Recent research shows that the typical PC user needs to install a security update roughly every five days in order to safely use Microsoft Windows and all of the third-party programs that typically run on top of it. In response, a Danish computer security firm says it will soon debut a free new service that silently automates the installation of security updates for dozens of the most commonly used software products.
The five-day figure comes from information collected by Secunia, which pored over statistics from some two million users of its free Personal Software Inspector (PSI) tool, a program designed to alert users about outdated and insecure software running on their machines. Secunia found that the typical Microsoft Windows user has more than 66 programs from more than 22 different software vendors on his or her computer.
Even though the current version of the PSI software includes links to the latest updates for each outdated application, many users still find the update process too cumbersome, says Thomas Kristensen, Secunia’s chief security officer.
“Most users don’t want to be bothered with all these updates,” Kristensen says. “Even when we provide them with the proper download links for the updates, a lot of users to say, ‘No, I don’t want to click on all these things.’ We’d like to bring down the number of users who quit the patching process at that point.”
There is ample evidence to suggest that the average user can’t be bothered to install security updates in a timely fashion–unless the process is more or less automated. In a study released last summer, researchers from Google Switzerland and the Swiss Federal Institute of Technology found that browsers which included silent, automatic updates–such as Mozilla’s Firefox and Google’s Chrome–worked far better and faster in successfully delivering patches than did the manual installation mechanism used by the browsers from rivals like Microsoft, Opera, and Apple.
When hackers increasingly are attacking software security holes before vendors can ship patches to plug them, timely patching is more vital than ever, says Wolfgang Kandek, chief technology officer at Qualys, a computer security firm based in Redwood Shores, CA, that helps companies manage patch deployment. Kandek says Microsoft made great inroads with Windows XP Service Pack 2, which prompted users to turn on automatic updates for the operating system. But he adds that too few major third-party software makers include similar auto-update mechanisms.