Why Johnny Can't Patch: And What We Can Do About It

Play Why Johnny Can't Patch: And What We Can Do About It
Sign in to queue


Malware typically targets vulnerabilities that were fixed a long time ago. This only works because users are not installing security updates. We set out to find out who these users are, how many of them there are, and why they aren't patching. We found that unpatched users are prevalent, that patching levels vary significantly across applications and geographic regions, and that there are several contributing factors. This talk will present our findings and propose some potential solutions for these issues.


security, malware







The Discussion

  • User profile image

    I have a theory. Is patching based on the current internet bandwidth available? Like the BITS service to silently download in the background. Windows 7 updates bigger than XP updates?

  • User profile image

    Another idea is that patches installed on shutdown cause more issues? than when patches are installed on reboot? I noticed in windows 8, patches can only be installed on reboot, which is an excellent choice by the way.

  • User profile image

    Maybe change the retail price of Windows 7 and 8 to $100 or even $50 to help make XP and Vista users consider the option of upgrading/fresh install. You know, for those custom made computers from PC shops, that price is pushed to consumers. I think most users are not technical enough to handle an upgrade process and most are afraid of change. Maybe on the upgrade page, list the set of improvements in the security section, what is changed, and other common features. Also, have a tutorial on how to use their computer. For example, show them how to update their computer, show them the steps, have them go through the steps and only continue if they went through the steps. Also mention that some updates will require a reboot. Also, tell them to check once a week (for them to develop the habit) for updates.

  • User profile image

    You should also look at how many do not have the latest 5 patches, the latest 10 patches, etc. Do those numbers fluctuate or do they increase or decrease on a trend? If a trend, there should be a patch that is causing an issue.

Add Your 2 Cents