Firms slow to fix security flaws
Hackers are getting a helping hand from firms taking too long to fix software vulnerabilities, research shows.
A study carried out for security firm McAfee found that 19% of companies take more than a week to apply software patches to close vulnerabilities.
A further 27% said it took two days to apply fixes for software loopholes.
The research found that almost half of those questioned, 45%, said they were never completely protected against computer threats.
Patch panel
The research found that many businesses do not react as soon as patches become available for the loopholes that hackers regularly exploit.
Across Europe, the French took the longest to apply patches. It took 27% of French firms a week to fix loopholes and a further 39% had them applied in 48 hours.
Spain reacted fastest, with only 8% of those questioned taking a week and a further 14% two days.
Part of the reason for these delays could be the sheer number of vulnerabilities being discovered. In 2005, more than 5,198 vulnerabilities were recorded.
The research comes days after Microsoft released patches for a series of serious vulnerabilities in its Internet Explorer browser.
The most serious vulnerability could let attackers take over target PCs if they were used to visit specially-crafted web pages.
Despite the seriousness of the bugs, Microsoft delayed patches for them until the date of its scheduled security update which falls on the second Tuesday of every month.
By that time, malicious hackers had had more than two weeks to find and attack vulnerable PCs.
Earlier research by Gerhard Eschelbeck, formerly of security firm Qualys, showed that 85% of the damage done by automated attacks occurs during the first 15 days after vulnerabilities become known.
The McAfee survey was carried out in November 2005 and questioned more than 600 technology managers at companies with more than 250 employees.
Story from BBC NEWS:
Published: 2006/04/18 08:08:26 GMT
© BBC MMVI
Hackers are getting a helping hand from firms taking too long to fix software vulnerabilities, research shows.
A study carried out for security firm McAfee found that 19% of companies take more than a week to apply software patches to close vulnerabilities.
A further 27% said it took two days to apply fixes for software loopholes.
The research found that almost half of those questioned, 45%, said they were never completely protected against computer threats.
Patch panel
The research found that many businesses do not react as soon as patches become available for the loopholes that hackers regularly exploit.
Across Europe, the French took the longest to apply patches. It took 27% of French firms a week to fix loopholes and a further 39% had them applied in 48 hours.
Spain reacted fastest, with only 8% of those questioned taking a week and a further 14% two days.
Part of the reason for these delays could be the sheer number of vulnerabilities being discovered. In 2005, more than 5,198 vulnerabilities were recorded.
The research comes days after Microsoft released patches for a series of serious vulnerabilities in its Internet Explorer browser.
The most serious vulnerability could let attackers take over target PCs if they were used to visit specially-crafted web pages.
Despite the seriousness of the bugs, Microsoft delayed patches for them until the date of its scheduled security update which falls on the second Tuesday of every month.
By that time, malicious hackers had had more than two weeks to find and attack vulnerable PCs.
Earlier research by Gerhard Eschelbeck, formerly of security firm Qualys, showed that 85% of the damage done by automated attacks occurs during the first 15 days after vulnerabilities become known.
The McAfee survey was carried out in November 2005 and questioned more than 600 technology managers at companies with more than 250 employees.
Story from BBC NEWS:
Published: 2006/04/18 08:08:26 GMT
© BBC MMVI
