Security Adviser | Roger A. Grimes » Secunia Software Inspector finding lots of unpatched software

December 16, 2006 | Comments: (0)

Secunia Software Inspector finding lots of unpatched software

TAGS: None

Windows and IE among the most patched applications.

In my blog entry last week, I introduced Secunia's Software Inspector. It's a free online vulnerability analyzer that will check your PC for over 4,000 applications to see if they are fully patched or are vulnerable versions.

Secunia's blog mentions some interesting figures. First, over 1/3rd of all scanned PCs contained vulnerable software. Now many readers might see this is a high figure, but in reality it's probably low. Software Inspector is very new, and only people very concerned about computer security are running it. I would expect this sample of early testers to be more patched than the population in general.

Second, the most up-to-date and patched applications are from Microsoft. This is probably reflective of Automatic Updates and other patch mananagement tools. Kudos to Microsoft on this. It shows that pushing AU on consumers is helping.
(Now, if they could just get MS-Office less exploitable these days)

In comparison, over 1/3rd of Firefox users were running vulnerable versions. Or maybe that figure includes the many people who initially switched to Firefox to test it out, then went back to IE because of missing functionality or the like, and think they don't have to patch Firefox now.

As in the case of any software program, if you don't use it, remove it...or keep it patched. Opera users came in at 13% unpatched. As good as that figure is, it's still 3 times higher than IE. Of course, IE still contains a higher level of overall risk because of the focus from hackers, but other browser users need to be more diligent. Just because hackers don't target your browser as much doesn't mean they can't or haven't. Many of today's web-based malware programs target IE and FF.

Over 1/2 of all Macromedia Flash users were running vulnerable versions. That doesn't surprise me. Me, and many of my friends, have found multiple versions of Flash on our PCs, located in one or more locations. So, you could be running the latest version and still have older versions lying around. Software Inspector will show you for sure (if you use the more thorough scan method).

On a related note, I had a bear of a problem trying to delete an old Flash version. In Windows\System32\Macromed I had a Flash ActiveX control called flash6.ocx. It was read-only, and it (or Windows) would not let me delete it, no matter what I did, and I tried nearly everything (including booting into Safe mode, Recovery Console, Bart PE, Linux, etc., and several delete-on-reboot utilities...all failed). Finally, a friend of mine, who had similar problems with another version of flashx.ocx, gave me the solution. On the \Windows\System32\Macromed folder, he reset NTFS permissions and told them to propagate downward to all files and folders. This trick worked, and I was able to delete the offending ocx file.

How Windows was able to prevent me from deleting a file when I booted outside the operating system is still a mystery to me. I was using the true Administrator account who had Full Control the the file I was trying to delete.

Posted by Roger Grimes on December 16, 2006 10:23 AM

RATE THIS ARTICLE: