Why Johnny Can't Patch: And What We Can Do About It

Download this episode

Download Video


Malware typically targets vulnerabilities that were fixed a long time ago. This only works because users are not installing security updates. We set out to find out who these users are, how many of them there are, and why they aren't patching. We found that unpatched users are prevalent, that patching levels vary significantly across applications and geographic regions, and that there are several contributing factors. This talk will present our findings and propose some potential solutions for these issues.


security, malware







Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image

      I have a theory. Is patching based on the current internet bandwidth available? Like the BITS service to silently download in the background. Windows 7 updates bigger than XP updates?

    • User profile image

      Another idea is that patches installed on shutdown cause more issues? than when patches are installed on reboot? I noticed in windows 8, patches can only be installed on reboot, which is an excellent choice by the way.

    • User profile image

      Maybe change the retail price of Windows 7 and 8 to $100 or even $50 to help make XP and Vista users consider the option of upgrading/fresh install. You know, for those custom made computers from PC shops, that price is pushed to consumers. I think most users are not technical enough to handle an upgrade process and most are afraid of change. Maybe on the upgrade page, list the set of improvements in the security section, what is changed, and other common features. Also, have a tutorial on how to use their computer. For example, show them how to update their computer, show them the steps, have them go through the steps and only continue if they went through the steps. Also mention that some updates will require a reboot. Also, tell them to check once a week (for them to develop the habit) for updates.

    • User profile image

      You should also look at how many do not have the latest 5 patches, the latest 10 patches, etc. Do those numbers fluctuate or do they increase or decrease on a trend? If a trend, there should be a patch that is causing an issue.

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you canĀ Contact Us.