Only two percent of computer users are fully patched and the other 98 percent are running at least one insecure, unpatched program, security firm Secunia said this week.
Secunia gathered data from 20,000 new computer users based on a first scan of its recently updated, free consumer vulnerability scanning tool.
Researchers found that 30.3 percent of PCs had one to five insecure programs, 25 percent had six to 10, and 45.8 percent had 11 or more. These statistics have gotten slightly worse since January 2008, the last time Secunia posted similar statistics about the state of programs installed on PCs.
In the January results, Secunia found that 95.5 percent of users had at least one insecure application, 27.8 percent of computers had one to five, 25.7 percent had six to 10, and 42 percent had 11 or more.
“All results presented here are considered to be 'best case' scenarios," Secunia analysts wrote in a blog post. "The real numbers are likely to be worse."
That is, real figures of unpatched users/PCs should be higher because the users who scanned their systems with the tool are likely to be more security minded than all other internet users, the blog said.
“The results are shocking and prove, as well as emphasize, the need for a patching solution for private users,” Mikkel Winther, Secunia's PSI partner manager, said.
Reports of exploits to patched systems continue to crop up. Last month, the SANS Internet Storm Center reported new exploits against Adobe Reader surfaced two weeks after the program was patched. In addition, exploits to Microsoft's patched Microsoft's Windows Server Service (MWSS) vulnerability have continually surfaced since the patch was issued on Oct 23.