Unpatched Web browsers prevalent on the Internet

A new study shows Web browsers are often a weak link in the security chain, as software vulnerabilities can make it easy for hackers to gain control of a PC

By Jeremy Kirk, IDG News Service
July 01, 2008

Talkback

E-mail

Printer Friendly

Reprints

Only 59.1 percent of people use up-to-date, fully patched Web browsers, putting the remainder at risk from growing threats from diligent hackers, according to a new study published by researchers in Switzerland.

The study, published Tuesday, is one of the most comprehensive analyses of what versions of Web browsers people are using on the Internet. The study was conducted by researchers at The Swiss Federal Institute of Technology, Google and IBM Internet Security Services.

Web browsers are often a weak link in the security chain, as software vulnerabilities can make it easy for hackers to gain control of a PC. When that happens, hackers can perform malicious acts such as stealing personal data or turning PCs into spam-spewing drones.

What the researchers found is that although software vendors provide patches for security problems, it can take days, weeks or months before people update their applications. In the meantime, those users are at risk.

But it's not entirely the fault of users, since Web browser vendors haven't exactly made patching easy, said Stefan Frei, a doctoral student at the institute, which is known as ETH Zurich, and one of the report's authors. The Web browser is still fairly young technology, and the industry has yet to settle on a dominant, well-tested design, he said.

The study looked at search and Web application server log data provided by Google to see what versions of the Firefox, Opera or Safari browsers people were using, Frei said.

Microsoft's Internet Explorer, however, only tells Web servers what major version a person is using, such as IE 6 or IE 7. The researchers relied on data from people who have installed a tool on their PC called the Personal Software Inspector, from Danish security company Secunia that can detect incremental versions of IE, Frei said.

Firefox users were the best at upgrading: 83.3 percent are using the latest version (the study just looked at Firefox 2.0). For Apple's Safari, 65.3 percent use the latest version; 56.1 percent for Opera, and 47.6 percent for Microsoft's Internet Explorer.

Mozilla's Firefox came out on top due to its auto-update feature, which tells a user a new patch is available and offers a one-click way to upgrade. Within three days, most Firefox users are up to date, the study said.

Frei recommends that all browser makers put in an auto-update feature since the process now is cumbersome and slow.

Continued
1 | 2 | NEXT PAGE »

Add to:

Digg

Talkback:

comment Post a Comment

MOST COMMENTS

>> Talkback: Have your say

Remote Access: Maintain Security and Decrease the Burden on IT
Join this interactive webcast to discover how IT Managers can control access rights, end-user security settings and end-point authorization. Sponsor: Citrix(R) GoToMyPC(R) Corporate

» Click here to view this Webcast

Virtualization Solutions Guide
This comprehensive IT Strategy Guide covers Virtualization and puts you at the forefront of the discussion. You'll learn all you need to know from the cost of virtualization, how to implement it for your business, how to back it up safely and which products are best. Sponsored by Riverbed

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Thinking about IMS - IMS's increased flexibility and the potential it offers for new services will create a fundamental shift in the way that...
Virtual Servers Meet Virtual Storage - Consolidation of data center assets has become a trend in many IT environments, providing benefits such as improved hardware...
What to expect from a Technology Assessment. - Whether implementing new technologies, upgrading existing infrastructures or evaluating current needs, a Technology Assessment...
PS Series Best Practices Deploying Microsoft(R) Exchange Server 2007 in an iSCSI SAN - This Technical Report describes how to deploy Exchange Server 2007 in an iSCSI SAN using PS Series storage arrays. It provides...
Building a Highly Reliable SAN - System reliability is a vital component in Storage Area Network (SAN) design that keeps your production environment operating...
Enhancing Your IT Environment with SnapShots - Snapshots enhance backups by improving data integrity, reducing application disruption, offloading application servers from...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

Unpatched Web browsers prevalent on the Internet

MOST COMMENTS

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Video

Podcasts

InfoWorld Blogs

Columnists

Find Products and Companies

Resource Center

Sponsored Technology Links

Sponsored Technology Links
AT&T - Factors to consider when comparing DSL or Cable AT&T - Thinking about IMS AT&T - What to expect from a Technology Assessment. AT&T - Refine your company's plan for a Business Disruption Event HP - HP Color LaserJet CP4005n printer. Now $899. SHOP NOW Dell - Dell Latitude: Battery life up to 19 hours. Learn more. Equallogic - Flexible, Scalable, Enterprise Storage for Virtual Infrastructures Equallogic - Four Steps to Disaster Recovery and Business Continuity Using iSCSI HP - Get Extreme Storage for Extreme Business with HP. Dell/Equallogic - PS Series Best Practices Deploying Microsoft(R) Exchange Server 2007 in an iSCSI SAN Symantec - Make data protection more efficient with Veritas NetBackup Xerox - Experience the colorful side of business at www.frugalcolor.com EMC - EMC and VMware help you build your virtualized infrastructure. Dell - Windows Vista: A Cyber Security Shield Mindreef - Key Strategies for SOA Testing AT&T - Class of Service: Myths and Misconceptions HP - HP LaserJet P4014n printer Starting at $699 after $100 IS. SHOP NOW HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW Rackspace - Go Green Without Sacrificing Server Performance HP - HP StorageWorks products-control, consolidation and confidence. HP - Speed, agility, flexibility - The HP BladeSystem c-Class. InterSystems - Development, integration, BPM, and BAM together in Ensemble Big Fix - Before all Hell breaks loose on your network & your endpoints! 3PAR - Takes on the Storage Industry Giants		Platespin - Consolidated Disaster Recovery Using Virtualization Brocade - Transform Your Data Center at Brocade Conference 2008, Las Vegas, Sept 22-24 Platespin - 8 Phases of a Successful Consolidation Initiative SGI - SGI Adaptive Data Warehouse: Building a High-End Oracle Data Warehouse Microsoft - Learn about the software-based VoIP solution from Microsoft. Microsoft - Meet Windows Server 2008. The server unleashed. HP - Whitepaper: How IT Quality Managers Respond to SOA Change IBM - Webcast: Take control of your content- leverage MOSS HP - Whitepaper: Software Quality Management for SOA Polycom - Telepresence For The Enterprise GoToMyPC - Research Brief: Providing Secure and Cost-Effective Remote Access AppAssure - Keeping the E-Mail Flowing Tripwire - Secure your virtual and physical environments with the same software. Novell, IBM, and Intel - Solution for Open Virtualization Provides Server Consolidation Symantec - Whitepaper: Secure, recover, and archive critical information Symantec - Whitepaper: Protecting Microsoft(R) Applications Riverbed - Five Ugly Truths about WAFS and Caching AT&T - Enhancing security through Quantum Cryptography Riverbed - Wide Area Data Services Microsoft - Microsoft Forefront makes defending your systems easier. Learn how. AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time. Oracle - The Power of Two with SOA and BPM

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist