Consumers buying new PCs should force retailers to ensure that the machines are fully patched before purchase, according to Sophos.
Most computers in the shops will have operating systems that are months out of date, the security firm warned. While this will not affect basic operation, it leaves the PC without current security patches and thus vulnerable to viruses and hackers.
"Consumers need to ask about security," said Carole Theriault, security consultant at Sophos. "Does the retailer have Windows XP service pack 2 disks available, for example? Maybe if enough people ask we'll get shops taking security more seriously. That's my hope."
Theriault pointed out that if businesses are buying in PCs they can insist on having them fully patched before delivery. Consumers rarely make such demands but, with 1,300 new viruses detected last month, new PCs are acutely vulnerable.
In tests earlier this year Symantec found that an unpatched PC connected to the internet would be hit by viruses and malicious code in less than one minute.
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23
Asda, Morrisons and Tesco in the frame for checkout facial recognition technology
Research opens up new possibilities for structural batteries, where the carbon fibre forms part of the energy system
Another shape could have indicated hard-to-detect particles