Secunia releases PSI 2.0 data – Adobe tops patch list
by Steve Ragan - Sep 7 2010, 17:00Last week, just before the start of the Labor Day weekend, Secunia reported some figures taken during the first 24 hours of Secunia PSI 2.0's launch. The PSI release was a beta but, within a day, some 6,500 users installed nearly 10,000 patches.
Patch management is a critical element to any security plan. This is the case for both home and business users. While in the business world IT teams have many solutions for patch management, home users are often left to their own devices. Secunia PSI 2.0, which is still in beta, looks to address this issue.
In 2009, Niels Henrik Rasmussen, CEO of Secunia, said it was time the industry built a common application that handles all third-party application updates and patching, rather than the separate, piecemeal approach seen today. PSI 2.0 is the culmination of that thought process.
What PSI 2.0 will do is save home users time by offering automatic installations of operating system patches, as well as patches for Adobe software, browsers, and thousands of third-party software titles such as Skype.
Within 24 hours of the PSI 2.0 beta release, 6,500 people were installing software updates at a rate of 1.5 patches per user on average. When it comes to the figures, Secunia shows that Adobe products accounted for the majority of updates needed.
Flash Player installations that are ActiveX or NPAPI-based amounted to almost 30 percent of the required security patches. Adobe Reader accounted for 10 percent, and Adobe AIR topped out at five percent. Also on the list were two popular browsers, Opera 10 and Firefox 3.6, as well as Skype, Wireshark, Java JRE, and IrfanView to round out the top ten.
Given that most of the top ten list contains software that has auto-update functionality, it is clear that the updates offered are often ignored. This is because most software, even software that has update checking by default, only installs if the user approves.
For example, Firefox can check for new versions, but will only install if given permission. Whereas Google’s Chrome browser, which was not on Secunia’s list, will install updates as they become available.
For business and home users, solutions like PSI are a solid offering, and will go a long way towards a rounded security stance. However, it is wiser to have both a proactive stance for security as well as a response plan.
This means you should use solutions like PSI to augment your security plans, not base them entirely on software updates alone. Software updates help mitigate some attack vectors, but they cannot defend against all of them.
This is where the response side of security comes into play, so you can deal with the eventual aftermath of an attack.
Comment on this Story