By Robert Vamosi, 3 July 2008 08:53
NEWS
A group of researchers have said 637 million web users are surfing with outdated internet browsers and are, therefore, at greater risk of web-based attacks.
Using data collected from Google web searches and security firm Secunia, the researchers - Stefan Frei of ETH, Zurich; Thomas Dübendorfer of Google; Gunter Ollmann of IBM ISS; and Martin May of ETH, Zurich - analysed the browsers used in a report. The researchers aimed to understand why so many recent attacks by criminal hackers have been aimed at the browser, and why those attacks have been so successful.
Overall, the authors found that roughly 40 per cent of users were utilising insecure versions of web browsers. Among the least upgrade-compliant were users of Internet Explorer (IE), which currently dominates the internet-browser market.
The data was collected in mid-June 2008. Of the users, 78 per cent employed IE, 16 per cent Firefox, three per cent Safari, and 0.8 per cent Opera. The percentage of these users who were running the latest version of their browser was 52 per cent for IE, 92 per cent for Firefox, 70 per cent for Safari, and 90 per cent for Opera.
The authors noted it has taken IE7, the current Internet Explorer release, 19 months to gain only 52 per cent of the entire Internet Explorer audience. Forty-eight per cent of the users in the study were either using an old version of IE7 or still had IE6 installed.
Some of this has to do with how the respective suppliers provide updates. IE7 is currently offered as an auto-update with each monthly set of Microsoft security patches, yet a number of people are opting out of the upgrade and still running IE6.
The study did not include use of insecure browser add-ons, such as older versions of Adobe Reader, because the data from Google contained only the browser information.
The study made comparisons to the food industry, arguing that people understand the need to buy the safest foods but not to use the safest version of browsers. The study asked whether internet browsers, like food, should display expiration dates. The authors provided an example of a browser that displayed in red in the upper-right-hand corner: "145 days expired, three updates missed."
However, unlike in the food industry, there is no liability for software vendors. And, the authors noted, software vendors are not legally obliged to provide software updates.
Comments
There are 3 comments. Join the discussion
1. Michael Webb
I have to run IE6 on one of my PCs because the systems I need to access with a browser for my work do not all support IE7. I use IE7 for the internet.
2. Richard
My laptop still runs IE6 on Win98se.
Many older PCs which cannot run the latest operating systems or browsers are still in use.
Worse still, many web-sites - even UK government ones - do not work with the latest browsers.
Often, I have to reduce the security settings of my PC, in order to work with online shops & banks.
3. anonymous
This is partly down to Microsoft. With IE 6 the latest Microsoft browser for a good many who run Windows 2000 or earlier the lack of backward compatibility built into Widows leaves no choice.