Typical Windows User Patches Every 5 Days 388
CWmike writes "The typical home user running Windows faces the 'unreasonable' task of patching software an average of every five days, security research company Secunia said on Thursday. 'It's completely unreasonable to expect users to master so many different patch mechanisms and spend so much time patching,' said Thomas Kristensen, the company's CSO. The result: Few consumers devote the time and attention necessary to stay atop the patching job, which leaves them open to attack. Secunia says that of the users who ran the company's Personal Software Inspector in the last week of January, half had 66 or more programs from 22 or more different vendors on their machines. ... Secunia has published a white paper (PDF) that details its findings."
sucks to be support (Score:4, Interesting)
Since we have a "few" computers all around the house, it's pretty much every time I sit down to one I have to apply patches, and usually a reboot to boot. Sometimes, it's a rarely used computer that I grab (laptop) just to get a few quick things done, and it requires multiple iterations of patches and reboots. Sigh.
I find it exasperating that my experience is almost always, "apply these patches", and then you can do some work with Windows. The good news (for me), I'm finally migrating EVERYTHING (as in replacing with) Macs and Linux. Time and money, that's all it takes.
Interestingly the other day... I got in and was productive immediately on a Windows laptop. Wow! C'est vrai? And when I went to shut it down? "Please do not power down your computer. Windows is installing (3 of 10...) updates..." WTH?
Re:sucks to be support (Score:3, Interesting)
And if you have to patch BEFORE you start working, then that's bad, but if you have to patch when you shut down instead, that's bad too. When should these updates happen, ideally?
I'm a typical home user (Score:3, Interesting)
and I surely do not experience that amount of 'patching.' I also think updating virus signatures shouldn't be considered a 'patch' per se. Those are essentially database records, not bug fixes. Windows gives me updates about once per month. Once in awhile I get an Adobe or a Java update, but the total is nowhere near what these guys are saying.
Re:why is it so unreasonable? (Score:2, Interesting)
If you use the computer every day it is not, however if you only turn it on every week or two (like my mother) then expect 30minutes of prompts for different updates!
Re:So... (Score:3, Interesting)
the point is that Ubuntu uses one mechanism to provide updates for *all* the software you have installed, as long as you stick to the Ubuntu repos, as is heavily advised and encouraged on all Linux distributions. Windows Update gets you updates to Windows itself, and a few Microsoft applications. For all other applications, you have to use a different mechanism in each individual app, or else you're vulnerable.
(This is an excellent answer to the typical 'why can't I just double-click on an .exe file?!' whine about Linux software installation, BTW.)
Re:Seems to be automatic (Score:4, Interesting)
Most programs do have such update features. The question is more how well they work.
When people bring me computers needing a tuneup, usually they have Adobe Reader 8.1.0, Java 1.6.5 to 15 (not 18, the newest), and Flash 10.x (Congrats, Flash. Now if only you had less vulnerabilities)
This is despite them having auto-updaters. Multiple reboots leads to no prompts. Why aren't the updaters working? No idea - at first.
At that point I'll check winver and note it's an XP SP2 machine. After updating to XP SP3, suddenly they all work.
If anyone is having issues managing updates, you might be interested in something like this: http://www.filehippo.com/updatechecker/ [filehippo.com]
That number includes all application patches... (Score:2, Interesting)
Re:Get a Mac! (Score:4, Interesting)
Yes, because it's completely reasonable that the *monthly* patches my Mac at work gets 95% of the time require a restart. Why do iTunes or Safari need the system to be restarted? I'm only forced to reboot my Win7 machine due to patches... Hmm, I think once in the time I've had it.
And OS X requires me to put in my password in order to install patches, so it can't patch unattended, or in the background. It's a choice between delaying my work or delaying the patch. Most people are going to pick "delaying the patch," especially if they've got anything open. And that's how security starts to fall apart.
Re:Seems to be automatic (Score:3, Interesting)
Funny--my Firefox updates when I start it up, my Flash and Java and Adobe Reader update essentially on their own, and Windows updates when I shut it down...Steam updates on its own...Trillian and uTorrent give me a button to push to update them...I'm pretty much a power user, but I've never been prompted to update something that was remotely confusing. As long as things that need updating have an easy button to push to do it for you, I'm happy--extra bonus points if there's a checkbox in the installer to choose between "update automatically" and "prompt annoyingly when an update is available"
Yeah, i really don't see the issue here. The article makes it seem like the act of "patching" involves *any* work at all, but I generally just need to click "ok" unless its set to automatic. I never really have to do anything. I don't see it as "the user has to patch the machine", I see it as "the machine patches itself" every few days, which doesn't sound nearly as bad.
Seems like the article is just FUD.
-Taylor
Re:Seems to be automatic (Score:3, Interesting)
But, if everyone used Windows Updates (they can), how could they flog their extra crap? Apple's updater plugs Safari 4 every bloody time. Adobe wants me to install mcafee and other shit. Google has 2 seperate updaters for Talk and the toolbar....
Of all the updating shit, Windows seems to do it the best. If you leave your PC on all the time, it'll do its update some sunday night at 3am. Otherwise, every week or so the shutdown procedure takes an extra minute. BFD.
running windows "commando" (Score:2, Interesting)
A friend of mine, runs his PC "commando": no virus software, no firewall, no patches, nothing. He's non-technical and assumes he is going to get a virus no matter what he does and it's just a waste of time pricking around with all that stuff, so he just reinstalls Windows about once every two months when it starts running slow from the viruses. Well, it's a daring tactic, but it seems to work for him.
Re:sucks to be support (Score:5, Interesting)
And if you have to patch BEFORE you start working, then that's bad, but if you have to patch when you shut down instead, that's bad too. When should these updates happen, ideally?
I'd say a hell of a lot less frequently than once a week! Ideally, you should be able to tell the PC "download and install updates on shutdown" and when you shut it down, the computer downloads and installs the patches you select, then shuts down.
Better yet, it should be like Linux -- you only have to reboot if there's there's an update to the kernel.
Re:Unreasonable? (Score:3, Interesting)
Repos in Linux are not just collections of software- they're a store of trust.
You can (should?) trust that they won't break other programs, they won't install malware.
That is impossible in the Closed source model, really.
(unless you have differnet users for each app, and lock down each install directory?)
Re:Seems about right (Score:3, Interesting)
I'm not sure about the failing to install. The only time I've ever seen an update fail to install is when I'm doing a re-install and do something like install a cumulative service pack for a program like Visual Studio that is getting brought down the windows update pipeline as well. I would be interested in knowing what types of updates usually fail.
Re:sucks to be support (Score:3, Interesting)