• 23rd Annual FIRST Conference, June 12-17, Vienna, 2011


In this talk we look at the evolution of the security threats and the
complexity of keeping a typical end-user PC secure over the last five
years. The study is based on data from more than 3 million users of the
Secunia Personal Software Inspector (PSI), which provides unique
insights into the distribution and dynamics of programs typically
present on end-user PCs.

  • We find an alarming development -
    vulnerabilities affecting the portfolio of the Top-50 programs typically
    present on end-user PCs almost quadrupled in the last three years.
  • Further analysis identifies third party (non-Microsoft) programs to be
    almost exclusively responsible for this alarming trend.

We examine the complexity of keeping a typical software portfolio secure and identify the top programs most likely to be found secure/insecure. Our analysis
reveals that the frequency and complexity of managing a large number of
diverse update mechanisms needed to keep ones end-point PC secure leads
to a large population of easy targets for cybercriminals.