Secunia PSI 2.0 Auto Updates: A flying start and interesting numbers!

By Jakob Balle

The interest for the new Secunia PSI 2.0 Beta, released yesterday, has been outright astonishing. After 24 hours, more than 6,500 security conscious users already installed, scanned, and patched using the new version.

After 24 hours the Secunia PSI 2.0 Beta had installed ~10,000 security patches across the 6,500 users or roughly 1.5 security patches per user on average.

Preliminary Numbers
We thought you might like to know a little about what's being automatically patched by the Secunia PSI 2.0 Beta – naturally, this is all very new and these unique numbers are just 24 hours old, so we're not vouching for the statistical accuracy, yet it paints a very interesting picture.

Top 10 – Most Installed Security Patches:

ProductInstallationsPercentage
1. Adobe Flash Player (ActiveX)202420%
2. Adobe Reader 9.x100410%
3. Adobe Flash Player (NPAPI)9209%
4. Sun Java JRE 1.6.x / 6.x7538%
5. Adobe AIR 2.x5305%
6. IrfanView 4.x4955%
7. Opera 10.x3203%
8. Skype 4.x3093%
9. Wireshark 1.x2513%
10. Mozilla Firefox 3.6.x2452%

 

Observations
I don't want to jump to conclusions based on 24 hours of scan results and patch installations, but it is still interesting to note the following initial observations:

  1. Adobe Flash Player accounts for ~29% of all patches that were automatically installed, when counting both the NPAPI and ActiveX plugins.
  2. At least 6 of the programs in the Top 10 comes with their own auto update functionality (!!)
  3. No Apple products in the Top 10. OK that sounds amazing – and it is. Unfortunately, Apple products does not natively support “silent install”, which is required for automatic updating. We are working to address this during the beta, so please stand-by until we are ready help Apple update their software.

Again, this is all preliminary and based on just 24 hours worth of data. Personally I can't wait for Research Analyst Director Stefan Frei to have a deeper look at all these exciting new data, once the statistical foundation is a bit more substantiated.

Patch & Stay Secure,

Jakob Balle, Secunia
VP of Product Development