Only two per cent of computer users are fully patched and the other 98 per cent are running at least one insecure, unpatched program, security firm Secunia said this week.

Secunia gathered data from 20,000 new computer users based on a first scan of its recently updated, free consumer vulnerability-scanning tool.

Researchers found that 30.3 per cent of PCs had one to five insecure programs, 25 per cent had six to 10, and 45.8 per cent had 11 or more. These statistics have got slightly worse since January 2008, the last time Secunia posted similar statistics about the state of programs installed on PCs.

In the January results, Secunia found that 95.5 per cent of users had at least one insecure application, 27.8 per cent of computers had one to five, 25.7 per cent had six to 10, and 42 per cent had 11 or more.

“All results presented here are considered to be 'best case' scenarios," Secunia analysts wrote in a blog post. "The real numbers are likely to be worse."

That is, real figures of unpatched users/PCs should be higher because the users who scanned their systems with the tool are likely to be more security minded than all other internet users, the blog said.

“The results are shocking and prove, as well as emphasize, the need for a patching solution for private users,” Mikkel Winther, Secunia's PSI partner manager, said.

Reports of exploits to patched systems continue to crop up. Last month, the SANS Internet Storm Center reported new exploits against Adobe Reader that surfaced two weeks after the program was patched. In addition, exploits to Microsoft's patched Microsoft Windows Server Service (MWSS) vulnerability have continually surfaced since the patch was issued on October 23.