7.4% of software on PCs are past end of life

The apps are no longer patched and thus vulnerable to exploitation

7.4% of software on PCs are past end of life
geralt (CC0)

A new Secunia Research report states that the average private user in the U.S. has 75 programs installed on their PC, and 7.4% of them are past end of life and no longer patched by the vendor.  

By being past end of life, this software becomes a popular attack target by hackers because the programs are so widespread on devices today. This was the warning from Microsoft when it ended support for Windows XP in 2014—that people should no longer use it because exploits would no longer be fixed. 

The report from Secunia Research, which is owned by Flexera Software, covers findings for the fourth quarter of 2016 in 12 countries. In the U.S., it found 7.5 percent of private users had unpatched Windows operating systems in Q4 of 2016, up from 6.1 percent in Q3 of 2016 and down from 9.9 percent in Q4 of 2015.

+ Also on Network World: Security products among the most vulnerable software +

Secunia gathers its data from an application called Personal Software Inspector that runs in the background on the user's PC. It scans the OS and all of the software installed and checks the installed version against the latest version, alerts the user to software that is out of date, and provides a link to patches if available. 

For the U.S., Secunia found the average PC has 75 programs installed from 26 different vendors, and 32 of the 75 (or 42 percent) are Microsoft programs. The rest are obviously non-Microsoft. While 7.5 percent had an unpatched version of Windows, which likely means they have automatic updates turned off, 14 percent had unpatched Microsoft programs. 

Part of that can be blamed on complexity. On a typical PC, users have to master 26 different update mechanisms to patch the 75 programs on it, Secunia found. 

Top 10 list of unpatched software

The top 10 list of unpatched software is an interesting collection. Topping the list is iTunes 12.x, with an incredible 55 percent unpatched. That's amazing because when a new version comes out, the Apple updater pops up a window on my screen offering to update the software. So, how are people not being informed? 

Second on the list is Oracle Java JRE 1.8.x / 8.x, with 50 percent not patched. Again, Java pops up a window alerting you of a new version, so you should be informed. 

Adobe makes three appearances in the top 10 list with Acrobat Reader and Shockwave. Google Picasa also makes the list, with 48 percent unpatched. One security vendor is also on the list, Malwarebytes. Secunia found 19 percent of Malwarebytes Anti-Malware 2.x was unpatched. 

The list of the top 10 end-of-life software is no great surprise, with both Chrome and Firefox making the list, as well as Apple QuickTime, Oracle Java JRE and a pair of Microsoft products: XML Core Services 4.x and SQL Server 2005 Compact Edition. Those are typically installed with other Microsoft apps and are usually abandoned with new versions. That's one area where Microsoft drives me crazy. I must have a dozen Visual C++ redistributable libraries on my PC alone. 

So, get that PC updated and cleaned up—for your own good.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Take IDG’s 2020 IT Salary Survey: You’ll provide important data and have a chance to win $500.