[an error occurred while processing this directive]
BBC News
watch One-Minute World News
Last Updated: Tuesday, 18 April 2006, 08:08 GMT 09:08 UK
Firms slow to fix security flaws
Warning label
It can take some firms a week to close loopholes
Hackers are getting a helping hand from firms taking too long to fix software vulnerabilities, research shows.

A study carried out for security firm McAfee found that 19% of companies take more than a week to apply software patches to close vulnerabilities.

A further 27% said it took two days to apply fixes for software loopholes.

The research found that almost half of those questioned, 45%, said they were never completely protected against computer threats.

Patch panel

The research found that many businesses do not react as soon as patches become available for the loopholes that hackers regularly exploit.

Across Europe, the French took the longest to apply patches. It took 27% of French firms a week to fix loopholes and a further 39% had them applied in 48 hours.

Spain reacted fastest, with only 8% of those questioned taking a week and a further 14% two days.

Part of the reason for these delays could be the sheer number of vulnerabilities being discovered. In 2005, more than 5,198 vulnerabilities were recorded.

The research comes days after Microsoft released patches for a series of serious vulnerabilities in its Internet Explorer browser.

The most serious vulnerability could let attackers take over target PCs if they were used to visit specially-crafted web pages.

Despite the seriousness of the bugs, Microsoft delayed patches for them until the date of its scheduled security update which falls on the second Tuesday of every month.

By that time, malicious hackers had had more than two weeks to find and attack vulnerable PCs.

Earlier research by Gerhard Eschelbeck, formerly of security firm Qualys, showed that 85% of the damage done by automated attacks occurs during the first 15 days after vulnerabilities become known.

The McAfee survey was carried out in November 2005 and questioned more than 600 technology managers at companies with more than 250 employees.


SEE ALSO:
Users urged to fix browser flaw
11 Apr 06 |  Technology
Bad web browser bug gets patched
29 Mar 06 |  Technology
New year brings fresh security fears
27 Jan 06 |  Technology
Biggest security holes revealed
05 May 05 |  Technology
Spyware warriors call for action
10 Feb 06 |  Technology
Microsoft offers security service
13 May 05 |  Technology


RELATED INTERNET LINKS:
The BBC is not responsible for the content of external internet sites


PRODUCTS AND SERVICES

Americas Africa Europe Middle East South Asia Asia Pacific