[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Martijn Grooten wrote: > On Wed, Jan 21, 2009 at 12:29 AM, Simon Waters wrote: >> Add to that me seeing Flash downgrade itself from a patched to an >> unpatched version, and you see why Secunia report that ~98% of Windows >> boxes are running code known to be vulnerable. >> >> http://secunia.com/blog/37/ >> >> On the other hand I have servers needing patching, so I'm not one to >> throw stones. But if 98% of people are getting it wrong, does that >> suggest that there is a usability issue here? I'd love to see similar >> stats for Debian boxes. > > I bet they are lower (partly because using a central package manager > makes things easier, partly because I guess a higher proportion of > Debian users knows about the importance of patching). Still, the 98 > percent was a bit of an exaggeration I think 98% probably isn't far off. I'm seeing >60% running known vulnerable Flash plug-ins in Google Analytics for our sites, and that is only one Internet facing application. But I think installed, unused, vulnerable software is an issue. Especially where the update mechanism will kick off only when you use the software, and people are usually faced with "wait for download" or "cancel and carry on with your life" choice. -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html