Secunia Half Year Report for 2010 shows interesting trends

Secunia Half Year Report for 2010 shows interesting trends
I came across an article yesterday at secunia.com. Secunia is a leading provider of Vulnerability Intelligence and tracks the evolution of security threats. They have posted their Half Year Report 2010 which includes some interesting trends and statistics. This information may be of interest to some of our readers so I thought it might make an interesting diary. The key highlights of the Secunia Half Year Report 2010 are: Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the more than 29,000 products covered by Secunia Vulnerability Intelligence was observed. A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on average for 38 percent of all vulnerabilities disclosed per year. In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the number is expected to almost double again in 2010 to 760. During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009 has already been reached. A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24 3rd party programs installed than in the 26 Microsoft programs installed. It is expected that this ratio will increase to 4.4 in 2010. The report does a good job of discussing the current trends and statistics and highlights what they are seeing for vulnerabilities. To review the full report you can see check it out at http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf. Deb Hale Long Lines, LLC	Deborah 278 Posts ISC Handler
Subscribe	Jul 14th 2010 9 years ago
I've tried Secunia's PSI tool. But it seems that it doesn't find as many updates as other tools such as FileHippo. As of right now, FileHippo is listing 10 updates for me while PSI is listing 1. Not that this is a bad thing for Secunia. If they found more updates they'd have hit the 4.4 ratio already.	Anonymous
Quote	Jul 14th 2010 9 years ago
The reason Filehippo shows more updates is that it is notifying you about all updates. Secunia PSI is a security tool i.e. it only tells you about updates which are necessary to stay secure, thus giving you much less work than if you had to update 10x as much using e.g. Filehippo. While the tools may seem similar, they actually serve completely different purposes. You can read more on the PSI download page: "The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular" among criminals." http://secunia.com/vulnerability_scanning/personal/ To better understand the difference between the Secunia PSI and tools like Filehippo etc. these reviews might be worth a read: http://www.howfixcomputer.com/2010/06/02/updaters-revisited-cnet-techtracker-vs-secunia-psi/ http://www.howfixcomputer.com/2010/05/28/staying-secure-and-up-to-date-filehippo-update-checker-vs-sumo-vs-secunia-psi/	Anonymous
Quote	Jul 15th 2010 9 years ago
Wouldn't it be more correct to say that there aren't any KNOWN vulnerabilities in the versions of the third party apps that were detected? That's why I prefer staying current on all apps, whether there are known, published vulnerabilities or not.	Anonymous
Quote	Jul 15th 2010 9 years ago

I came across an article yesterday at secunia.com. Secunia is a leading provider of Vulnerability Intelligence and tracks the evolution
of security threats. They have posted their Half Year Report 2010 which includes some interesting trends and statistics. This
information may be of interest to some of our readers so I thought it might make an interesting diary.

The key highlights of the Secunia Half Year Report 2010 are:

Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the
more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.
A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on
average for 38 percent of all vulnerabilities disclosed per year.
In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user
PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the
number is expected to almost double again in 2010 to 760.
During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009
has already been reached.
A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24
3rd party programs installed than in the 26 Microsoft programs installed. It is expected that
this ratio will increase to 4.4 in 2010.

The report does a good job of discussing the current trends and statistics and highlights what they are seeing for vulnerabilities.

To review the full report you can see check it out at http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf.

Deb Hale Long Lines, LLC

Deborah

278 Posts
ISC Handler

I've tried Secunia's PSI tool. But it seems that it doesn't find as many updates as other tools such as FileHippo. As of right now, FileHippo is listing 10 updates for me while PSI is listing 1.

Not that this is a bad thing for Secunia. If they found more updates they'd have hit the 4.4 ratio already.

Anonymous

The reason Filehippo shows more updates is that it is notifying you about all updates.

Secunia PSI is a security tool i.e. it only tells you about updates which are necessary to stay secure, thus giving you much less work than
if you had to update 10x as much using e.g. Filehippo.

While the tools may seem similar, they actually serve completely different purposes.

You can read more on the PSI download page:
"The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular" among criminals."
http://secunia.com/vulnerability_scanning/personal/

To better understand the difference between the Secunia PSI and tools like Filehippo etc. these reviews might be worth a read:
http://www.howfixcomputer.com/2010/06/02/updaters-revisited-cnet-techtracker-vs-secunia-psi/
http://www.howfixcomputer.com/2010/05/28/staying-secure-and-up-to-date-filehippo-update-checker-vs-sumo-vs-secunia-psi/

Anonymous

Wouldn't it be more correct to say that there aren't any KNOWN vulnerabilities in the versions of the third party apps that were detected?

That's why I prefer staying current on all apps, whether there are known, published vulnerabilities or not.

Anonymous