Windows Users Have To Patch Every 5 Days
Patching has always been a thankless business. The best possible outcome is ‘nothing happens’, and no one ever thanks you when nothing happens - come to think of it, a lot of security stuff is like that. Really the rest of the world should be thanking us a lot more than they do ;)..
But seriously, Secunia have just released a lovely piece of research, based on 2 million home user client PCs running Windows of various versions since 2007. Some of the conclusions confirm what you’ve always suspected, that the growing burden of patching isn’t sustainable the way that it’s currently done.
“Our analysis reveals that 90% of the users have to handle on average between 51 and 86 patch actions per year in order to address between 200 and 342 vulnerabilities affecting the programs of 9 to 36 vendors in their software portfolios.”
“Our analysis demonstrates, that the total effort, and the frequency of actions, required to keep an end-user system secure most likely exceeds what the typical user is able, or willing, to invest…”
What is made clear here is that we’ve reached the limits of current Windows patching technologies. Failure of the current vendor supplied systems has left an exploit door open that has become impossible to close. As we have seen this week, spammers take advantage of these holes to build bot-nets of millions upon millions of PCs.
I’m afraid the popular vendor mantra ‘It’s users fault if they don’t patch’ just doesn’t wash anymore. This patching system that’s been created, the veil behind which vendors wash their hands of shoddy engineering, is dysfunctional in a pragmatic sense and just not good enough anymore.
Comments
Post new comment