Scott Lewis in our Columbus office has been doing some number crunching, and come up with some disturbing statistics after examining the data produced by Sophos’s free endpoint assessment test.
The Sophos Endpoint Assessment Test is a free tool that scans a computer and assesses whether it is a security risk to your organization. A single scan checks that your Microsoft service pack is the current one for your operating system, your Microsoft patches are all up to date, anti-virus protection is installed, running and current, and that a personal firewall is installed and running.
Scott examined the results for all users who took the test since January 1st 2009 to date, and found that 11% of the users did not have the Microsoft MS08-067 patch installed which can, amongst other things, help protect against the spread of Conficker.
Scott assumed that over time the percentage would drop dramatically due to the huge amount of press and publicity regarding Conficker in the last few months. However, his assumption appears to have been incorrect.
For the month of March 2009, 10% of all users who have used our free Endpoint Assessment Test are missing the essential Microsoft patch. That’s despite all of the newspaper headlines, and despite the fact that the patch has been available since October.
That’s pretty depressing news. Of course, we can’t extrapolate this to mean that 10% of all PCs around the world aren’t running the Microsoft patch, but it certainly tells a sorry story for a notable percentage of those who took our test. It appears that the percentage of computers (I refuse to call them endpoints.. I mean, who ever talks about “booting up their endpoint?”) not patched against the exploit used by Conficker is holding steady.
If you’re in charge of a large number of computers inside your business, then maybe statistics like this will remind you that there’s a strong case for better patch vulnerability assessment/remediation alongside Network Access Control (NAC).
If you haven’t already done so why not take Sophos’s free Endpoint Assessment Test yourself?
And, of course, if you are infected by the Conficker worm now would be a very good time to download a free Conficker removal tool.
More information about Conficker:
- Passwords used by the Conficker worm
- How to stop the Conficker worm on an unpatched PC
- Download a podcast where Sophos expert Paul Ducklin discusses the true threat posed by the Conficker virus, with Patrick Gray, host of the ITRadio programme ‘Risky Business’