Sophos: 81% Corporate PCs Lack AV, Firewall or patches
June 2008 by Sophos
IT security and control firm Sophos has revealed the results of its Endpoint Assessment Test, a free online scanning tool that checks endpoints for security vulnerabilities, defined as missing Microsoft security patches, disabled client firewalls and missing endpoint security software updates.
Sophos collected data from more than 580 PCs worldwide, 36 percent coming from UK-based computers, and found:
- 81 percent of corporate endpoints tested failed one or more of these basic tests
63 percent were missing at least one Microsoft security patch among Microsoft Windows operating system, Microsoft Office, Microsoft Internet Explorer, Microsoft Media Player or Flash Player
51 percent of endpoints tested had their client firewalls disabled
15 percent were running out-of date endpoint security software or had disabled their protection altogether
“Administrators reading these stats might think they are sitting pretty and have nothing to worry about, but I would challenge them to run this free tool and double check the security levels within their network – the findings have been staggering,” said John Shaw, director of endpoint security and control at Sophos. “Rather than wait for a problem to arise and be forced to perform a post mortem to find the holes, administrators would be wise to take a few minutes now – it’s free, it’s easy and it might just highlight some serious vulnerabilities that can be addressed proactively.”
Sophos collected data from 583 corporate endpoints for this Endpoint Assessment Test – North America represented 39 percent of the sample base, the UK made up 36 percent, while Australia and Germany contributed 11 percent and 9 percent respectively. The remaining 5 percent consisted of other countries.
“This problem is not only affecting smaller companies,” continued Shaw. “One quarter of testers represented enterprises with more than 1,000 users, while 36 percent were mid-sized companies ranging between 100 and 1,000 users.”
“This free tool from Sophos is helping us to raise awareness about the benefits of Network Access Control (NAC),” said Dean Murtagh, sales director at N3K. “Many companies are still preoccupied with the first-generation network outbreak protection, when in fact the problem lies on a much larger scale. NAC installed on the endpoints within an organisation squarely addresses the vulnerabilities, giving administrators more peace of mind.”