Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Secunia Half Year Report for 2010 shows interesting trends - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Secunia Half Year Report for 2010 shows interesting trends

I came across an article yesterday at secunia.com. Secunia is a leading provider of Vulnerability Intelligence and tracks the evolution
of security threats. They have posted their Half Year Report 2010 which includes some interesting trends and statistics.  This
information may be of interest to some of our readers so I thought it might make an interesting diary.  
 

The key highlights of the Secunia Half Year Report 2010 are:

  • Since 2005, no significant up-, or downward trend in the total number of vulnerabilities in the
    more than 29,000 products covered by Secunia Vulnerability Intelligence was observed.
    A group of ten vendors, including Microsoft, Apple, Oracle, IBM, Adobe, and Cisco, account on
    average for 38 percent of all vulnerabilities disclosed per year.
  • In the two years from 2007 to 2009, the number of vulnerabilities affecting a typical end-user
    PC almost doubled from 220 to 420, and based on the data of the first six months of 2010, the
    number is expected to almost double again in 2010 to 760.
  • During the first six months of 2010, 380 vulnerabilities or 89% of the figures for all of 2009
    has already been reached.
  • A typical end-user PC with 50 programs installed had 3.5 times more vulnerabilities in the 24
    3rd party programs installed than in the 26 Microsoft programs installed. It is expected that
    this ratio will increase to 4.4 in 2010.

The report does a good job of discussing the current trends and statistics and highlights what they are seeing for vulnerabilities.  

To review the full report you can see check it out at http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf.

 Deb Hale Long Lines, LLC

 

Deborah

278 Posts
ISC Handler
I've tried Secunia's PSI tool. But it seems that it doesn't find as many updates as other tools such as FileHippo. As of right now, FileHippo is listing 10 updates for me while PSI is listing 1.

Not that this is a bad thing for Secunia. If they found more updates they'd have hit the 4.4 ratio already.
Anonymous
The reason Filehippo shows more updates is that it is notifying you about all updates.

Secunia PSI is a security tool i.e. it only tells you about updates which are necessary to stay secure, thus giving you much less work than
if you had to update 10x as much using e.g. Filehippo.

While the tools may seem similar, they actually serve completely different purposes.

You can read more on the PSI download page:
"The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Attacks exploiting vulnerable programs and plug-ins are rarely blocked by traditional anti-virus and are therefore increasingly "popular" among criminals."
http://secunia.com/vulnerability_scanning/personal/

To better understand the difference between the Secunia PSI and tools like Filehippo etc. these reviews might be worth a read:
http://www.howfixcomputer.com/2010/06/02/updaters-revisited-cnet-techtracker-vs-secunia-psi/
http://www.howfixcomputer.com/2010/05/28/staying-secure-and-up-to-date-filehippo-update-checker-vs-sumo-vs-secunia-psi/
Anonymous
Wouldn't it be more correct to say that there aren't any KNOWN vulnerabilities in the versions of the third party apps that were detected?

That's why I prefer staying current on all apps, whether there are known, published vulnerabilities or not.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!