Security firm Sophos ran a 40-day test of visiting computers from corporate users, and the results aren't pretty. Four in five of the machines checked were lacking in at least one area of security.
The Sophos Endpoint Assessment Test scans were voluntary and only applied to people visiting from a corporate site, as Sophos' specialty is business protection, not consumer security. The scan covered three areas: current patch levels, firewalls and up-to-date security software.
They found 81 percent of the 580 computers checked were lacking some key security component; either they didn't have all of the patches issued by Microsoft, the firewall was disabled, or the antivirus software was out of date or disabled.
Sophos then checked with the firms to find out what the story was behind said security failings. The company found people tend to be rather dependent on their software and tools, when the software can't know everything.
"Some times these tools don't know what they don't know," Bill Emerick, vice president of product management for Network Access Control at Sophos, told InternetNews.com. "I do believe that IT organizations are well-intended and trying to make the right investments. I think in some cases our toolsets are failing us and we have more work ahead of us."
For example, the survey found most people are relying on Windows Update, which comes with Windows software, but it only checks for Windows patches. To check for fixes to Microsoft Office or other applications, users need Microsoft Update, which is a separate download from Microsoft.
Microsoft did not respond to a query from InternetNews.com to comment on the survey's findings as of press time.