Don't blame Microsoft if your PC is insecure, because three quarters of reported security vulnerabilities in 2013 were found in third-party software and not Microsoft programs. Yet also according to the Denmark-based security firm Secunia that analyzed vulnerabilities in the top 50 most-used software products, the number of holes in Windows 7 and XP doubled in 2013 and Windows 8 was the operating system with the most vulnerabilities. While that might be a bit of a head-scratcher, both Microsoft employees people who love Microsoft and Microsoft haters can pluck out some numbers from Secunia's annual report to make them happy.
After scanning PCs with its Personal Software Inspector (PSI) tool, Secunia found that the average computer has 75 programs installed on it. The company's report focuses on the 50 most common software products found on the computers.
Overall for 2013: "2,289 vulnerable products were discovered with a total of 13,073 vulnerabilities in them." Of those, "1,208 vulnerabilities were discovered in 27 products in the Top 50 portfolio." There were 727 vulnerabilities "discovered in the 5 most popular browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera, Safari."
As you can see in Secunia's top 25 most vulnerable software products, only eight of those were third-party products: Adobe Flash Reader at #5, Adobe Reader at #7, Oracle Java JRE at #10, Firefox at #16, Chrome at #17, RealTek AC 97 at #23, Adobe Air at #24, and Apple Quicktime at #25.
There are only 17 third-party products that made it onto the top 50 most common software list. Of those 17 third-party programs, 10 were vulnerable. Put another way, those 17 programs accounted for only 34% of the software on most PCs, yet were also responsible for 76% of the vulnerabilities discovered in the top 50.
33 Microsoft programs were included in the top 50 most common; 17 were vulnerable. Put another way, Microsoft programs accounted for 66% of the top 50 products, but were only responsible for 24% of the vulnerabilities.
Now, let's look at Microsoft specific vulnerabilities according to the 2014 Secunia Vulnerability Review [pdf]. "The increase of vulnerabilities in Windows: Data reveals that the dip in the number of vulnerabilities recorded in Windows 7 and Windows XP in 2012 (50 and 49) has been reversed, with the number rising back up to 102 and 99 vulnerabilities respectively in 2013, almost on par with 2011 figures."
Secunia's figures, covering Windows vulnerabilities for the last five years, shows Windows 8 was the most vulnerable. It noted, however, "the high number of vulnerabilities in Windows 8 is due to the fact that Windows 8 has Adobe Flash Player integrated into Internet Explorer. This integration is responsible for a portion of the vulnerabilities (55) detected in that operating system."
Sign up for Computerworld eNewsletters.