A report into internet security has found that vulnerability patching is still woefully inadequate among computer users.
Just one of the top 10 exploited flaws in M86 Security's analysis of the first half of 2010 had been patched this year, while one fix was issued in 2006 and the majority were at least two years old.
Half of the flaws were in Microsoft products, namely Internet Explorer and Access Snapshot, and in video streaming controls.
"The attackers go for low hanging fruit," Bradley Anstis, vice president of technology at M86 Security, told V3.co.uk.
The level of client vulnerabilities and the differing access needs of users makes it difficult for IT departments to run a coherent patching strategy, and makes locking down users an imperfect solution.
Ideally almost no users should have admin access but this is seldom realistic, according to Anstis.
"Ideally is a great word. Ideally people shouldn't be logging on as admin. Ideally they should be closing things down as soon as possible. But there are other issues," he said.
Spam levels in 2010 have now recovered from the shutdown of McColo and other rogue ISPs, the report found, and spam now accounts for around 86 per cent of incoming email to corporates.
The Rustock botnet is the biggest spam sender, accounting for over 40 per cent of all detected emails. Over 80 per cent of spam is for pharmaceutical products, usually from 'Canadian Healthcare' or 'Canadian Pharmacy'.
"Canadian Pharmacy is nothing to do with Canada," explained Anstis. "The company looks to be based in eastern Europe. They used 'Canadian Pharmacy' because, in North America, Canadians are seen to be a trustworthy, healthy well-living sort of people."
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches