Well, honestly, I am not completely clear how statistically relevant this data point is. I just read it in a secunia blog where they published figures of users of their free solution. This is data of the last few weeks and looks into the results of the first scan of the product on a PCs. It covers 20’000 users. Not being a statistician I cannot judge the quality of the results but even if the situation is 10 times better it is still very, very, very bad. This is the table they published:

Number of insecure programs per PC/user:

0 Insecure Programs: 1.91% of PCs

1-5 Insecure Programs: 30.27% of PCs

6-10 Insecure Programs: 25.07% of PCs

11+ Insecure Programs: 45.76% of PCs

By "insecure program" it is understood, that there is a newer version of the program available from the vendor that corrects one or more vulnerabilities, but the user have yet to install the secure version. A vulnerability in a program can be exploited by hackers to anything from compromising a PC, to automatically install trojans/viruses, to sniff out private information (passwords, credit cards information, etc.).

If I would extrapolate that to the situation with MS08-067… no, I do not think that I wanna do that :(

Remember – this is not only Microsoft, this is everything they have on the PC

Roger