Most PC security problems come from unpatched third-party Windows apps

If you've got 99 security problems, odds are Microsoft's not one—or at least it's just a minority of them. In its annual review of software vulnerabilities, security software firm Secunia found that 86 percent of vulnerabilities discovered on systems scanned by its software in the 50 most popular Windows software packages in 2012 were attributable to third-party developers and not to Microsoft's Windows operating system or applications. And for most of these vulnerabilities, a patch was already available at the time they were discovered.

Of the top 50 most used Windows packages—including the Windows 7 operating system itself, 18 were found to have end-point security vulnerabilities, a 98 percent increase over five years ago. Of those 18 packages, Google's Chrome and the Mozilla Firefox browser were the biggest culprits, with 291 and 257 detected vulnerabilities respectively. Apple iTunes came in third, with 243 detected vulnerabilities. The remainder of the top ten offenders were:

  • Adobe Flash Player: 67
  • Oracle Java JRE SE: 66
  • Adobe AIR: 56
  • Microsoft Windows 7: 50
  • Adobe Reader: 43
  • Microsoft Internet Explorer: 41
  • Apple Quicktime: 29

Of the vulnerabilities documented in Secunia's database, 84 percent had already been patched by vendors when they were discovered on systems. "This means that it is possible to remediate the majority of vulnerabilities," said Secunia Director of Product Management Morten R. Stengaard. "There is no excuse for not patching."

Read on Ars Technica | Comments