Secunia PSI users - download the PSI and secure your computer today:
Should you have any questions regarding Secunia, this blog, or the services we provide please feel free to contact our support at support [AT] secunia [DOT] com
Press inquiries can be directed to Thomas Kristensen, CTO via email tk [AT] secunia [DOT] com or phone +45 26 90 75 65