Research from security firm Secunia indicates that 17.2% of Saudi Arabia PC users have unpatched operating systems.
This report documents the state of security among PC users in Saudi Arabia, based on Q4 data from scans by the Secunia Personal Software Inspector.
The report reveals that the average PC user in Kingdom of Saudi Arabia (KSA) has 84 programs installed from 30 different vendors and that 17.2% of users have unpatched operating systems.
According to Secunia’s report, Microsoft programs represent 41% of the overall share of programs installed on private Saudi PCs, while the remaining 59% come from third-party vendors.
On the average PC, 17.1% of third-party programs are unpatched compared to 5.5% for Microsoft programs.
There is a single update mechanism for the 34 Microsoft programs that make up 41% of the programs on the PC, whereas, 29 different update mechanisms are required to patch the remaining 50 programs (59%) from the 29 so called third-party.
The Secunia KSA report ranked the Top 10 programs based on risk exposure – these programs were ranked based on 2 parameters: the percentage market share multiplied by the percentage of unpatched.
It was discovered that VLC Media Player 2.x was at the top of the list, with Oracle Java JRE 1.7.x / 7.x close behind. The report also released the top 10 ‘End-of-life’ (EOL) Programs based on market share. The Microsoft XML Core Services 4 is first on the list with 76% market share.
“The vulnerability landscape is dynamic, despite a few vendors that almost always report vulnerabilities within their products on a fixed schedule,” said Kasper Lindgaard, Director of Research and Security, Secunia. “The fact that widespread products such as Internet Explorer and .NET Framework listed in the Top 10 of the ‘Most Exposed’ list is no big surprise. When applications have a market share in the top quartile it only takes a small set of unpatched instances before it appears on the list. .NET is an essential framework required by many different applications. It receives updates through Windows Update and has its vulnerabilities disclosed via Microsoft’s normal Patch Tuesday cycle.”