Users left open to attack by failure to patch third-party apps

Criminals are increasingly targeting unpatched apps

Research by vulnerability specialist Secunia suggests that third-party applications are increasingly being used by malware writers in preference to using operating system attacks.

The Danish company said that data from its free Personal Software Inspector (PSI) tool showed that there were far more unpatched applications than operating systems among users. Furthermore, application patches were left open to abuse for far longer than operating system patches.

“The criminals are developing more and more targeted attacks, focusing on the applications that are most likely to be unpatched,” said Secunia chief technical officer Thomas Kristensen.

“Unfortunately, another trend is also quite evident – private users don't patch. I think that many users are not aware of the problem with unpatched programs and the software companies don't inform sufficiently about the importance of updating and neither do they provide sufficient updating mechanisms."

The figures were backed up by data in Microsoft’s last Security Intelligence Report, released earlier this month, which found that 90 per cent of serious vulnerabilities were not found in Windows, but in third-party applications.

“I would not hesitate to say that the biggest threat to your PC probably is a program you installed yourself, simply because it is out of date and insecure,” Kristensen said.