Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report

Authentication data reveals an increase in Apple devices, poor mobile security, and the rapid disappearance of Flash from browsers.

A snapshot of the enterprise remote access space in 2017 reveals a few interesting trends: more businesses have adopted Windows 10 and Apple products, nearly all Android devices are out-of-date, and chances are good their browsers are no longer running Flash.
To learn more about users authentication behavior and device health, the security research team at Duo Labs dug into data from 10.7 million devices and nearly 0.5 billion monthly authentications. Researchers wanted to see where people authenticate from, how they respond to phishing, and the devices, operating systems, browsers, and plugins they use.
There are obvious security implications in these trends. The researchers found a majority shift in Windows 10 adoption, which jumped from 27% in 2017 to 48% in 2018. Devices running Windows 7 also decreased from 65% in 2017 to 44% this year. Duo researchers attribute the spike to WannaCry, which prompted Windows 10 downloads.
It was one of the bigger drivers in Windows 10 adoption, says Duo data scientist Olabode Anise. After the first 30- to 60 days after WannaCry there was an uptick, then it started to level out and decrease after the companies that wanted to upgrade completed the process.
Industries slowest to adopt Windows 10 were healthcare (29%), transportation and storage (31%), and insurance (33%). Those fastest to adopt the latest Windows OS were computers and electronics (82%), wholesale and distribution (70%), and nonprofit (56%).
Anise says these trends fluctuated depdnding on the applications running on particular endpoints. Since apps are affected by OS changes, people in industries more at the forefront of new technologies would utilize and adopt Windows 10 more quickly.
Researchers point out that its not always possible to update operating systems in large enterprises with complex IT environments without rendering certain devices inoperable. Connected medical devices and healthcare software, for example, may not be designed to run Windows 10. In healthcare, Anise notes, mission-critical applications are hardest to port over.
While Windows 10 adoption may be up, Windows usage declined overall. Researchers noticed Windows users dropped from 68% to 65% between 2017 and 2018. At the same time, they saw an uptick in macOS, which grew 27% to 30%, and iOS, which jumped from 10% to 12%.
Mobile Security Could Use a Major Update
Most endpoints are not running the latest version of their operating system, says Kyle Lady, senior information security engineer at Duo. However, iOS and macOS devices are generally more up-to-date than those running Android or Chrome OS. By the end of March 2018, only 8% of Android phones had been patched with the latest security fix released 26 days prior.
Ninety percent of Android devices are out-of-date,
researchers found
. The same can be said for 85% of ChromeOS devices, 74% of macOS devices, and 56% of iOS devices.
Users lagging on Android security updates is not new, and its not necessarily getting worse, says Lady, noting that this has been a problem for years. Android updates have to come from the manufacturer, which pushes them to the carrier, which sends them to users.
If theres a slowdown anywhere along the way, it results in the user being at risk, he explains. While Google has done a lot of work to structure Android so it can receive mission-critical updates faster, it often doesnt help users running versions ineligible for security updates. Android is great for an open-source mobile OS, Lady says, but its tough to update.
I think weve seen a lot of businesses take notice of the Android security problems, and the difficulties in updating Android devices, Anise adds. iOS has a much more clear-cut picture as to whether a given phone can update or not.
Android has dozens of manufacturers and hundreds of versions, and it can spiral out of control if youre trying to come up with restrictions that let users access data while keeping company assets secure, he adds. Its easier to create these policies for iOS and, in some cases, macOS.
Browser Security and the Fall of Flash
Firefox Mobile is the most out-of-date browser based on Duos research, which found 93% of endpoints using it hadnt updated to the most recent version. Chrome came in next at 53%, followed by Firefox desktop (49%), Safari (42%), Edge (33%), Chrome Mobile (31%), and Internet Explorer, which was the most up-to-date with only 5% of users behind.
To put these numbers in context, there hasnt been a new version of Internet Explorer released since 2013. Chrome was last updated on March 6, 2018. While it appears Chrome browsers are more out-of-date, the browser is more frequently updated by its vendor than others.
Researchers also noticed Adobe Flash Player is rapidly disappearing from browsers. Less than one-quarter (24%) of browsers had Flash uninstalled in 2017; by 2018, that number had jumped to 69%. Uninstalled includes browsers with Click to Play or other forms of Flash blocker implemented, meaning browsers wont run arbitrarily run Flash unless users opt in.
A lot of the driving factors rely around users switching to models that have Flash disabled by default, says Anise. Extensions for Web browsers let you do this, or you can configure Google Chrome to not run Flash by default. Chrome, he says, has forced its content creators to adopt new technologies and has been a major driver in the move away from Flash, which will no longer be shipped with Chrome starting in 2020. Adobe will end-of-life Flash later that year.
Authenticating More Remote Workers
Both Anise and Lady speak to the importance of updates and
two-factor authentication
as people increasingly work remotely and log on from different networks. While mobility brings additional security risks, Lady says companies see the benefits of letting workers go remote.
From 2017 to 2018, Duos data showed a 10% increase in the average number of unique networks that customers and businesses are authenticating from. More than one-quarter (26%) log in from two or more networks in 2018; eight percent log in from at least three.
If workers are going to work remotely, its essential to keep their devices updated and provide a second factor to verify their identity. An analysis of phishing simulation attacks found 62% captured one set of user credentials, and 64% involved one out-of-date device.
Related Content:
7 Tools for Stronger IoT Security, Visibility
US Senator to DOD CIO: Take Immediate Action on HTTPS
New Spectre Variants Add to Vulnerability Worries
North Korean Defectors Targeted with Malicious Apps on Google Play

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Windows 10 Adoption Grew 75%, Adobe Flash Plummeted 188% in 2017: Report