Venue

RSA Conference, San Francisco, Feb  14-18th,  2011

Abstract

We explore the fundamental failings of end-point security that continue to turn most Internet users (corporate and private) into easy prey for cybercriminals. Data from 3.0 Million users of Secunia PSI provide a unique insight into the exposure end-point systems.

Content

This session explores the fundamental failings of end-point security that continue to turn most Internet users (corporate and private) into easy prey for cybercriminals. We start with a look at the evolution of the security threat posed by vulnerabilities in the programs of typical end-user PC's over the last five years, and provide an outlook for 2011 based on the 2010 data.

What we uncovered through our free Personal Software Inspector (PSI) service (with > 3.0 million subscribers) is that desktop security (and integrity) is much more complex than many people commonly realise, and that the narrow focus upon OS vulnerabilities (and even Microsoft product vulnerabilities) is to severely underestimate the problem facing current/future victims of
cyber crime.

Our analysis identified an alarming trend – vulnerabilities affecting the portfolio of the Top-50 programs typically present on end-user PC's more than doubled from 2005 to 2010; and a four-fold increase is expected to the end of 2011 - which confirms that cybercriminals are very adaptive in finding the easiest path to compromise a host. We identify the primary source of the increased trend, and quantify the complexity of keeping an average PC secure.

Resources